1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| function Invoke-RedTeamScan {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$TargetRange,
[ValidateSet('Basic','Advanced')]
[string]$ScanMode = 'Basic'
)
$threatReport = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
VulnerableSystems = @()
AttackPaths = @()
RiskScore = 0
}
try {
$localVulns = Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
Where-Object { $_.GetValue('DisplayName') -match '脆弱服务' }
if ($localVulns) {
$threatReport.VulnerableSystems += [PSCustomObject]@{
SystemName = $env:COMPUTERNAME
Vulnerability = '本地权限提升'
CVE = 'CVE-2024-XXXX'
}
}
if ($ScanMode -eq 'Advanced') {
$networkSystems = Test-NetConnection -ComputerName $TargetRange -Port 445 |
Where-Object TcpTestSucceeded
$networkSystems | ForEach-Object {
$shares = Get-SmbShare -ComputerName $_.RemoteAddress -ErrorAction SilentlyContinue
if ($shares) {
$threatReport.AttackPaths += [PSCustomObject]@{
Source = $env:COMPUTERNAME
Target = $_.RemoteAddress
AttackVector = 'SMB共享漏洞'
}
}
}
}
$threatReport.RiskScore = [math]::Min(100, ($threatReport.VulnerableSystems.Count * 30) + ($threatReport.AttackPaths.Count * 20))
}
catch {
Write-Error "渗透测试失败: $_"
}
$threatReport | ConvertTo-Json | Out-File -Path "$env:TEMP/RedTeamReport_$(Get-Date -Format yyyyMMdd).json"
return $threatReport
}
|