Closed n0skill closed 3 years ago
I cannot agree more, I'll see what I can do... :wink:
Here you go, reports can now be exported as XML files.
Invoke-PrivescCheck -Report MyReport -Format XML
This will produce the file MyReport.xml
.
Here is an example with the check Invoke-BitlockerCheck
. The standard output would be something like this:
+------+------------------------------------------------+------+
| TEST | HARDENING > BitLocker | INFO |
+------+------------------------------------------------+------+
| DESC | Check whether BitLocker is configured and enabled on |
| | the system drive. Note that this check will yield a |
| | false positive if another encryption software is in |
| | use. |
+------+-------------------------------------------------------+
[*] Found 1 result(s).
Name : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLockerStatus
BootStatus : 0
Description : BitLocker isn't enabled.
The same output in XML would be something like this:
<?xml version="1.0"?>
<Objects>
</Object>
<Object Type="System.Management.Automation.PSCustomObject">
<Property Name="Id" Type="System.String">HARDEN_BITLOCKER</Property>
<Property Name="Category" Type="System.String">Hardening</Property>
<Property Name="DisplayName" Type="System.String">BitLocker</Property>
<Property Name="Description" Type="System.String">Check whether BitLocker is configured and enabled on the system drive. Note that this check will yield a false positive if another encryption software is in use.</Property>
<Property Name="Type" Type="System.String">Info</Property>
<Property Name="Compliance" Type="System.String">N/A</Property>
<Property Name="Severity" Type="System.String">Info</Property>
<Property Name="ResultRawString" Type="System.String">
Name : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLockerStatus
BootStatus : 0
Description : BitLocker isn't enabled.
</Property>
</Objects>
This should be pretty easy to parse. The output XML document contains 1 or more Object
elements, which all have the same attributes: an ID, a category (e.g.: Services
), a name, a description, a type (Info
or Vuln
), a compliance result (OK
, KO
or N/A
), a severity (Low
, Medium
, High
) and finally the raw result of the check.
Can you confirm that's ok for you so I can close this issue?
Perfect :) Thanks !
This could be convenient :o)