search

itm4n / PrivescCheck

Privilege Escalation Enumeration Script for Windows
BSD 3-Clause "New" or "Revised" License
2.91k stars 422 forks source link

Suggestion: Add an XML output #20

Closed n0skill closed 3 years ago

n0skill commented 3 years ago

This could be convenient :o)

itm4n commented 3 years ago

I cannot agree more, I'll see what I can do... :wink:

itm4n commented 3 years ago

Here you go, reports can now be exported as XML files.

Invoke-PrivescCheck -Report MyReport -Format XML

This will produce the file MyReport.xml.

Here is an example with the check Invoke-BitlockerCheck. The standard output would be something like this:

+------+------------------------------------------------+------+
| TEST | HARDENING > BitLocker                          | INFO |
+------+------------------------------------------------+------+
| DESC | Check whether BitLocker is configured and enabled on  |
|      | the system drive. Note that this check will yield a   |
|      | false positive if another encryption software is in   |
|      | use.                                                  |
+------+-------------------------------------------------------+
[*] Found 1 result(s).

Name        : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLockerStatus
BootStatus  : 0
Description : BitLocker isn't enabled.

The same output in XML would be something like this:

<?xml version="1.0"?>
<Objects>
  </Object>
  <Object Type="System.Management.Automation.PSCustomObject">
    <Property Name="Id" Type="System.String">HARDEN_BITLOCKER</Property>
    <Property Name="Category" Type="System.String">Hardening</Property>
    <Property Name="DisplayName" Type="System.String">BitLocker</Property>
    <Property Name="Description" Type="System.String">Check whether BitLocker is configured and enabled on the system drive. Note that this check will yield a false positive if another encryption software is in use.</Property>
    <Property Name="Type" Type="System.String">Info</Property>
    <Property Name="Compliance" Type="System.String">N/A</Property>
    <Property Name="Severity" Type="System.String">Info</Property>
    <Property Name="ResultRawString" Type="System.String">

Name        : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLockerStatus
BootStatus  : 0
Description : BitLocker isn't enabled.

</Property>
</Objects>

This should be pretty easy to parse. The output XML document contains 1 or more Object elements, which all have the same attributes: an ID, a category (e.g.: Services), a name, a description, a type (Info or Vuln), a compliance result (OK, KO or N/A), a severity (Low, Medium, High) and finally the raw result of the check.

itm4n commented 3 years ago

Can you confirm that's ok for you so I can close this issue?

n0skill commented 3 years ago

Perfect :) Thanks !