Hey all
Though i would share this as a Post.
Wanted to see if from powershell i could get a list of Veeam infrastructure components and then use NMAP with a script to look for known Vulnerabilities ( CVEs ) on the ports & Os of these components , in a move to further secure the environment with a basic report.
Their are a few packages that need to be installed , i like using Chocolatey to do this in Powershell.
#Pen-test VBR Objects and find known CVEs
######################################################################
#dependencies
#installs needed
#chocolatey to fetch packages
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
#use choloatey to install
# choco feature enable -n=allowGlobalConfirmation
# disables interaction for yes
#nmap ( port scanning )
#look for pop up window ( wizard completion
choco install nmap --confirm --accept-license
#saxon for conversion reporting in Html
choco install saxonhe
#git to fetch additional NSE scripts fo advanced scan
Choco install git
#Make a Directory for Script and workings
Mkdir -p C:\scan\Here is the basic Script which will Run NMAP command and along with a script to find known vulnerabilities As-well as Saxon utility command to convert from XML to HTML using NMAP XSL style sheet
########################################################################
#The script
Connect-VBRServer -Server "localhost" # change this to VBR server # Add creds if required
#get all managed infrastructure Servers in veeam
$Hostlist=Get-VBRPhysicalHost
#select name property containing ip or hostname , ignore 'this server'
$Hostlist = $Hostlist.name | Where-Object { $_ –ne "This server" }
#add localhost to list ( represents This server if run on a vbr )
$Hostlist += ('localhost')
cd "\scan"
nmap --script-updatedb
nmap -sV --script vulners $Hostlist -oX infosecveeam.xml
#convert XMl to HTML report
C:\ProgramData\chocolatey\bin\SaxonHE\bin\.\Transform.exe -s:"C:\scan\infosecveeam.xml" -xsl:"C:\Program Files (x86)\Nmap\nmap.xsl" -o:"C:\scan\infosecveeam.html"
# open HTML Report
Invoke-Expression C:\scan\infosecveeam.html
#Invoke-Expression C:\scan\infosecveeam.xml #This opens on computer with Nmap XSL Style SheetHere is an additional part of the script to use alternative Scripts to find more CVE possibilities
###########################################################################
#advanced scan #likely flood of information Returned
#nmap Script directory
cd "C:\Program Files (x86)\Nmap\scripts"
#get addiotional NSE scripts for Nmap
Git clone -q "https://github.com/scipag/vulscan" vulscan
cd "\scan"
nmap -sV --script=vulscan/vulscan.nse $hostlist -oX advinfosecveeam.xml
C:\ProgramData\chocolatey\bin\SaxonHE\bin\.\Transform.exe -s:"C:\scan\advinfosecveeam.xml" -xsl:"C:\Program Files (x86)\Nmap\nmap.xsl" -o:"C:\scan\advinfosecveeam.html"
Invoke-Expression C:\scan\advinfosecveeam.html
Finally use the same package manager to remove the installed components & created content
#######################################################
#Remove all
choco uninstall nmap
choco uninstall saxonhe
Choco uninstall git
#Uninstall chocolatey https://docs.chocolatey.org/en-us/choco/uninstallation#script
# Delete reports folder & contents
Remove-Item –path C:\scan –recurse -forceThe Invoke-Expression will open the Created HTML report file.
Here is a Sample :
Looking to expand on this so its just a basic report ATM, ** work in progress
Please share comment or Mods or thoughts
