First article about ScanPC
Me first article about ScanPC
adapted from the original post from dev.to
Let me introduce you to ScanPC, a useful Python script I have been developing since 2016. It aims to help you quickly assess a Windows computer with the gathering of information like :
Compatibility
You can run it on the following Microsoft Windows systems :
Thanks to pyinstaller, you can compile the code into an executable.
You will just need them to have Visual C++ 2010 x86 (which is quite common).
Use case
You work in an IT Security team who do compliance audits.
Some of the computer you must assess are not connected to the network for verious reasons.
You put an executable of a compiled ScanPC on your auditor USB key and go scan those computers.
Demo
Interested ? : visit ScanPC project page !
You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !
If you like this project, please share it and star it !
You can also buy me a coffee ;) !
PS : Be carreful when you put USB devices in one computer to one another, you should always check your USB key for viruses after each scan !
Thankfully, the usb devices cleaning station I have been developing at the same time, Decontamine will help you keep your keys clean.
ScanPC, your new (open source) tool for Windows compliance audits
Hi,Let me introduce you to ScanPC, a useful Python script I have been developing since 2016. It aims to help you quickly assess a Windows computer with the gathering of information like :
- the user accounts list
- the password policy
- the share folders list
- the hardware configuration
- the OS version
- the network interfaces
- the Windows updates (KB) list
- the softwares installed
- the firewall state
- the processes list
- the services list
- the antivirus state
Compatibility
You can run it on the following Microsoft Windows systems :
- XP x86
- 7 x86 and x64
- 10 x86 and x64
Thanks to pyinstaller, you can compile the code into an executable.
You will just need them to have Visual C++ 2010 x86 (which is quite common).
Use case
You work in an IT Security team who do compliance audits.
Some of the computer you must assess are not connected to the network for verious reasons.
You put an executable of a compiled ScanPC on your auditor USB key and go scan those computers.
Demo
Interested ? : visit ScanPC project page !
You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !
If you like this project, please share it and star it !
You can also buy me a coffee ;) !
PS : Be carreful when you put USB devices in one computer to one another, you should always check your USB key for viruses after each scan !
Thankfully, the usb devices cleaning station I have been developing at the same time, Decontamine will help you keep your keys clean.
First article about Decontamine_Linux
Me first article about Decontamine_Linux
adapted from the original post from dev.to
Your boss won't let you buy this very expensive USB kiosk you saw during your last trip in a cyber security trade show ?
The tool I'm going to present you might be the solution !
Decontamine_Linux, a Python script I have been working on, aims to scan and clean your USB devices (keys, hard drives) from viruses. It can also scan CD/DVD in read only mode.
It automatically detects your devices, lets you choose the one you want to scan then runs scanning tools in multiple threads.
It asks you if you want to delete viruses and eventually generates a report you can read and save on your device.
Currently its compatible with 3 antivirus:
Use case
Interested ? : visit Decontamine_Linux project page !
You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !
If you like this project, please share it and star it !
You can also buy me a coffee ;) !
PS : Why this name ? At the beginning, I created Decontamine to run on Windows (there are still running Windows Decontamine stations at the organization I originally developed it between 2015 and 2018), one day I realize it would be better to run it on Linux.
So, after this former employer had accepted this software to go open source, I have been rewriting everything especially for Linux.
PS2 : As a cybersecurity specialist, you should sensitize your colleagues to the hazardousness of USB devices !
[ 1 ] 2 3
Decontamine_Linux, your usb devices cleaning station
You are an IT security specialist in your firm and you are always wondering "How the heck can I limit virus spreading from USB devices in this damn information system ?"Your boss won't let you buy this very expensive USB kiosk you saw during your last trip in a cyber security trade show ?
The tool I'm going to present you might be the solution !
Decontamine_Linux, a Python script I have been working on, aims to scan and clean your USB devices (keys, hard drives) from viruses. It can also scan CD/DVD in read only mode.
It automatically detects your devices, lets you choose the one you want to scan then runs scanning tools in multiple threads.
It asks you if you want to delete viruses and eventually generates a report you can read and save on your device.
Currently its compatible with 3 antivirus:
- Clamav
- Sophos
- F-Secure
Use case
- Setup an hardening Debian system on a computer with antivirus and Decontamine_Linux
- Enable persistence of the script
- Kindly ask your colleagues, with the blessing of your boss, to systematically scan their USB devices before plugging in their computer
- Marvel about the decreased of security incidents related to USB devices in your company
Interested ? : visit Decontamine_Linux project page !
You want to contribute or you find an issue : please pull a request or open an issue on its Github repo !
If you like this project, please share it and star it !
You can also buy me a coffee ;) !
PS : Why this name ? At the beginning, I created Decontamine to run on Windows (there are still running Windows Decontamine stations at the organization I originally developed it between 2015 and 2018), one day I realize it would be better to run it on Linux.
So, after this former employer had accepted this software to go open source, I have been rewriting everything especially for Linux.
PS2 : As a cybersecurity specialist, you should sensitize your colleagues to the hazardousness of USB devices !
Major update for Decontamine_Linux
Major update for Decontamine_Linux.
I made some improvements since January.
Here are the big changes :
This example shows that all the tools have detected 4 viruses.
I made some improvements since January.
Here are the big changes :
- multithreading scans (all tools scan at the same time)
- viruses found will be displayed in a table at the end of the scan
- user will be prompt to remove viruses at the end of the scan
- rename modules, functions, variables, etc. according PEP8 convention
- code cleaning
- fully unmount and eject/power-off all type of devices at the end of the scan
| virus_num | virus_name | virus_type | ['ClamAV', 'F-Secure', 'Sophos'] |
|---|---|---|---|
| 1 | /media/dev/testkey/eicartestfile | Clamav.Test.File-7 | ['X', 'X', 'X'] |
| 2 | /media/dev/testkey/virusTest | Clamav.Test.File-7 | ['X', 'X', 'X'] |
| 3 | /media/dev/testkey/boot/zerrgzzazfb | Clamav.Test.File-7 | ['X', 'X', 'X'] |
| 4 | /media/dev/testkey/boot/gfdFFezf | Clamav.Test.File-7 | ['X', 'X', 'X'] |