-
Notifications
You must be signed in to change notification settings - Fork 104
/
Invoke-WebFilterTest.psm1
176 lines (151 loc) · 8.42 KB
/
Invoke-WebFilterTest.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
Function Invoke-WebFilterTest{
# Invoke-WebFilterTest
# Author: scott sutherland
# Description The basic idea is to build out a quick script to check for access to code repositories, file shares, and online clipboards used by common malware.
# Note: This is a very basic PoC. Ideally it would be nice to include common web filter categories and summary data in output. Also, runspaces for larger lists.
# Note: should test access to known blacklisted site
# Note: should test access to uncategorized site
# Note: should test more categories
# Note: Should add a shorter timeout
# Note: Add access test for all window.net and similar MS domains - reference: https://www.netspi.com/blog/technical/cloud-penetration-testing/enumerating-azure-services/
# Example Commands:
<#
# Checks access to default sites, but doesn't authenticate with the current user's credentials
Invoke-WebFilterTest -Verbose
# Checks access to default sites, and authenticates with the current user's credentials
Invoke-WebFilterTest -Verbose -UseCurrentUserContext
# Checks access to default sites, custom sites, and authenticates with the current user's credentials
Invoke-WebFilterTest -Verbose -UseCurrentUserContext -$ListPath c:\temp\urls.txt
# Checks access to default sites, but doesn't authenticate with the current user's credentials
# Writes output to a file
Invoke-WebFilterTest -Verbose | Export-Csv -NoTypeInformation c:\temp\webfiltertest.csv
#>
[CmdletBinding()]
param
(
[string]$ListPath,
[Switch]$UseCurrentUserContext
)
Begin
{
# Create data table for list of block strings
$BlockStrings = new-object System.Data.DataTable
$BlockStrings.Columns.Add("Product") | Out-Null
$BlockStrings.Columns.Add("String") | Out-Null
# Add block strings
$BlockStrings.rows.add("Barracuda","The link you are accessing has been blocked by the Barracuda Web Filter") | Out-Null
$BlockStrings.rows.add("Blue Coat","Blue Coat Systems") | Out-Null
$BlockStrings.rows.add("Blue Coat","Your request was denied because of its content categorization:") | Out-Null
$BlockStrings.rows.add("Web Filter","This page is blocked because it violates network policy") | Out-Null
$BlockStrings.rows.add("FortiGuard","This web page is blocked because it violates network policy.") | Out-Null
$BlockStrings.rows.add("IBoss","Access to the requested site has been restricted due to its contents.") | Out-Null
$BlockStrings.rows.add("SonicWall","This site has been blocked by the network.") | Out-Null
$BlockStrings.rows.add("SonicWall","The site has been blocked by the network") | Out-Null
$BlockStrings.rows.add("UnTangled","This web page is blocked because it violates network policy.") | Out-Null
$BlockStrings.rows.add("Unknown","URL Category Warning Acknowledgement") | Out-Null
$BlockStrings.rows.add("McAfee Web Gateway","McAfee Web Gateway") | Out-Null
$BlockStrings.rows.add("McAfee Web Gateway","This website was blocked because of the site’s category and/or reputation.") | Out-Null
$BlockStrings.rows.add("ZScaler","Internet Security by Zscaler") | Out-Null
$BlockStrings.rows.add("Palo Alto","Blocked Request: URL Policy Violation") | Out-Null
# Create data table for list of target websites
$WebSites = new-object System.Data.DataTable
$WebSites.Columns.Add("URL") | Out-Null
# Add target websites
$WebSites.rows.add("https://bitbucket.org/") | Out-Null
$WebSites.rows.add("https://pastebin.com/") | Out-Null
$WebSites.rows.add("https://github.com/") | Out-Null
$WebSites.rows.add("https://www.dropbox.com") | Out-Null
$WebSites.rows.add("https://www.mediafire.com/") | Out-Null
$WebSites.rows.add("http://www.4shared.com/") | Out-Null
$WebSites.rows.add("https://www.google.com/drive/") | Out-Null
$WebSites.rows.add("https://onedrive.live.com/") | Out-Null
$WebSites.rows.add("https://www.icloud.com/") | Out-Null
$WebSites.rows.add("http://box.com") | Out-Null
$WebSites.rows.add("http://www.zippyshare.com/") | Out-Null
$WebSites.rows.add("http://uploaded.net/") | Out-Null
$WebSites.rows.add("https://www.sendspace.com/") | Out-Null
$WebSites.rows.add("http://www.filecrop.com/") | Out-Null
$WebSites.rows.add("http://pastebin.com/") | Out-Null
$WebSites.rows.add("http://www.filedropper.com/") | Out-Null
$WebSites.rows.add("http://FriendPaste.com") | Out-Null
$WebSites.rows.add("http://CopyTaste.com")| Out-Null
$WebSites.rows.add("http://Cl1p.net")| Out-Null
$WebSites.rows.add("http://ShortText.com")| Out-Null
$WebSites.rows.add("http://TextSave.de")| Out-Null
$WebSites.rows.add("http://TextSnip.com")| Out-Null
$WebSites.rows.add("http://TxtB.in")| Out-Null
$WebSites.rows.add("https://raw.githubusercontent.com/NetSPI/PowerShell/master/Invoke-WebFilterTest.psm1") | Out-Null
$WebSites.rows.add("https://gist.githubusercontent.com/nullbind/75a8fa02ba8d0a6f028cfb21c300e1e2/raw/0319cabbbd69c7bbd013850f1bc65188986b4636/MiniPowerUpSQL.psm1") | Out-Null
# Check for target websites from provide file path
If ($ListPath){
if (Test-Path $ListPath){
Write-Verbose "Path is valid."
Get-Content $ListPath |
ForEach-Object {
$WebSites.rows.add($_) | Out-Null
}
}else{
Write-Verbose "List path is invalid."
}
}
# Print count of target websites
$WebSiteCount = $WebSites | Measure-Object -Line | Select-Object Lines -ExpandProperty Lines
Write-Verbose "Testing access to $WebSiteCount websites..."
# Create data table results
$ResultsTbl = new-object System.Data.DataTable
$ResultsTbl.Columns.Add("WebSite") | Out-Null
$ResultsTbl.Columns.Add("Accessible") | Out-Null
$ResultsTbl.Columns.Add("WebFilter") | Out-Null
}
Process
{
# Setup http handler
$HTTP_Handle = New-Object net.webclient
# Check for website access
$WebSiteCount2 = $WebSiteCount + 1
$WebSites |
ForEach-Object {
$WebSiteCount2 = $WebSiteCount2 - 1
$CurrentUrl = $_.URL
$Block = 0
try {
# Enable passthrough authentication to authenticate to the proxy using your current user context;)
if($UseCurrentUserContext)
{
$HTTP_Handle.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
}
# Reduce ssl requirements
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Send HTTP request and get results
$Results = $HTTP_Handle.DownloadString("$CurrentUrl")
# Check for blocks
$BlockStrings |
ForEach-Object {
$CurrentBlockString = $_.String
$WebFilterProduct = $_.Product
if($Results -like "*$CurrentBlockString*"){
Write-Verbose "$WebSiteCount2 of $WebSiteCount - Status: Blocked ($WebFilterProduct) $CurrentUrl"
$ResultsTbl.Rows.Add($CurrentUrl,"No","$WebFilterProduct") | Out-Null
$Block = 1
}
}
# Check for access
if($Block -eq 0){
Write-Verbose "$WebSiteCount2 of $WebSiteCount - Status: Allowed $CurrentUrl"
$ResultsTbl.Rows.Add($CurrentUrl,"Yes","NA") | Out-Null
return
}
}catch{
$ErrorMessage = $_.Exception.Message
Write-Verbose "$WebSiteCount2 of $WebSiteCount - Status: Request Failed - $ErrorMessage - $CurrentUrl"
$ResultsTbl.Rows.Add($CurrentUrl,"Request Failed","NA") | Out-Null
}
}
}
End
{
# Return table with results
$ResultsTbl
}
}