Simple IIS Security Check Tool
<# .SYNOPSIS Simple IIS Security Check Tool .DESCRIPTION This script performs basic security checks on an IIS server. It is for educational purposes only and should only be used on systems you own or have explicit permission to test. .NOTES File Name : SimpleIISSecurityCheck.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, administrator rights, and proper authorization Version : 1.0 Date : [Current Date] .EXAMPLE .\SimpleIISSecurityCheck.ps1 #> # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\IIS_Security_Check_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" $global:targetServer = "localhost" # Default to local machine function Show-Menu { Clear-Host Write-Host "=== Simple IIS Security Check Tool ===" -ForegroundColor Cyan Write-Host "Target Server: $global:targetServer" Write-Host "1. Set Target Server" Write-Host "2. Check IIS Version" Write-Host "3. Enumerate Web Sites" Write-Host "4. Check for Default Web Pages" Write-Host "5. Check Directory Browsing" Write-Host "6. Check HTTP Response Headers" Write-Host "7. Check SSL/TLS Configuration" Write-Host "8. Generate HTML Report" Write-Host "9. Exit" } function Set-TargetServer { $server = Read-Host "Enter the target server name or IP (or press Enter for localhost)" if ([string]::IsNullOrWhiteSpace($server)) { $global:targetServer = "localhost" } else { $global:targetServer = $server } Write-Host "Target server set to: $global:targetServer" -ForegroundColor Green } function Check-IISVersion { Write-Host "`nChecking IIS Version..." -ForegroundColor Yellow try { $iisVersion = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { Get-ItemProperty HKLM:\SOFTWARE\Microsoft\InetStp\ | Select-Object MajorVersion, MinorVersion } $version = "$($iisVersion.MajorVersion).$($iisVersion.MinorVersion)" Write-Host "IIS Version: $version" -ForegroundColor Green return $version } catch { Write-Host "Error checking IIS version: $_" -ForegroundColor Red return "Error" } } function Enumerate-WebSites { Write-Host "`nEnumerating Web Sites..." -ForegroundColor Yellow try { $sites = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { Import-Module WebAdministration Get-Website | Select-Object Name, ID, State, PhysicalPath, Bindings } $sites | Format-Table -AutoSize return $sites } catch { Write-Host "Error enumerating web sites: $_" -ForegroundColor Red return $null } } function Check-DefaultWebPages { Write-Host "`nChecking for Default Web Pages..." -ForegroundColor Yellow $defaultPages = @("iisstart.htm", "default.aspx", "index.html", "index.htm") $results = @() $sites = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { Import-Module WebAdministration Get-Website | Select-Object Name, PhysicalPath } foreach ($site in $sites) { foreach ($page in $defaultPages) { $path = Join-Path $site.PhysicalPath $page $exists = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { param($path) Test-Path $path } -ArgumentList $path if ($exists) { $results += [PSCustomObject]@{ Site = $site.Name DefaultPage = $page Exists = $true } } } } if ($results.Count -eq 0) { Write-Host "No default pages found." -ForegroundColor Green } else { $results | Format-Table -AutoSize } return $results } function Check-DirectoryBrowsing { Write-Host "`nChecking Directory Browsing..." -ForegroundColor Yellow try { $dirBrowsing = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { Import-Module WebAdministration Get-WebConfigurationProperty -Filter /system.webServer/directoryBrowse -Name enabled -PSPath 'IIS:\' } if ($dirBrowsing.Value) { Write-Host "Directory Browsing is enabled" -ForegroundColor Red } else { Write-Host "Directory Browsing is disabled" -ForegroundColor Green } return $dirBrowsing.Value } catch { Write-Host "Error checking directory browsing: $_" -ForegroundColor Red return $null } } function Check-HTTPResponseHeaders { Write-Host "`nChecking HTTP Response Headers..." -ForegroundColor Yellow try { $headers = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { Import-Module WebAdministration Get-WebConfigurationProperty -Filter /system.webServer/httpProtocol/customHeaders -Name . -PSPath 'IIS:\' } $headers | Format-Table -AutoSize return $headers } catch { Write-Host "Error checking HTTP response headers: $_" -ForegroundColor Red return $null } } function Check-SSLTLSConfiguration { Write-Host "`nChecking SSL/TLS Configuration..." -ForegroundColor Yellow try { $sslSettings = Invoke-Command -ComputerName $global:targetServer -ScriptBlock { $protocols = @("SSL 2.0", "SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2") $results = @{} foreach ($protocol in $protocols) { $clientPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client" $serverPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server" $clientEnabled = (Get-ItemProperty -Path $clientPath -Name "Enabled" -ErrorAction SilentlyContinue).Enabled $serverEnabled = (Get-ItemProperty -Path $serverPath -Name "Enabled" -ErrorAction SilentlyContinue).Enabled $results[$protocol] = @{ "ClientEnabled" = if ($clientEnabled -eq 1) { "Enabled" } elseif ($clientEnabled -eq 0) { "Disabled" } else { "Not Configured" } "ServerEnabled" = if ($serverEnabled -eq 1) { "Enabled" } elseif ($serverEnabled -eq 0) { "Disabled" } else { "Not Configured" } } } return $results } $sslSettings | Format-Table -AutoSize return $sslSettings } catch { Write-Host "Error checking SSL/TLS configuration: $_" -ForegroundColor Red return $null } } function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>IIS Security Check Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } .warning { color: orange; } .critical { color: red; } </style> </head> <body> <h1>IIS Security Check Report</h1> <p>Generated on: $(Get-Date)</p> <p>Target Server: $global:targetServer</p> <h2>IIS Version</h2> <p>$($AllResults.IISVersion)</p> <h2>Web Sites</h2> $($AllResults.WebSites | ConvertTo-Html -Fragment) <h2>Default Web Pages</h2> $($AllResults.DefaultPages | ConvertTo-Html -Fragment) <h2>Directory Browsing</h2> <p>$(if ($AllResults.DirectoryBrowsing) { '<span class="critical">Enabled</span>' } else { '<span class="warning">Disabled</span>' })</p> <h2>HTTP Response Headers</h2> $($AllResults.HTTPHeaders | ConvertTo-Html -Fragment) <h2>SSL/TLS Configuration</h2> $($AllResults.SSLTLSConfig | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-9)" switch ($choice) { "1" { Set-TargetServer } "2" { $allResults.IISVersion = Check-IISVersion } "3" { $allResults.WebSites = Enumerate-WebSites } "4" { $allResults.DefaultPages = Check-DefaultWebPages } "5" { $allResults.DirectoryBrowsing = Check-DirectoryBrowsing } "6" { $allResults.HTTPHeaders = Check-HTTPResponseHeaders } "7" { $allResults.SSLTLSConfig = Check-SSLTLSConfiguration } "8" { Generate-HTMLReport -AllResults $allResults } "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "9") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "9")
This Simple IIS Security Check Tool includes:
- A menu-driven interface for easy navigation.
- Functions to perform basic security checks on an IIS server:
- IIS version check
- Web site enumeration
- Default web page detection
- Directory browsing check
- HTTP response header analysis
- SSL/TLS configuration check
- Option to set a target server (local or remote)
- HTML report generation for easy sharing and viewing of results
Key features:
- Basic enumeration of IIS configuration
- Detection of potentially risky settings like enabled directory browsing
- Analysis of SSL/TLS protocols in use
- Identification of default web pages that should be removed in production
Important notes:
- This tool is for educational purposes only and should not be used for actual penetration testing without proper authorization.
- It performs only basic checks and is not a comprehensive security assessment tool.
- Always ensure you have explicit permission before running any security checks on systems you don’t own.
- Some checks may require administrator privileges on the target server.
- Use this tool responsibly and ethically.
To use this script:
- Run PowerShell as an administrator
- Ensure you have the necessary permissions on the target server
- Use caution when testing on production systems
Remember, this is a simple tool for educational purposes. Real penetration testing and security assessments should be performed by trained professionals using comprehensive, up-to-date tools and methodologies.
Leave a Reply
Want to join the discussion?Feel free to contribute!