Windows Firewall Analyzer Tool – Target Computer

<#
.SYNOPSIS
Windows Firewall Analyzer Tool

.DESCRIPTION
This script analyzes and audits Windows Firewall configurations, rules, and profiles
on local or remote Windows systems. It provides insights into firewall settings,
rule configurations, and potential security issues.

.NOTES
File Name      : WindowsFirewallAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, administrator rights
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\WindowsFirewallAnalyzer.ps1
#>

# Import required module
Import-Module NetSecurity

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\Windows_Firewall_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"
$global:targetComputer = $env:COMPUTERNAME

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Windows Firewall Analyzer Tool ===" -ForegroundColor Cyan
    Write-Host "Current Target: $global:targetComputer"
    Write-Host "1. Set Target Computer"
    Write-Host "2. Analyze Firewall Profiles"
    Write-Host "3. Review Inbound Rules"
    Write-Host "4. Review Outbound Rules"
    Write-Host "5. Check for Potentially Risky Rules"
    Write-Host "6. Analyze Rule Applications"
    Write-Host "7. Check Firewall Logging Settings"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Sets the target computer for analysis.
#>
function Set-TargetComputer {
    $computer = Read-Host "Enter the name of the target computer (or press Enter for local machine)"
    if ([string]::IsNullOrWhiteSpace($computer)) {
        $global:targetComputer = $env:COMPUTERNAME
    } else {
        $global:targetComputer = $computer
    }
    Write-Host "Target computer set to: $global:targetComputer" -ForegroundColor Green
}

<#
.SYNOPSIS
Analyzes Firewall Profiles.

.OUTPUTS
Array of PSObjects containing firewall profile details.
#>
function Analyze-FirewallProfiles {
    Write-Host "`nAnalyzing Firewall Profiles..." -ForegroundColor Yellow
    $profiles = Get-NetFirewallProfile -CimSession $global:targetComputer
    $results = @()
    foreach ($profile in $profiles) {
        $results += [PSCustomObject]@{
            Name = $profile.Name
            Enabled = $profile.Enabled
            DefaultInboundAction = $profile.DefaultInboundAction
            DefaultOutboundAction = $profile.DefaultOutboundAction
            AllowInboundRules = $profile.AllowInboundRules
            AllowLocalFirewallRules = $profile.AllowLocalFirewallRules
            AllowLocalIPsecRules = $profile.AllowLocalIPsecRules
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Reviews Inbound Rules.

.OUTPUTS
Array of PSObjects containing inbound rule details.
#>
function Review-InboundRules {
    Write-Host "`nReviewing Inbound Rules..." -ForegroundColor Yellow
    $rules = Get-NetFirewallRule -CimSession $global:targetComputer | Where-Object { $_.Direction -eq "Inbound" }
    $results = @()
    foreach ($rule in $rules) {
        $results += [PSCustomObject]@{
            Name = $rule.Name
            DisplayName = $rule.DisplayName
            Enabled = $rule.Enabled
            Action = $rule.Action
            Profile = $rule.Profile
            Protocol = (Get-NetFirewallPortFilter -AssociatedNetFirewallRule $rule).Protocol
            LocalPort = (Get-NetFirewallPortFilter -AssociatedNetFirewallRule $rule).LocalPort -join ", "
            RemoteAddress = (Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $rule).RemoteAddress -join ", "
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Reviews Outbound Rules.

.OUTPUTS
Array of PSObjects containing outbound rule details.
#>
function Review-OutboundRules {
    Write-Host "`nReviewing Outbound Rules..." -ForegroundColor Yellow
    $rules = Get-NetFirewallRule -CimSession $global:targetComputer | Where-Object { $_.Direction -eq "Outbound" }
    $results = @()
    foreach ($rule in $rules) {
        $results += [PSCustomObject]@{
            Name = $rule.Name
            DisplayName = $rule.DisplayName
            Enabled = $rule.Enabled
            Action = $rule.Action
            Profile = $rule.Profile
            Protocol = (Get-NetFirewallPortFilter -AssociatedNetFirewallRule $rule).Protocol
            RemotePort = (Get-NetFirewallPortFilter -AssociatedNetFirewallRule $rule).RemotePort -join ", "
            RemoteAddress = (Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $rule).RemoteAddress -join ", "
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Checks for Potentially Risky Rules.

.OUTPUTS
Array of PSObjects containing potentially risky rule details.
#>
function Check-PotentiallyRiskyRules {
    Write-Host "`nChecking for Potentially Risky Rules..." -ForegroundColor Yellow
    $rules = Get-NetFirewallRule -CimSession $global:targetComputer
    $results = @()
    foreach ($rule in $rules) {
        $isRisky = $false
        $riskFactors = @()

        if ($rule.Enabled -and $rule.Action -eq "Allow" -and $rule.Direction -eq "Inbound") {
            $portFilter = Get-NetFirewallPortFilter -AssociatedNetFirewallRule $rule
            $addressFilter = Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $rule

            if ($portFilter.LocalPort -contains "Any" -or $portFilter.LocalPort -contains "*") {
                $isRisky = $true
                $riskFactors += "Allows any port"
            }
            if ($addressFilter.RemoteAddress -contains "Any" -or $addressFilter.RemoteAddress -contains "*") {
                $isRisky = $true
                $riskFactors += "Allows any remote address"
            }
        }

        if ($isRisky) {
            $results += [PSCustomObject]@{
                Name = $rule.Name
                DisplayName = $rule.DisplayName
                Direction = $rule.Direction
                Action = $rule.Action
                RiskFactors = $riskFactors -join ", "
            }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Analyzes Rule Applications.

.OUTPUTS
Array of PSObjects containing rule application details.
#>
function Analyze-RuleApplications {
    Write-Host "`nAnalyzing Rule Applications..." -ForegroundColor Yellow
    $rules = Get-NetFirewallRule -CimSession $global:targetComputer
    $results = @()
    foreach ($rule in $rules) {
        $appFilter = Get-NetFirewallApplicationFilter -AssociatedNetFirewallRule $rule
        if ($appFilter.Program -and $appFilter.Program -ne "Any") {
            $results += [PSCustomObject]@{
                RuleName = $rule.Name
                DisplayName = $rule.DisplayName
                Application = $appFilter.Program
                Enabled = $rule.Enabled
                Direction = $rule.Direction
                Action = $rule.Action
            }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Checks Firewall Logging Settings.

.OUTPUTS
PSObject containing firewall logging settings.
#>
function Check-FirewallLoggingSettings {
    Write-Host "`nChecking Firewall Logging Settings..." -ForegroundColor Yellow
    $profiles = Get-NetFirewallProfile -CimSession $global:targetComputer
    $results = @()
    foreach ($profile in $profiles) {
        $results += [PSCustomObject]@{
            ProfileName = $profile.Name
            LogAllowed = $profile.LogAllowed
            LogBlocked = $profile.LogBlocked
            LogIgnored = $profile.LogIgnored
            LogFileName = $profile.LogFileName
            LogMaxSizeKilobytes = $profile.LogMaxSizeKilobytes
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Windows Firewall Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Windows Firewall Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>
    <p>Target Computer: $global:targetComputer</p>

    <h2>Firewall Profiles</h2>
    $($AllResults.FirewallProfiles | ConvertTo-Html -Fragment)

    <h2>Inbound Rules</h2>
    $($AllResults.InboundRules | ConvertTo-Html -Fragment)

    <h2>Outbound Rules</h2>
    $($AllResults.OutboundRules | ConvertTo-Html -Fragment)

    <h2>Potentially Risky Rules</h2>
    $($AllResults.RiskyRules | ConvertTo-Html -Fragment)

    <h2>Rule Applications</h2>
    $($AllResults.RuleApplications | ConvertTo-Html -Fragment)

    <h2>Firewall Logging Settings</h2>
    $($AllResults.LoggingSettings | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { Set-TargetComputer }
        "2" { $allResults.FirewallProfiles = Analyze-FirewallProfiles }
        "3" { $allResults.InboundRules = Review-InboundRules }
        "4" { $allResults.OutboundRules = Review-OutboundRules }
        "5" { $allResults.RiskyRules = Check-PotentiallyRiskyRules }
        "6" { $allResults.RuleApplications = Analyze-RuleApplications }
        "7" { $allResults.LoggingSettings = Check-FirewallLoggingSettings }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Windows Firewall Analyzer Tool includes:

1. A menu-driven interface for easy navigation.
2. Functions to analyze various aspects of Windows Firewall:
   • Analysis of Firewall Profiles
   • Review of Inbound Rules
   • Review of Outbound Rules
   • Check for Potentially Risky Rules
   • Analysis of Rule Applications
   • Check Firewall Logging Settings
3. Ability to set a target computer for remote analysis.
4. Comprehensive error handling for each analysis function.
5. A function to generate an HTML report of all collected data.

Key features:

• Detailed analysis of Windows Firewall profiles and their settings
• Comprehensive review of inbound and outbound firewall rules
• Identification of potentially risky firewall rules
• Analysis of application-specific firewall rules
• Review of firewall logging settings
• Support for local and remote firewall analysis
• Comprehensive HTML report generation

This tool is particularly useful for:

• System administrators managing Windows Firewall configurations
• Security professionals auditing firewall settings
• IT professionals troubleshooting firewall-related issues
• Network administrators reviewing firewall rules across multiple systems

To use this script effectively:

1. Run PowerShell as an administrator
2. Ensure you have the necessary permissions to access firewall settings (local or remote)
3. Have the NetSecurity module available (typically included in Windows by default)

This script provides a comprehensive overview of Windows Firewall configurations, making it easier to audit and maintain firewall settings, identify potential security issues, and ensure the proper configuration of firewall rules across Windows systems.