diff options
| -rw-r--r-- | AD-powershell-tools/README.md | 1 | ||||
| -rw-r--r-- | AD-powershell-tools/ad-user-report.ps1 | 18 | ||||
| -rw-r--r-- | AD-powershell-tools/bulk-disable.ps1 | 10 | ||||
| -rw-r--r-- | AD-powershell-tools/bulk-reactivate.ps1 | 9 | ||||
| -rw-r--r-- | AD-powershell-tools/bulk-reset.ps1 | 24 | ||||
| -rw-r--r-- | AD-powershell-tools/inactive-ad-device-report.ps1 | 57 | ||||
| -rw-r--r-- | AD-powershell-tools/test-ad-credentials.ps1 | 47 | ||||
| -rw-r--r-- | README.md | 5 | ||||
| -rw-r--r-- | bitwarden-tools/README.md | 2 | ||||
| -rw-r--r-- | bitwarden-tools/bit2pass.py | 44 | ||||
| -rw-r--r-- | discord/README.md | 10 | ||||
| -rwxr-xr-x | discord/discord_alert.py | 48 |
12 files changed, 274 insertions, 1 deletions
diff --git a/AD-powershell-tools/README.md b/AD-powershell-tools/README.md new file mode 100644 index 0000000..97f35cd --- /dev/null +++ b/AD-powershell-tools/README.md @@ -0,0 +1 @@ +Some AD convenience scripts diff --git a/AD-powershell-tools/ad-user-report.ps1 b/AD-powershell-tools/ad-user-report.ps1 new file mode 100644 index 0000000..954a34a --- /dev/null +++ b/AD-powershell-tools/ad-user-report.ps1 @@ -0,0 +1,18 @@ +# Simple user report script
+param (
+ [switch]$report
+ )
+
+Import-Module ActiveDirectory
+
+$today=(get-date -Format "yyyy-MM-dd")
+$users = Get-ADUser -filter * | Sort-Object name
+
+if($report) {
+ $fn = "users-$today.csv"
+ $users | export-csv .\$fn
+ [Console]::Error.WriteLine("Saved result list to $fn")
+} else {
+ [Console]::Error.WriteLine("Writing device list to stdout")
+ write-output $users
+}
diff --git a/AD-powershell-tools/bulk-disable.ps1 b/AD-powershell-tools/bulk-disable.ps1 new file mode 100644 index 0000000..e1fd180 --- /dev/null +++ b/AD-powershell-tools/bulk-disable.ps1 @@ -0,0 +1,10 @@ +# Import users from CSV and disable them
+
+Import-Module ActiveDirectory
+
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ Disable-ADAccount -Identity $user
+ Write-Host $user"'s account has been fully disabled"
+}
diff --git a/AD-powershell-tools/bulk-reactivate.ps1 b/AD-powershell-tools/bulk-reactivate.ps1 new file mode 100644 index 0000000..e287aea --- /dev/null +++ b/AD-powershell-tools/bulk-reactivate.ps1 @@ -0,0 +1,9 @@ +Import-Module ActiveDirectory
+
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ Enable-ADAccount -Identity $user
+
+ Write-Host $user"'s account has been re-enabled"
+}
diff --git a/AD-powershell-tools/bulk-reset.ps1 b/AD-powershell-tools/bulk-reset.ps1 new file mode 100644 index 0000000..e66aad6 --- /dev/null +++ b/AD-powershell-tools/bulk-reset.ps1 @@ -0,0 +1,24 @@ +Import-Module ActiveDirectory
+
+function Gen-Random-Password {
+ $str = ""
+ for ($i = 0; $i -lt 24 ; $i++) {
+ $rand = Get-Random -Minimum 32 -Maximum 127
+ $str += [char]$rand
+ }
+ $newpwd = ConvertTo-SecureString -String [String]$str -AsPlainText -Force
+ return $newpwd
+}
+
+# Import users from CSV
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ $newPassword = Gen-Random-Password
+
+ # Reset user password.
+ Set-ADAccountPassword -Identity $user -NewPassword $newPassword -Reset
+
+ Write-Host $user"'s password has been reset"
+ Write-Host $newPassword
+}
diff --git a/AD-powershell-tools/inactive-ad-device-report.ps1 b/AD-powershell-tools/inactive-ad-device-report.ps1 new file mode 100644 index 0000000..560a534 --- /dev/null +++ b/AD-powershell-tools/inactive-ad-device-report.ps1 @@ -0,0 +1,57 @@ +# PLEASE READ SCRIPT BEFORE RUNNING
+
+# Based largely on https://activedirectorypro.com/find-remove-old-computer-accounts-active-directory/
+# but changed his brack/object syntax to a string query
+
+# Usage
+# \inactive-ad-device-report.ps1 "OU=Workstations,DC=example,DC=com" "dd/MM/yyyy" [-report] [-disable]
+
+# Report and disable are optional switches to print the results to a CSV
+# and disable the computer accounts, respectively
+
+# A cutoff date and a search base, must be provided.
+
+# All computers with Login times before
+# the cutoff date are included in the results of the report
+
+# The search base is an LDAP filter that must (at a minimum) specify
+# your domain controller. And probably an OU you want to search, like:
+#
+# "OU=Workstations,DC=example,DC=com"
+
+# See here for an example: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adcomputer?view=windowsserver2022-ps#example-4--get-computer-accounts-in-a-specific-location-using-an-ldapfilter
+param (
+ [Parameter(Mandatory)][string]$searchbase,
+ [Parameter(Mandatory)][string]$cutoff,
+ [switch]$report,
+ [switch]$disable
+)
+Import-Module ActiveDirectory
+$today=(get-date -Format "yyyy-MM-dd")
+try {
+ $filter = "(LastLogonDate -lt `"$cutoff`") -and (Enabled -eq `"$true`")"
+ $devices = Get-ADcomputer -filter $filter -properties LastLogonDate,Enabled,DistinguishedName `
+ -SearchBase $searchbase `
+ | select name, LastLogonDate, DistinguishedName
+ | sort LastLogonDate
+}
+catch {
+ write-error "Bad input. Usage: '.\inactive-ad-device-report.ps1 `"ldap-filter`" `"dd/MM/yyyy`" [-report] [-disable]'"
+}
+
+if ($disable) {
+ ForEach ($device in $devices) {
+ Set-ADComputer -Identity $device.Name -Enabled $false -Verbose -WhatIf
+ }
+
+ [Console]::Error.WriteLine("All devices disabled")
+}
+
+if($report) {
+ $fn = "old-computers-$today.csv"
+ $devices | export-csv .\$fn
+ [Console]::Error.WriteLine("Saved result list to $fn")
+} else {
+ [Console]::Error.WriteLine("Writing device list to stdout")
+ write-output $devices
+}
diff --git a/AD-powershell-tools/test-ad-credentials.ps1 b/AD-powershell-tools/test-ad-credentials.ps1 new file mode 100644 index 0000000..bd0ba84 --- /dev/null +++ b/AD-powershell-tools/test-ad-credentials.ps1 @@ -0,0 +1,47 @@ +# Adapted from: https://itpro-tips.com/test-ad-authentication-with-powershell/
+# The interesting bit about this one is that it doesn't seem to get logged by AD,
+# so you won't end up with false positives from testing creds
+
+function Test-ADAuthentication {
+ Param(
+ [Parameter(Mandatory)]
+ [string]$User,
+ [Parameter(Mandatory)]
+ $Password,
+ [Parameter(Mandatory = $false)]
+ $Server,
+ [Parameter(Mandatory = $false)]
+ [string]$Domain = $env:USERDOMAIN
+ )
+
+ Add-Type -AssemblyName System.DirectoryServices.AccountManagement
+
+ $contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
+
+ $argumentList = New-Object -TypeName "System.Collections.ArrayList"
+ $null = $argumentList.Add($contextType)
+ $null = $argumentList.Add($Domain)
+
+ if($null -ne $Server){
+ $argumentList.Add($Server)
+ }
+
+ $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $argumentList -ErrorAction SilentlyContinue
+
+ if ($null -eq $principalContext) {
+ Write-Warning "$Domain\$User - AD Authentication failed"
+ }
+
+ if ($principalContext.ValidateCredentials($User, $Password)) {
+ Write-Output "$Domain\$User - AD Authentication OK"
+ }
+ else {
+ Write-Warning "$Domain\$User - AD Authentication failed"
+ }
+}
+
+$csv = Import-Csv $args[0]
+ForEach ($userpass in $csv) {
+ Test-ADAuthentication -User $userpass.user -Password $userpass.password
+}
+
@@ -5,5 +5,8 @@ ### Programs so far
* fhash - intuitive CLI for hashing files
* xls2csv - converts old excel files into a csv format without having to use Excel
-* julia-c - C-based CLI for efficient julia set image rendering because python was too slow.
+* julia-c - C-based CLI for efficient julia set image rendering because python was too slow.
+* AD-powershell-tools - Convenience scripts for managing AD users mostly
+* bitwarden-tools - script to dump bitwarden exports to UNIX pass before I realized Bitwarden had a CLI
+* discord - Discord alerting scripts
diff --git a/bitwarden-tools/README.md b/bitwarden-tools/README.md new file mode 100644 index 0000000..9cb9ded --- /dev/null +++ b/bitwarden-tools/README.md @@ -0,0 +1,2 @@ +(for now) just one script to handle importing Bitwarden data to UNIX +pass diff --git a/bitwarden-tools/bit2pass.py b/bitwarden-tools/bit2pass.py new file mode 100644 index 0000000..bd9fe99 --- /dev/null +++ b/bitwarden-tools/bit2pass.py @@ -0,0 +1,44 @@ +#!/usr/bin/python3 +""" +bit2pass.py - grabs the bare minimum info from a bitwarden JSON export +(unencrypted) to populate a UNIX pass datastore. This assumes you named +your entry and gave it a password, otherwise, this script will yell at +you. + +This does NOT grab notes or usernames. I use pass purely for easy (and +secure) copying of passwords. If I really need the notes, it's probably +not something I'm going to be copying much. I also exclude anything +that's not a login because, well that's what bitwarden's good for... +Don't limit yourself to one tool + + +Usage: +0) (before running) Initialize a pass database: + pass init +1) python bit2pass.py <your-file> +""" +import sys +import subprocess +import json +with open(sys.argv[1]) as f: + data = json.load(f) + +folders = { x['id'] : x['name'] for x in data['folders'] } +passwords = { + folders[x['folderId']] + '/' + x['name'] : + x['login']['password'] + for x in data['items'] + if x['type'] == 1 + } +print(passwords) + +for p in passwords: + echo = subprocess.run(["echo", passwords[p]], + check=True, + capture_output=True + ) + pass2pass = subprocess.run(["pass", "insert", "-e", p], + input=echo.stdout, + capture_output=True + ) + print(pass2pass.stdout) diff --git a/discord/README.md b/discord/README.md new file mode 100644 index 0000000..189bf7d --- /dev/null +++ b/discord/README.md @@ -0,0 +1,10 @@ +Adapted from past discord alerts + +Example usage +```bash +$ echo "Test Alert!" | python discord_alert.py https://url +``` + +https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks + +Be sure to keep your discord webhook private! diff --git a/discord/discord_alert.py b/discord/discord_alert.py new file mode 100755 index 0000000..fc9542c --- /dev/null +++ b/discord/discord_alert.py @@ -0,0 +1,48 @@ +#!/usr/bin/python3 +# Example usage +# echo "Test Alert!" | python discord_alert.py https://url +# https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks + +import sys +import requests +import argparse + + +def send_update(name, msg, discord_webhook): + """ Send a push to discord webhook url""" + formatted = f"⚠️ ALERT {name}\n\n{msg}" + message = { 'content' : formatted } + sys.stderr.write("Sending request.... ") + r = requests.post(url=discord_webhook, data=message) + sys.stderr.write(f"{r.status_code}\n") + +def main(): + parser = argparse.ArgumentParser() + parser.add_argument("-t", "--title", default="") + parser.add_argument("url") + args = parser.parse_args() + + if not args.url: + sys.stderr.write("A webhook url is required\n") + sys.stderr.write("Usage:\n\n") + sys.stderr.write("python discord_alert.py [-t] <title> <url>\n") + sys.exit(1) + + msg = "" + line = input() + while line: + msg += line + try: + line = input() + except EOFError: + break + send_update(args.title, msg, args.url) + + +if __name__ == '__main__': + try: + main() + except KeyboardInterrupt: + sys.stderr.write("User stopped program\n") + sys.exit(0) + |