winspect is a part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that that need further hardening. The main targets for the script are domain-joined windows machines. However, some of the functions can also be invoked for standalone workstations.
+ Gets domain users and groups with local group membership.
+ Given a specific ADSI group object, it checks whether it is a local or domain group and looks fro its members.
+ Checks current configuration of User Account Control.
+ Checks DLL Search mode and inspects permissions for directories in user and system %PATH% .
+ Gets services whose binaries are writable by current user.
+ Looks for services with unquoted path vulnerability.
+ Gets all services that the current user can configure.
+ Looks for autoruns specified in different places in the registry.
git clone https://github.com/A-mIn3/WINspect && cd WINspect
Set-ExecutionPolicy Unrestricted -force