Best Python code snippet using avocado_python
Windows_GUI.py
Source:Windows_GUI.py
1import tkinter as tk2from tkinter import ttk3from tkinter.ttk import *4import pyfiglet5import fileinput6import time7from parse import *8import winrm910#module for patch scan11import os12import subprocess as sp1314#module for port scan15import sys16import socket17from datetime import datetime18import shutil1920from tkinter import *2122# ==== Vars ====23basicRes = []24log = []25target = 'localhost'262728def basic():29 host = IP.get()30 domain = Domain.get()31 user = username.get()32 password = passwd.get()33 34 session = winrm.Session(host, auth=('{}@{}' .format(user ,domain), password), transport='ntlm') 35 36 import time37 import configparser38 config = configparser.ConfigParser()39 time = time.strftime("%Y_%m_%d-%I_%M_%S_%p")40 timestr = time + " Basic Windows Settings.ini"41 42 def complexity():43 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object ComplexityEnabled')44 p_output = str(p.std_out)45 p_output = p_output.replace("b\'", "")46 p_output = p_output.replace("\\r", "")47 p_output = p_output.replace("\\n", "")48 p_output = p_output.replace("\'", "")49 p_output = p_output.replace(" ", "")50 p_output = p_output.replace("-----------------", "-")51 p_list = p_output.split("-")52 53 p_dict = dict([p_list])54 config['complexity'] = p_dict55 56 def maxpassage():57 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object MaxPasswordAge')58 p_output = str(p.std_out)59 p_output = p_output.replace("b\'", "")60 p_output = p_output.replace("\\r", "")61 p_output = p_output.replace("\\n", "")62 p_output = p_output.replace("\'", "")63 p_output = p_output.replace(" ", "")64 p_output = p_output.replace("--------------", "-")65 p_list = p_output.split("-")66 67 p_dict = dict([p_list])68 config['maxpage'] = p_dict6970 def minpassage():71 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object MinPasswordAge')72 p_output = str(p.std_out)73 p_output = p_output.replace("b\'", "")74 p_output = p_output.replace("\\r", "")75 p_output = p_output.replace("\\n", "")76 p_output = p_output.replace("\'", "")77 p_output = p_output.replace(" ", "")78 p_output = p_output.replace("--------------", "-")79 p_list = p_output.split("-")80 81 p_dict = dict([p_list])82 config['minpage'] = p_dict83 84 def minplength():85 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object MinPasswordLength')86 p_output = str(p.std_out)87 p_output = p_output.replace("b\'", "")88 p_output = p_output.replace("\\r", "")89 p_output = p_output.replace("\\n", "")90 p_output = p_output.replace("\'", "")91 p_output = p_output.replace(" ", "")92 p_output = p_output.replace("-----------------", "-")93 p_list = p_output.split("-")94 95 p_dict = dict([p_list])96 config['minplength'] = p_dict97 98 def phistorycount():99 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object PasswordHistoryCount')100 p_output = str(p.std_out)101 p_output = p_output.replace("b\'", "")102 p_output = p_output.replace("\\r", "")103 p_output = p_output.replace("\\n", "")104 p_output = p_output.replace("\'", "")105 p_output = p_output.replace(" ", "")106 p_output = p_output.replace("--------------------", "-")107 p_list = p_output.split("-")108 109 p_dict = dict([p_list])110 config['phistorycount'] = p_dict 111 112 def reverseencrypt():113 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object ReversibleEncryptionEnabled')114 p_output = str(p.std_out)115 p_output = p_output.replace("b\'", "")116 p_output = p_output.replace("\\r", "")117 p_output = p_output.replace("\\n", "")118 p_output = p_output.replace("\'", "")119 p_output = p_output.replace(" ", "")120 p_output = p_output.replace("---------------------------", "-")121 p_list = p_output.split("-")122 123 p_dict = dict([p_list])124 config['reverseencrypt'] = p_dict 125 126 def lockoutduration():127 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutDuration')128 p_output = str(p.std_out)129 p_output = p_output.replace("b\'", "")130 p_output = p_output.replace("\\r", "")131 p_output = p_output.replace("\\n", "")132 p_output = p_output.replace("\'", "")133 p_output = p_output.replace(" ", "")134 p_output = p_output.replace("---------------", "-")135 p_list = p_output.split("-")136 137 p_dict = dict([p_list])138 config['lockouttime'] = p_dict139 140 def lockoutobserve():141 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutObservationWindow')142 p_output = str(p.std_out)143 p_output = p_output.replace("b\'", "")144 p_output = p_output.replace("\\r", "")145 p_output = p_output.replace("\\n", "")146 p_output = p_output.replace("\'", "")147 p_output = p_output.replace(" ", "")148 p_output = p_output.replace("------------------------", "-")149 p_list = p_output.split("-")150 151 p_dict = dict([p_list])152 config['lockoutobservetime'] = p_dict153 154 def lockoutcount():155 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutThreshold')156 p_output = str(p.std_out)157 p_output = p_output.replace("b\'", "")158 p_output = p_output.replace("\\r", "")159 p_output = p_output.replace("\\n", "")160 p_output = p_output.replace("\'", "")161 p_output = p_output.replace(" ", "")162 p_output = p_output.replace("----------------", "-")163 p_list = p_output.split("-")164 165 p_dict = dict([p_list])166 config['lockoutthreshold'] = p_dict 167 168 def limitpass():169 p = session.run_ps('Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "LimitBlankPasswordUse" | Select-Object LimitBlankPasswordUse')170 p_output = str(p.std_out)171 p_output = p_output.replace("b\'", "")172 p_output = p_output.replace("\\r", "")173 p_output = p_output.replace("\\n", "")174 p_output = p_output.replace("\'", "")175 p_output = p_output.replace(" ", "")176 p_output = p_output.replace("---------------------", "-")177 p_list = p_output.split("-")178 179 p_dict = dict([p_list])180 config['limitpass'] = p_dict181 182 def crashonaudit():183 p = session.run_ps('Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "CrashOnAuditFail" | Select-Object CrashOnAuditFail')184 p_output = str(p.std_out)185 p_output = p_output.replace("b\'", "")186 p_output = p_output.replace("\\r", "")187 p_output = p_output.replace("\\n", "")188 p_output = p_output.replace("\'", "")189 p_output = p_output.replace(" ", "")190 p_output = p_output.replace("----------------", "-")191 p_list = p_output.split("-")192 193 p_dict = dict([p_list])194 config['crashonaudit'] = p_dict195 196 def disablecad():197 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "DisableCAD" | Select-Object DisableCAD')198 p_output = str(p.std_out)199 p_output = p_output.replace("b\'", "")200 p_output = p_output.replace("\\r", "")201 p_output = p_output.replace("\\n", "")202 p_output = p_output.replace("\'", "")203 p_output = p_output.replace(" ", "")204 p_output = p_output.replace("----------", "-")205 p_list = p_output.split("-")206 207 p_dict = dict([p_list])208 config['disablecad'] = p_dict209 210 def nousername():211 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "DontDisplayLastUserName" | Select-Object DontDisplayLastUserName')212 p_output = str(p.std_out)213 p_output = p_output.replace("b\'", "")214 p_output = p_output.replace("\\r", "")215 p_output = p_output.replace("\\n", "")216 p_output = p_output.replace("\'", "")217 p_output = p_output.replace(" ", "")218 p_output = p_output.replace("-----------------------", "-")219 p_list = p_output.split("-")220 221 p_dict = dict([p_list])222 config['nousername'] = p_dict223 224 def legaltext():225 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "LegalNoticeText" | Select-Object LegalNoticeText')226 p_output = str(p.std_out)227 p_output = p_output.replace("b\'", "")228 p_output = p_output.replace("\\r", "")229 p_output = p_output.replace("\\n", "")230 p_output = p_output.replace("\'", "")231 p_output = p_output.replace(" ", "")232 p_output = p_output.replace("\x00", "")233 p_output = p_output.replace("---------------", "-")234 p_list = p_output.split("-")235 236 p_dict = dict([p_list])237 config['legaltext'] = p_dict 238 239 def legalcaption():240 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "LegalNoticeCaption" | Select-Object LegalNoticeCaption')241 p_output = str(p.std_out)242 p_output = p_output.replace("b\'", "")243 p_output = p_output.replace("\\r", "")244 p_output = p_output.replace("\\n", "")245 p_output = p_output.replace("\'", "")246 p_output = p_output.replace(" ", "")247 p_output = p_output.replace("------------------", "-")248 p_list = p_output.split("-")249 250 p_dict = dict([p_list])251 config['legalcaption'] = p_dict 252253 254 def securitysig():255 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -Name "RequireSecuritySignature" | Select-Object RequireSecuritySignature')256 p_output = str(p.std_out)257 p_output = p_output.replace("b\'", "")258 p_output = p_output.replace("\\r", "")259 p_output = p_output.replace("\\n", "")260 p_output = p_output.replace("\'", "")261 p_output = p_output.replace(" ", "")262 p_output = p_output.replace("------------------------", "-")263 p_list = p_output.split("-") 264 265 p_dict = dict([p_list])266 config['securitysig'] = p_dict267 268 def enablesecuritysig():269 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -Name "EnableSecuritySignature" | Select-Object EnableSecuritySignature')270 p_output = str(p.std_out)271 p_output = p_output.replace("b\'", "")272 p_output = p_output.replace("\\r", "")273 p_output = p_output.replace("\\n", "")274 p_output = p_output.replace("\'", "")275 p_output = p_output.replace(" ", "")276 p_output = p_output.replace("-----------------------", "-")277 p_list = p_output.split("-")278 279 p_dict = dict([p_list])280 config['enablesecuritysig'] = p_dict281 282 def enableplainpass():283 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -Name "EnablePlainTextPassword" | Select-Object EnablePlainTextPassword')284 p_output = str(p.std_out)285 p_output = p_output.replace("b\'", "")286 p_output = p_output.replace("\\r", "")287 p_output = p_output.replace("\\n", "")288 p_output = p_output.replace("\'", "")289 p_output = p_output.replace(" ", "")290 p_output = p_output.replace("-----------------------", "-")291 p_list = p_output.split("-") 292 293 p_dict = dict([p_list])294 config['enablesplainpass'] = p_dict295 296 def serverautodisconnect():297 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "AutoDisconnect" | Select-Object AutoDisconnect')298 p_output = str(p.std_out)299 p_output = p_output.replace("b\'", "")300 p_output = p_output.replace("\\r", "")301 p_output = p_output.replace("\\n", "")302 p_output = p_output.replace("\'", "")303 p_output = p_output.replace(" ", "")304 p_output = p_output.replace("--------------", "-")305 p_list = p_output.split("-") 306 307 p_dict = dict([p_list])308 config['serverautodisconnect'] = p_dict309 310 def serversecuritysig():311 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "RequireSecuritySignature" | Select-Object RequireSecuritySignature')312 p_output = str(p.std_out)313 p_output = p_output.replace("b\'", "")314 p_output = p_output.replace("\\r", "")315 p_output = p_output.replace("\\n", "")316 p_output = p_output.replace("\'", "")317 p_output = p_output.replace(" ", "")318 p_output = p_output.replace("------------------------", "-")319 p_list = p_output.split("-") 320 321 p_dict = dict([p_list])322 config['serversecuritysig'] = p_dict323 324 def serverenablesecuritysig():325 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "EnableSecuritySignature" | Select-Object EnableSecuritySignature')326 p_output = str(p.std_out)327 p_output = p_output.replace("b\'", "")328 p_output = p_output.replace("\\r", "")329 p_output = p_output.replace("\\n", "")330 p_output = p_output.replace("\'", "")331 p_output = p_output.replace(" ", "")332 p_output = p_output.replace("-----------------------", "-")333 p_list = p_output.split("-") 334 335 p_dict = dict([p_list])336 config['serverenablesecuritysig'] = p_dict337 338 def serverenableforcelogoff():339 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "enableforcedlogoff" | Select-Object enableforcedlogoff')340 p_output = str(p.std_out)341 p_output = p_output.replace("b\'", "")342 p_output = p_output.replace("\\r", "")343 p_output = p_output.replace("\\n", "")344 p_output = p_output.replace("\'", "")345 p_output = p_output.replace(" ", "")346 p_output = p_output.replace("------------------", "-")347 p_list = p_output.split("-")348 349 p_dict = dict([p_list])350 config['serverenableforcelogoff'] = p_dict351 352 complexity()353 maxpassage()354 minpassage()355 minplength()356 phistorycount()357 reverseencrypt()358 lockoutduration()359 lockoutobserve()360 lockoutcount()361 limitpass()362 crashonaudit()363 disablecad()364 nousername()365 legaltext()366 legalcaption()367 securitysig()368 enablesecuritysig()369 enableplainpass()370 serverautodisconnect()371 serversecuritysig()372 serverenablesecuritysig()373 serverenableforcelogoff()374 375 with open(timestr,'w') as configfile:376 config.write(configfile)377 378 config.read(timestr)379 count = 0380 count2 = 0381 print("\n")382 print("==============================================================")383 print("\n")384 print("Windows Controls \n")385 if(config['complexity']['ComplexityEnabled'] == "True"):386 Stat1 = "No need to change Control: ComplexityEnabled \n"387 count = count + 1388 389 else:390 Stat1 = "Setting 'ComplexityEnabled' requires change: False to True \n"391 count2 = count2 + 1392 393 if(config['maxpage']['MaxPasswordAge'] == "42.00:00:00"):394 Stat2 = "No need to change Control: Maximum Password Age \n"395 count = count + 1396 397 else:398 Stat2 = "Setting 'MaxPasswordAge' requires change: Set value to equal to or more than 42.00 \n"399 count2 = count2 + 1400 401 if(config['minpage']['MinPasswordAge'] == "1.00:00:00"):402 Stat3 = "No need to change Control: Minimum Password Age \n"403 count = count + 1404 405 else:406 Stat3 = "Setting 'MinPasswordAge' requires change: Set value to equal to or more than 1.00 \n"407 count2 = count2 + 1408 409 if(int(config['minplength']['MinPasswordLength']) >= 14):410 Stat4 = "No need to change Control: MinPasswordLength \n"411 count = count + 1412 413 else:414 Stat4 = "Setting 'MinPasswordLength' requires change: Set value to equal to or more than 14 \n"415 count2 = count2 + 1416 417 if(int(config['phistorycount']['PasswordHistoryCount']) >= 24):418 Stat5 = "No need to change Control: PasswordHistoryCount \n"419 count = count + 1420 421 else:422 Stat5 = "Setting 'PasswordHistoryCount' requires change: Set value to equal to or more than 24 \n"423 count2 = count2 + 1424 425 if(config['reverseencrypt']['ReversibleEncryptionEnabled'] == "False"):426 Stat6 = "No need to change Control: ReversibleEncryptionEnabled \n"427 count = count + 1428 429 else:430 Stat6 = "Setting 'ReversibleEncryptionEnabled' requires change: True to False \n"431 count2 = count2 + 1432 433 if(config['lockouttime']['LockoutDuration'] == "00:30:00"):434 Stat7 = "No need to change Control: LockoutDuration \n"435 count = count + 1436 437 else:438 Stat7 = "Setting 'LockoutDuration' requires change: Set value to 15 or more minutes \n"439 count2 = count2 + 1440 441 if(config['lockoutobservetime']['LockoutObservationWindow'] == "00:30:00"):442 Stat8 = "No need to change Control: LockoutObservationWindow \n"443 count = count + 1444 445 else:446 Stat8 = "Setting 'LockoutObservationWindow' requires change: Set value to 15 or more minutes \n"447 count2 = count2 + 1448 449 if(int(config['lockoutthreshold']['LockoutThreshold']) <= 10 and int(config['lockoutthreshold']['LockoutThreshold']) != 0 ):450 Stat9 = "No need to change Control: LockoutThreshold \n"451 count = count + 1452 453 else:454 Stat9 = "Setting 'LockoutThreshold' requires change: Set value to 10 or fewer invalid logon attempts but not 0 \n"455 count2 = count2 + 1456 457 if(int(config['limitpass']['limitblankpassworduse']) == 1):458 Stat10 = "No need to change Control: LimitBlankPasswordUse \n"459 count = count + 1460 461 else:462 Stat10 = "Setting 'LimitBlankPasswordUse' requires change: Set value to 1 OR Enable in Accounts: Limit local account use of blank passwords to console logon only in GPO \n"463 count2 = count2 + 1464 465 if(int(config['crashonaudit']['crashonauditfail']) == 0):466 Stat11 = "No need to change Control: CrashOnAuditFail \n"467 count = count + 1468 469 else:470 Stat11 = "Setting 'CrashOnAuditFail' requires change: Set value to 0 OR Ensure in Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' in GPO \n"471 count2 = count2 + 1472 473 if(int(config['disablecad']['disablecad']) == 0):474 Stat12 = "No need to change Control: DisableCAD \n"475 count = count + 1476 477 else:478 Stat12 = "Setting 'DisableCAD' requires change: Set value to 0 OR Ensure in 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' in GPO \n"479 count2 = count2 + 1480 481 if(int(config['nousername']['dontdisplaylastusername']) == 1):482 Stat13 = "No need to change Control: DontDisplayLastUserName \n"483 count = count + 1484 485 else:486 Stat13 = "Setting 'DontDisplayLastUserName' requires change: Set value to 1 OR Ensure in 'Interactive logon: Don't display last signed-in' is set to 'Enabled' in GPO \n"487 count2 = count2 + 1488 489 if(config['legaltext']['legalnoticetext'] != "\x00" ):490 Stat14 = "No need to change Control: LegalNoticeText \n"491 count = count + 1492 493 else:494 Stat14 = "Setting 'LegalNoticeText' requires change: Configure 'Interactive logon: Message text for users attempting to log on' in GPO \n"495 count2 = count2 + 1 496 497 if(config['legalcaption']['legalnoticecaption'] != "" ):498 Stat15 = "No need to change Control: LegalNoticeCaption \n"499 count = count + 1500 501 else:502 Stat15 = "Setting 'LegalNoticeCaption' requires change: Configure 'Interactive logon: Message title for users attempting to log on' in GPO \n"503 count2 = count2 + 1504 505 if(int(config['securitysig']['requiresecuritysignature']) == 1 ):506 Stat16 = "No need to change Control: RequireSecuritySignature \n"507 count = count + 1508 509 else:510 Stat16 = "Setting 'RequireSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' in GPO \n"511 count2 = count2 + 1 512 513 if(int(config['enablesecuritysig']['enablesecuritysignature']) == 1 ):514 Stat17 = "No need to change Control: EnableSecuritySignature \n"515 count = count + 1516 517 else:518 Stat17 = "Setting 'EnableSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' in GPO \n"519 count2 = count2 + 1 520 521 if(int(config['enablesplainpass']['enableplaintextpassword']) == 0 ):522 Stat18 = "No need to change Control: EnablePlainTextPassword \n"523 count = count + 1524 525 else:526 Stat18 = "Setting 'EnablePlainTextPassword' requires change: Set value to 0 OR Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' in GPO \n"527 count2 = count2 + 1 528 529 if(int(config['serverautodisconnect']['autodisconnect']) <= 15 ):530 Stat19 = "No need to change Control: Server AutoDisconnect \n"531 count = count + 1532 533 else:534 Stat19 = "Setting 'Server AutoDisconnect' requires change: Set value to fewer or lesser than 15 OR Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' in GPO \n"535 count2 = count2 + 1 536 537 if(int(config['serversecuritysig']['requiresecuritysignature']) == 1 ):538 Stat20 = "No need to change Control: Server RequireSecuritySignature \n"539 count = count + 1540 541 else:542 Stat20 = "Setting 'Server RequireSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' in GPO \n \n"543 count2 = count2 + 1544 545 if(int(config['serverenablesecuritysig']['enablesecuritysignature']) == 1 ):546 Stat21 = "No need to change Control: Server EnableSecuritySignature \n"547 count = count + 1548 549 else:550 Stat21 = "Setting 'Server EnableSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' in GPO \n \n"551 count2 = count2 + 1 552 553 if(int(config['serverenableforcelogoff']['enableforcedlogoff']) == 1 ):554 Stat22 = "No need to change Control: Server enableforcedlogoff \n"555 count = count + 1556 557 else:558 Stat22 = "Setting 'Server enableforcedlogoff' requires change: Set value to 1 OR Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' in GPO \n \n"559 count2 = count2 + 1 560 561 #print(config.sections())562 print("\n")563 print("============================================================== \n") 564 565566 listbox.insert(0, "Writing to " + timestr + " in program folder.")567 listbox.insert(1, " ")568 listbox.insert(2, "Account Security + Remediations")569 listbox.insert(3, " ")570 listbox.insert(4, Stat1)571 listbox.insert(4, Stat2)572 listbox.insert(4, Stat3)573 listbox.insert(4, Stat4)574 listbox.insert(4, Stat5)575 listbox.insert(4, Stat6)576 listbox.insert(4, Stat7)577 listbox.insert(4, Stat8)578 listbox.insert(4, Stat9)579 listbox.insert(4, Stat10)580 listbox.insert(4, Stat11)581 listbox.insert(4, Stat12)582 listbox.insert(4, Stat13)583 listbox.insert(4, Stat14)584 listbox.insert(4, Stat15)585 listbox.insert(4, Stat16)586 listbox.insert(4, Stat17)587 listbox.insert(4, Stat18)588 listbox.insert(4, Stat19)589 listbox.insert(4, Stat20)590 listbox.insert(4, Stat21)591 listbox.insert(4, Stat22)592 593 594 listbox2.insert(0, "\nNumber of Compliant controls") 595 listbox2.insert(1, "--> " + str(count)) 596 listbox2.insert(2, "Number of Non-Compliant controls") 597 listbox2.insert(3, "--> " + str(count2)) 598599 600601def startScan_Intermediate():602 host = IP.get()603 domain = Domain.get()604 user = username.get()605 password = passwd.get()606 607 session = winrm.Session(host, auth=('{}@{}' .format(user ,domain), password), transport='ntlm')608 609 import time610 import configparser611 config = configparser.ConfigParser()612 time = time.strftime("%Y_%m_%d-%I_%M_%S_%p")613 timestr = time + " Intermediate Windows Settings.ini"614 615 def complexity():616 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object ComplexityEnabled')617 p_output = str(p.std_out)618 p_output = p_output.replace("b\'", "")619 p_output = p_output.replace("\\r", "")620 p_output = p_output.replace("\\n", "")621 p_output = p_output.replace("\'", "")622 p_output = p_output.replace(" ", "")623 p_output = p_output.replace("-----------------", "-")624 p_list = p_output.split("-")625 626 p_dict = dict([p_list])627 config['complexity'] = p_dict628 629 def maxpassage():630 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object MaxPasswordAge')631 p_output = str(p.std_out)632 p_output = p_output.replace("b\'", "")633 p_output = p_output.replace("\\r", "")634 p_output = p_output.replace("\\n", "")635 p_output = p_output.replace("\'", "")636 p_output = p_output.replace(" ", "")637 p_output = p_output.replace("--------------", "-")638 p_list = p_output.split("-")639 640 p_dict = dict([p_list])641 config['maxpage'] = p_dict642643 def minpassage():644 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object MinPasswordAge')645 p_output = str(p.std_out)646 p_output = p_output.replace("b\'", "")647 p_output = p_output.replace("\\r", "")648 p_output = p_output.replace("\\n", "")649 p_output = p_output.replace("\'", "")650 p_output = p_output.replace(" ", "")651 p_output = p_output.replace("--------------", "-")652 p_list = p_output.split("-")653 654 p_dict = dict([p_list])655 config['minpage'] = p_dict656 657 def minplength():658 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object MinPasswordLength')659 p_output = str(p.std_out)660 p_output = p_output.replace("b\'", "")661 p_output = p_output.replace("\\r", "")662 p_output = p_output.replace("\\n", "")663 p_output = p_output.replace("\'", "")664 p_output = p_output.replace(" ", "")665 p_output = p_output.replace("-----------------", "-")666 p_list = p_output.split("-")667 668 p_dict = dict([p_list])669 config['minplength'] = p_dict670 671 def phistorycount():672 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object PasswordHistoryCount')673 p_output = str(p.std_out)674 p_output = p_output.replace("b\'", "")675 p_output = p_output.replace("\\r", "")676 p_output = p_output.replace("\\n", "")677 p_output = p_output.replace("\'", "")678 p_output = p_output.replace(" ", "")679 p_output = p_output.replace("--------------------", "-")680 p_list = p_output.split("-")681 682 p_dict = dict([p_list])683 config['phistorycount'] = p_dict 684 685 def reverseencrypt():686 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object ReversibleEncryptionEnabled')687 p_output = str(p.std_out)688 p_output = p_output.replace("b\'", "")689 p_output = p_output.replace("\\r", "")690 p_output = p_output.replace("\\n", "")691 p_output = p_output.replace("\'", "")692 p_output = p_output.replace(" ", "")693 p_output = p_output.replace("---------------------------", "-")694 p_list = p_output.split("-")695 696 p_dict = dict([p_list])697 config['reverseencrypt'] = p_dict 698 699 def lockoutduration():700 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutDuration')701 p_output = str(p.std_out)702 p_output = p_output.replace("b\'", "")703 p_output = p_output.replace("\\r", "")704 p_output = p_output.replace("\\n", "")705 p_output = p_output.replace("\'", "")706 p_output = p_output.replace(" ", "")707 p_output = p_output.replace("---------------", "-")708 p_list = p_output.split("-")709 710 p_dict = dict([p_list])711 config['lockouttime'] = p_dict712 713 def lockoutobserve():714 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutObservationWindow')715 p_output = str(p.std_out)716 p_output = p_output.replace("b\'", "")717 p_output = p_output.replace("\\r", "")718 p_output = p_output.replace("\\n", "")719 p_output = p_output.replace("\'", "")720 p_output = p_output.replace(" ", "")721 p_output = p_output.replace("------------------------", "-")722 p_list = p_output.split("-")723 724 p_dict = dict([p_list])725 config['lockoutobservetime'] = p_dict726 727 def lockoutcount():728 p = session.run_ps('Get-ADDefaultDomainPasswordPolicy | Select-Object LockoutThreshold')729 p_output = str(p.std_out)730 p_output = p_output.replace("b\'", "")731 p_output = p_output.replace("\\r", "")732 p_output = p_output.replace("\\n", "")733 p_output = p_output.replace("\'", "")734 p_output = p_output.replace(" ", "")735 p_output = p_output.replace("----------------", "-")736 p_list = p_output.split("-")737 738 p_dict = dict([p_list])739 config['lockoutthreshold'] = p_dict 740 741 def limitpass():742 p = session.run_ps('Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "LimitBlankPasswordUse" | Select-Object LimitBlankPasswordUse')743 p_output = str(p.std_out)744 p_output = p_output.replace("b\'", "")745 p_output = p_output.replace("\\r", "")746 p_output = p_output.replace("\\n", "")747 p_output = p_output.replace("\'", "")748 p_output = p_output.replace(" ", "")749 p_output = p_output.replace("---------------------", "-")750 p_list = p_output.split("-")751 752 p_dict = dict([p_list])753 config['limitpass'] = p_dict754 755 def crashonaudit():756 p = session.run_ps('Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "CrashOnAuditFail" | Select-Object CrashOnAuditFail')757 p_output = str(p.std_out)758 p_output = p_output.replace("b\'", "")759 p_output = p_output.replace("\\r", "")760 p_output = p_output.replace("\\n", "")761 p_output = p_output.replace("\'", "")762 p_output = p_output.replace(" ", "")763 p_output = p_output.replace("----------------", "-")764 p_list = p_output.split("-")765 766 p_dict = dict([p_list])767 config['crashonaudit'] = p_dict768 769 def disablecad():770 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "DisableCAD" | Select-Object DisableCAD')771 p_output = str(p.std_out)772 p_output = p_output.replace("b\'", "")773 p_output = p_output.replace("\\r", "")774 p_output = p_output.replace("\\n", "")775 p_output = p_output.replace("\'", "")776 p_output = p_output.replace(" ", "")777 p_output = p_output.replace("----------", "-")778 p_list = p_output.split("-")779 780 p_dict = dict([p_list])781 config['disablecad'] = p_dict782 783 def nousername():784 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "DontDisplayLastUserName" | Select-Object DontDisplayLastUserName')785 p_output = str(p.std_out)786 p_output = p_output.replace("b\'", "")787 p_output = p_output.replace("\\r", "")788 p_output = p_output.replace("\\n", "")789 p_output = p_output.replace("\'", "")790 p_output = p_output.replace(" ", "")791 p_output = p_output.replace("-----------------------", "-")792 p_list = p_output.split("-")793 794 p_dict = dict([p_list])795 config['nousername'] = p_dict796 797 def legaltext():798 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "LegalNoticeText" | Select-Object LegalNoticeText')799 p_output = str(p.std_out)800 p_output = p_output.replace("b\'", "")801 p_output = p_output.replace("\\r", "")802 p_output = p_output.replace("\\n", "")803 p_output = p_output.replace("\'", "")804 p_output = p_output.replace(" ", "")805 p_output = p_output.replace("---------------", "-")806 p_list = p_output.split("-")807 808 p_dict = dict([p_list])809 config['legaltext'] = p_dict 810 811 def legalcaption():812 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "LegalNoticeCaption" | Select-Object LegalNoticeCaption')813 p_output = str(p.std_out)814 p_output = p_output.replace("b\'", "")815 p_output = p_output.replace("\\r", "")816 p_output = p_output.replace("\\n", "")817 p_output = p_output.replace("\'", "")818 p_output = p_output.replace(" ", "")819 p_output = p_output.replace("------------------", "-")820 p_list = p_output.split("-")821 822 p_dict = dict([p_list])823 config['legalcaption'] = p_dict 824825 826 def securitysig():827 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -Name "RequireSecuritySignature" | Select-Object RequireSecuritySignature')828 p_output = str(p.std_out)829 p_output = p_output.replace("b\'", "")830 p_output = p_output.replace("\\r", "")831 p_output = p_output.replace("\\n", "")832 p_output = p_output.replace("\'", "")833 p_output = p_output.replace(" ", "")834 p_output = p_output.replace("------------------------", "-")835 p_list = p_output.split("-") 836 837 p_dict = dict([p_list])838 config['securitysig'] = p_dict839 840 def enablesecuritysig():841 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -Name "EnableSecuritySignature" | Select-Object EnableSecuritySignature')842 p_output = str(p.std_out)843 p_output = p_output.replace("b\'", "")844 p_output = p_output.replace("\\r", "")845 p_output = p_output.replace("\\n", "")846 p_output = p_output.replace("\'", "")847 p_output = p_output.replace(" ", "")848 p_output = p_output.replace("-----------------------", "-")849 p_list = p_output.split("-")850 851 p_dict = dict([p_list])852 config['enablesecuritysig'] = p_dict853 854 def enableplainpass():855 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -Name "EnablePlainTextPassword" | Select-Object EnablePlainTextPassword')856 p_output = str(p.std_out)857 p_output = p_output.replace("b\'", "")858 p_output = p_output.replace("\\r", "")859 p_output = p_output.replace("\\n", "")860 p_output = p_output.replace("\'", "")861 p_output = p_output.replace(" ", "")862 p_output = p_output.replace("-----------------------", "-")863 p_list = p_output.split("-") 864 865 p_dict = dict([p_list])866 config['enablesplainpass'] = p_dict867 868 def serverautodisconnect():869 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "AutoDisconnect" | Select-Object AutoDisconnect')870 p_output = str(p.std_out)871 p_output = p_output.replace("b\'", "")872 p_output = p_output.replace("\\r", "")873 p_output = p_output.replace("\\n", "")874 p_output = p_output.replace("\'", "")875 p_output = p_output.replace(" ", "")876 p_output = p_output.replace("--------------", "-")877 p_list = p_output.split("-") 878 879 p_dict = dict([p_list])880 config['serverautodisconnect'] = p_dict881 882 def serversecuritysig():883 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "RequireSecuritySignature" | Select-Object RequireSecuritySignature')884 p_output = str(p.std_out)885 p_output = p_output.replace("b\'", "")886 p_output = p_output.replace("\\r", "")887 p_output = p_output.replace("\\n", "")888 p_output = p_output.replace("\'", "")889 p_output = p_output.replace(" ", "")890 p_output = p_output.replace("------------------------", "-")891 p_list = p_output.split("-") 892 893 p_dict = dict([p_list])894 config['serversecuritysig'] = p_dict895 896 def serverenablesecuritysig():897 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "EnableSecuritySignature" | Select-Object EnableSecuritySignature')898 p_output = str(p.std_out)899 p_output = p_output.replace("b\'", "")900 p_output = p_output.replace("\\r", "")901 p_output = p_output.replace("\\n", "")902 p_output = p_output.replace("\'", "")903 p_output = p_output.replace(" ", "")904 p_output = p_output.replace("-----------------------", "-")905 p_list = p_output.split("-") 906 907 p_dict = dict([p_list])908 config['serverenablesecuritysig'] = p_dict909 910 def serverenableforcelogoff():911 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "enableforcedlogoff" | Select-Object enableforcedlogoff')912 p_output = str(p.std_out)913 p_output = p_output.replace("b\'", "")914 p_output = p_output.replace("\\r", "")915 p_output = p_output.replace("\\n", "")916 p_output = p_output.replace("\'", "")917 p_output = p_output.replace(" ", "")918 p_output = p_output.replace("------------------", "-")919 p_list = p_output.split("-")920 921 p_dict = dict([p_list])922 config['serverenableforcelogoff'] = p_dict923 924 def screensaveractive():925 p = session.run_ps('Get-Wmiobject win32_desktop | where name -match $env:USERNAME | Select-Object ScreenSaveActive')926 p_output = str(p.std_out)927 p_output = p_output.replace("b\'", "")928 p_output = p_output.replace("\\r", "")929 p_output = p_output.replace("\\n", "")930 p_output = p_output.replace("\'", "")931 p_output = p_output.replace(" ", "")932 p_output = p_output.replace("----------------", "-")933 p_list = p_output.split("-")934 935 p_dict = dict([p_list])936 config['screensaveractive'] = p_dict 937 938 def screensaversecure():939 p = session.run_ps('Get-Wmiobject win32_desktop | where name -match $env:USERNAME | Select-Object ScreenSaverIsSecure')940 p_output = str(p.std_out)941 p_output = p_output.replace("b\'", "")942 p_output = p_output.replace("\\r", "")943 p_output = p_output.replace("\\n", "")944 p_output = p_output.replace("\'", "")945 p_output = p_output.replace(" ", "")946 p_output = p_output.replace("-------------------", "-")947 p_list = p_output.split("-")948 949 p_dict = dict([p_list])950 config['screensaversecure'] = p_dict951 952 def screensavertimeout():953 p = session.run_ps('Get-Wmiobject win32_desktop | where name -match $env:USERNAME | Select-Object ScreenSaverTimeout')954 p_output = str(p.std_out)955 p_output = p_output.replace("b\'", "")956 p_output = p_output.replace("\\r", "")957 p_output = p_output.replace("\\n", "")958 p_output = p_output.replace("\'", "")959 p_output = p_output.replace(" ", "")960 p_output = p_output.replace("------------------", "-")961 p_list = p_output.split("-")962 963 p_dict = dict([p_list])964 config['screensavertimeout'] = p_dict965 966 def anonymousno():967 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa -Name "RestrictAnonymous" | Select-Object RestrictAnonymous')968 p_output = str(p.std_out)969 p_output = p_output.replace("b\'", "")970 p_output = p_output.replace("\\r", "")971 p_output = p_output.replace("\\n", "")972 p_output = p_output.replace("\'", "")973 p_output = p_output.replace(" ", "")974 p_output = p_output.replace("-----------------", "-")975 p_list = p_output.split("-")976 977 p_dict = dict([p_list])978 config['anonymousno'] = p_dict 979 980 def disabledcreds():981 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa -Name "DisableDomainCreds" | Select-Object DisableDomainCreds')982 p_output = str(p.std_out)983 p_output = p_output.replace("b\'", "")984 p_output = p_output.replace("\\r", "")985 p_output = p_output.replace("\\n", "")986 p_output = p_output.replace("\'", "")987 p_output = p_output.replace(" ", "")988 p_output = p_output.replace("------------------", "-")989 p_list = p_output.split("-")990 991 p_dict = dict([p_list])992 config['disabledcreds'] = p_dict993 994 def includeanon():995 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa -Name "EveryoneIncludesAnonymous" | Select-Object EveryoneIncludesAnonymous')996 p_output = str(p.std_out)997 p_output = p_output.replace("b\'", "")998 p_output = p_output.replace("\\r", "")999 p_output = p_output.replace("\\n", "")1000 p_output = p_output.replace("\'", "")1001 p_output = p_output.replace(" ", "")1002 p_output = p_output.replace("-------------------------", "-")1003 p_list = p_output.split("-")1004 1005 p_dict = dict([p_list])1006 config['includeanon'] = p_dict 1007 1008 def restrictnull():1009 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -Name "RestrictNullSessAccess" | Select-Object RestrictNullSessAccess')1010 p_output = str(p.std_out)1011 p_output = p_output.replace("b\'", "")1012 p_output = p_output.replace("\\r", "")1013 p_output = p_output.replace("\\n", "")1014 p_output = p_output.replace("\'", "")1015 p_output = p_output.replace(" ", "")1016 p_output = p_output.replace("----------------------", "-")1017 p_list = p_output.split("-")1018 1019 p_dict = dict([p_list])1020 config['restrictnull'] = p_dict1021 1022 def forceguest():1023 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa -Name "ForceGuest" | Select-Object ForceGuest')1024 p_output = str(p.std_out)1025 p_output = p_output.replace("b\'", "")1026 p_output = p_output.replace("\\r", "")1027 p_output = p_output.replace("\\n", "")1028 p_output = p_output.replace("\'", "")1029 p_output = p_output.replace(" ", "")1030 p_output = p_output.replace("----------", "-")1031 p_list = p_output.split("-")1032 1033 p_dict = dict([p_list])1034 config['forceguest'] = p_dict 1035 1036 def nolmhash():1037 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\Lsa -Name "NoLMHash" | Select-Object NoLMHash')1038 p_output = str(p.std_out)1039 p_output = p_output.replace("b\'", "")1040 p_output = p_output.replace("\\r", "")1041 p_output = p_output.replace("\\n", "")1042 p_output = p_output.replace("\'", "")1043 p_output = p_output.replace(" ", "")1044 p_output = p_output.replace("--------", "-")1045 p_list = p_output.split("-")1046 1047 p_dict = dict([p_list])1048 config['nolmhash'] = p_dict 1049 1050 def ldapintergrity():1051 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LDAP -Name "LDAPClientIntegrity" | Select-Object LDAPClientIntegrity')1052 p_output = str(p.std_out)1053 p_output = p_output.replace("b\'", "")1054 p_output = p_output.replace("\\r", "")1055 p_output = p_output.replace("\\n", "")1056 p_output = p_output.replace("\'", "")1057 p_output = p_output.replace(" ", "")1058 p_output = p_output.replace("-------------------", "-")1059 p_list = p_output.split("-")1060 1061 p_dict = dict([p_list])1062 config['ldapintergrity'] = p_dict 1063 1064 def behavioradmin():1065 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "ConsentPromptBehaviorAdmin" | Select-Object ConsentPromptBehaviorAdmin')1066 p_output = str(p.std_out)1067 p_output = p_output.replace("b\'", "")1068 p_output = p_output.replace("\\r", "")1069 p_output = p_output.replace("\\n", "")1070 p_output = p_output.replace("\'", "")1071 p_output = p_output.replace(" ", "")1072 p_output = p_output.replace("--------------------------", "-")1073 p_list = p_output.split("-")1074 1075 p_dict = dict([p_list])1076 config['behavioradmin'] = p_dict1077 1078 def behavioruser():1079 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "ConsentPromptBehaviorUser" | Select-Object ConsentPromptBehaviorUser')1080 p_output = str(p.std_out)1081 p_output = p_output.replace("b\'", "")1082 p_output = p_output.replace("\\r", "")1083 p_output = p_output.replace("\\n", "")1084 p_output = p_output.replace("\'", "")1085 p_output = p_output.replace(" ", "")1086 p_output = p_output.replace("-------------------------", "-")1087 p_list = p_output.split("-")1088 1089 p_dict = dict([p_list])1090 config['behavioruser'] = p_dict1091 1092 def installdetect():1093 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "EnableInstallerDetection" | Select-Object EnableInstallerDetection')1094 p_output = str(p.std_out)1095 p_output = p_output.replace("b\'", "")1096 p_output = p_output.replace("\\r", "")1097 p_output = p_output.replace("\\n", "")1098 p_output = p_output.replace("\'", "")1099 p_output = p_output.replace(" ", "")1100 p_output = p_output.replace("------------------------", "-")1101 p_list = p_output.split("-")1102 1103 p_dict = dict([p_list])1104 config['installdetect'] = p_dict 1105 1106 def enablesecureUIA():1107 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "EnableSecureUIAPaths" | Select-Object EnableSecureUIAPaths')1108 p_output = str(p.std_out)1109 p_output = p_output.replace("b\'", "")1110 p_output = p_output.replace("\\r", "")1111 p_output = p_output.replace("\\n", "")1112 p_output = p_output.replace("\'", "")1113 p_output = p_output.replace(" ", "")1114 p_output = p_output.replace("--------------------", "-")1115 p_list = p_output.split("-")1116 1117 p_dict = dict([p_list])1118 config['enablesecureUIA'] = p_dict1119 1120 def enablelua():1121 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "EnableLUA" | Select-Object EnableLUA')1122 p_output = str(p.std_out)1123 p_output = p_output.replace("b\'", "")1124 p_output = p_output.replace("\\r", "")1125 p_output = p_output.replace("\\n", "")1126 p_output = p_output.replace("\'", "")1127 p_output = p_output.replace(" ", "")1128 p_output = p_output.replace("---------", "-")1129 p_list = p_output.split("-")1130 1131 p_dict = dict([p_list])1132 config['enablelua'] = p_dict 1133 1134 def promptsecure():1135 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "PromptOnSecureDesktop" | Select-Object PromptOnSecureDesktop')1136 p_output = str(p.std_out)1137 p_output = p_output.replace("b\'", "")1138 p_output = p_output.replace("\\r", "")1139 p_output = p_output.replace("\\n", "")1140 p_output = p_output.replace("\'", "")1141 p_output = p_output.replace(" ", "")1142 p_output = p_output.replace("---------------------", "-")1143 p_list = p_output.split("-")1144 1145 p_dict = dict([p_list])1146 config['promptsecure'] = p_dict1147 1148 def enablevirtual():1149 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "EnableVirtualization" | Select-Object EnableVirtualization')1150 p_output = str(p.std_out)1151 p_output = p_output.replace("b\'", "")1152 p_output = p_output.replace("\\r", "")1153 p_output = p_output.replace("\\n", "")1154 p_output = p_output.replace("\'", "")1155 p_output = p_output.replace(" ", "")1156 p_output = p_output.replace("--------------------", "-")1157 p_list = p_output.split("-")1158 1159 p_dict = dict([p_list])1160 config['enablevirtual'] = p_dict1161 1162 def combrowser():1163 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\Browser -Name "Start" | Select-Object Start')1164 p_output = str(p.std_out)1165 p_output = p_output.replace("b\'", "")1166 p_output = p_output.replace("\\r", "")1167 p_output = p_output.replace("\\n", "")1168 p_output = p_output.replace("\'", "")1169 p_output = p_output.replace(" ", "")1170 p_output = p_output.replace("-----", "-")1171 p_list = p_output.split("-")1172 1173 p_dict = dict([p_list])1174 config['combrowser'] = p_dict 1175 1176 def mapsbroker():1177 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\MapsBroker -Name "Start" | Select-Object Start')1178 p_output = str(p.std_out)1179 p_output = p_output.replace("b\'", "")1180 p_output = p_output.replace("\\r", "")1181 p_output = p_output.replace("\\n", "")1182 p_output = p_output.replace("\'", "")1183 p_output = p_output.replace(" ", "")1184 p_output = p_output.replace("-----", "-")1185 p_list = p_output.split("-")1186 1187 p_dict = dict([p_list])1188 config['mapsbroker'] = p_dict 1189 1190 def lfsvc():1191 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\lfsvc -Name "Start" | Select-Object Start')1192 p_output = str(p.std_out)1193 p_output = p_output.replace("b\'", "")1194 p_output = p_output.replace("\\r", "")1195 p_output = p_output.replace("\\n", "")1196 p_output = p_output.replace("\'", "")1197 p_output = p_output.replace(" ", "")1198 p_output = p_output.replace("-----", "-")1199 p_list = p_output.split("-")1200 1201 p_dict = dict([p_list])1202 config['lfsvc'] = p_dict 1203 1204 def shareaccess():1205 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\SharedAccess -Name "Start" | Select-Object Start')1206 p_output = str(p.std_out)1207 p_output = p_output.replace("b\'", "")1208 p_output = p_output.replace("\\r", "")1209 p_output = p_output.replace("\\n", "")1210 p_output = p_output.replace("\'", "")1211 p_output = p_output.replace(" ", "")1212 p_output = p_output.replace("-----", "-")1213 p_list = p_output.split("-")1214 1215 p_dict = dict([p_list])1216 config['shareaccess'] = p_dict 1217 1218 def lltdsvc():1219 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\lltdsvc -Name "Start" | Select-Object Start')1220 p_output = str(p.std_out)1221 p_output = p_output.replace("b\'", "")1222 p_output = p_output.replace("\\r", "")1223 p_output = p_output.replace("\\n", "")1224 p_output = p_output.replace("\'", "")1225 p_output = p_output.replace(" ", "")1226 p_output = p_output.replace("-----", "-")1227 p_list = p_output.split("-")1228 1229 p_dict = dict([p_list])1230 config['lltdsvc'] = p_dict 1231 1232 def msis():1233 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\MSiSCSI -Name "Start" | Select-Object Start')1234 p_output = str(p.std_out)1235 p_output = p_output.replace("b\'", "")1236 p_output = p_output.replace("\\r", "")1237 p_output = p_output.replace("\\n", "")1238 p_output = p_output.replace("\'", "")1239 p_output = p_output.replace(" ", "")1240 p_output = p_output.replace("-----", "-")1241 p_list = p_output.split("-")1242 1243 p_dict = dict([p_list])1244 config['msis'] = p_dict 1245 1246 def sshd():1247 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\sshd -Name "Start" | Select-Object Start')1248 p_output = str(p.std_out)1249 p_output = p_output.replace("b\'", "")1250 p_output = p_output.replace("\\r", "")1251 p_output = p_output.replace("\\n", "")1252 p_output = p_output.replace("\'", "")1253 p_output = p_output.replace(" ", "")1254 p_output = p_output.replace("-----", "-")1255 p_list = p_output.split("-")1256 1257 p_dict = dict([p_list])1258 config['sshd'] = p_dict 1259 1260 def wercplsupport():1261 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\wercplsupport -Name "Start" | Select-Object Start')1262 p_output = str(p.std_out)1263 p_output = p_output.replace("b\'", "")1264 p_output = p_output.replace("\\r", "")1265 p_output = p_output.replace("\\n", "")1266 p_output = p_output.replace("\'", "")1267 p_output = p_output.replace(" ", "")1268 p_output = p_output.replace("-----", "-")1269 p_list = p_output.split("-")1270 1271 p_dict = dict([p_list])1272 config['wercplsupport'] = p_dict1273 1274 def RasAuto():1275 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\RasAuto -Name "Start" | Select-Object Start')1276 p_output = str(p.std_out)1277 p_output = p_output.replace("b\'", "")1278 p_output = p_output.replace("\\r", "")1279 p_output = p_output.replace("\\n", "")1280 p_output = p_output.replace("\'", "")1281 p_output = p_output.replace(" ", "")1282 p_output = p_output.replace("-----", "-")1283 p_list = p_output.split("-")1284 1285 p_dict = dict([p_list])1286 config['RasAuto'] = p_dict1287 1288 def SessionEnv():1289 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\SessionEnv -Name "Start" | Select-Object Start')1290 p_output = str(p.std_out)1291 p_output = p_output.replace("b\'", "")1292 p_output = p_output.replace("\\r", "")1293 p_output = p_output.replace("\\n", "")1294 p_output = p_output.replace("\'", "")1295 p_output = p_output.replace(" ", "")1296 p_output = p_output.replace("-----", "-")1297 p_list = p_output.split("-")1298 1299 p_dict = dict([p_list])1300 config['SessionEnv'] = p_dict1301 1302 def TermService():1303 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\TermService -Name "Start" | Select-Object Start')1304 p_output = str(p.std_out)1305 p_output = p_output.replace("b\'", "")1306 p_output = p_output.replace("\\r", "")1307 p_output = p_output.replace("\\n", "")1308 p_output = p_output.replace("\'", "")1309 p_output = p_output.replace(" ", "")1310 p_output = p_output.replace("-----", "-")1311 p_list = p_output.split("-")1312 1313 p_dict = dict([p_list])1314 config['TermService'] = p_dict1315 1316 def UmRdpService():1317 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\\UmRdpService -Name "Start" | Select-Object Start')1318 p_output = str(p.std_out)1319 p_output = p_output.replace("b\'", "")1320 p_output = p_output.replace("\\r", "")1321 p_output = p_output.replace("\\n", "")1322 p_output = p_output.replace("\'", "")1323 p_output = p_output.replace(" ", "")1324 p_output = p_output.replace("-----", "-")1325 p_list = p_output.split("-")1326 1327 p_dict = dict([p_list])1328 config['UmRdpService'] = p_dict 1329 1330 def RpcLocator():1331 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\RpcLocator -Name "Start" | Select-Object Start')1332 p_output = str(p.std_out)1333 p_output = p_output.replace("b\'", "")1334 p_output = p_output.replace("\\r", "")1335 p_output = p_output.replace("\\n", "")1336 p_output = p_output.replace("\'", "")1337 p_output = p_output.replace(" ", "")1338 p_output = p_output.replace("-----", "-")1339 p_list = p_output.split("-")1340 1341 p_dict = dict([p_list])1342 config['RpcLocator'] = p_dict 1343 1344 def RemoteRegistry():1345 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\RemoteRegistry -Name "Start" | Select-Object Start')1346 p_output = str(p.std_out)1347 p_output = p_output.replace("b\'", "")1348 p_output = p_output.replace("\\r", "")1349 p_output = p_output.replace("\\n", "")1350 p_output = p_output.replace("\'", "")1351 p_output = p_output.replace(" ", "")1352 p_output = p_output.replace("-----", "-")1353 p_list = p_output.split("-")1354 1355 p_dict = dict([p_list])1356 config['RemoteRegistry'] = p_dict1357 1358 def RemoteAccess():1359 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\RemoteAccess -Name "Start" | Select-Object Start')1360 p_output = str(p.std_out)1361 p_output = p_output.replace("b\'", "")1362 p_output = p_output.replace("\\r", "")1363 p_output = p_output.replace("\\n", "")1364 p_output = p_output.replace("\'", "")1365 p_output = p_output.replace(" ", "")1366 p_output = p_output.replace("-----", "-")1367 p_list = p_output.split("-")1368 1369 p_dict = dict([p_list])1370 config['RemoteAccess'] = p_dict1371 1372 def LanmanServer():1373 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\LanmanServer -Name "Start" | Select-Object Start')1374 p_output = str(p.std_out)1375 p_output = p_output.replace("b\'", "")1376 p_output = p_output.replace("\\r", "")1377 p_output = p_output.replace("\\n", "")1378 p_output = p_output.replace("\'", "")1379 p_output = p_output.replace(" ", "")1380 p_output = p_output.replace("-----", "-")1381 p_list = p_output.split("-")1382 1383 p_dict = dict([p_list])1384 config['LanmanServer'] = p_dict1385 1386 1387 def sealsecure():1388 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\\Netlogon\Parameters -Name "SealSecureChannel" | Select-Object SealSecureChannel')1389 p_output = str(p.std_out)1390 p_output = p_output.replace("b\'", "")1391 p_output = p_output.replace("\\r", "")1392 p_output = p_output.replace("\\n", "")1393 p_output = p_output.replace("\'", "")1394 p_output = p_output.replace(" ", "")1395 p_output = p_output.replace("-----------------", "-")1396 p_list = p_output.split("-")13971398 p_dict = dict([p_list])1399 config['sealsecure'] = p_dict1400 1401 def signsecure():1402 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\\Netlogon\Parameters -Name "SignSecureChannel" | Select-Object SignSecureChannel')1403 p_output = str(p.std_out)1404 p_output = p_output.replace("b\'", "")1405 p_output = p_output.replace("\\r", "")1406 p_output = p_output.replace("\\n", "")1407 p_output = p_output.replace("\'", "")1408 p_output = p_output.replace(" ", "")1409 p_output = p_output.replace("-----------------", "-")1410 p_list = p_output.split("-")1411 1412 p_dict = dict([p_list])1413 config['signsecure'] = p_dict1414 1415 def disablepasschange():1416 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\\Netlogon\Parameters -Name "DisablePasswordChange" | Select-Object DisablePasswordChange')1417 p_output = str(p.std_out)1418 p_output = p_output.replace("b\'", "")1419 p_output = p_output.replace("\\r", "")1420 p_output = p_output.replace("\\n", "")1421 p_output = p_output.replace("\'", "")1422 p_output = p_output.replace(" ", "")1423 p_output = p_output.replace("---------------------", "-")1424 p_list = p_output.split("-")1425 1426 p_dict = dict([p_list])1427 config['disablepasschange'] = p_dict1428 1429 def machinemaxpasswrdage():1430 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\\Netlogon\Parameters -Name "MaximumPasswordAge" | Select-Object MaximumPasswordAge')1431 p_output = str(p.std_out)1432 p_output = p_output.replace("b\'", "")1433 p_output = p_output.replace("\\r", "")1434 p_output = p_output.replace("\\n", "")1435 p_output = p_output.replace("\'", "")1436 p_output = p_output.replace(" ", "")1437 p_output = p_output.replace("------------------", "-")1438 p_list = p_output.split("-")1439 1440 p_dict = dict([p_list])1441 config['machinemaxpasswrdage'] = p_dict1442 1443 def requirestrongkey():1444 p = session.run_ps('Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Services\\Netlogon\Parameters -Name "RequireStrongKey" | Select-Object RequireStrongKey')1445 p_output = str(p.std_out)1446 p_output = p_output.replace("b\'", "")1447 p_output = p_output.replace("\\r", "")1448 p_output = p_output.replace("\\n", "")1449 p_output = p_output.replace("\'", "")1450 p_output = p_output.replace(" ", "")1451 p_output = p_output.replace("----------------", "-")1452 p_list = p_output.split("-")1453 1454 p_dict = dict([p_list])1455 config['requirestrongkey'] = p_dict 1456 1457 def autorestartsignon():1458 p = session.run_ps('Get-ItemProperty -Path HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name "DisableAutomaticRestartSignOn" | Select-Object DisableAutomaticRestartSignOn')1459 p_output = str(p.std_out)1460 p_output = p_output.replace("b\'", "")1461 p_output = p_output.replace("\\r", "")1462 p_output = p_output.replace("\\n", "")1463 p_output = p_output.replace("\'", "")1464 p_output = p_output.replace(" ", "")1465 p_output = p_output.replace("-----------------------------", "-")1466 p_list = p_output.split("-")1467 1468 p_dict = dict([p_list])1469 config['autorestartsignon'] = p_dict 1470 1471 def cachedlogons():1472 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "CachedLogonsCount" | Select-Object CachedLogonsCount')1473 p_output = str(p.std_out)1474 p_output = p_output.replace("b\'", "")1475 p_output = p_output.replace("\\r", "")1476 p_output = p_output.replace("\\n", "")1477 p_output = p_output.replace("\'", "")1478 p_output = p_output.replace(" ", "")1479 p_output = p_output.replace("-----------------", "-")1480 p_list = p_output.split("-")1481 1482 p_dict = dict([p_list])1483 config['cachedlogons'] = p_dict 1484 1485 def passexpirywarn():1486 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "PasswordExpiryWarning" | Select-Object PasswordExpiryWarning')1487 p_output = str(p.std_out)1488 p_output = p_output.replace("b\'", "")1489 p_output = p_output.replace("\\r", "")1490 p_output = p_output.replace("\\n", "")1491 p_output = p_output.replace("\'", "")1492 p_output = p_output.replace(" ", "")1493 p_output = p_output.replace("---------------------", "-")1494 p_list = p_output.split("-")1495 1496 p_dict = dict([p_list])1497 config['passexpirywarn'] = p_dict1498 1499 def scremove():1500 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "ScRemoveOption" | Select-Object ScRemoveOption')1501 p_output = str(p.std_out)1502 p_output = p_output.replace("b\'", "")1503 p_output = p_output.replace("\\r", "")1504 p_output = p_output.replace("\\n", "")1505 p_output = p_output.replace("\'", "")1506 p_output = p_output.replace(" ", "")1507 p_output = p_output.replace("--------------", "-")1508 p_list = p_output.split("-")1509 1510 p_dict = dict([p_list])1511 config['scremove'] = p_dict 1512 1513 def disableexceptionchainvalid():1514 p = session.run_ps('Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\kernel" -Name "DisableExceptionChainValidation" | Select-Object DisableExceptionChainValidation')1515 p_output = str(p.std_out)1516 p_output = p_output.replace("b\'", "")1517 p_output = p_output.replace("\\r", "")1518 p_output = p_output.replace("\\n", "")1519 p_output = p_output.replace("\'", "")1520 p_output = p_output.replace(" ", "")1521 p_output = p_output.replace("-------------------------------", "-")1522 p_list = p_output.split("-")1523 1524 p_dict = dict([p_list])1525 config['disableexceptionchainvalid'] = p_dict 1526 1527 def ObCaseInsensitive():1528 p = session.run_ps('Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\kernel" -Name "ObCaseInsensitive" | Select-Object ObCaseInsensitive')1529 p_output = str(p.std_out)1530 p_output = p_output.replace("b\'", "")1531 p_output = p_output.replace("\\r", "")1532 p_output = p_output.replace("\\n", "")1533 p_output = p_output.replace("\'", "")1534 p_output = p_output.replace(" ", "")1535 p_output = p_output.replace("-----------------", "-")1536 p_list = p_output.split("-")1537 1538 p_dict = dict([p_list])1539 config['ObCaseInsensitive'] = p_dict 1540 1541 def forceunlocklog():1542 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "ForceUnlockLogon" | Select-Object ForceUnlockLogon')1543 p_output = str(p.std_out)1544 p_output = p_output.replace("b\'", "")1545 p_output = p_output.replace("\\r", "")1546 p_output = p_output.replace("\\n", "")1547 p_output = p_output.replace("\'", "")1548 p_output = p_output.replace(" ", "")1549 p_output = p_output.replace("----------------", "-")1550 p_list = p_output.split("-")1551 1552 p_dict = dict([p_list])1553 config['forceunlocklog'] = p_dict 1554 1555 def restrictanonsam():1556 p = session.run_ps('Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\Lsa" -Name "RestrictAnonymousSAM" | Select-Object RestrictAnonymousSAM')1557 p_output = str(p.std_out)1558 p_output = p_output.replace("b\'", "")1559 p_output = p_output.replace("\\r", "")1560 p_output = p_output.replace("\\n", "")1561 p_output = p_output.replace("\'", "")1562 p_output = p_output.replace(" ", "")1563 p_output = p_output.replace("--------------------", "-")1564 p_list = p_output.split("-")1565 1566 p_dict = dict([p_list])1567 config['restrictanonsam'] = p_dict 1568 1569 def shutdownnologon():1570 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ShutdownWithoutLogon" | Select-Object ShutdownWithoutLogon')1571 p_output = str(p.std_out)1572 p_output = p_output.replace("b\'", "")1573 p_output = p_output.replace("\\r", "")1574 p_output = p_output.replace("\\n", "")1575 p_output = p_output.replace("\'", "")1576 p_output = p_output.replace(" ", "")1577 p_output = p_output.replace("--------------------", "-")1578 p_list = p_output.split("-")1579 1580 p_dict = dict([p_list])1581 config['shutdownnologon'] = p_dict 1582 1583 def ProtectionMode():1584 p = session.run_ps('Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\Session Manager" -Name "ProtectionMode" | Select-Object ProtectionMode')1585 p_output = str(p.std_out)1586 p_output = p_output.replace("b\'", "")1587 p_output = p_output.replace("\\r", "")1588 p_output = p_output.replace("\\n", "")1589 p_output = p_output.replace("\'", "")1590 p_output = p_output.replace(" ", "")1591 p_output = p_output.replace("--------------", "-")1592 p_list = p_output.split("-")1593 1594 p_dict = dict([p_list])1595 config['ProtectionMode'] = p_dict 1596 1597 complexity()1598 maxpassage()1599 minpassage()1600 minplength()1601 phistorycount()1602 reverseencrypt()1603 lockoutduration()1604 lockoutobserve()1605 lockoutcount()1606 limitpass()1607 crashonaudit()1608 disablecad()1609 nousername()1610 legaltext()1611 legalcaption()1612 securitysig()1613 enablesecuritysig()1614 enableplainpass()1615 serverautodisconnect()1616 serversecuritysig()1617 serverenablesecuritysig()1618 serverenableforcelogoff()1619 screensaveractive()1620 screensaversecure()1621 screensavertimeout()1622 anonymousno()1623 disabledcreds()1624 includeanon()1625 restrictnull()1626 forceguest()1627 nolmhash()1628 ldapintergrity()1629 behavioradmin()1630 behavioruser()1631 installdetect()1632 enablesecureUIA()1633 enablelua()1634 promptsecure()1635 enablevirtual()1636 combrowser()1637 mapsbroker()1638 lfsvc()1639 shareaccess()1640 lltdsvc()1641 msis()1642 sshd()1643 wercplsupport()1644 RasAuto()1645 SessionEnv()1646 TermService()1647 UmRdpService()1648 RpcLocator()1649 RemoteRegistry()1650 RemoteAccess()1651 LanmanServer()1652 sealsecure()1653 signsecure()1654 disablepasschange()1655 machinemaxpasswrdage()1656 requirestrongkey()1657 autorestartsignon()1658 cachedlogons()1659 passexpirywarn()1660 scremove()1661 disableexceptionchainvalid()1662 ObCaseInsensitive()1663 forceunlocklog()1664 restrictanonsam()1665 shutdownnologon()1666 ProtectionMode()1667 1668 with open(timestr,'w') as configfile:1669 config.write(configfile)1670 1671 config.read(timestr)1672 count = 01673 count2 = 01674 print("\n")1675 print("==============================================================")1676 print("\n")1677 print("Windows Controls \n")1678 1679 if(config['complexity']['ComplexityEnabled'] == "True"):1680 Stat1 = "No need to change Control: ComplexityEnabled \n"1681 count = count + 11682 1683 else:1684 Stat1 = "Setting 'ComplexityEnabled' requires change: False to True \n"1685 count2 = count2 + 11686 1687 if(config['maxpage']['MaxPasswordAge'] == "42.00:00:00"):1688 Stat2 = "No need to change Control: Maximum Password Age \n"1689 count = count + 11690 1691 else:1692 Stat2 = "Setting 'MaxPasswordAge' requires change: Set value to equal to or more than 42.00 \n"1693 count2 = count2 + 11694 1695 if(config['minpage']['MinPasswordAge'] == "1.00:00:00"):1696 Stat3 = "No need to change Control: Minimum Password Age \n"1697 count = count + 11698 1699 else:1700 Stat3 = "Setting 'MinPasswordAge' requires change: Set value to equal to or more than 1.00 \n"1701 count2 = count2 + 11702 1703 if(int(config['minplength']['MinPasswordLength']) >= 14):1704 Stat4 = "No need to change Control: MinPasswordLength \n"1705 count = count + 11706 1707 else:1708 Stat4 = "Setting 'MinPasswordLength' requires change: Set value to equal to or more than 14 \n"1709 count2 = count2 + 11710 1711 if(int(config['phistorycount']['PasswordHistoryCount']) >= 24):1712 Stat5 = "No need to change Control: PasswordHistoryCount \n"1713 count = count + 11714 1715 else:1716 Stat5 = "Setting 'PasswordHistoryCount' requires change: Set value to equal to or more than 24 \n"1717 count2 = count2 + 11718 1719 if(config['reverseencrypt']['ReversibleEncryptionEnabled'] == "False"):1720 Stat6 = "No need to change Control: ReversibleEncryptionEnabled \n"1721 count = count + 11722 1723 else:1724 Stat6 = "Setting 'ReversibleEncryptionEnabled' requires change: True to False \n"1725 count2 = count2 + 11726 1727 if(config['lockouttime']['LockoutDuration'] == "00:30:00"):1728 Stat7 = "No need to change Control: LockoutDuration \n"1729 count = count + 11730 1731 else:1732 Stat7 = "Setting 'LockoutDuration' requires change: Set value to 15 or more minutes \n"1733 count2 = count2 + 11734 1735 if(config['lockoutobservetime']['LockoutObservationWindow'] == "00:30:00"):1736 Stat8 = "No need to change Control: LockoutObservationWindow \n"1737 count = count + 11738 1739 else:1740 Stat8 = "Setting 'LockoutObservationWindow' requires change: Set value to 15 or more minutes \n"1741 count2 = count2 + 11742 1743 if(int(config['lockoutthreshold']['LockoutThreshold']) <= 10 and int(config['lockoutthreshold']['LockoutThreshold']) != 0 ):1744 Stat9 = "No need to change Control: LockoutThreshold \n"1745 count = count + 11746 1747 else:1748 Stat9 = "Setting 'LockoutThreshold' requires change: Set value to 10 or fewer invalid logon attempts but not 0 \n"1749 count2 = count2 + 11750 1751 if(int(config['limitpass']['limitblankpassworduse']) == 1):1752 Stat10 = "No need to change Control: LimitBlankPasswordUse \n"1753 count = count + 11754 1755 else:1756 Stat10 = "Setting 'LimitBlankPasswordUse' requires change: Set value to 1 OR Enable in Accounts: Limit local account use of blank passwords to console logon only in GPO \n"1757 count2 = count2 + 11758 1759 if(int(config['crashonaudit']['crashonauditfail']) == 0):1760 Stat11 = "No need to change Control: CrashOnAuditFail \n"1761 count = count + 11762 1763 else:1764 Stat11 = "Setting 'CrashOnAuditFail' requires change: Set value to 0 OR Ensure in Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' in GPO \n"1765 count2 = count2 + 11766 1767 if(int(config['disablecad']['disablecad']) == 0):1768 Stat12 = "No need to change Control: DisableCAD \n"1769 count = count + 11770 1771 else:1772 Stat12 = "Setting 'DisableCAD' requires change: Set value to 0 OR Ensure in 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' in GPO \n"1773 count2 = count2 + 11774 1775 if(int(config['nousername']['dontdisplaylastusername']) == 1):1776 Stat13 = "No need to change Control: DontDisplayLastUserName \n"1777 count = count + 11778 1779 else:1780 Stat13 = "Setting 'DontDisplayLastUserName' requires change: Set value to 1 OR Ensure in 'Interactive logon: Don't display last signed-in' is set to 'Enabled' in GPO \n"1781 count2 = count2 + 11782 1783 if(config['legaltext']['legalnoticetext'] != "" ):1784 Stat14 = "No need to change Control: LegalNoticeText \n"1785 count = count + 11786 1787 else:1788 Stat14 = "Setting 'LegalNoticeText' requires change: Configure 'Interactive logon: Message text for users attempting to log on' in GPO \n"1789 count2 = count2 + 1 1790 1791 if(config['legalcaption']['legalnoticecaption'] != "" ):1792 Stat15 = "No need to change Control: LegalNoticeCaption \n"1793 count = count + 11794 1795 else:1796 Stat15 = "Setting 'LegalNoticeCaption' requires change: Configure 'Interactive logon: Message title for users attempting to log on' in GPO \n"1797 count2 = count2 + 11798 1799 if(int(config['securitysig']['requiresecuritysignature']) == 1 ):1800 Stat16 = "No need to change Control: RequireSecuritySignature \n"1801 count = count + 11802 1803 else:1804 Stat16 = "Setting 'RequireSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' in GPO \n"1805 count2 = count2 + 1 1806 1807 if(int(config['enablesecuritysig']['enablesecuritysignature']) == 1 ):1808 Stat17 = "No need to change Control: EnableSecuritySignature \n"1809 count = count + 11810 1811 else:1812 Stat17 = "Setting 'EnableSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' in GPO \n"1813 count2 = count2 + 1 1814 1815 if(int(config['enablesplainpass']['enableplaintextpassword']) == 0 ):1816 Stat18 = "No need to change Control: EnablePlainTextPassword \n"1817 count = count + 11818 1819 else:1820 Stat18 = "Setting 'EnablePlainTextPassword' requires change: Set value to 0 OR Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' in GPO \n"1821 count2 = count2 + 1 1822 1823 if(int(config['serverautodisconnect']['autodisconnect']) <= 15 ):1824 Stat19 = "No need to change Control: Server AutoDisconnect \n"1825 count = count + 11826 1827 else:1828 Stat19 = "Setting 'Server AutoDisconnect' requires change: Set value to fewer or lesser than 15 OR Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' in GPO \n"1829 count2 = count2 + 1 1830 1831 if(int(config['serversecuritysig']['requiresecuritysignature']) == 1 ):1832 Stat20 = "No need to change Control: Server RequireSecuritySignature \n"1833 count = count + 11834 1835 else:1836 Stat20 = "Setting 'Server RequireSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' in GPO \n \n"1837 count2 = count2 + 11838 1839 if(int(config['serverenablesecuritysig']['enablesecuritysignature']) == 1 ):1840 Stat21 = "No need to change Control: Server EnableSecuritySignature \n"1841 count = count + 11842 1843 else:1844 Stat21 = "Setting 'Server EnableSecuritySignature' requires change: Set value to 1 OR Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' in GPO \n \n"1845 count2 = count2 + 1 1846 1847 if(int(config['serverenableforcelogoff']['enableforcedlogoff']) == 1 ):1848 Stat22 = "No need to change Control: Server enableforcedlogoff \n"1849 count = count + 11850 1851 else:1852 Stat22 = "Setting 'Server enableforcedlogoff' requires change: Set value to 1 OR Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' in GPO \n \n"1853 count2 = count2 + 1 1854 1855 if(config['screensaveractive']['screensaveactive'] != "" ):1856 Stat23 = "No need to change Control: screensaveactive \n"1857 count = count + 11858 1859 else:1860 Stat23 = "Setting 'screensaveactive' requires change: Ensure 'Enable screen saver' is set to 'Enabled' in GPO \n \n"1861 count2 = count2 + 11862 1863 if(config['screensaversecure']['screensaverissecure'] != "" ):1864 Stat24 = "No need to change Control: screensaverissecure \n"1865 count = count + 11866 1867 else:1868 Stat24 = "Setting 'screensaverissecure' requires change: Ensure 'Password protect the screen saver' is set to 'Enabled' in GPO \n \n"1869 count2 = count2 + 11870 1871 if(config['screensavertimeout']['screensavertimeout'] != "" ):1872 Stat25 = "No need to change Control: screensavertimeout \n"1873 count = count + 11874 1875 else:1876 Stat25 = "Setting 'screensavertimeout' requires change: Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' in GPO \n \n"1877 count2 = count2 + 11878 1879 if(int(config['anonymousno']['restrictanonymous']) == 1 ):1880 Stat26 = "No need to change Control: RestrictAnonymous \n"1881 count = count + 11882 1883 else:1884 Stat26 = "Setting 'RestrictAnonymous' requires change: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' in GPO \n \n"1885 count2 = count2 + 11886 1887 if(int(config['disabledcreds']['disabledomaincreds']) == 1 ):1888 Stat27 = "No need to change Control: DisableDomainCreds \n"1889 count = count + 11890 1891 else:1892 Stat27 = "Setting 'DisableDomainCreds' requires change: Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' in GPO \n \n"1893 count2 = count2 + 11894 1895 if(int(config['includeanon']['everyoneincludesanonymous']) == 0 ):1896 Stat28 = "No need to change Control: EveryoneIncludesAnonymous \n"1897 count = count + 11898 1899 else:1900 Stat28 = "Setting 'EveryoneIncludesAnonymous' requires change: Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' in GPO \n \n"1901 count2 = count2 + 11902 1903 if(int(config['restrictnull']['restrictnullsessaccess']) == 1 ):1904 Stat29 = "No need to change Control: RestrictNullSessAccess \n"1905 count = count + 11906 1907 else:1908 Stat29 = "Setting 'RestrictNullSessAccess' requires change: Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' in GPO \n \n"1909 count2 = count2 + 11910 1911 if(int(config['forceguest']['forceguest']) == 0 ):1912 Stat30 = "No need to change Control: ForceGuest \n"1913 count = count + 11914 1915 else:1916 Stat30 = "Setting 'ForceGuest' requires change: Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' in GPO \n \n"1917 count2 = count2 + 1 1918 1919 if(int(config['nolmhash']['nolmhash']) == 1 ):1920 Stat31 = "No need to change Control: NoLMHash \n"1921 count = count + 11922 1923 else:1924 Stat31 = "Setting 'NoLMHash' requires change: Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' in GPO \n \n"1925 count2 = count2 + 11926 1927 if(int(config['ldapintergrity']['ldapclientintegrity']) >= 1 ):1928 Stat32 = "No need to change Control: LDAPClientIntegrity \n"1929 count = count + 11930 1931 else:1932 Stat32 = "Setting 'LDAPClientIntegrity' requires change: Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher in GPO \n \n"1933 count2 = count2 + 1 1934 1935 if(int(config['behavioradmin']['consentpromptbehavioradmin']) >= 1 ):1936 Stat33 = "No need to change Control: ConsentPromptBehaviorAdmin \n"1937 count = count + 11938 1939 else:1940 Stat33 = "Setting 'ConsentPromptBehaviorAdmin' requires change: Ensure 'User Account Control: Behavior of the elevation for consent on the secure desktop' in GPO \n \n"1941 count2 = count2 + 11942 1943 if(int(config['behavioruser']['consentpromptbehavioruser']) >= 1 ):1944 Stat34 = "No need to change Control: ConsentPromptBehaviorUser \n"1945 count = count + 11946 1947 else:1948 Stat34 = "Setting 'ConsentPromptBehaviorUser' requires change: Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' in GPO \n \n"1949 count2 = count2 + 11950 1951 if(int(config['installdetect']['enableinstallerdetection']) >= 1 ):1952 Stat35 = "No need to change Control: EnableInstallerDetection \n"1953 count = count + 11954 1955 else:1956 Stat35 = "Setting 'EnableInstallerDetection' requires change: Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' in GPO \n \n"1957 count2 = count2 + 11958 1959 if(int(config['enablesecureUIA']['enablesecureuiapaths']) >= 1 ):1960 Stat36 = "No need to change Control: EnableSecureUIAPaths \n"1961 count = count + 11962 1963 else:1964 Stat36 = "Setting 'EnableSecureUIAPaths' requires change: Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' in GPO \n \n"1965 count2 = count2 + 1 1966 1967 if(int(config['enablelua']['enablelua']) >= 1 ):1968 Stat37 = "No need to change Control: EnableLUA \n"1969 count = count + 11970 1971 else:1972 Stat37 = "Setting 'EnableLUA' requires change: Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' in GPO \n \n"1973 count2 = count2 + 1 1974 1975 if(int(config['promptsecure']['promptonsecuredesktop']) >= 1 ):1976 Stat38 = "No need to change Control: PromptOnSecureDesktop \n"1977 count = count + 11978 1979 else:1980 Stat38 = "Setting 'PromptOnSecureDesktop' requires change: Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' in GPO \n \n"1981 count2 = count2 + 11982 1983 if(int(config['enablevirtual']['enablevirtualization']) >= 1 ):1984 Stat39 = "No need to change Control: EnableVirtualization \n"1985 count = count + 11986 1987 else:1988 Stat39 = "Setting 'EnableVirtualization' requires change: Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled' in GPO \n \n"1989 count2 = count2 + 1 1990 1991 if(int(config['combrowser']['start']) == 2 or int(config['combrowser']['start']) == 4 ):1992 Stat40 = "No need to change Control: Browser \n"1993 count = count + 11994 1995 else:1996 Stat40 = "Setting 'Browser' requires change: Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' in GPO \n \n"1997 count2 = count2 + 1 1998 1999 if(int(config['mapsbroker']['start']) == 2):2000 Stat41 = "No need to change Control: MapsBroker \n"2001 count = count + 12002 2003 else:2004 Stat41 = "Setting 'MapsBroker' requires change: Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled' in GPO \n \n"2005 count2 = count2 + 1 2006 2007 if(int(config['lfsvc']['start']) == 3):2008 Stat42 = "No need to change Control: lfsvc \n"2009 count = count + 12010 2011 else:2012 Stat42 = "Setting 'lfsvc' requires change: Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled' in GPO \n \n"2013 count2 = count2 + 12014 2015 if(int(config['shareaccess']['start']) == 2):2016 Stat43 = "No need to change Control: SharedAccess \n"2017 count = count + 12018 2019 else:2020 Stat43 = "Setting 'SharedAccess' requires change: Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled' in GPO \n \n"2021 count2 = count2 + 12022 2023 if(int(config['lltdsvc']['start']) == 3):2024 Stat44 = "No need to change Control: lltdsvc \n"2025 count = count + 12026 2027 else:2028 Stat44 = "Setting 'lltdsvc' requires change: Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled' in GPO \n \n"2029 count2 = count2 + 1 2030 2031 if(int(config['msis']['start']) == 3):2032 Stat45 = "No need to change Control: MSiSCSI \n"2033 count = count + 12034 2035 else:2036 Stat45 = "Setting 'MSiSCSI' requires change: Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled' in GPO \n \n"2037 count2 = count2 + 12038 2039 if(int(config['sshd']['start']) == 0 or int(config['sshd']['start'] == 4 )):2040 Stat46 = "No need to change Control: sshd \n"2041 count = count + 12042 2043 else:2044 Stat46 = "Setting 'sshd' requires change: Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed' in GPO \n \n"2045 count2 = count2 + 12046 2047 if(int(config['wercplsupport']['start']) == 0 ):2048 Stat47 = "No need to change Control: wercplsupport \n"2049 count = count + 12050 2051 else:2052 Stat47 = "Setting 'wercplsupport' requires change: Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled' in GPO \n \n"2053 count2 = count2 + 12054 2055 if(int(config['RasAuto']['start']) == 0 ):2056 Stat48 = "No need to change Control: RasAuto \n"2057 count = count + 12058 2059 else:2060 Stat48 = "Setting 'RasAuto' requires change: Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled' in GPO \n \n"2061 count2 = count2 + 1 2062 2063 if(int(config['SessionEnv']['start']) == 3 ):2064 Stat49 = "No need to change Control: SessionEnv \n"2065 count = count + 12066 2067 else:2068 Stat49 = "Setting 'SessionEnv' requires change: Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled' in GPO \n \n"2069 count2 = count2 + 1 2070 2071 if(int(config['TermService']['start']) == 3 ):2072 Stat50 = "No need to change Control: TermService \n"2073 count = count + 12074 2075 else:2076 Stat50 = "Setting 'TermService' requires change: Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled' in GPO \n \n"2077 count2 = count2 + 1 2078 2079 if(int(config['UmRdpService']['start']) == 3 ):2080 Stat51 = "No need to change Control: UmRdpService \n"2081 count = count + 12082 2083 else:2084 Stat51 = "Setting 'UmRdpService' requires change:Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled' in GPO \n \n"2085 count2 = count2 + 12086 2087 if(int(config['RpcLocator']['start']) == 3 ):2088 Stat52 = "No need to change Control: RpcLocator \n"2089 count = count + 12090 2091 else:2092 Stat52 = "Setting 'RpcLocator' requires change: Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled' in GPO \n \n"2093 count2 = count2 + 1 2094 2095 if(int(config['RemoteRegistry']['start']) == 2 ):2096 Stat53 = "No need to change Control: RemoteRegistry \n"2097 count = count + 12098 2099 else:2100 Stat53 = "Setting 'RemoteRegistry' requires change: Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled' in GPO \n \n"2101 count2 = count2 + 12102 2103 if(int(config['RemoteAccess']['start']) == 4 ):2104 Stat54 = "No need to change Control: RemoteAccess \n"2105 count = count + 12106 2107 else:2108 Stat54 = "Setting 'RemoteAccess' requires change: Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled' in GPO \n \n"2109 count2 = count2 + 1 2110 2111 if(int(config['LanmanServer']['start']) == 4 ):2112 Stat55 = "No need to change Control: LanmanServer \n"2113 count = count + 12114 2115 else:2116 Stat55 = "Setting 'LanmanServer' requires change: Ensure 'Server (LanmanServer)' is set to 'Disabled' in GPO \n \n"2117 count2 = count2 + 1 2118 2119 if(int(config['sealsecure']['sealsecurechannel']) == 1 ):2120 Stat56 = "No need to change Control: SealSecureChannel \n"2121 count = count + 12122 2123 else:2124 Stat56 = "Setting 'SealSecureChannel' requires change: Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' in GPO \n \n"2125 count2 = count2 + 1 2126 2127 if(int(config['signsecure']['signsecurechannel']) == 1 ):2128 Stat57 = "No need to change Control: SignSecureChannel \n"2129 count = count + 12130 2131 else:2132 Stat57 = "Setting 'SignSecureChannel' requires change: Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' in GPO \n \n"2133 count2 = count2 + 1 2134 2135 if(int(config['disablepasschange']['disablepasswordchange']) == 1 ):2136 Stat58 = "No need to change Control: DisablePasswordChange \n"2137 count = count + 12138 2139 else:2140 Stat58 = "Setting 'DisablePasswordChange' requires change: Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' in GPO \n \n"2141 count2 = count2 + 1 2142 2143 if(int(config['machinemaxpasswrdage']['maximumpasswordage']) <= 30 and int(config['machinemaxpasswrdage']['maximumpasswordage']) != 0 ):2144 Stat59 = "No need to change Control: MaximumPasswordAge \n"2145 count = count + 12146 2147 else:2148 Stat59 = "Setting 'MaximumPasswordAge' requires change: Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0' in GPO \n \n"2149 count2 = count2 + 1 2150 2151 if(int(config['requirestrongkey']['requirestrongkey']) == 1):2152 Stat60 = "No need to change Control: RequireStrongKey \n"2153 count = count + 12154 2155 else:2156 Stat60 = "Setting 'RequireStrongKey' requires change: Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' in GPO \n \n"2157 count2 = count2 + 12158 2159 if(int(config['autorestartsignon']['disableautomaticrestartsignon']) == 0):2160 Stat61 = "No need to change Control: DisableAutomaticRestartSignOn \n"2161 count = count + 12162 2163 else:2164 Stat61 = "Setting 'DisableAutomaticRestartSignOn' requires change: Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled' in GPO \n \n"2165 count2 = count2 + 1 2166 2167 if(int(config['cachedlogons']['cachedlogonscount']) <= 4):2168 Stat62 = "No need to change Control: CachedLogonsCount \n"2169 count = count + 12170 2171 else:2172 Stat62 = "Setting 'CachedLogonsCount' requires change: Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' in GPO \n \n"2173 count2 = count2 + 12174 2175 if(int(config['passexpirywarn']['passwordexpirywarning']) >= 5 or int(config['passexpirywarn']['passwordexpirywarning']) <= 14):2176 Stat63 = "No need to change Control: PasswordExpiryWarning \n"2177 count = count + 12178 2179 else:2180 Stat63 = "Setting 'PasswordExpiryWarning' requires change: 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' in GPO \n \n"2181 count2 = count2 + 1 2182 2183 if(int(config['scremove']['scremoveoption']) >= 1):2184 Stat64 = "No need to change Control: ScRemoveOption \n"2185 count = count + 12186 2187 else:2188 Stat64 = "Setting 'ScRemoveOption' requires change: Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher in GPO \n \n"2189 count2 = count2 + 1 2190 2191 if(int(config['disableexceptionchainvalid']['disableexceptionchainvalidation']) == 1):2192 Stat65 = "No need to change Control: DisableExceptionChainValidation \n"2193 count = count + 12194 2195 else:2196 Stat65 = "Setting 'DisableExceptionChainValidation' requires change: Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled' in GPO \n \n"2197 count2 = count2 + 1 2198 2199 if(int(config['ObCaseInsensitive']['obcaseinsensitive']) == 1):2200 Stat66 = "No need to change Control: ObCaseInsensitive \n"2201 count = count + 12202 2203 else:2204 Stat66 = "Setting 'ObCaseInsensitive' requires change: Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' in GPO \n \n"2205 count2 = count2 + 1 2206 2207 if(int(config['forceunlocklog']['forceunlocklogon']) == 1):2208 Stat67 = "No need to change Control: ForceUnlockLogon \n"2209 count = count + 12210 2211 else:2212 Stat67 = "Setting 'ForceUnlockLogon' requires change: Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' in GPO \n \n"2213 count2 = count2 + 1 2214 2215 if(int(config['restrictanonsam']['restrictanonymoussam']) == 1):2216 Stat68 = "No need to change Control: RestrictAnonymousSAM \n"2217 count = count + 12218 2219 else:2220 Stat68 = "Setting 'RestrictAnonymousSAM' requires change: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' in GPO \n \n"2221 count2 = count2 + 1 2222 2223 if(int(config['shutdownnologon']['shutdownwithoutlogon']) == 0):2224 Stat69 = "No need to change Control: ShutdownWithoutLogon \n"2225 count = count + 12226 2227 else:2228 Stat69 = "Setting 'ShutdownWithoutLogon' requires change: Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' in GPO \n \n"2229 count2 = count2 + 1 2230 2231 if(int(config['ProtectionMode']['protectionmode']) == 1):2232 Stat70 = "No need to change Control: ProtectionMode \n"2233 count = count + 12234 2235 else:2236 Stat70 = "Setting 'ProtectionMode' requires change: Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' in GPO \n \n"2237 count2 = count2 + 1 2238 2239 #print(config.sections())2240 print("\n")2241 print("============================================================== \n") 2242 22432244 listbox.insert(0, "Writing to " + timestr + " in program folder.")2245 listbox.insert(1, " ")2246 listbox.insert(2, "Account Security + Remediations")2247 listbox.insert(3, " ")2248 listbox.insert(4, Stat1)2249 listbox.insert(4, Stat2)2250 listbox.insert(4, Stat3)2251 listbox.insert(4, Stat4)2252 listbox.insert(4, Stat5)2253 listbox.insert(4, Stat6)2254 listbox.insert(4, Stat7)2255 listbox.insert(4, Stat8)2256 listbox.insert(4, Stat9)2257 listbox.insert(4, Stat10)2258 listbox.insert(4, Stat11)2259 listbox.insert(4, Stat12)2260 listbox.insert(4, Stat13)2261 listbox.insert(4, Stat14)2262 listbox.insert(4, Stat15)2263 listbox.insert(4, Stat16)2264 listbox.insert(4, Stat17)2265 listbox.insert(4, Stat18)2266 listbox.insert(4, Stat19)2267 listbox.insert(4, Stat20)2268 listbox.insert(4, Stat21)2269 listbox.insert(4, Stat22)2270 listbox.insert(4, Stat23)2271 listbox.insert(4, Stat24)2272 listbox.insert(4, Stat25)2273 listbox.insert(4, Stat26)2274 listbox.insert(4, Stat27)2275 listbox.insert(4, Stat28)2276 listbox.insert(4, Stat29)2277 listbox.insert(4, Stat30)2278 listbox.insert(4, Stat31)2279 listbox.insert(4, Stat32)2280 listbox.insert(4, Stat33)2281 listbox.insert(4, Stat34)2282 listbox.insert(4, Stat35)2283 listbox.insert(4, Stat36)2284 listbox.insert(4, Stat37)2285 listbox.insert(4, Stat38)2286 listbox.insert(4, Stat39)2287 listbox.insert(4, Stat40)2288 listbox.insert(4, Stat41)2289 listbox.insert(4, Stat42)2290 listbox.insert(4, Stat43)2291 listbox.insert(4, Stat44)2292 listbox.insert(4, Stat45)2293 listbox.insert(4, Stat46)2294 listbox.insert(4, Stat47)2295 listbox.insert(4, Stat48)2296 listbox.insert(4, Stat49)2297 listbox.insert(4, Stat50)2298 listbox.insert(4, Stat51)2299 listbox.insert(4, Stat52)2300 listbox.insert(4, Stat53)2301 listbox.insert(4, Stat54)2302 listbox.insert(4, Stat55)2303 listbox.insert(4, Stat56)2304 listbox.insert(4, Stat57)2305 listbox.insert(4, Stat58)2306 listbox.insert(4, Stat59)2307 listbox.insert(4, Stat60)2308 listbox.insert(4, Stat61)2309 listbox.insert(4, Stat62)2310 listbox.insert(4, Stat63)2311 listbox.insert(4, Stat64)2312 listbox.insert(4, Stat65)2313 listbox.insert(4, Stat66)2314 listbox.insert(4, Stat67)2315 listbox.insert(4, Stat68)2316 listbox.insert(4, Stat69)2317 listbox.insert(4, Stat70)2318 2319 2320 listbox2.insert(0, "\nNumber of Compliant controls") 2321 listbox2.insert(1, "--> " + str(count)) 2322 listbox2.insert(2, "Number of Non-Compliant controls") 2323 listbox2.insert(3, "--> " + str(count2)) 2324 2325def saveScan():2326 date = time.strftime("%Y_%m_%d-%I_%M_%S_%p")2327 datestr = date + " Windows Report.txt"2328 with open(datestr, 'w') as f:2329 f.write("--Configuration Scan--\n\n")2330 f.write('\n'.join(listbox.get('0', 'end')))2331 f.write('\n'.join(listbox2.get('0', 'end')))2332 f.close() 2333 2334def saveScan2():2335 date = time.strftime("%Y_%m_%d-%I_%M_%S_%p")2336 datestr = date + " Browser Report.txt"2337 with open(datestr, 'w') as f:2338 f.write("--Configuration Scan--\n\n")2339 f.write('\n'.join(listbox3.get('0', 'end')))2340 f.write('\n'.join(listbox4.get('0', 'end')))2341 f.close() 23422343def deleteScan():2344 listbox.delete('0', 'end')2345 listbox2.delete('0', 'end') 2346 2347def deleteScan2():2348 listbox3.delete('0', 'end')2349 listbox4.delete('0', 'end') 2350 2351def googlescan():2352 host2 = IP2.get()2353 domain2 = Domain2.get()2354 user2 = username2.get()2355 password2 = passwd2.get()2356 2357 session = winrm.Session(host2, auth=('{}@{}' .format(user2 ,domain2), password2), transport='ntlm') 2358 2359 import time2360 import configparser2361 config = configparser.ConfigParser()2362 time = time.strftime("%Y_%m_%d-%I_%M_%S_%p")2363 timestr = time + " Browser Settings.ini"2364 2365 def remotehostcurtain():2366 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RemoteAccessHostRequireCurtain" | Select-Object RemoteAccessHostRequireCurtain')2367 p_output = str(p.std_out)2368 p_output = p_output.replace("b\'", "")2369 p_output = p_output.replace("\\r", "")2370 p_output = p_output.replace("\\n", "")2371 p_output = p_output.replace("\'", "")2372 p_output = p_output.replace(" ", "")2373 p_output = p_output.replace("------------------------------", "-")2374 p_list = p_output.split("-")2375 2376 p_dict = dict([p_list])2377 config['remotehostcurtain'] = p_dict2378 2379 def remotehostuiremoteassist():2380 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RemoteAccessHostAllowUiAccessForRemoteAssistance" | Select-Object RemoteAccessHostAllowUiAccessForRemoteAssistance')2381 p_output = str(p.std_out)2382 p_output = p_output.replace("b\'", "")2383 p_output = p_output.replace("\\r", "")2384 p_output = p_output.replace("\\n", "")2385 p_output = p_output.replace("\'", "")2386 p_output = p_output.replace(" ", "")2387 p_output = p_output.replace("------------------------------------------------", "-")2388 p_list = p_output.split("-")2389 2390 p_dict = dict([p_list])2391 config['remotehostuiremoteassist'] = p_dict2392 2393 def BackgroundModeEnabled():2394 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "BackgroundModeEnabled" | Select-Object BackgroundModeEnabled')2395 p_output = str(p.std_out)2396 p_output = p_output.replace("b\'", "")2397 p_output = p_output.replace("\\r", "")2398 p_output = p_output.replace("\\n", "")2399 p_output = p_output.replace("\'", "")2400 p_output = p_output.replace(" ", "")2401 p_output = p_output.replace("---------------------", "-")2402 p_list = p_output.split("-")2403 2404 p_dict = dict([p_list])2405 config['BackgroundModeEnabled'] = p_dict 2406 2407 def PromptForDownloadLocation():2408 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "PromptForDownloadLocation" | Select-Object PromptForDownloadLocation')2409 p_output = str(p.std_out)2410 p_output = p_output.replace("b\'", "")2411 p_output = p_output.replace("\\r", "")2412 p_output = p_output.replace("\\n", "")2413 p_output = p_output.replace("\'", "")2414 p_output = p_output.replace(" ", "")2415 p_output = p_output.replace("-------------------------", "-")2416 p_list = p_output.split("-")2417 2418 p_dict = dict([p_list])2419 config['PromptForDownloadLocation'] = p_dict 2420 2421 def savebrowserhistory():2422 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SavingBrowserHistoryDisabled" | Select-Object SavingBrowserHistoryDisabled')2423 p_output = str(p.std_out)2424 p_output = p_output.replace("b\'", "")2425 p_output = p_output.replace("\\r", "")2426 p_output = p_output.replace("\\n", "")2427 p_output = p_output.replace("\'", "")2428 p_output = p_output.replace(" ", "")2429 p_output = p_output.replace("----------------------------", "-")2430 p_list = p_output.split("-")2431 2432 p_dict = dict([p_list])2433 config['savebrowserhistory'] = p_dict 2434 2435 def ComponentUpdatesEnabled():2436 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "ComponentUpdatesEnabled" | Select-Object ComponentUpdatesEnabled')2437 p_output = str(p.std_out)2438 p_output = p_output.replace("b\'", "")2439 p_output = p_output.replace("\\r", "")2440 p_output = p_output.replace("\\n", "")2441 p_output = p_output.replace("\'", "")2442 p_output = p_output.replace(" ", "")2443 p_output = p_output.replace("-----------------------", "-")2444 p_list = p_output.split("-")2445 2446 p_dict = dict([p_list])2447 config['ComponentUpdatesEnabled'] = p_dict 2448 2449 def ThirdPartyBlockingEnabled():2450 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "ThirdPartyBlockingEnabled" | Select-Object ThirdPartyBlockingEnabled')2451 p_output = str(p.std_out)2452 p_output = p_output.replace("b\'", "")2453 p_output = p_output.replace("\\r", "")2454 p_output = p_output.replace("\\n", "")2455 p_output = p_output.replace("\'", "")2456 p_output = p_output.replace(" ", "")2457 p_output = p_output.replace("-------------------------", "-")2458 p_list = p_output.split("-")2459 2460 p_dict = dict([p_list])2461 config['ThirdPartyBlockingEnabled'] = p_dict 2462 2463 def SuppressUnsupportedOSWarning():2464 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SuppressUnsupportedOSWarning" | Select-Object SuppressUnsupportedOSWarning')2465 p_output = str(p.std_out)2466 p_output = p_output.replace("b\'", "")2467 p_output = p_output.replace("\\r", "")2468 p_output = p_output.replace("\\n", "")2469 p_output = p_output.replace("\'", "")2470 p_output = p_output.replace(" ", "")2471 p_output = p_output.replace("----------------------------", "-")2472 p_list = p_output.split("-")2473 2474 p_dict = dict([p_list])2475 config['SuppressUnsupportedOSWarning'] = p_dict2476 2477 def EnableOnlineRevocationChecks():2478 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "EnableOnlineRevocationChecks" | Select-Object EnableOnlineRevocationChecks')2479 p_output = str(p.std_out)2480 p_output = p_output.replace("b\'", "")2481 p_output = p_output.replace("\\r", "")2482 p_output = p_output.replace("\\n", "")2483 p_output = p_output.replace("\'", "")2484 p_output = p_output.replace(" ", "")2485 p_output = p_output.replace("----------------------------", "-")2486 p_list = p_output.split("-")2487 2488 p_dict = dict([p_list])2489 config['EnableOnlineRevocationChecks'] = p_dict2490 2491 def SafeSitesFilterBehavior():2492 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SafeSitesFilterBehavior" | Select-Object SafeSitesFilterBehavior')2493 p_output = str(p.std_out)2494 p_output = p_output.replace("b\'", "")2495 p_output = p_output.replace("\\r", "")2496 p_output = p_output.replace("\\n", "")2497 p_output = p_output.replace("\'", "")2498 p_output = p_output.replace(" ", "")2499 p_output = p_output.replace("-----------------------", "-")2500 p_list = p_output.split("-")2501 2502 p_dict = dict([p_list])2503 config['SafeSitesFilterBehavior'] = p_dict 2504 2505 def DefaultNotificationsSetting():2506 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DefaultNotificationsSetting" | Select-Object DefaultNotificationsSetting')2507 p_output = str(p.std_out)2508 p_output = p_output.replace("b\'", "")2509 p_output = p_output.replace("\\r", "")2510 p_output = p_output.replace("\\n", "")2511 p_output = p_output.replace("\'", "")2512 p_output = p_output.replace(" ", "")2513 p_output = p_output.replace("---------------------------", "-")2514 p_list = p_output.split("-")2515 2516 p_dict = dict([p_list])2517 config['DefaultNotificationsSetting'] = p_dict 2518 2519 def Defaultbluetooth():2520 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DefaultWebBluetoothGuardSetting" | Select-Object DefaultWebBluetoothGuardSetting')2521 p_output = str(p.std_out)2522 p_output = p_output.replace("b\'", "")2523 p_output = p_output.replace("\\r", "")2524 p_output = p_output.replace("\\n", "")2525 p_output = p_output.replace("\'", "")2526 p_output = p_output.replace(" ", "")2527 p_output = p_output.replace("-------------------------------", "-")2528 p_list = p_output.split("-")2529 2530 p_dict = dict([p_list])2531 config['Defaultbluetooth'] = p_dict 2532 2533 def DefaultWebUsbGuardSetting():2534 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DefaultWebUsbGuardSetting" | Select-Object DefaultWebUsbGuardSetting')2535 p_output = str(p.std_out)2536 p_output = p_output.replace("b\'", "")2537 p_output = p_output.replace("\\r", "")2538 p_output = p_output.replace("\\n", "")2539 p_output = p_output.replace("\'", "")2540 p_output = p_output.replace(" ", "")2541 p_output = p_output.replace("-------------------------", "-")2542 p_list = p_output.split("-")2543 2544 p_dict = dict([p_list])2545 config['DefaultWebUsbGuardSetting'] = p_dict 2546 2547 def PasswordManagerEnabled():2548 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "PasswordManagerEnabled" | Select-Object PasswordManagerEnabled')2549 p_output = str(p.std_out)2550 p_output = p_output.replace("b\'", "")2551 p_output = p_output.replace("\\r", "")2552 p_output = p_output.replace("\\n", "")2553 p_output = p_output.replace("\'", "")2554 p_output = p_output.replace(" ", "")2555 p_output = p_output.replace("----------------------", "-")2556 p_list = p_output.split("-")2557 2558 p_dict = dict([p_list])2559 config['PasswordManagerEnabled'] = p_dict 2560 2561 def AuthSchemes():2562 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "AuthSchemes" | Select-Object AuthSchemes')2563 p_output = str(p.std_out)2564 p_output = p_output.replace("b\'", "")2565 p_output = p_output.replace("\\r", "")2566 p_output = p_output.replace("\\n", "")2567 p_output = p_output.replace("\'", "")2568 p_output = p_output.replace(" ", "")2569 p_output = p_output.replace("-----------", "-") 2570 p_list = p_output.split("-")2571 2572 for i in p_list:2573 p_dict = dict([p_list])2574 config['AuthSchemes'] = p_dict2575 2576 def CloudPrintProxyEnabled():2577 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "CloudPrintProxyEnabled" | Select-Object CloudPrintProxyEnabled')2578 p_output = str(p.std_out)2579 p_output = p_output.replace("b\'", "")2580 p_output = p_output.replace("\\r", "")2581 p_output = p_output.replace("\\n", "")2582 p_output = p_output.replace("\'", "")2583 p_output = p_output.replace(" ", "")2584 p_output = p_output.replace("----------------------", "-") 2585 p_list = p_output.split("-")2586 2587 p_dict = dict([p_list])2588 config['CloudPrintProxyEnabled'] = p_dict 2589 2590 def SitePerProcess():2591 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SitePerProcess" | Select-Object SitePerProcess')2592 p_output = str(p.std_out)2593 p_output = p_output.replace("b\'", "")2594 p_output = p_output.replace("\\r", "")2595 p_output = p_output.replace("\\n", "")2596 p_output = p_output.replace("\'", "")2597 p_output = p_output.replace(" ", "")2598 p_output = p_output.replace("--------------", "-") 2599 p_list = p_output.split("-")2600 2601 p_dict = dict([p_list])2602 config['SitePerProcess'] = p_dict 2603 2604 def DownloadRestrictions():2605 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DownloadRestrictions" | Select-Object DownloadRestrictions')2606 p_output = str(p.std_out)2607 p_output = p_output.replace("b\'", "")2608 p_output = p_output.replace("\\r", "")2609 p_output = p_output.replace("\\n", "")2610 p_output = p_output.replace("\'", "")2611 p_output = p_output.replace(" ", "")2612 p_output = p_output.replace("--------------------", "-") 2613 p_list = p_output.split("-")2614 2615 p_dict = dict([p_list])2616 config['DownloadRestrictions'] = p_dict2617 2618 def disablesafebrowsing():2619 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DisableSafeBrowsingProceedAnyway" | Select-Object DisableSafeBrowsingProceedAnyway')2620 p_output = str(p.std_out)2621 p_output = p_output.replace("b\'", "")2622 p_output = p_output.replace("\\r", "")2623 p_output = p_output.replace("\\n", "")2624 p_output = p_output.replace("\'", "")2625 p_output = p_output.replace(" ", "")2626 p_output = p_output.replace("--------------------------------", "-") 2627 p_list = p_output.split("-")2628 2629 p_dict = dict([p_list])2630 config['disablesafebrowsing'] = p_dict 2631 2632 def RelaunchNotification():2633 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RelaunchNotification" | Select-Object RelaunchNotification')2634 p_output = str(p.std_out)2635 p_output = p_output.replace("b\'", "")2636 p_output = p_output.replace("\\r", "")2637 p_output = p_output.replace("\\n", "")2638 p_output = p_output.replace("\'", "")2639 p_output = p_output.replace(" ", "")2640 p_output = p_output.replace("--------------------", "-") 2641 p_list = p_output.split("-")2642 2643 p_dict = dict([p_list])2644 config['RelaunchNotification'] = p_dict 2645 2646 def RelaunchNotificationPeriod():2647 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RelaunchNotificationPeriod" | Select-Object RelaunchNotificationPeriod')2648 p_output = str(p.std_out)2649 p_output = p_output.replace("b\'", "")2650 p_output = p_output.replace("\\r", "")2651 p_output = p_output.replace("\\n", "")2652 p_output = p_output.replace("\'", "")2653 p_output = p_output.replace(" ", "")2654 p_output = p_output.replace("--------------------------", "-") 2655 p_list = p_output.split("-")2656 2657 p_dict = dict([p_list])2658 config['RelaunchNotificationPeriod'] = p_dict 2659 2660 def revocationchecklocalanchor():2661 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RequireOnlineRevocationChecksForLocalAnchors" | Select-Object RequireOnlineRevocationChecksForLocalAnchors')2662 p_output = str(p.std_out)2663 p_output = p_output.replace("b\'", "")2664 p_output = p_output.replace("\\r", "")2665 p_output = p_output.replace("\\n", "")2666 p_output = p_output.replace("\'", "")2667 p_output = p_output.replace(" ", "")2668 p_output = p_output.replace("--------------------------------------------", "-") 2669 p_list = p_output.split("-")2670 2671 p_dict = dict([p_list])2672 config['revocationchecklocalanchor'] = p_dict 2673 2674 def ChromeCleanupEnabled():2675 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "ChromeCleanupEnabled" | Select-Object ChromeCleanupEnabled')2676 p_output = str(p.std_out)2677 p_output = p_output.replace("b\'", "")2678 p_output = p_output.replace("\\r", "")2679 p_output = p_output.replace("\\n", "")2680 p_output = p_output.replace("\'", "")2681 p_output = p_output.replace(" ", "")2682 p_output = p_output.replace("--------------------", "-") 2683 p_list = p_output.split("-")2684 2685 p_dict = dict([p_list])2686 config['ChromeCleanupEnabled'] = p_dict 2687 2688 def BuiltInDnsClientEnabled():2689 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "BuiltInDnsClientEnabled" | Select-Object BuiltInDnsClientEnabled')2690 p_output = str(p.std_out)2691 p_output = p_output.replace("b\'", "")2692 p_output = p_output.replace("\\r", "")2693 p_output = p_output.replace("\\n", "")2694 p_output = p_output.replace("\'", "")2695 p_output = p_output.replace(" ", "")2696 p_output = p_output.replace("-----------------------", "-") 2697 p_list = p_output.split("-")2698 2699 p_dict = dict([p_list])2700 config['BuiltInDnsClientEnabled'] = p_dict 2701 2702 def DefaultCookiesSetting():2703 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DefaultCookiesSetting" | Select-Object DefaultCookiesSetting')2704 p_output = str(p.std_out)2705 p_output = p_output.replace("b\'", "")2706 p_output = p_output.replace("\\r", "")2707 p_output = p_output.replace("\\n", "")2708 p_output = p_output.replace("\'", "")2709 p_output = p_output.replace(" ", "")2710 p_output = p_output.replace("---------------------", "-") 2711 p_list = p_output.split("-")2712 2713 p_dict = dict([p_list])2714 config['DefaultCookiesSetting'] = p_dict 2715 2716 def DefaultGeolocationSetting():2717 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "DefaultGeolocationSetting" | Select-Object DefaultGeolocationSetting')2718 p_output = str(p.std_out)2719 p_output = p_output.replace("b\'", "")2720 p_output = p_output.replace("\\r", "")2721 p_output = p_output.replace("\\n", "")2722 p_output = p_output.replace("\'", "")2723 p_output = p_output.replace(" ", "")2724 p_output = p_output.replace("-------------------------", "-") 2725 p_list = p_output.split("-")2726 2727 p_dict = dict([p_list])2728 config['DefaultGeolocationSetting'] = p_dict 2729 2730 def EnableMediaRouter():2731 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "EnableMediaRouter" | Select-Object EnableMediaRouter')2732 p_output = str(p.std_out)2733 p_output = p_output.replace("b\'", "")2734 p_output = p_output.replace("\\r", "")2735 p_output = p_output.replace("\\n", "")2736 p_output = p_output.replace("\'", "")2737 p_output = p_output.replace(" ", "")2738 p_output = p_output.replace("-----------------", "-") 2739 p_list = p_output.split("-")2740 2741 p_dict = dict([p_list])2742 config['EnableMediaRouter'] = p_dict 2743 2744 def BlockThirdPartyCookies():2745 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "BlockThirdPartyCookies" | Select-Object BlockThirdPartyCookies')2746 p_output = str(p.std_out)2747 p_output = p_output.replace("b\'", "")2748 p_output = p_output.replace("\\r", "")2749 p_output = p_output.replace("\\n", "")2750 p_output = p_output.replace("\'", "")2751 p_output = p_output.replace(" ", "")2752 p_output = p_output.replace("----------------------", "-") 2753 p_list = p_output.split("-")2754 2755 p_dict = dict([p_list])2756 config['BlockThirdPartyCookies'] = p_dict 2757 2758 def MetricsReportingEnabled():2759 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "MetricsReportingEnabled" | Select-Object MetricsReportingEnabled')2760 p_output = str(p.std_out)2761 p_output = p_output.replace("b\'", "")2762 p_output = p_output.replace("\\r", "")2763 p_output = p_output.replace("\\n", "")2764 p_output = p_output.replace("\'", "")2765 p_output = p_output.replace(" ", "")2766 p_output = p_output.replace("-----------------------", "-") 2767 p_list = p_output.split("-")2768 2769 p_dict = dict([p_list])2770 config['MetricsReportingEnabled'] = p_dict2771 2772 def chromecleanupreport():2773 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "ChromeCleanupReportingEnabled" | Select-Object ChromeCleanupReportingEnabled')2774 p_output = str(p.std_out)2775 p_output = p_output.replace("b\'", "")2776 p_output = p_output.replace("\\r", "")2777 p_output = p_output.replace("\\n", "")2778 p_output = p_output.replace("\'", "")2779 p_output = p_output.replace(" ", "")2780 p_output = p_output.replace("-----------------------------", "-") 2781 p_list = p_output.split("-")2782 2783 p_dict = dict([p_list])2784 config['chromecleanupreport'] = p_dict 2785 2786 def BrowserSignin():2787 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "BrowserSignin" | Select-Object BrowserSignin')2788 p_output = str(p.std_out)2789 p_output = p_output.replace("b\'", "")2790 p_output = p_output.replace("\\r", "")2791 p_output = p_output.replace("\\n", "")2792 p_output = p_output.replace("\'", "")2793 p_output = p_output.replace(" ", "")2794 p_output = p_output.replace("-------------", "-") 2795 p_list = p_output.split("-")2796 2797 p_dict = dict([p_list])2798 config['BrowserSignin'] = p_dict 2799 2800 def TranslateEnabled():2801 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "TranslateEnabled" | Select-Object TranslateEnabled')2802 p_output = str(p.std_out)2803 p_output = p_output.replace("b\'", "")2804 p_output = p_output.replace("\\r", "")2805 p_output = p_output.replace("\\n", "")2806 p_output = p_output.replace("\'", "")2807 p_output = p_output.replace(" ", "")2808 p_output = p_output.replace("----------------", "-") 2809 p_list = p_output.split("-")2810 2811 p_dict = dict([p_list])2812 config['TranslateEnabled'] = p_dict 2813 2814 def NetworkPredictionOptions():2815 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "NetworkPredictionOptions" | Select-Object NetworkPredictionOptions')2816 p_output = str(p.std_out)2817 p_output = p_output.replace("b\'", "")2818 p_output = p_output.replace("\\r", "")2819 p_output = p_output.replace("\\n", "")2820 p_output = p_output.replace("\'", "")2821 p_output = p_output.replace(" ", "")2822 p_output = p_output.replace("------------------------", "-") 2823 p_list = p_output.split("-")2824 2825 p_dict = dict([p_list])2826 config['NetworkPredictionOptions'] = p_dict 2827 2828 def SearchSuggestEnabled():2829 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SearchSuggestEnabled" | Select-Object SearchSuggestEnabled')2830 p_output = str(p.std_out)2831 p_output = p_output.replace("b\'", "")2832 p_output = p_output.replace("\\r", "")2833 p_output = p_output.replace("\\n", "")2834 p_output = p_output.replace("\'", "")2835 p_output = p_output.replace(" ", "")2836 p_output = p_output.replace("--------------------", "-") 2837 p_list = p_output.split("-")2838 2839 p_dict = dict([p_list])2840 config['SearchSuggestEnabled'] = p_dict 2841 2842 def SpellCheckServiceEnabled():2843 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SpellCheckServiceEnabled" | Select-Object SpellCheckServiceEnabled')2844 p_output = str(p.std_out)2845 p_output = p_output.replace("b\'", "")2846 p_output = p_output.replace("\\r", "")2847 p_output = p_output.replace("\\n", "")2848 p_output = p_output.replace("\'", "")2849 p_output = p_output.replace(" ", "")2850 p_output = p_output.replace("------------------------", "-") 2851 p_list = p_output.split("-")2852 2853 p_dict = dict([p_list])2854 config['SpellCheckServiceEnabled'] = p_dict 2855 2856 def AlternateErrorPagesEnabled():2857 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "AlternateErrorPagesEnabled" | Select-Object AlternateErrorPagesEnabled')2858 p_output = str(p.std_out)2859 p_output = p_output.replace("b\'", "")2860 p_output = p_output.replace("\\r", "")2861 p_output = p_output.replace("\\n", "")2862 p_output = p_output.replace("\'", "")2863 p_output = p_output.replace(" ", "")2864 p_output = p_output.replace("--------------------------", "-") 2865 p_list = p_output.split("-")2866 2867 p_dict = dict([p_list])2868 config['AlternateErrorPagesEnabled'] = p_dict 2869 2870 def SyncDisabled():2871 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SyncDisabled" | Select-Object SyncDisabled')2872 p_output = str(p.std_out)2873 p_output = p_output.replace("b\'", "")2874 p_output = p_output.replace("\\r", "")2875 p_output = p_output.replace("\\n", "")2876 p_output = p_output.replace("\'", "")2877 p_output = p_output.replace(" ", "")2878 p_output = p_output.replace("------------", "-") 2879 p_list = p_output.split("-")2880 2881 p_dict = dict([p_list])2882 config['SyncDisabled'] = p_dict 2883 2884 def safebrowsingtrustedsource():2885 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "SafeBrowsingForTrustedSourcesEnabled" | Select-Object SafeBrowsingForTrustedSourcesEnabled')2886 p_output = str(p.std_out)2887 p_output = p_output.replace("b\'", "")2888 p_output = p_output.replace("\\r", "")2889 p_output = p_output.replace("\\n", "")2890 p_output = p_output.replace("\'", "")2891 p_output = p_output.replace(" ", "")2892 p_output = p_output.replace("------------------------------------", "-") 2893 p_list = p_output.split("-")2894 2895 p_dict = dict([p_list])2896 config['safebrowsingtrustedsource'] = p_dict 2897 2898 def urlkeyeddatacollect():2899 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "UrlKeyedAnonymizedDataCollectionEnabled" | Select-Object UrlKeyedAnonymizedDataCollectionEnabled')2900 p_output = str(p.std_out)2901 p_output = p_output.replace("b\'", "")2902 p_output = p_output.replace("\\r", "")2903 p_output = p_output.replace("\\n", "")2904 p_output = p_output.replace("\'", "")2905 p_output = p_output.replace(" ", "")2906 p_output = p_output.replace("---------------------------------------", "-") 2907 p_list = p_output.split("-")2908 2909 p_dict = dict([p_list])2910 config['urlkeyeddatacollect'] = p_dict 2911 2912 def allowdeletebrowserhistory():2913 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "AllowDeletingBrowserHistory" | Select-Object AllowDeletingBrowserHistory')2914 p_output = str(p.std_out)2915 p_output = p_output.replace("b\'", "")2916 p_output = p_output.replace("\\r", "")2917 p_output = p_output.replace("\\n", "")2918 p_output = p_output.replace("\'", "")2919 p_output = p_output.replace(" ", "")2920 p_output = p_output.replace("---------------------------", "-") 2921 p_list = p_output.split("-")2922 2923 p_dict = dict([p_list])2924 config['allowdeletebrowserhistory'] = p_dict 2925 2926 def remoteaccessfirewalltraverse():2927 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RemoteAccessHostFirewallTraversal" | Select-Object RemoteAccessHostFirewallTraversal')2928 p_output = str(p.std_out)2929 p_output = p_output.replace("b\'", "")2930 p_output = p_output.replace("\\r", "")2931 p_output = p_output.replace("\\n", "")2932 p_output = p_output.replace("\'", "")2933 p_output = p_output.replace(" ", "")2934 p_output = p_output.replace("---------------------------------", "-") 2935 p_list = p_output.split("-")2936 2937 p_dict = dict([p_list])2938 config['remoteaccessfirewalltraverse'] = p_dict 2939 2940 def remoteaccessclientpair():2941 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RemoteAccessHostAllowClientPairing" | Select-Object RemoteAccessHostAllowClientPairing')2942 p_output = str(p.std_out)2943 p_output = p_output.replace("b\'", "")2944 p_output = p_output.replace("\\r", "")2945 p_output = p_output.replace("\\n", "")2946 p_output = p_output.replace("\'", "")2947 p_output = p_output.replace(" ", "")2948 p_output = p_output.replace("----------------------------------", "-") 2949 p_list = p_output.split("-")2950 2951 p_dict = dict([p_list])2952 config['remoteaccessclientpair'] = p_dict 2953 2954 def remoteaccessrelayconnect():2955 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "RemoteAccessHostAllowRelayedConnection" | Select-Object RemoteAccessHostAllowRelayedConnection')2956 p_output = str(p.std_out)2957 p_output = p_output.replace("b\'", "")2958 p_output = p_output.replace("\\r", "")2959 p_output = p_output.replace("\\n", "")2960 p_output = p_output.replace("\'", "")2961 p_output = p_output.replace(" ", "")2962 p_output = p_output.replace("--------------------------------------", "-") 2963 p_list = p_output.split("-")2964 2965 p_dict = dict([p_list])2966 config['remoteaccessrelayconnect'] = p_dict 2967 2968 def CloudPrintSubmitEnabled():2969 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "CloudPrintSubmitEnabled" | Select-Object CloudPrintSubmitEnabled')2970 p_output = str(p.std_out)2971 p_output = p_output.replace("b\'", "")2972 p_output = p_output.replace("\\r", "")2973 p_output = p_output.replace("\\n", "")2974 p_output = p_output.replace("\'", "")2975 p_output = p_output.replace(" ", "")2976 p_output = p_output.replace("-----------------------", "-") 2977 p_list = p_output.split("-")2978 2979 p_dict = dict([p_list])2980 config['CloudPrintSubmitEnabled'] = p_dict 2981 2982 def ImportSavedPasswords():2983 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "ImportSavedPasswords" | Select-Object ImportSavedPasswords')2984 p_output = str(p.std_out)2985 p_output = p_output.replace("b\'", "")2986 p_output = p_output.replace("\\r", "")2987 p_output = p_output.replace("\\n", "")2988 p_output = p_output.replace("\'", "")2989 p_output = p_output.replace(" ", "")2990 p_output = p_output.replace("--------------------", "-") 2991 p_list = p_output.split("-")2992 2993 p_dict = dict([p_list])2994 config['ImportSavedPasswords'] = p_dict 2995 2996 def AutofillCreditCardEnabled():2997 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "AutofillCreditCardEnabled" | Select-Object AutofillCreditCardEnabled')2998 p_output = str(p.std_out)2999 p_output = p_output.replace("b\'", "")3000 p_output = p_output.replace("\\r", "")3001 p_output = p_output.replace("\\n", "")3002 p_output = p_output.replace("\'", "")3003 p_output = p_output.replace(" ", "")3004 p_output = p_output.replace("-------------------------", "-") 3005 p_list = p_output.split("-")3006 3007 p_dict = dict([p_list])3008 config['AutofillCreditCardEnabled'] = p_dict 3009 3010 def AutofillAddressEnabled():3011 p = session.run_ps('Get-ItemProperty -Path "HKLM:SOFTWARE\Policies\Google\Chrome" -Name "AutofillAddressEnabled" | Select-Object AutofillAddressEnabled')3012 p_output = str(p.std_out)3013 p_output = p_output.replace("b\'", "")3014 p_output = p_output.replace("\\r", "")3015 p_output = p_output.replace("\\n", "")3016 p_output = p_output.replace("\'", "")3017 p_output = p_output.replace(" ", "")3018 p_output = p_output.replace("----------------------", "-") 3019 p_list = p_output.split("-")3020 3021 p_dict = dict([p_list])3022 config['AutofillAddressEnabled'] = p_dict 3023 3024 3025 remotehostcurtain()3026 remotehostuiremoteassist()3027 BackgroundModeEnabled()3028 PromptForDownloadLocation()3029 savebrowserhistory()3030 ComponentUpdatesEnabled()3031 ThirdPartyBlockingEnabled()3032 SuppressUnsupportedOSWarning()3033 EnableOnlineRevocationChecks()3034 SafeSitesFilterBehavior()3035 DefaultNotificationsSetting()3036 Defaultbluetooth()3037 DefaultWebUsbGuardSetting()3038 PasswordManagerEnabled()3039 AuthSchemes()3040 CloudPrintProxyEnabled()3041 SitePerProcess()3042 DownloadRestrictions()3043 disablesafebrowsing()3044 RelaunchNotification()3045 RelaunchNotificationPeriod()3046 revocationchecklocalanchor()3047 ChromeCleanupEnabled()3048 BuiltInDnsClientEnabled()3049 DefaultCookiesSetting()3050 DefaultGeolocationSetting()3051 EnableMediaRouter()3052 BlockThirdPartyCookies()3053 MetricsReportingEnabled()3054 chromecleanupreport()3055 BrowserSignin()3056 TranslateEnabled()3057 NetworkPredictionOptions()3058 SearchSuggestEnabled()3059 SpellCheckServiceEnabled()3060 AlternateErrorPagesEnabled()3061 SyncDisabled()3062 safebrowsingtrustedsource()3063 urlkeyeddatacollect()3064 allowdeletebrowserhistory()3065 remoteaccessfirewalltraverse()3066 remoteaccessclientpair()3067 remoteaccessrelayconnect()3068 CloudPrintSubmitEnabled()3069 ImportSavedPasswords()3070 AutofillCreditCardEnabled()3071 AutofillAddressEnabled()30723073 with open(timestr,'w') as configfile:3074 config.write(configfile)3075 3076 config.read(timestr)3077 count = 03078 count2 = 03079 print("\n")3080 print("==============================================================")3081 print("\n")3082 print("Browser Controls \n")3083 3084 if(int(config['remotehostcurtain']['remoteaccesshostrequirecurtain']) == 0):3085 Stat1 = "No need to change Control: RemoteAccessHostRequireCurtain \n"3086 count = count + 13087 3088 else:3089 Stat1 = "Setting 'RemoteAccessHostRequireCurtain' requires change: 1.1.1 (L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' \n"3090 count2 = count2 + 13091 3092 if(int(config['remotehostuiremoteassist']['remoteaccesshostallowuiaccessforremoteassistance']) == 0):3093 Stat2 = "No need to change Control: RemoteAccessHostAllowUiAccessForRemoteAssistance \n"3094 count = count + 13095 3096 else:3097 Stat2 = "Setting 'RemoteAccessHostAllowUiAccessForRemoteAssistance' requires change: 1.1.3 (L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' \n"3098 count2 = count2 + 1 3099 3100 if(int(config['BackgroundModeEnabled']['backgroundmodeenabled']) == 0):3101 Stat3 = "No need to change Control: BackgroundModeEnabled \n"3102 count = count + 13103 3104 else:3105 Stat3 = "Setting 'BackgroundModeEnabled' requires change: 1.2 (L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled' \n"3106 count2 = count2 + 1 3107 3108 if(int(config['PromptForDownloadLocation']['promptfordownloadlocation']) == 1):3109 Stat4 = "No need to change Control: PromptForDownloadLocation \n"3110 count = count + 13111 3112 else:3113 Stat4 = "Setting 'PromptForDownloadLocation' requires change: 1.3 (L1) Ensure 'Ask where to save each file before downloading' is set to 'Enabled' \n"3114 count2 = count2 + 1 3115 3116 if(int(config['savebrowserhistory']['savingbrowserhistorydisabled']) == 0):3117 Stat5 = "No need to change Control: SavingBrowserHistoryDisabled \n"3118 count = count + 13119 3120 else:3121 Stat5 = "Setting 'SavingBrowserHistoryDisabled' requires change: 1.4 (L1) Ensure 'Disable saving browser history' is set to 'Disabled' \n"3122 count2 = count2 + 1 3123 3124 if(int(config['ComponentUpdatesEnabled']['componentupdatesenabled']) == 1):3125 Stat6 = "No need to change Control: ComponentUpdatesEnabled \n"3126 count = count + 13127 3128 else:3129 Stat6 = "Setting 'ComponentUpdatesEnabled' requires change: 1.6 (L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled' \n"3130 count2 = count2 + 1 3131 3132 if(int(config['ThirdPartyBlockingEnabled']['thirdpartyblockingenabled']) == 1):3133 Stat7 = "No need to change Control: ThirdPartyBlockingEnabled \n"3134 count = count + 13135 3136 else:3137 Stat7 = "Setting 'ThirdPartyBlockingEnabled' requires change: 1.8 (L1) Ensure 'Enable third party software injection blocking' is set to 'Enabled' \n"3138 count2 = count2 + 1 3139 3140 if(int(config['SuppressUnsupportedOSWarning']['suppressunsupportedoswarning']) == 0):3141 Stat8 = "No need to change Control: SuppressUnsupportedOSWarning \n"3142 count = count + 13143 3144 else:3145 Stat8 = "Setting 'SuppressUnsupportedOSWarning' requires change: 1.10 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' \n"3146 count2 = count2 + 1 3147 3148 if(int(config['EnableOnlineRevocationChecks']['enableonlinerevocationchecks']) == 0):3149 Stat9 = "No need to change Control: EnableOnlineRevocationChecks \n"3150 count = count + 13151 3152 else:3153 Stat9 = "Setting 'EnableOnlineRevocationChecks' requires change: 1.11 (L1) Ensure 'Whether online OCSP/CRL checks are performed' is set to 'Disabled' \n"3154 count2 = count2 + 13155 3156 if(int(config['SafeSitesFilterBehavior']['safesitesfilterbehavior']) >= 1):3157 Stat10 = "No need to change Control: SafeSitesFilterBehavior \n"3158 count = count + 13159 3160 else:3161 Stat10 = "Setting 'SafeSitesFilterBehavior' requires change: 1.13 (L1) Ensure 'Control SafeSites adult content filtering' is set to 'Enabled' with value 'Do not filter sites for adult content' specified \n"3162 count2 = count2 + 1 3163 3164 if(int(config['DefaultNotificationsSetting']['defaultnotificationssetting']) >= 1):3165 Stat11 = "No need to change Control: DefaultNotificationsSetting \n"3166 count = count + 13167 3168 else:3169 Stat11 = "Setting 'DefaultNotificationsSetting' requires change: 2.2 (L2) Ensure 'Default notification setting' is set to 'Enabled' with 'Do not allow any site to show desktop notifications' \n"3170 count2 = count2 + 1 3171 3172 if(int(config['Defaultbluetooth']['defaultwebbluetoothguardsetting']) >= 1):3173 Stat12 = "No need to change Control: DefaultWebBluetoothGuardSetting \n"3174 count = count + 13175 3176 else:3177 Stat12 = "Setting 'DefaultWebBluetoothGuardSetting' requires change: 2.3 (L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled' with 'Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API' \n"3178 count2 = count2 + 1 3179 3180 if(int(config['DefaultWebUsbGuardSetting']['defaultwebusbguardsetting']) >= 1):3181 Stat13 = "No need to change Control: DefaultWebUsbGuardSetting \n"3182 count = count + 13183 3184 else:3185 Stat13 = "Setting 'DefaultWebUsbGuardSetting' requires change: 2.4 (L2) Ensure 'Control use of the WebUSB API' is set to 'Enabled' with 'Do not allow any site to request access to USB devices via the WebUSB API' \n"3186 count2 = count2 + 1 3187 3188 if(int(config['PasswordManagerEnabled']['passwordmanagerenabled']) >= 1):3189 Stat14 = "No need to change Control: PasswordManagerEnabled \n"3190 count = count + 13191 3192 else:3193 Stat14 = "Setting 'PasswordManagerEnabled' requires change: 2.8 (L1) Ensure 'Enable saving passwords to the password manager' is Configured \n"3194 count2 = count2 + 1 3195 3196 if(config['AuthSchemes']['authschemes'] != ""):3197 Stat15 = "No need to change Control: AuthSchemes \n"3198 count = count + 13199 3200 else:3201 Stat15 = "Setting 'AuthSchemes' requires change: 2.9 (L1) Ensure 'Supported authentication schemes' is set to 'Enabled' (ntlm, negotiate) \n"3202 count2 = count2 + 1 3203 3204 if(int(config['CloudPrintProxyEnabled']['cloudprintproxyenabled']) == 0):3205 Stat16 = "No need to change Control: CloudPrintProxyEnabled \n"3206 count = count + 13207 3208 else:3209 Stat16 = "Setting 'CloudPrintProxyEnabled' requires change: 2.12 (L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled' \n"3210 count2 = count2 + 1 3211 3212 if(int(config['SitePerProcess']['siteperprocess']) == 1):3213 Stat17 = "No need to change Control: SitePerProcess \n"3214 count = count + 13215 3216 else:3217 Stat17 = "Setting 'SitePerProcess' requires change: 2.13 (L1) Ensure 'Enable Site Isolation for every site' is set to 'Enabled' \n"3218 count2 = count2 + 1 3219 3220 if(int(config['DownloadRestrictions']['downloadrestrictions']) >= 1):3221 Stat18 = "No need to change Control: DownloadRestrictions \n"3222 count = count + 13223 3224 else:3225 Stat18 = "Setting 'DownloadRestrictions' requires change: 2.14 (L1) Ensure 'Allow download restrictions' is set to 'Enabled' with 'Block dangerous downloads' specified \n"3226 count2 = count2 + 1 3227 3228 if(int(config['disablesafebrowsing']['disablesafebrowsingproceedanyway']) == 1):3229 Stat19 = "No need to change Control: DisableSafeBrowsingProceedAnyway \n"3230 count = count + 13231 3232 else:3233 Stat19 = "Setting 'DisableSafeBrowsingProceedAnyway' requires change: 2.15 (L1) Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled' \n"3234 count2 = count2 + 1 3235 3236 if(int(config['RelaunchNotification']['relaunchnotification']) >= 1):3237 Stat20 = "No need to change Control: RelaunchNotification \n"3238 count = count + 13239 3240 else:3241 Stat20 = "Setting 'RelaunchNotification' requires change: 2.16 (L1) Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled' with 'Show a recurring prompt to the user indication that a relaunch is required' specified \n"3242 count2 = count2 + 1 3243 3244 if(int(config['RelaunchNotificationPeriod']['relaunchnotificationperiod']) >= 86400000):3245 Stat21 = "No need to change Control: RelaunchNotificationPeriod \n"3246 count = count + 13247 3248 else:3249 Stat21 = "Setting 'RelaunchNotificationPeriod' requires change: 2.17 (L1) Ensure 'Set the time period for update notifications' is set to 'Enabled' with '86400000' (1 day) specified \n"3250 count2 = count2 + 1 3251 3252 if(int(config['revocationchecklocalanchor']['requireonlinerevocationchecksforlocalanchors']) == 1):3253 Stat22 = "No need to change Control: RequireOnlineRevocationChecksForLocalAnchors \n"3254 count = count + 13255 3256 else:3257 Stat22 = "Setting 'RequireOnlineRevocationChecksForLocalAnchors' requires change: 2.18 (L2) Ensure 'Whether online OCSP/CRL checks are required for local trust anchors' is set to 'Enabled' \n"3258 count2 = count2 + 13259 3260 if(int(config['ChromeCleanupEnabled']['chromecleanupenabled']) >= 0):3261 Stat23 = "No need to change Control: ChromeCleanupEnabled \n"3262 count = count + 13263 3264 else:3265 Stat23 = "Setting 'ChromeCleanupEnabled' requires change: 2.19 (L1) Ensure 'Enable Chrome Cleanup on Windows' is Configured \n"3266 count2 = count2 + 1 3267 3268 if(int(config['BuiltInDnsClientEnabled']['builtindnsclientenabled']) == 0):3269 Stat24 = "No need to change Control: BuiltInDnsClientEnabled \n"3270 count = count + 13271 3272 else:3273 Stat24 = "Setting 'BuiltInDnsClientEnabled' requires change: 2.20 (L2) Ensure 'Use built-in DNS client' is set to 'Disabled' \n"3274 count2 = count2 + 1 3275 3276 if(int(config['DefaultCookiesSetting']['defaultcookiessetting']) == 1):3277 Stat25 = "No need to change Control: DefaultCookiesSetting \n"3278 count = count + 13279 3280 else:3281 Stat25 = "Setting 'DefaultCookiesSetting' requires change: 3.1 (L2) Ensure 'Default cookies setting' is set to 'Enabled' (Keep cookies for the duration of the session) \n"3282 count2 = count2 + 1 3283 3284 if(int(config['DefaultGeolocationSetting']['defaultgeolocationsetting']) >= 1):3285 Stat26 = "No need to change Control: DefaultGeolocationSetting \n"3286 count = count + 13287 3288 else:3289 Stat26 = "Setting 'DefaultGeolocationSetting' requires change: 3.2 (L1) Ensure 'Default geolocation setting' is set to 'Enabled' with 'Do not allow any site to track the users' physical location' \n"3290 count2 = count2 + 1 3291 3292 if(int(config['EnableMediaRouter']['enablemediarouter']) == 0):3293 Stat27 = "No need to change Control: EnableMediaRouter \n"3294 count = count + 13295 3296 else:3297 Stat27 = "Setting 'EnableMediaRouter' requires change: 3.3 (L1) Ensure 'Enable Google Cast' is set to 'Disabled' \n"3298 count2 = count2 + 1 3299 3300 if(int(config['BlockThirdPartyCookies']['blockthirdpartycookies']) == 1):3301 Stat28 = "No need to change Control: BlockThirdPartyCookies \n"3302 count = count + 13303 3304 else:3305 Stat28 = "Setting 'BlockThirdPartyCookies' requires change: 3.4 (L1) Ensure 'Block third party cookies' is set to 'Enabled' \n"3306 count2 = count2 + 1 3307 3308 if(int(config['MetricsReportingEnabled']['metricsreportingenabled']) == 0):3309 Stat29 = "No need to change Control: MetricsReportingEnabled \n"3310 count = count + 13311 3312 else:3313 Stat29 = "Setting 'MetricsReportingEnabled' requires change: 3.5 (L1) Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled' \n"3314 count2 = count2 + 1 3315 3316 if(int(config['chromecleanupreport']['chromecleanupreportingenabled']) == 0):3317 Stat30 = "No need to change Control: ChromeCleanupReportingEnabled \n"3318 count = count + 13319 3320 else:3321 Stat30 = "Setting 'ChromeCleanupReportingEnabled' requires change: 3.6 (L1) Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled' \n"3322 count2 = count2 + 1 3323 3324 if(int(config['BrowserSignin']['browsersignin']) >= 1):3325 Stat31 = "No need to change Control: BrowserSignin \n"3326 count = count + 13327 3328 else:3329 Stat31 = "Setting 'BrowserSignin' requires change: 3.7 (L1) Ensure 'Browser sign in settings' is set to 'Enabled' with 'Disabled browser sign-in' specified \n"3330 count2 = count2 + 1 3331 3332 if(int(config['TranslateEnabled']['translateenabled']) == 0):3333 Stat32 = "No need to change Control: TranslateEnabled \n"3334 count = count + 13335 3336 else:3337 Stat32 = "Setting 'TranslateEnabled' requires change: 3.8 (L1) Ensure 'Enable Translate' is set to 'Disabled' \n"3338 count2 = count2 + 1 3339 3340 if(int(config['NetworkPredictionOptions']['networkpredictionoptions']) >= 1):3341 Stat33 = "No need to change Control: NetworkPredictionOptions \n"3342 count = count + 13343 3344 else:3345 Stat33 = "Setting 'NetworkPredictionOptions' requires change: 3.9 (L1) Ensure 'Enable network prediction' is set to 'Enabled' with 'Do not predict actions on any network connection' selected \n"3346 count2 = count2 + 1 3347 3348 if(int(config['SearchSuggestEnabled']['searchsuggestenabled']) == 0):3349 Stat34 = "No need to change Control: SearchSuggestEnabled \n"3350 count = count + 13351 3352 else:3353 Stat34 = "Setting 'SearchSuggestEnabled' requires change: 3.10 (L1) Ensure 'Enable search suggestions' is set to 'Disabled' \n"3354 count2 = count2 + 1 3355 3356 if(int(config['SpellCheckServiceEnabled']['spellcheckserviceenabled']) == 0):3357 Stat35 = "No need to change Control: SpellCheckServiceEnabled \n"3358 count = count + 13359 3360 else:3361 Stat35 = "Setting 'SpellCheckServiceEnabled' requires change: 3.11 (L1) Ensure 'Enable or disable spell checking web service' is set to 'Disabled' \n"3362 count2 = count2 + 1 3363 3364 if(int(config['AlternateErrorPagesEnabled']['alternateerrorpagesenabled']) == 0):3365 Stat36 = "No need to change Control: AlternateErrorPagesEnabled \n"3366 count = count + 13367 3368 else:3369 Stat36 = "Setting 'AlternateErrorPagesEnabled' requires change: 3.12 (L1) Ensure 'Enable alternate error pages' is set to 'Disabled' \n"3370 count2 = count2 + 1 3371 3372 if(int(config['SyncDisabled']['syncdisabled']) == 1):3373 Stat37 = "No need to change Control: SyncDisabled \n"3374 count = count + 13375 3376 else:3377 Stat37 = "Setting 'SyncDisabled' requires change: 3.13 (L1) Ensure 'Disable synchronization of data with Google' is set to 'Enabled' \n"3378 count2 = count2 + 1 3379 3380 if(int(config['safebrowsingtrustedsource']['safebrowsingfortrustedsourcesenabled']) == 0):3381 Stat38 = "No need to change Control: SafeBrowsingForTrustedSourcesEnabled \n"3382 count = count + 13383 3384 else:3385 Stat38 = "Setting 'SafeBrowsingForTrustedSourcesEnabled' requires change: 3.14 (L1) Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled' \n"3386 count2 = count2 + 1 3387 3388 if(int(config['urlkeyeddatacollect']['urlkeyedanonymizeddatacollectionenabled']) == 0):3389 Stat39 = "No need to change Control: UrlKeyedAnonymizedDataCollectionEnabled \n"3390 count = count + 13391 3392 else:3393 Stat39 = "Setting 'UrlKeyedAnonymizedDataCollectionEnabled' requires change: 3.15 (L1) Ensure 'Enable URL-keyed anonymized data collection' is set to 'Disabled' \n"3394 count2 = count2 + 1 3395 3396 if(int(config['allowdeletebrowserhistory']['allowdeletingbrowserhistory']) == 0):3397 Stat40 = "No need to change Control: AllowDeletingBrowserHistory \n"3398 count = count + 13399 3400 else:3401 Stat40 = "Setting 'AllowDeletingBrowserHistory' requires change: 3.16 (L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled' \n"3402 count2 = count2 + 13403 3404 if(int(config['remoteaccessfirewalltraverse']['remoteaccesshostfirewalltraversal']) == 0):3405 Stat41 = "No need to change Control: RemoteAccessHostFirewallTraversal \n"3406 count = count + 13407 3408 else:3409 Stat41 = "Setting 'RemoteAccessHostFirewallTraversal' requires change: 4.1.1 (L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' \n"3410 count2 = count2 + 1 3411 3412 if(int(config['remoteaccessclientpair']['remoteaccesshostallowclientpairing']) == 0):3413 Stat42 = "No need to change Control: RemoteAccessHostAllowClientPairing \n"3414 count = count + 13415 3416 else:3417 Stat42 = "Setting 'RemoteAccessHostAllowClientPairing' requires change: 4.1.2 (L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' \n"3418 count2 = count2 + 1 3419 3420 if(int(config['remoteaccessrelayconnect']['remoteaccesshostallowrelayedconnection']) == 0):3421 Stat43 = "No need to change Control: RemoteAccessHostAllowRelayedConnection \n"3422 count = count + 13423 3424 else:3425 Stat43 = "Setting 'RemoteAccessHostAllowRelayedConnection' requires change: 4.1.3 (L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled' \n"3426 count2 = count2 + 13427 3428 if(int(config['CloudPrintSubmitEnabled']['cloudprintsubmitenabled']) == 0):3429 Stat44 = "No need to change Control: CloudPrintSubmitEnabled \n"3430 count = count + 13431 3432 else:3433 Stat44 = "Setting 'CloudPrintSubmitEnabled' requires change: 5.1 (L1) Ensure 'Enable submission of documents to Google Cloud print' is set to 'Disabled' \n"3434 count2 = count2 + 1 3435 3436 if(int(config['ImportSavedPasswords']['importsavedpasswords']) == 0):3437 Stat45 = "No need to change Control: ImportSavedPasswords \n"3438 count = count + 13439 3440 else:3441 Stat45 = "Setting 'ImportSavedPasswords' requires change: 5.2 (L1) Ensure 'Import saved passwords from default browser on first run' is set to 'Disabled' \n"3442 count2 = count2 + 1 3443 3444 if(int(config['AutofillCreditCardEnabled']['autofillcreditcardenabled']) == 0):3445 Stat46 = "No need to change Control: AutofillCreditCardEnabled \n"3446 count = count + 13447 3448 else:3449 Stat46 = "Setting 'AutofillCreditCardEnabled' requires change: 5.3 (L1) Ensure 'Enable AutoFill for credit cards' is set to 'Disabled' \n"3450 count2 = count2 + 1 3451 3452 if(int(config['AutofillAddressEnabled']['autofilladdressenabled']) == 0):3453 Stat47 = "No need to change Control: AutofillAddressEnabled \n"3454 count = count + 13455 3456 else:3457 Stat47 = "Setting 'AutofillAddressEnabled' requires change: 5.4 (L1) Ensure 'Enable AutoFill for addresses' is set to 'Disabled' \n"3458 count2 = count2 + 1 3459 3460 3461 #print(config.sections())3462 print("\n")3463 print("============================================================== \n") 3464 34653466 listbox3.insert(0, "Writing to " + timestr + " in program folder.")3467 listbox3.insert(1, " ")3468 listbox3.insert(2, "Browser Security + Remediations")3469 listbox3.insert(3, " ")3470 listbox3.insert(4, Stat1)3471 listbox3.insert(4, Stat2)3472 listbox3.insert(4, Stat3)3473 listbox3.insert(4, Stat4)3474 listbox3.insert(4, Stat5)3475 listbox3.insert(4, Stat6)3476 listbox3.insert(4, Stat7)3477 listbox3.insert(4, Stat8)3478 listbox3.insert(4, Stat9)3479 listbox3.insert(4, Stat10)3480 listbox3.insert(4, Stat11)3481 listbox3.insert(4, Stat12)3482 listbox3.insert(4, Stat13)3483 listbox3.insert(4, Stat14)3484 listbox3.insert(4, Stat15)3485 listbox3.insert(4, Stat16)3486 listbox3.insert(4, Stat17)3487 listbox3.insert(4, Stat18)3488 listbox3.insert(4, Stat19)3489 listbox3.insert(4, Stat20)3490 listbox3.insert(4, Stat21)3491 listbox3.insert(4, Stat22)3492 listbox3.insert(4, Stat23)3493 listbox3.insert(4, Stat24)3494 listbox3.insert(4, Stat25)3495 listbox3.insert(4, Stat26)3496 listbox3.insert(4, Stat27)3497 listbox3.insert(4, Stat28)3498 listbox3.insert(4, Stat29)3499 listbox3.insert(4, Stat30)3500 listbox3.insert(4, Stat31)3501 listbox3.insert(4, Stat32)3502 listbox3.insert(4, Stat33)3503 listbox3.insert(4, Stat34)3504 listbox3.insert(4, Stat35)3505 listbox3.insert(4, Stat36)3506 listbox3.insert(4, Stat37)3507 listbox3.insert(4, Stat38)3508 listbox3.insert(4, Stat39)3509 listbox3.insert(4, Stat40)3510 listbox3.insert(4, Stat41)3511 listbox3.insert(4, Stat42)3512 listbox3.insert(4, Stat43)3513 listbox3.insert(4, Stat44)3514 listbox3.insert(4, Stat45)3515 listbox3.insert(4, Stat46)3516 listbox3.insert(4, Stat47)3517 3518 3519 3520 listbox4.insert(0, "\nNumber of Compliant controls") 3521 listbox4.insert(1, "--> " + str(count)) 3522 listbox4.insert(2, "Number of Non-Compliant controls") 3523 listbox4.insert(3, "--> " + str(count2))3524 3525# ==== GUI ====3526gui = Tk()3527gui.title('IT Risk Audit Baseline Analyzer')3528gui.geometry("1200x500+20+20")35293530tabControl = ttk.Notebook(gui)3531 3532tab1 = ttk.Frame(tabControl)3533tab2 = ttk.Frame(tabControl)3534 3535tabControl.add(tab1, text ='Windows 10/Server')3536tabControl.add(tab2, text ='Browsers')3537tabControl.pack(expand = 1, fill ="both")3538 3539# ==== Colors ====3540m1c = '#00ee00'3541bgc = '#222222'3542dbg = '#000000'3543fgc = '#111111'35443545gui.tk_setPalette(background="white", foreground="Black",)35463547# ==== Labels ====3548L11 = Label(tab1, text = "Windows Audit", font=("Helvetica", 16, 'underline', 'bold'))3549L11.place(x = 16, y = 10)35503551textinput1 = Label(tab1, text="Target IP:")3552textinput1.place (x = 220, y = 15)35533554textinput2 = Label(tab1, text="Target domain:")3555textinput2.place (x = 460, y = 15)35563557textinput3 = Label(tab1, text="Target User:")3558textinput3.place (x = 220, y = 45)35593560textinput4 = Label(tab1, text="User Password:")3561textinput4.place (x = 460, y = 45)35623563L26 = Label(tab1, text = "Results: ")3564L26.place(x = 16, y = 60)3565L27 = Label(tab1, text = "[ ... ]")3566L27.place(x = 80, y = 60)35673568L11 = Label(tab2, text = "Win-Browser Audit", font=("Helvetica", 16, 'underline', 'bold'))3569L11.place(x = 16, y = 10)35703571textinput5 = Label(tab2, text="Target IP:")3572textinput5.place (x = 220, y = 15)35733574textinput6 = Label(tab2, text="Target domain:")3575textinput6.place (x = 460, y = 15)35763577textinput7 = Label(tab2, text="Target User:")3578textinput7.place (x = 220, y = 45)35793580textinput8 = Label(tab2, text="User Password:")3581textinput8.place (x = 460, y = 45)35823583L26 = Label(tab2, text = "Results: ")3584L26.place(x = 16, y = 60)3585L27 = Label(tab2, text = "[ ... ]")3586L27.place(x = 80, y = 60)358735883589# ==== Buttons / Scans ====3590L26 = Label(tab1, text = "Scan Options:", font=("Helvetica", 16, 'underline', 'bold'))3591L26.place(x = 16, y = 220)35923593IP = Entry(tab1)3594IP.place(x = 280, y = 15)35953596Domain = Entry(tab1)3597Domain.place(x = 550, y = 15)35983599username = Entry(tab1)3600username.place(x = 290, y = 45)36013602passwd = Entry(tab1, show = '*')3603passwd.place(x = 550, y = 45)36043605B11 = Button(tab1, text = "Basic Scan", command=basic, fg='black')3606B11.place(x = 16, y = 270, width = 150, height = 40)36073608B12 = Button(tab1, text = "Intermediate Scan", command=startScan_Intermediate, fg='black')3609B12.place(x = 16, y = 340, width = 150, height = 40)36103611B21 = Button(tab1, text = "Save Result", command=saveScan, fg='black')3612B21.place(x = 200, y = 260, width = 200, height=65)36133614B21 = Button(tab1, text = "Clear Result", command=deleteScan, fg='black')3615B21.place(x = 200, y = 330, width = 200, height=65)36163617L26 = Label(tab2, text = "Scan Options:", font=("Helvetica", 16, 'underline', 'bold'))3618L26.place(x = 16, y = 220)36193620IP2 = Entry(tab2)3621IP2.place(x = 280, y = 15)36223623Domain2 = Entry(tab2)3624Domain2.place(x = 550, y = 15)36253626username2 = Entry(tab2)3627username2.place(x = 290, y = 45)36283629passwd2 = Entry(tab2, show = '*')3630passwd2.place(x = 550, y = 45)36313632B11 = Button(tab2, text = "Google Chrome Scan", command=googlescan, fg='black')3633B11.place(x = 16, y = 270, width = 150, height = 40)36343635B21 = Button(tab2, text = "Save Result", command=saveScan2, fg='black')3636B21.place(x = 200, y = 260, width = 200, height=65)36373638B21 = Button(tab2, text = "Clear Result", command=deleteScan2, fg='black')3639B21.place(x = 200, y = 330, width = 200, height=65)36403641364236433644# ==== Result list ====3645frame = Frame(tab1)3646frame.place(x = 10, y = 100, width = 1100, height = 100)3647listbox = Listbox(frame, width = 1100, height = 6)3648listbox.place(x = 0, y = 0)3649listbox.bind('<<ListboxSelect>>')3650scrollbar = Scrollbar(frame)3651scrollbar.pack(side=RIGHT, fill=Y)3652listbox.config(yscrollcommand=scrollbar.set)3653scrollbar.config(command=listbox.yview)36543655L1 = Label(tab1, text = "Summary of results:", font=("Helvetica", 16, 'underline', 'bold'))3656L1.place(x = 430, y = 250)36573658frame = Frame(tab1)3659frame.place(x = 430, y = 295, width = 260, height = 100)3660listbox2 = Listbox(frame, width = 100, height = 8)3661listbox2.place(x = 0, y = 0)3662listbox2.bind('<<ListboxSelect>>')3663scrollbar = Scrollbar(frame)3664scrollbar.pack(side=RIGHT, fill=Y)3665listbox2.config(yscrollcommand=scrollbar.set)3666scrollbar.config(command=listbox.yview)36673668frame = Frame(tab2)3669frame.place(x = 10, y = 100, width = 1100, height = 100)3670listbox3 = Listbox(frame, width = 1100, height = 6)3671listbox3.place(x = 0, y = 0)3672listbox3.bind('<<ListboxSelect>>')3673scrollbar = Scrollbar(frame)3674scrollbar.pack(side=RIGHT, fill=Y)3675listbox3.config(yscrollcommand=scrollbar.set)3676scrollbar.config(command=listbox.yview)36773678L1 = Label(tab2, text = "Summary of results:", font=("Helvetica", 16, 'underline', 'bold'))3679L1.place(x = 430, y = 250)36803681frame = Frame(tab2)3682frame.place(x = 430, y = 295, width = 260, height = 100)3683listbox4 = Listbox(frame, width = 100, height = 8)3684listbox4.place(x = 0, y = 0)3685listbox4.bind('<<ListboxSelect>>')3686scrollbar = Scrollbar(frame)3687scrollbar.pack(side=RIGHT, fill=Y)3688listbox4.config(yscrollcommand=scrollbar.set)3689scrollbar.config(command=listbox.yview)369036913692# ==== Start GUI ====
...
data_process.py
Source:data_process.py
1#!/usr/bin/env python32# -*- coding: utf-8 -*-3"""4Created on Sat Aug 11 14:27:58 20185@author: qiutian6"""7import numpy as np8import os9from myrllib.utils.myplot import simple_plot10import scipy.io as sio11import matplotlib.pyplot as plt12def arr_ave(arr, bs=1):13 arr = arr.squeeze()14 nl = arr.shape[0]//bs15 arr_n = np.zeros(nl)16 for i in range(nl):17 arr_n[i] = np.mean(arr[bs*i:bs*(i+1)])18 return arr_n19###############################################################################20### observing the rewards of tested methods21### including: Random, Pretrained, PRPG, PR, IW, PR+IW22 23DOMAIN = 'navi_v1'24p_model = 'saves/%s'%DOMAIN; p_output = 'output/%s'%DOMAIN25if DOMAIN in ['navi_v1', 'navi_v2', 'navi_v3']:26 navigation_domains()27elif DOMAIN in ['reacher_v1', 'reacher_v2', 'reacher_v3',28 'swimmer', 'hopper', 'cheetah']:29 mujoco_domains() 30###############################################################################31def navigation_domains():32 rewards_ran = np.load(os.path.join(p_output, 'random.npy'))33 rewards_pre = np.load(os.path.join(p_output, 'pretrained.npy'))34 rewards_prpg = np.load(os.path.join(p_output, 'prpg.npy'))35 rewards_pr = np.load(os.path.join(p_output, 'pr.npy'))36 rewards_iw = np.load(os.path.join(p_output, 'iw.npy'))37 rewards_priw = np.load(os.path.join(p_output, 'priw.npy'))38 39 40 cutoff = rewards_ran.reshape(-1).shape[0]41 num = 20; bs = cutoff//num42 rewards_ran = arr_ave(rewards_ran.reshape(-1), bs=bs) 43 rewards_pre = arr_ave(rewards_pre.reshape(-1), bs=bs) 44 rewards_prpg = arr_ave(rewards_prpg.reshape(-1), bs=bs) 45 rewards_pr = arr_ave(rewards_pr.reshape(-1), bs=bs) 46 rewards_iw = arr_ave(rewards_iw.reshape(-1), bs=bs) 47 rewards_priw = arr_ave(rewards_priw.reshape(-1), bs=bs) 48 49 xx = np.arange(0, num); mark = num // 1050 plt.figure(figsize=(6,4))51 plt.plot(xx, rewards_ran[xx], color='black', lw=2, ls='--')52 plt.plot(xx, rewards_pre[xx], color='purple', lw=2, ls='--')53 plt.plot(xx, rewards_prpg[xx], color='c', lw=2, ls='--')54 plt.plot(xx, rewards_pr[xx], color='green', lw=2, 55 marker='o', markevery=mark, ms=8, mew=2, mfc='white')56 plt.plot(xx, rewards_iw[xx], color='blue', lw=2, 57 marker='^', markevery=mark, ms=8, mew=2, mfc='white')58 plt.plot(xx, rewards_priw[xx], color='red', lw=2, 59 marker='x', markevery=mark, ms=8, mew=2, mfc='white')60 61 plt.legend(['Random', 'Pretrained', 'PRPG', 'Policy Relaxation', 62 'Importance Weighting', 'PR+IW'],63 labelspacing=0.1,64 fancybox=True, shadow=True, fontsize=10)65 plt.xlabel('Policy iterations', fontsize=18)66 plt.ylabel('Average return', fontsize=18)67 plt.xticks(np.arange(0,num+1,num//5), bs*np.arange(0,num+1,num//5),68 fontsize=10)69 plt.grid(axis='y', ls='--')70###############################################################################71def mujoco_domains():72 rewards_ran = np.load(os.path.join(p_output, 'random.npy'))73 rewards_pre = np.load(os.path.join(p_output, 'pretrained.npy'))74 rewards_prpg = np.load(os.path.join(p_output, 'prpg.npy'))75 rewards_priw = np.load(os.path.join(p_output, 'priw.npy'))76 77 78 cutoff = rewards_ran.reshape(-1).shape[0]79 num = 20; bs = cutoff//num80 rewards_ran = arr_ave(rewards_ran.reshape(-1), bs=bs) 81 rewards_pre = arr_ave(rewards_pre.reshape(-1), bs=bs) 82 rewards_prpg = arr_ave(rewards_prpg.reshape(-1), bs=bs) 83 rewards_priw = arr_ave(rewards_priw.reshape(-1), bs=bs) 84 85 xx = np.arange(0, num); mark = num // 1086 plt.figure(figsize=(6,4))87 plt.plot(xx, rewards_ran[xx], color='c', lw=2, 88 marker='o', markevery=mark, ms=8, mew=2, mfc='white')89 plt.plot(xx, rewards_pre[xx], color='green', lw=2, 90 marker='s', markevery=mark, ms=8, mew=2, mfc='white')91 plt.plot(xx, rewards_prpg[xx], color='blue', lw=2, 92 marker='^', markevery=mark, ms=8, mew=2, mfc='white')93 plt.plot(xx, rewards_priw[xx], color='red', lw=2, 94 marker='x', markevery=mark, ms=8, mew=2, mfc='white')95 96 plt.legend(['Random', 'Pretrained', 'PRPG', 'PR+IW'],97 labelspacing=0.1,98 fancybox=True, shadow=True, fontsize=10)99 plt.xlabel('Policy iterations', fontsize=18)100 plt.ylabel('Average return', fontsize=18)101 plt.xticks(np.arange(0,num+1,num//5), bs*np.arange(0,num+1,num//5),102 fontsize=10)103 plt.grid(axis='y', ls='--') ...
Perceptron.py
Source:Perceptron.py
1from CommonFunctions import *2# The structure of this neural net is as follows, where I represents an input node, N a neuron, B a bias and O3# the output. Notice that the bias is treated simply as a node in the previous layer. The bias is extremely important4# for this model, since we will be training it with input values of either 1 or 0, so if we didn't include a bias,5# when calculating the node value we may run into the case where all inputs are 0, leading to the node value being6# sigmoid(0) = 0.5, which is no prediction at all.7# I -8# \9# I - N - O10# / |11# I - B12# The neural net is technically considered to be feed forward13class Perceptron:14 def __init__(self, weights=np.array([]), activation=sigmoid, error=mse):15 self.weights = weights16 self.er = 117 self.activation = activation18 self.error = error19 self.error_path = []20 self.avg_diff_path = []21 def train(self, train_func, *args):22 self.weights, self.er = train_func(self.activation, self.error, *args)23 def predict(self, x, display=True):24 p_input = np.append(x, 1) # add bias node25 neuron_val = np.dot(self.weights, p_input)26 p_output = self.activation(neuron_val)27 # depending on the activation function the output may be a numpy array, so force it to be a value28 if type(p_output) is np.ndarray:29 p_output = p_output[0]30 prediction = round(p_output)31 confidence = max(abs(prediction - p_output), 1 - abs(prediction - p_output))32 if display:33 print("INPUT \n {}".format(x))34 print("PREDICTION \t CONFIDENCE \n {} \t\t {}".format(prediction, confidence))35 print("WEIGHTS \n {}".format(self.weights))36 print("ERROR \n {}".format(self.er))...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!