Powershell-based Windows security auditing toolbox.
WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point to components that need further hardening.
- Checking for installed security products.
- Checking for DLL hijackability (Authenticated Users security context).
- Checking for User Account Control settings.
- Checking for unattended installs leftovers.
- Enumerating world-exposed local filesystem shares.
- Enumerating domain users and groups with local group membership.
- Enumerating registry autoruns.
- Enumerating local services that are configurable by Authenticated Users group members.
- Enumerating local services for which corresponding binary is writable by Authenticated Users group members.
- Enumerating non-system32 Windows Hosted Services and their associated DLLs.
- Enumerating local services with unquoted path vulnerability.
- Enumerating non-system scheduled tasks.