Skip to content

Commit bbc4164

Browse files
nullbindnullbind
authored
Create Invoke-WebFilterTest.psm1
1 parent d8f205b commit bbc4164

File tree

1 file changed

+172
-0
lines changed

1 file changed

+172
-0
lines changed

Invoke-WebFilterTest.psm1

Lines changed: 172 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,172 @@
1+
2+
Function Invoke-WebFilterTest{
3+
4+
# Invoke-WebFilterTest
5+
# Author: scott sutherland
6+
# Description The basic idea is to build out a quick script to check for access to code repositories, file shares, and online clipboards used by common malware.
7+
# Note: This is a very basic PoC. Ideally it would be nice to include common web filter categories and summary data in output. Also, runspaces for larger lists.
8+
# Note: should test access to known blacklisted site
9+
# Note: should test access to uncategorized site
10+
# Note: should test more categories
11+
# Note: Should add a shorter timeout
12+
13+
# Example Commands:
14+
<#
15+
16+
# Checks access to default sites, but doesn't authenticate with the current user's credentials
17+
Invoke-WebFilterTest -Verbose
18+
19+
# Checks access to default sites, and authenticates with the current user's credentials
20+
Invoke-WebFilterTest -Verbose -UseCurrentUserContext
21+
22+
# Checks access to default sites, custom sites, and authenticates with the current user's credentials
23+
Invoke-WebFilterTest -Verbose -UseCurrentUserContext -$ListPath c:\temp\urls.txt
24+
25+
# Checks access to default sites, but doesn't authenticate with the current user's credentials
26+
# Writes output to a file
27+
Invoke-WebFilterTest -Verbose | Export-Csv -NoTypeInformation c:\temp\webfiltertest.csv
28+
29+
#>
30+
31+
[CmdletBinding()]
32+
param
33+
(
34+
[string]$ListPath,
35+
[Switch]$UseCurrentUserContext
36+
)
37+
38+
Begin
39+
{
40+
# Create data table for list of block strings
41+
$BlockStrings = new-object System.Data.DataTable
42+
$BlockStrings.Columns.Add("Product") | Out-Null
43+
$BlockStrings.Columns.Add("String") | Out-Null
44+
45+
# Add block strings
46+
$BlockStrings.rows.add("Barracuda","The link you are accessing has been blocked by the Barracuda Web Filter") | Out-Null
47+
$BlockStrings.rows.add("Blue Coat","Blue Coat Systems") | Out-Null
48+
$BlockStrings.rows.add("Blue Coat","Your request was denied because of its content categorization:") | Out-Null
49+
$BlockStrings.rows.add("Web Filter","This page is blocked because it violates network policy") | Out-Null
50+
$BlockStrings.rows.add("FortiGuard","This web page is blocked because it violates network policy.") | Out-Null
51+
$BlockStrings.rows.add("IBoss","Access to the requested site has been restricted due to its contents.") | Out-Null
52+
$BlockStrings.rows.add("SonicWall","This site has been blocked by the network.") | Out-Null
53+
$BlockStrings.rows.add("SonicWall","The site has been blocked by the network") | Out-Null
54+
$BlockStrings.rows.add("UnTangled","This web page is blocked because it violates network policy.") | Out-Null
55+
$BlockStrings.rows.add("Unknown","URL Category Warning Acknowledgement") | Out-Null
56+
$BlockStrings.rows.add("McAfee Web Gateway","McAfee Web Gateway") | Out-Null
57+
$BlockStrings.rows.add("McAfee Web Gateway","This website was blocked because of the site’s category and/or reputation.") | Out-Null
58+
$BlockStrings.rows.add("ZScaler","Internet Security by Zscaler") | Out-Null
59+
60+
# Create data table for list of target websites
61+
$WebSites = new-object System.Data.DataTable
62+
$WebSites.Columns.Add("URL") | Out-Null
63+
64+
# Add target websites
65+
$WebSites.rows.add("https://bitbucket.org/") | Out-Null
66+
$WebSites.rows.add("https://pastebin.com/") | Out-Null
67+
$WebSites.rows.add("https://github.com/") | Out-Null
68+
$WebSites.rows.add("https://www.dropbox.com") | Out-Null
69+
$WebSites.rows.add("https://www.mediafire.com/") | Out-Null
70+
$WebSites.rows.add("http://www.4shared.com/") | Out-Null
71+
$WebSites.rows.add("https://www.google.com/drive/") | Out-Null
72+
$WebSites.rows.add("https://onedrive.live.com/") | Out-Null
73+
$WebSites.rows.add("https://www.icloud.com/") | Out-Null
74+
$WebSites.rows.add("http://box.com") | Out-Null
75+
$WebSites.rows.add("http://www.zippyshare.com/") | Out-Null
76+
$WebSites.rows.add("http://uploaded.net/") | Out-Null
77+
$WebSites.rows.add("https://www.sendspace.com/") | Out-Null
78+
$WebSites.rows.add("http://www.filecrop.com/") | Out-Null
79+
$WebSites.rows.add("http://pastebin.com/") | Out-Null
80+
$WebSites.rows.add("http://www.filedropper.com/") | Out-Null
81+
$WebSites.rows.add("http://FriendPaste.com") | Out-Null
82+
$WebSites.rows.add("http://CopyTaste.com")| Out-Null
83+
$WebSites.rows.add("http://Cl1p.net")| Out-Null
84+
$WebSites.rows.add("http://ShortText.com")| Out-Null
85+
$WebSites.rows.add("http://TextSave.de")| Out-Null
86+
$WebSites.rows.add("http://TextSnip.com")| Out-Null
87+
$WebSites.rows.add("http://TxtB.in")| Out-Null
88+
89+
# Check for target websites from provide file path
90+
If ($ListPath){
91+
if (Test-Path $ListPath){
92+
Write-Verbose "Path is valid."
93+
Get-Content $ListPath |
94+
ForEach-Object {
95+
$WebSites.rows.add($_) | Out-Null
96+
}
97+
}else{
98+
Write-Verbose "List path is invalid."
99+
}
100+
}
101+
102+
# Print count of target websites
103+
$WebSiteCount = $WebSites | Measure-Object -Line | Select-Object Lines -ExpandProperty Lines
104+
Write-Verbose "Testing access to $WebSiteCount websites..."
105+
106+
# Create data table results
107+
$ResultsTbl = new-object System.Data.DataTable
108+
$ResultsTbl.Columns.Add("WebSite") | Out-Null
109+
$ResultsTbl.Columns.Add("Accessible") | Out-Null
110+
$ResultsTbl.Columns.Add("WebFilter") | Out-Null
111+
}
112+
113+
Process
114+
{
115+
# Setup http handler
116+
$HTTP_Handle = New-Object net.webclient
117+
118+
# Check for website access
119+
$WebSiteCount2 = $WebSiteCount + 1
120+
$WebSites |
121+
ForEach-Object {
122+
$WebSiteCount2 = $WebSiteCount2 - 1
123+
$CurrentUrl = $_.URL
124+
$Block = 0
125+
try {
126+
127+
# Enable passthrough authentication to authenticate to the proxy using your current user context;)
128+
if($UseCurrentUserContext)
129+
{
130+
$HTTP_Handle.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
131+
}
132+
133+
# Reduce ssl requirements
134+
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
135+
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
136+
137+
# Send HTTP request and get results
138+
$Results = $HTTP_Handle.DownloadString("$CurrentUrl")
139+
140+
# Check for blocks
141+
$BlockStrings |
142+
ForEach-Object {
143+
$CurrentBlockString = $_.String
144+
$WebFilterProduct = $_.Product
145+
if($Results -like "*$CurrentBlockString*"){
146+
Write-Verbose "$WebSiteCount2 of $WebSiteCount - Status: Blocked ($WebFilterProduct) $CurrentUrl"
147+
$ResultsTbl.Rows.Add($CurrentUrl,"No","$WebFilterProduct") | Out-Null
148+
$Block = 1
149+
}
150+
}
151+
152+
# Check for access
153+
if($Block -eq 0){
154+
Write-Verbose "$WebSiteCount2 of $WebSiteCount - Status: Allowed $CurrentUrl"
155+
$ResultsTbl.Rows.Add($CurrentUrl,"Yes","NA") | Out-Null
156+
return
157+
}
158+
}catch{
159+
160+
$ErrorMessage = $_.Exception.Message
161+
Write-Verbose "$WebSiteCount2 of $WebSiteCount - Status: Request Failed - $ErrorMessage - $CurrentUrl"
162+
$ResultsTbl.Rows.Add($CurrentUrl,"Request Failed","NA") | Out-Null
163+
}
164+
}
165+
}
166+
167+
End
168+
{
169+
# Return table with results
170+
$ResultsTbl
171+
}
172+
}

0 commit comments

Comments
 (0)