#requires -RunAsAdministrator Import-Module NetSecurity #Useful to manipulate firewall rules $HOST_FILE = "$env:windir\System32\drivers\etc\hosts" $HOST_IP = "0.0.0.0" $ErrorActionPreference = "SilentlyContinue" #Thanks to https://gist.github.com/markembling/173887 function BlockHost { param( [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.file ) { Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line} } } if ( $params.host ) { Write-Host -NoNewline "`t$($params.host) : " try { if ( ! $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){ $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE } else { Write-Host -ForegroundColor Yellow "already blocked " return } } catch { Write-Host -ForegroundColor Red "error" return } Write-Host -ForegroundColor Green "done" } } function IsHostAlreadyBlocked { param([string]$filename, [string]$hostname) $c = Get-Content $filename foreach ($line in $c) { $bits = [regex]::Split($line, "\t+") if ($bits[1] -eq $hostname) { return $true } } return $false } function FwBlockOutputIP { param( [object]$params ) if ( $params.file ) { foreach ($line in Get-Content $params.file ){ FwBlockOutputIP @{"ip"="$line"} } } if ( $params.ip) { Write-Host -NoNewline "`t$($params.ip) : " if ( Get-NetFirewallRule -Name Blacklist_$($params.ip) -ErrorAction SilentlyContinue) { Write-Host -ForegroundColor Yellow "already blacklisted" return } else { Try { New-NetFirewallRule -Name Blacklist_$($params.ip) -DisplayName "BlackList $($params.ip)" -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null } Catch { Write-Host -ForegroundColor Red "error" return } Write-Host -ForegroundColor Green "done" } } } function DisablesheduledTask () { param($taskList) Foreach ($task in $taskList){ Write-Host -NoNewline "`t$task : " if ($PSVersionTable.PSVersion.Major -gt 2) { if (Get-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue) { Write-Host -NoNewline -ForegroundColor DarkGreen "found! " Write-Host -Nonewline -ForegroundColor white "removing : " Try {Unregister-ScheduledTask -TaskName $task -ErrorAction SilentlyContinue -Confirm:$false} Catch { Write-Host -Nonewline -ForegroundColor Red "error" } Write-Host -ForegroundColor Green "done" } else { Write-Host -ForegroundColor Yellow "already removed"} } else { Write-Host -ForegroundColor Red "damned! this is not Windows 10!" } } } function AddRegKey { param( [Parameter(Mandatory=$true)] [object]$params ) Write-Host -NoNewline "`t$($params.key) reg key to $($params.value) : " if ( -not $params.path -or -not $params.key -or -not $params.value ) { Write-Host -ForegroundColor Red -NoNewline "Error in AddRegKey : no path, key or value" } if ( -not $params.type ){ $params.type="DWORD" } if ( -not (Test-Path $params.path) ){ Write-Host -NoNewline "- creating path - " New-Item -Path $params.path -Force | Out-Null } try { Set-ItemProperty -Path $params.path -Name $params.key -Value $params.value -Type $params.type -Force } catch [System.Security.SecurityException]{ Write-Host -ForegroundColor Red "access denied" return } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } Write-host -ForegroundColor Green "done" } function DelRegKey { param( [Parameter(Mandatory=$true)] [object]$params ) Write-Host -NoNewline "`tDelete registery key $($params.key) : " if ( ! (Test-Path $params.path) ){ Write-Host -ForegroundColor Red " Error path not found" return } try { Remove-ItemProperty -Path $path -Name $key } catch [System.Security.SecurityException]{ Write-Host -ForegroundColor Red "Error in DelRegKey`n`t" Write-Host -ForegounndColor DarkRed "Access to $($params.path)\$($params.key) denied" return } catch { Write-Host -ForegroundColor Red -NoNewLine "Error in DelRegKey`n`t" Write-Host -ForegounndColor DarkRed $Error[0].Exception.Message return } Write-host -ForegroundColor Green "done" } function DisableFeature { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params, [Parameter( ValueFromPipeline=$True, ParameterSetName="feature", Position = 0 )] [Object]$feature ) if ( $params.file ) { Get-Content $params.file | foreach { DisableFeature -feature $(dism /online /Get-FeatureInfo /FeatureName:$_ /English) } } elseif ( $params.name ) { $(dism /online /Get-FeatureInfo /FeatureName:$($params.name) /English) | DisableFeature } elseif ( $feature ) { try { $name = $feature | Select-String "Feature Name" | %{($_ -split " : ")[1]} Write-Host -NoNewline "`tDisable Feature $name : " if ( $($feature | Select-String "state") -match "Disable" ){ Write-Host -ForegroundColor Yellow "already disable" return } Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -ForegroundColor Red "error" Return } } } function UninstallModernApp { param( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params, [Parameter( ValueFromPipeline=$True, ParameterSetName="pkg", Position = 0 )] [Object]$pkg ) if ( $params.file ) { Get-AppxPackage -AllUsers | Where-Object { $_.name -in $(Get-Content $params.file) } | foreach { $_ | UninstallModernApp } } elseif ( $params.name ) { $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } ) | UninstallModernApp } elseif ( $pkg ) { try { Write-Host -NoNewLine "`tUninstall $($pkg.Name) :" $pkg | Remove-AppxPackage | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError in UninstallModernApp`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } if ( $params.removeProvisionned ) { UninstallModernProvisonnedApp $params } } function UninstallModernProvisonnedApp { param( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, #ParameterSetName="params", Position = 0 )] [object]$params, [Parameter( ValueFromPipeline=$True, ParameterSetName="pkg", Position = 0 )] [Object]$pkg ) if ( $params.file ) { Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -in $(Get-Content $params.file) } | foreach { UninstallModernProvisonnedApp -pkg $_ } } elseif ( $params.name ) { UninstallModernProvisonnedApp -pkg $(Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -like "*$($params.name)*" }) } elseif ( $pkg ) { try { Write-Host -NoNewLine "`tUninstall Provisonned $($pkg.DisplayName) :" $pkg | Remove-AppxProvisionedPackage -Online | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError in UninstallModernApp`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } } function DisableService { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params, [Parameter( ValueFromPipeline=$True, ParameterSetName="service" )] [Object]$service ) if ( $params.file ) { Get-Service | Where-Object { $_.name -in $( Get-Content $params.file ) } | Foreach { $_ | DisableService } } elseif ( $params.name ) { DisableService-service $(Get-Service -name $params.name) } elseif ( $service ) { try { Write-Host -NoNewline "`tDisable service $($service.name) : " if ( $service.StartType -eq "Disable") { Write-Host -ForegroundColor Yellow "already disabled" return } Stop-Service -InputObject $service -PassThru | Set-Service -StartupType disabled Write-Host -ForegroundColor Green "done " } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError in DisableService`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } } function KillProcess { param( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) Write-Host -NoNewLine "`tKilling $($params.name) : " try { $p = Get-Process $process Stop-Process $p | Out-Null Write-Host -ForegroundColor Green "Done" } catch { Write-host -ForegroundColor Yellow "Not started" } } function DelFile { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) $path = Invoke-Expression """$($params.path)""" Write-Host -NoNewline "`tDelete $path : " if ( -not (Test-Path $path) ){ Write-Host -ForegroundColor Yellow "not found" return } $command = "Remove-Item $command -ErrorAction SilentlyContinue -Force -Path `"$path`"" if ( $params.recurse -eq $true ) { $command += "-Recurse" } try { Invoke-Expression $command Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`Error in DelFile`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } function ExecCommand { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) Write-Host -NoNewline "`tExecute : $($params.path) : " if ( -not (Test-Path $params.path) ) { Write-Host -ForegroundColor Yellow "File not found" return } try { Start-Process $params.path -ArgumentList $params.arguments Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`Error in DelFile`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } Write-Output "`nIt's time to kick ass and chew bubble gum" Write-Output "_________________________________________`n" try { Write-Host -NoNewline "Mount Default user registery hive : " reg load "hku\Default" "C:\Users\Default\NTUSER.DAT" | Out-Null New-PSDrive -PSProvider Registry -Root HKEY_USERS -Name HKU | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewline -ForegroundColor Red "Error`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message exit 1 } try { Write-Host -NoNewline "Mount HK_CLASSES_ROOT registery hive : " New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewline -ForegroundColor Red "Error`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message exit 1 } Get-ChildItem -Path $PSScriptRoot"\modules.d" -Filter "*.conf" | foreach { $module = "" $module = Get-Content $_.FullName -Raw | ConvertFrom-Json Write-Host -ForegroundColor White "`nProcess Module $($module.name)" $module_dir = $_.Directory.FullName + "\" + $_.BaseName + "\" $module.actions | Foreach { $action_file = "" $current_action = $_ # If action content a file element, need to test if file exist if ( $_.file) { $action_file = $module_dir + $_.file if ( -not (Test-Path $action_file) ) { Write-Host -ForegroundColor Red "`tError in $($module.name) : file $($_.file) not found" return } $_.file = $action_file } # Invoke function Invoke-Expression "$($_.action) `$_" } }