Merge pull request #180 from TrimarcJake/main

Sync branch

Build/Build-Module.ps1

@@ -129,10 +129,11 @@ Build-Module -ModuleName 'Locksmith' {
 
     $PostScriptMerge = { Invoke-Locksmith -Mode $Mode -Scans $Scans }
 
-    New-ConfigurationArtefact -Type Packed -Enable -Path "$PSScriptRoot\..\Artefacts\Packed" -ArtefactName '<ModuleName>-v<ModuleVersion>.zip'
+    New-ConfigurationArtefact -Type Packed -Enable -Path "$PSScriptRoot\..\Artefacts\Packed" -ArtefactName '<ModuleName>.zip'
     New-ConfigurationArtefact -Type Script -Enable -Path "$PSScriptRoot\..\Artefacts\Script" -PreScriptMerge $PreScriptMerge -PostScriptMerge $PostScriptMerge -ScriptName "Invoke-<ModuleName>.ps1"
     New-ConfigurationArtefact -Type ScriptPacked -Enable -Path "$PSScriptRoot\..\Artefacts\ScriptPacked" -ArtefactName "Invoke-<ModuleName>.zip" -PreScriptMerge $PreScriptMerge -PostScriptMerge $PostScriptMerge -ScriptName "Invoke-<ModuleName>.ps1"
     New-ConfigurationArtefact -Type Unpacked -Enable -Path "$PSScriptRoot\..\Artefacts\Unpacked"
+    # New-ConfigurationPublish -Type PowerShellGallery -FilePath 'C:\Users\jake.BLUETUXEDO\Documents\API Keys\PSGallery.txt'
 }
 
 Copy-Item "$PSScriptRoot\..\Artefacts\Script\Invoke-Locksmith.ps1" "$PSScriptRoot\..\"

Invoke-Locksmith.ps1

@@ -2160,7 +2160,7 @@ function Invoke-Scans {
         }
         ESC1 {
             Write-Host 'Identifying AD CS templates with dangerous ESC1 configurations...'
-            [array]$ESC1 = Find-ESC1 -ADCSObjects $ADCSObjects -SafeUsers $SafeUsers
+            [array]$ESC1 = Find-ESC1 -ADCSObjects $ADCSObjects -SafeUsers $SafeUsers -ClientAuthEKUs $ClientAuthEkus
         }
         ESC2 {
             Write-Host 'Identifying AD CS templates with dangerous ESC2 configurations...'
@@ -2187,9 +2187,13 @@ function Invoke-Scans {
             Write-Host 'Identifying HTTP-based certificate enrollment interfaces (ESC8)...'
             [array]$ESC8 = Find-ESC8 -ADCSObjects $ADCSObjects
         }
-        ESC6 {
+        ESC11 {
             Write-Host 'Identifying Issuing CAs with IF_ENFORCEENCRYPTICERTREQUEST disabled (ESC11)...'
-            [array]$ESC6 = Find-ESC6 -ADCSObjects $ADCSObjects
+            [array]$ESC11 = Find-ESC11 -ADCSObjects $ADCSObjects
+        }
+        ESC13 {
+            Write-Host 'Identifying AD CS templates with dangerous ESC13 configurations...'
+            [array]$ESC11 = Find-ESC13 -ADCSObjects $ADCSObjects -SafeUsers $SafeUsers -ClientAuthEKUs $ClientAuthEKUs
         }
         All {
             Write-Host 'Identifying auditing issues...'
@@ -2264,7 +2268,7 @@ descriptions, code used to find, code used to fix, and reference URLs. This is i
 
 function New-Dictionary {
     class VulnerableConfigurationItem {
-        static [string] $Version = '2023.10.01.000'
+        static [string] $Version = '2024.11.03.000'
         [string]$Name
         [ValidateSet('Escalation Path', 'Server Configuration', 'GPO Setting')][string]$Category
         [string]$Subcategory
@@ -3226,7 +3230,6 @@ function Invoke-Locksmith {
     )
 
     $Version = '2024.11.10'
-
     $LogoPart1 = @"
     _       _____  _______ _     _ _______ _______ _____ _______ _     _
     |      |     | |       |____/  |______ |  |  |   |      |    |_____|

Private/Invoke-Scans.ps1

@@ -72,7 +72,7 @@ function Invoke-Scans {
         }
         ESC1 {
             Write-Host 'Identifying AD CS templates with dangerous ESC1 configurations...'
-            [array]$ESC1 = Find-ESC1 -ADCSObjects $ADCSObjects -SafeUsers $SafeUsers
+            [array]$ESC1 = Find-ESC1 -ADCSObjects $ADCSObjects -SafeUsers $SafeUsers -ClientAuthEKUs $ClientAuthEkus
         }
         ESC2 {
             Write-Host 'Identifying AD CS templates with dangerous ESC2 configurations...'
@@ -103,6 +103,10 @@ function Invoke-Scans {
             Write-Host 'Identifying Issuing CAs with IF_ENFORCEENCRYPTICERTREQUEST disabled (ESC11)...'
             [array]$ESC11 = Find-ESC11 -ADCSObjects $ADCSObjects
         }
+        ESC13 {
+            Write-Host 'Identifying AD CS templates with dangerous ESC13 configurations...'
+            [array]$ESC11 = Find-ESC13 -ADCSObjects $ADCSObjects -SafeUsers $SafeUsers -ClientAuthEKUs $ClientAuthEKUs
+        }
         All {
             Write-Host 'Identifying auditing issues...'
             [array]$AuditingIssues = Find-AuditingIssue -ADCSObjects $ADCSObjects

README.md

@@ -32,19 +32,23 @@ A ~~tiny~~ small tool built to find and fix common misconfigurations in Active D
    6. [Scans](#Scans)
 
 # Installation
+## Prerequisites
+1. Locksmith (both script and module versions) must be run on a domain joined system.
+2. Locksmith (module version only) needs the ActiveDirectory and ServerManager PowerShell modules installed.
+
 ## Module
 ### Install module from the PowerShell Gallery (preferred):
 1. Open a PowerShell prompt and run `Install-Module -Name Locksmith -Scope CurrentUser`
 
 ### Install module manually from GitHub:
 1. Download the [latest module version](https://github.com/TrimarcJake/Locksmith/releases/latest) ( **Locksmith-v**\<YEAR\>**.**\<MONTH\>**.zip** )
 2. Extract the downloaded zip file
-3. Open a PowerShell prompt to the location of the extracted file and run `Import-Module Locksmith.psd1`
+3. Open a PowerShell prompt to the location of the extracted file and run `Import-Module .\Locksmith.psd1`
 
 ## Script
 ### Download the standalone script (classic) without module:
 1. Download the latest script version: [https://github.com/TrimarcJake/Locksmith/releases/latest/download/Invoke-Locksmith.zip](https://github.com/TrimarcJake/Locksmith/releases/latest/download/Invoke-Locksmith.zip)
-2. Extract the downloaded zip file
+2. Open a PowerShell prompt to the location of the downloaded file and run `.\Invoke-Locksmith.ps1`
 
 <a name="RunLocksmith" id="RunLocksmith"></a>
 # Run Locksmith