vms.psm1
|
function GetSecondTuesday([int]$month, [int]$year) { # Calculate the first day of the month $firstDay = Get-Date -Year $year -Month $month -Day 1 # Calculate the day of the week for the first day of the month $firstDayOfWeek = $firstDay.DayOfWeek # Calculate the number of days until the first Tuesday of the month $daysUntilTuesday = [int][System.DayOfWeek]::Tuesday - $firstDayOfWeek if ($daysUntilTuesday -lt 0) {$daysUntilTuesday += 7} # Add 7 days to get the second Tuesday of the month $secondTuesday = $firstDay.AddDays($daysUntilTuesday + 7) # Return the day of the month for the second Tuesday return $secondTuesday } Function Exposure_Score($exposure) { $score = 1 switch($exposure) { "internet-unrestricted" {$score = 4 ; break} "internal-unrestricted" {$score = 3 ; break} "vap" {$score = 3 ; break} "authentication-required" {$score = 2.5 ; break} "local-access-required" {$score = 2.5 ; break} "internal-restricted-hips" {$score = 2 ; break} "internal-restricted-hbfw" {$score = 2 ; break} "internal-restricted" {$score = 1.5 ; break} } return $score } Function Exploitability_Score($cvss) { if ($cvss -like '*(*') { $cvss_value = $cvss.substring(0,$cvss.indexOf('(')-1) $threat_label = $cvss.substring($cvss.indexOf('('),$cvss.indexOf(')')-$cvss.indexOf('(')+1) } else { $threat_label = "" } $score = 1 switch($threat_label) { "(ZERO DAY - WORMABLE)" {$score = 3 ; break} "(ZERO DAY - UNAUTHENTICATED)" {$score = 3 ; break} "(ZERO DAY - REMOTE CODE EXECUTION)" {$score = 3 ; break} "(ZERO DAY)" {$score = 3 ; break} "(CISA EXPLOITED)" {$score = 3 ; break} "(RANSOMWARE - WORMABLE)" {$score = 3 ; break} "(RANSOMWARE - UNAUTHENTICATED)" {$score = 3 ; break} "(RANSOMWARE - REMOTE CODE EXECUTION)" {$score = 3 ; break} "(RANSOMWARE)" {$score = 3 ; break} "(ACTIVE ATTACKS - WORMABLE)" {$score = 3 ; break} "(ACTIVE ATTACKS - UNAUTHENTICATED)" {$score = 3 ; break} "(ACTIVE ATTACKS - REMOTE CODE EXECUTION)" {$score = 3 ; break} "(ACTIVE ATTACKS)" {$score = 3 ; break} "(MALWARE - WORMABLE)" {$score = 3 ; break} "(MALWARE - UNAUTHENTICATED)" {$score = 3 ; break} "(MALWARE - REMOTE CODE EXECUTION)" {$score = 3 ; break} "(MALWARE)" {$score = 3 ; break} "(PUBLIC EXPLOIT - WORMABLE)" {$score = 2.5 ; break} "(PUBLIC EXPLOIT - UNAUTHENTICATED)" {$score = 2.5 ; break} "(PUBLIC EXPLOIT - REMOTE CODE EXECUTION)" {$score = 2.5 ; break} "(PUBLIC EXPLOIT)" {$score = 2.5 ; break} "(WEAK PASSWORD)" {$score = 3 ; break} "(END OF LIFE)" {$score = 1.5 ; break} "(REVISED)" {$score = 1.5 ; break} "" {$score = 1 ; break} } return $score } Function Criticality_Score($tier) { $score = 5 switch($tier) { "FIA (Sensitive)" {$score = 5 ; break} "Platinum (Sensitive)" {$score = 4 ; break} "Platinum (Internal)" {$score = 4 ; break} "Platinum (Public)" {$score = 4 ; break} "Gold (Sensitive)" {$score = 4 ; break} "Silver (Sensitive)" {$score = 4 ; break} "Bronze (Sensitive)" {$score = 4 ; break} "Gold (Internal)" {$score = 3 ; break} "Silver (Internal)" {$score = 3 ; break} "Bronze (Internal)" {$score = 3 ; break} } return $score } function IsIpAddressInRange { param( [string] $ipAddress, [Hashtable] $subnets ) $ipAddress = $ipAddress.Replace(' ','') $exposure = "" $subnet_ranges = $subnets.Keys | sort -Descending foreach ($iprange in $subnet_ranges) { $range = $iprange -split "-" $fromAddress = $range[0] $toAddress = $range[1] $ip = [system.net.ipaddress]::Parse($ipAddress).GetAddressBytes() [array]::Reverse($ip) $ip = [system.BitConverter]::ToUInt32($ip, 0) $from = [system.net.ipaddress]::Parse($fromAddress).GetAddressBytes() [array]::Reverse($from) $from = [system.BitConverter]::ToUInt32($from, 0) $to = [system.net.ipaddress]::Parse($toAddress).GetAddressBytes() [array]::Reverse($to) $to = [system.BitConverter]::ToUInt32($to, 0) if ($from -le $ip -and $ip -le $to) { $exposure = $subnets[$iprange] break } } return $exposure } Export-ModuleMember -Function GetSecondTuesday Export-ModuleMember -Function Exposure_Score Export-ModuleMember -Function Exploitability_Score Export-ModuleMember -Function Criticality_Score Export-ModuleMember -Function IsIpAddressInRange |