Skip to content

cyb3rint3l-labs/ServerSecurityAudit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
assets
assets
 
 
templates
templates
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CHECKS.md
CHECKS.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ServerSecurityAudit.ps1
ServerSecurityAudit.ps1
 
 
USAGE.md
USAGE.md
 
 

Repository files navigation

🛡️ Windows Server Security Audit (NIS2 Alignment)

License PowerShell Platform NIS2 Ready MITRE ATT&CK CIS Controls

📋 Overview

A modular PowerShell-based engine designed to perform deep security hygiene audits on Windows Server systems. It delivers actionable risk scoring mapped to NIS2 Directive (Article 21), MITRE ATT&CK, and CIS Controls v8, generating forensic-ready HTML and JSON outputs.

The engine executes 30+ weighted checks across 6 Strategic Domains covering 12 critical security disciplines to ensure a holistic defense-in-depth posture.

It runs entirely offline, has no external dependencies or call home capabilities.

⚠️ Disclaimer

While designed to be non-intrusive, this script performs extensive WMI, Registry, and File System queries. These operations may cause temporary CPU/Disk spikes or trigger EDR/Monitoring alerts.

🎯 Key Capabilities

  • 🇪🇺 NIS2 Compliance Aligned: Every check is mapped directly to Directive (EU) 2022/2555 articles (Vulnerability Handling, Risk Analysis, Basic Cyber Hygiene, Network Security, Access Control, Cryptography, Business Continuity).
  • 📊 Risk-Based Scoring: Prioritises vulnerabilities (Critical/Warning/Info) based on exploitability impact. Furthermore, findings are mapped to MITRE ATT&CK tactics and CIS Controls v8 practices.
  • 🕵️ Sensitive Data Discovery: Detects exposed credentials in user profiles and Inetpub locations in the form of filenames (e.g., "passwords.txt", "credentials.docx") across 15+ languages (🇬🇧 EN, 🇬🇷 GR, 🇩🇪 DE, 🇳🇱 DU, 🇫🇷 FR, 🇮🇹 IT, 🇪🇸 ES, 🇵🇹 PT, 🇵🇱 PL, 🇨🇿 CZ, 🇭🇺 HU, 🇷🇴 RO, 🇧🇬 BG & Nordic 🇸🇪🇳🇴🇩🇰🇫🇮🇮🇸) using Regex.
  • 📝 Forensic-Ready Reporting: Generates a self-contained HTML Dashboard and JSON datasets for ingestion with third-party toolset.
  • ⚙️Compatibility: Tested on Windows Server 2016, 2019, 2022, and 2025 (Desktop Experience), en-US Locale.

🖼️ Dashboard Overview

🖼️ Findings per domain

🧩 Security Checks & Framework Mappings

🚨 High-Impact Checks (Weight: 20 pts)

Failure in these areas represents an immediate compromise risk (e.g., Ransomware, Data Breach, Man-in-the-Middle).

# Check Name Security Impact / Rationale Compliance Mapping
01 OS Patching & Update Source Continuous Vulnerability Management CIS Control 7 (IG1)
02 RDP & NLA Status Ransomware Entry Vector MITRE T1133
03 Credential Guard & LSA OS Credential Dumping Protection MITRE T1003
04 Saved UNC Paths & Vault Lateral Movement Risk MITRE T1552
05 Auth & Kerberos Hardening NTLM Relay / Kerberoasting Prevention MITRE T1557/T1558
06 Firewall State & Logging Secure Network Configuration CIS Control 4 (IG1)
07 SMB Protocol Security Exploitation of Remote Services MITRE T1210
08 LLMNR & mDNS Status Man-in-the-Middle / Responder MITRE T1557
09 WPAD Status Traffic Interception Prevention MITRE T1557
10 Endpoint Protection Malware Defenses (AV/EDR) CIS Control 10 (IG1)
11 Print Spooler Service Privilege Escalation (PrintNightmare) MITRE T1068
12 Plaintext Password Files Unsecured Credentials Discovery MITRE T1552
13 Drive Encryption (BitLocker) Data Protection at Rest CIS Control 3 (IG1)
14 Local Admin Group Least Privilege Enforcement CIS Control 5 (IG1)
15 Forensic Audit & Logging Defense Evasion Detection MITRE T1562
16 VSS Writers Status Data Recovery & Ransomware Resilience CIS Control 11 (IG1)

📖 Full Documentation: For a complete list of all 30+ checks, weights, and technical details, please consult the Detailed Checks & Scoring Documentation.

🔐 Integrity Verification

Current Version (1.0.1) Hash (SHA-256):

6BCD6B9B821DC997A19F78D7B545EFFCCEACBEA9F66883BE4F47C716EDB3559D

Verify via PowerShell:

(Get-FileHash .\ServerSecurityAudit.ps1 -Algorithm SHA256).Hash -eq "6BCD6B9B821DC997A19F78D7B545EFFCCEACBEA9F66883BE4F47C716EDB3559D"

Author: Konstantinos Xanthopoulos, Founder & Principal Consultant @ Cyb3rint3l Labs

About

PowerShell-based Windows Server Security Audit Engine by Cyb3rint3l Labs. Measures alignment with the NIS2 directive and maps findings to MITRE ATT&CK tactics & CIS Controls v8 practices. Generates interactive HTML dashboards & structured JSON datasets.

cyb3rint3l.tech/

Topics

cis security-audit automation powershell reporting sysadmin cybersecurity windows-server compliance hardening vulnerability-assessment mitre-attack nis2 audit-tool

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

42 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases 1

v1.0.1 - Fixes & JSON Security Scoring Latest
Feb 1, 2026

Packages

 
 
 

Contributors

Languages