Update Discover-PSInterestingServices

Discover-PSInterestingServices

@@ -13,7 +13,7 @@ License: BSD 3-Clause
 Required Dependencies: None
 Optional Dependencies: None
 
-Version: 1.2
+Version: 1.3
 
 .DESCRIPTION
 This script is used to discover network servers with interesting services without port scanning.
@@ -62,18 +62,11 @@ This script is used to discover network servers with interesting services withou
 #>
 Param
     (
-        [Parameter(Position=0)]
-        [switch] $ExtendedInfo,
-
-        [Parameter(Position=1)]
-        [String[]] $StandardSPNServiceFilter = ("AGPM","DNS","ADAM","Exchange","GC","http","IMAP","kadmin","ldap","MSServerCluster","MSSQL","sip","SMTP","tapinego","TERMSRV","WSMAN"),
-
-        [Parameter(Position=2)]
-        [String[]] $OptionalSPNServiceFilter
-
+        [switch] $GetAllForestSPNs,
+        [String[]] $StandardSPNServiceFilter = ("ADAM","AGPM","bo","CESREMOTE","CmRcService","Dfs","DNS","Exchange","FIMService","ftp","GC","http","IMAP","ipp","iSCSITarget","kadmin","ldap","MS","MSSQL","nfs","NPPolicyEvaluator","NPRepository4","PCNSCLNT","PVSSoap","secshd","sip","SMTP","SoftGrid","SQLAgent","tapinego","TERMSRV","Virtual","vmrc","vnc","vpn","VProRecovery","vssrvc","WSMAN","xmpp")
     )
 
-[array]$SPNServiceFilter = $StandardSPNServiceFilter + $OptionalSPNServiceFilter
+[array]$SPNServiceFilter = $StandardSPNServiceFilter
 
 Write-Verbose "Get current Active Directory domain... "
 $ADForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
@@ -90,11 +83,18 @@ $ADDomainInfoLGCDN = 'GC://' + $ADForestInfoRootDomainDN
 
 Write-Verbose "Discovering Interesting Services in the AD Forest $ADForestInfoRootDomainDN "
 $root = [ADSI]$ADDomainInfoLGCDN 
-$ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(serviceprincipalname=*)") 
-$ADSearcher.PageSize = 500
+
+IF ($GetAllForestSPNs -eq $True)
+    { $ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(serviceprincipalname=*)")  } 
+  ELSE
+    { 
+        $ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(|(serviceprincipalname=*ADAM*)(serviceprincipalname=AGPM*)(serviceprincipalname=bo*)(serviceprincipalname=CESREMOTE*)(serviceprincipalname=CmRcService*)(serviceprincipalname=Dfs*)(serviceprincipalname=DNS*)(serviceprincipalname=Exchange*)(serviceprincipalname=FIMService*)(serviceprincipalname=ftp*)(serviceprincipalname=GC*)(serviceprincipalname=http*)(serviceprincipalname=IMAP*)(serviceprincipalname=ipp*)(serviceprincipalname=iSCSITarget*)(serviceprincipalname=kadmin*)(serviceprincipalname=ldap*)(serviceprincipalname=MS*)(serviceprincipalname=nfs*)(serviceprincipalname=NPPolicyEvaluator*)(serviceprincipalname=NPRepository4*)(serviceprincipalname=PCNSCLNT*)(serviceprincipalname=PVSSoap*)(serviceprincipalname=secshd*)(serviceprincipalname=sip*)(serviceprincipalname=SMTP*)(serviceprincipalname=SoftGrid*)(serviceprincipalname=SQLAgent*)(serviceprincipalname=tapinego*)(serviceprincipalname=TERMSRV*)(serviceprincipalname=*Virtual*)(serviceprincipalname=vmrc*)(serviceprincipalname=vnc*)(serviceprincipalname=vpn*)(serviceprincipalname=VProRecovery*)(serviceprincipalname=vssrvc*)(serviceprincipalname=WSMAN*)(serviceprincipalname=xmpp*) )")  
+     }
+
+$ADSearcher.PageSize = 1000
 $AllForestSPNs = $ADSearcher.FindAll() 
 
-$AllForestSPNsCount = $AllForestSPNs.Count
+#$AllForestSPNsCount = $AllForestSPNs.Count
 
 $AllInterestingSPNs = $NULL
 $AllSPNs = $NULL
@@ -152,7 +152,7 @@ ForEach ($AllForestSPNsItem in $AllForestSPNs)
 
                         IF ( ($FSPNItemSPNItemServerPort) -AND ($FSPNItemSPNItemServerPort -match "^[\d\.]+$") )
                             { $FSPNItemSPNItemSPNType = $FSPNItemSPNItemSPNType + "." + $FSPNItemSPNItemServerPort }
-
+                
                         ForEach ($SPNServiceFilterItem in $SPNServiceFilter)
                             {
                                 IF ($FSPNItemSPNItemSPNType -like "*$SPNServiceFilterItem*")
@@ -219,23 +219,18 @@ ForEach ($AllForestSPNsItem in $AllForestSPNs)
                 $AllInterestingSPNHashTableItemServerFQDN = $AllInterestingSPNHashTableItemServerDomainName + "\DNSzone" 
                 $AllInterestingSPNHashTableItemServerName = $NULL 
             } 
-
+ 
         TRY
             {
                 $ADComputerSearch = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
                 $ADComputerSearch.SearchRoot = $AllInterestingSPNHashTableItemServerDomainLDAPDN
                 $ADComputerSearch.PageSize = 500
                 $ADComputerSearch.Filter = "(&(objectCategory=Computer)(name=$AllInterestingSPNHashTableItemServerName))"
                 $ComputerADInfo = $ADComputerSearch.FindAll()
-
-                [string]$ComputerADDescription = ($ComputerADInfo.properties.description)
-                [string]$ComputerADInfoOperatingSystem = ($ComputerADInfo.properties.operatingsystem)
-                [string]$ComputerADInfoOperatingSystemServicePack = ($ComputerADInfo.properties.operatingsystemservicepack)
-                [string]$ComputerADInfoOperatingSystemVersion = ($ComputerADInfo.properties.operatingsystemversion)
 
-                [string]$ComputerADInfoLastLogonTimestamp = ($ComputerADInfo.properties.lastlogontimestamp)
+                [string]$ComputerADInfoLastLogonTimestamp = ($ComputerADInfo[0].properties.lastlogontimestamp)
                 TRY { [datetime]$ComputerADInfoLLT = [datetime]::FromFileTime($ComputerADInfoLastLogonTimestamp) }
-                    CATCH { }
+                    CATCH { $ComputerADInfoLLT = $Null }
             }
             CATCH
             { Write-Warning "Unable to gather property data for computer $AllInterestingSPNHashTableItemServerName " }
@@ -255,15 +250,14 @@ ForEach ($AllForestSPNsItem in $AllForestSPNs)
             }
 
         $IntServerServicesReport = New-Object -TypeName System.Object 
-        # $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name Domain -Value $AllInterestingSPNHashTableItemServerDomainName
+        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name Domain -Value $AllInterestingSPNHashTableItemServerDomainName
         $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name ServerName -Value $AllInterestingSPNHashTableItemServerFQDN   
         $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name SPNServices -Value $AllServerInterstingSPNServiceList     
-        # $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $ComputerADInfoOperatingSystem 
-        # $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OSServicePack -Value $ComputerADInfoOperatingSystemServicePack 
-        # $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name LastBootup -Value $ComputerADInfoLLT  
-        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OSVersion -Value $ComputerADInfoOperatingSystemVersion 
-        #$IntServerServicesReport | Add-Member -MemberType NoteProperty -Name Description -Value $ComputerADDescription
-        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OS -Value $ComputerADInfoShortOS
+        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value ($ComputerADInfo[0].properties.operatingsystem)
+        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OSServicePack -Value ($ComputerADInfo[0].properties.operatingsystemservicepack) 
+        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name LastBootup -Value $ComputerADInfoLLT  
+        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name OSVersion -Value ($ComputerADInfo[0].properties.operatingsystemversion)
+        $IntServerServicesReport | Add-Member -MemberType NoteProperty -Name Description -Value ($ComputerADInfo[0].properties.description)
 
         [array]$ALLIntServerServicesReport += $IntServerServicesReport
     }