Search for WannaCry Vulnerabilities

The tool is scanning all Windows Systems in your Active Directory for the following:

  • Are the EternalBlue (WannyCry) related Hotfixes installed
  • Is SMBv1 still installed
    Is SMBv1 still activated
  • The tool generates a CSV File with the information above. You can then use Excel (or any other tool that can do this) to filter for everything you would like to know.

Tha basic ideas is based my Gist that I published while the first WannyCry wave hits.

I extended the Tool based on requests and feedback.

WannaCry Scan Run

WannaCry Scan Run

There is nothing to configure. The Report is a CSV File that is created where the executable is.

You need to run the Tool as Administrator (Elevated)!

Further Details are published on the GitHub Repository for this Project!

Requirements
  • The Tool must be elevated (Run as Administrator is the default)
  • The RSAT (Remote Server Administration) Tools must be installed. Install it via Server Manager (Server) or Download (Client). Just Google for Windows RSAT
  • The Computer that should run the scan needs to be Domain joined
  • The permissions needs to fit!
  • Remote PowerShell must be enabled: $null = (Enable-PSRemoting -Force) (Execute this on the REMOTE systems)
  • The remote system should allow Remote Management (Check the ‘Windows Remote Management’ Rule)
  • PowerShell 4.0, or newer needs to be installed
  • Windows 7, or newer are required. Or Windows Server 2008R2, or newer.

You should have Domain Admin permission! And the remote systems (servers and clients) must allow remote connection and remote management.

I tested the Script (Gist) abd this Tool only on Windows 10 based Clients and Windows Server 2016 based Servers. I never tested it on any other OS! It should run 🙂

License

This tool, like the script, is general public domain. Even if I decided to keep the source of the tool closed. The source for most parts is availible.