Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/akamai/Invoke-DHCPCheckup
https://github.com/akamai/Invoke-DHCPCheckup
Last synced: 11 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/akamai/Invoke-DHCPCheckup
- Owner: akamai
- Created: 2023-11-22T08:37:26.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2024-02-13T17:04:47.000Z (4 months ago)
- Last Synced: 2024-04-15T16:22:15.539Z (2 months ago)
- Language: PowerShell
- Size: 16.6 KB
- Stars: 97
- Watchers: 5
- Forks: 16
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
Lists
- awesome-stars - akamai/Invoke-DHCPCheckup - (PowerShell)
README
# Invoke-DHCPCheckup.ps1
Invoke-DHCPCheckup is a tool meant to identify risky DHCP and DNS configurations in Active Directory environments.
For additional information please refer to our blogpost:
https://akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp
The tool identifies the following misconfigurations:
### DNS Credential
- DNS Credential is not configured
- The configured DNS credential is of a strong user
### Name Protection
- Name protection is not enabled on a scope
- Name protection is not enabled by default on new scopes
### DNSUpdateProxy
- Display group members
- Specify whether the members are DHCP servers
### Weak record ACLs
- List records owned by DHCP servers (Managed Records)
- List records that could be overwritten by authenticated users
## Usage
Invoke-DHCPCheckup relies on the DHCP server management API and requires to run as a user that is part of the "DHCP Administrators" and "DNSAdmins" groups.
It also requires the following Powershell modules:
- ActiveDirectory
- DHCPServer
- DNSServer
To run use the following commands:
```
PS C:\Users\Administrator> Import-Module C:\Users\Administrator\Desktop\DHCP-Checkup.ps1
PS C:\Users\Administrator> Invoke-DHCPCheckup -domainName -dnsServerName
```
For domains that use languages other than english as their default language, adjust the names of the strong groups at line 45 if necessary.
-------
Copyright 2023 Akamai Technologies Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.