Initial commit

This commit is contained in:
Tyler Hale 2021-09-13 13:43:33 -06:00
parent 4cfabb730b
commit 247d26d492
Signed by: Tyler
GPG key ID: 3F9270F8F70AC13D
2 changed files with 152 additions and 5 deletions

101
Invoke-PortKnock.ps1 Normal file
View file

@ -0,0 +1,101 @@
<#
.SYNOPSIS
PowerShell script that knocks on a given sets of ports. It can optionally take an execute parameter to run a secondary script after the knocking is complete.
.DESCRIPTION
PowerShell script that knocks on a given sets of ports. It can optionally take an execute parameter to run a secondary script after the knocking is complete.
.PARAMETER Knock_Ports
Object Array for of the sequence of ports that should be knocked. The array must follow the following pattern.
Destination, Port, Protocol
.PARAMETER Delay
The time to pause between knocks in milliseconds. Defaults to 200 milliseconds.
.PARAMETER Execute
Optional command that will be run after the knocking sequence is complete. This is passed directly to a Invoke-Expression command.
.EXAMPLE
$Knock_Ports = @(
("10.1.1.1", 36041, "TCP"),
("10.1.1.1", 38097, "UDP"),
("10.1.1.1", 27079, "TCP")
)
PortKnock.ps1 -Knock_Ports $Knock_Ports
.NOTES
Version: 1.0
Author: Tyler Hale
Creation Date: 2021.09.13
#>
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[Object[]]
$Knock_Ports,
[Parameter(Mandatory = $false)]
[int]
$Delay = 200,
[Parameter(Mandatory = $false)]
[string]
$Execute
)
$ErrorDetected = $False
foreach ($Knock in $Knock_Ports) {
if (!([ipaddress]::TryParse("$($Knock[0])",[ref][ipaddress]::Loopback))) {
$DNS_Resolve = (Resolve-DnsName $Knock[0])
$Knock_Destination = $DNS_Resolve.IP4Address
}
else {
$Knock_Destination = $Knock[0]
}
$Knock_Port = $Knock[1]
$Knock_Protocol = $Knock[2]
try {
switch ($Knock_Protocol) {
"TCP" {
$tcpClient = New-Object System.Net.Sockets.TcpClient
$tcpClient.BeginConnect($Knock_Destination, $Knock_Port, $null, $null) | Out-Null
$tcpClient.Close() | Out-Null
}
"UDP" {
$udpClient = New-Object System.Net.Sockets.UdpClient
$udpClient.Connect($Knock_Destination, $Knock_Port) | Out-Null
$udpClient.Send([byte[]](0), 1) | Out-Null
$udpClient.Close() | Out-Null
}
default {
throw "Protocol not found $Knock_Protocol"
}
}
Write-Verbose "Sent $Knock_Protocol packet to $($Knock_Destination):$Knock_Port"
}
catch {
Write-Error $_
$ErrorDetected = $True
}
Start-Sleep -Milliseconds $Delay
}
if ($ErrorDetected) {
Write-Warning "Knock may not have completed successfully"
}
else {
Write-Host "Knock Complete"
if ($null,"" -ne $Execute) {
Write-Verbose "Invoking command: $Execute"
Invoke-Expression -Command $Execute
}
}

View file

@ -2,18 +2,64 @@
PowerShell script that knocks on a given sets of ports. It can optionally take an execute parameter to run a secondary script after the knocking is complete.
It should be noted that using port knocking is not a security measure alone, it is generally used to minimize detections from random bots on the internet. It is easy to figure out a port knocking sequence so make sure that your systems are using security best practices.
## Requirements
## Variables
| Variable | Required | Default | Choices | Description |
| -------- | -------- | ------- | ------- | ----------- |
| | | | | |
| ----------- | -------- | ------- | ------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| Knock_Ports | Yes | | | Object Array for of the sequence of ports that should be knocked - The array must follow the following pattern |
| Delay | No | 200 | | The time to pause between knocks in milliseconds |
| Execute | No | | | Optional command that will be run after the knocking sequence is complete. This is passed directly to a Invoke-Expression command |
### Knock_Ports Object
| Variable | Required | Default | Choices | Description |
| ----------- | -------- | ------- | ------- | -------------------------------------- |
| Destination | Yes | | | Destination for port knock |
| Port | Yes | | | Port to be used for port knock |
| Protocol | Yes | | TCP,UDP | Protocol to be used for the port knock |
## Example
Simple port knock with a delay of 500ms to avoid issues on a high latency connection
```powershell
$Knock_Ports = @(
("10.1.1.1", 36041, "TCP"),
("10.1.1.1", 38097, "UDP"),
("10.1.1.1", 27079, "TCP")
)
.\PortKnock.ps1 -Knock_Ports $Knock_Ports -Delay 500
```
Port knock that initiates a RDP connection to a device after the knocking sequence is complete.
```powershell
$Knock_Ports = @(
("10.1.1.1", 36041, "TCP"),
("10.1.1.1", 38097, "UDP"),
("10.1.1.1", 27079, "TCP")
)
.\PortKnock.ps1 -Knock_Ports $Knock_Ports -Execute "mstsc.exe /v:10.1.1.1:3389 /public"
```
Port knock that initiates a SSH connection to a device after the knocking sequence is complete.
```powershell
$Knock_Ports = @(
("10.1.1.1", 36041, "TCP"),
("10.1.1.1", 38097, "UDP"),
("10.1.1.1", 27079, "TCP")
)
.\PortKnock.ps1 -Knock_Ports $Knock_Ports -Execute "ssh example@10.1.1.1"
```
## License
See LICENSE file for full license information.
## Screenshots