个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我正在运行此脚本,该脚本扫描端口,并将结果输出到psobject。它首先检查端口是TCP还是UDP,然后根据端口是3389、443还是其他端口来运行交换机。如果是3389或443,它将使用get-portcertificate函数获取证书的主题并将其添加到对象的成员中。
问题是,当脚本运行时,我可以从“$ obj | ft”行中看到它已将RDP Cert和SSL Cert成员添加到对象,但是在“$ objServersList | ft”行中,缺少这两个。这与$ obj的某些实例具有“SSL Cert”成员而某些仅具有“RDP Cert”的事实有关吗?如何使其“合并”这两种类型的对象(或者在不合适的情况下仅放置一个null值)
我正在使用Caleb Keene的get-portcertificate函数,我的代码在该函数下面。
Function Get-PortCertificate {
<#
.SYNOPSIS
Returns certificate information from a listening TLS/SSL service port.
.DESCRIPTION
Gets the associated certificate from a TLS/SSL application service port.
.PARAMETER Computername
Hostname or IP address of the target system (Default: localhost). The function uses the supplied computername to validate with the certificate's subject name(s).
.PARAMETER Port
Port to retrieve SSL certificate (Default: 443).
.PARAMETER Path
Directory path to save SSL certificate(s).
.PARAMETER DownloadChain
Save all chain certificates to file. A certificate chain folder will be created under the specfied -path directory. -DownloadChain is dependent on the path parameter.
.NOTES
Name: Get-PortCertificate
Author: Caleb Keene
Updated: 08-30-2016
Version: 1.2
.EXAMPLE
Get-PortCertificate -Computername Server1 -Port 3389 -Path C:\temp -verbose
.EXAMPLE
"server1","server2","server3" | Get-PortCertificate
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $false, ValueFromPipeline = $true, Position = 0)]
[Alias('IPAddress','Server','Computer')]
[string]$ComputerName = $env:COMPUTERNAME,
[Parameter(Mandatory = $false,Position = 1)]
[ValidateRange(1,65535)]
[int]$Port = 443,
[Parameter(Mandatory = $false)]
[ValidateNotNullorEmpty()]
[string]$Path
)
#use a dynamic parameter to prevent -downloadchain without -path.
DynamicParam {
#Need some sort of conditional check before allowing Dynamic Parameter
If ($PSBoundParameters.ContainsKey('Path')) {
#Same as [Parameter()]
$attribute = new-object System.Management.Automation.ParameterAttribute
$attribute.Mandatory = $false
$AttributeCollection = new-object -Type System.Collections.ObjectModel.Collection[System.Attribute]
$AttributeCollection.Add($attribute)
#Build out the Dynamic Parameter
# Need the Parameter Name, Type and Attribute Collection (Built already)
$DynamicParam = new-object -Type System.Management.Automation.RuntimeDefinedParameter("DownloadChain", [switch], $AttributeCollection)
$ParamDictionary = new-object -Type System.Management.Automation.RuntimeDefinedParameterDictionary
$ParamDictionary.Add("DownloadChain", $DynamicParam)
return $ParamDictionary
}
}
Begin{
#make sure the version is supported
if ($psversiontable.psversion.Major -le 2 ){
Write-warning "Function requires PowerShell version 3 or later."
break
}
#add a custom type name to control our objects default display properties
try{ Update-TypeData -TypeName 'Get.PortCertificate' -DefaultDisplayPropertySet Subject,Issuer,NotAfter,NotBefore,ExpiresIn,CertificateValidNames,TargetName,TargetNameStatus,TargetNameStatusDetails,TargetNameIsValid,ChainPath,ChainStatus,ChainStatusDetails,CertificateIsValid -ErrorAction stop}
catch{}
#validate that the path is a filesystem directory
if ($path) {
if(-not(test-path -PathType Container FileSystem::$path)){
Write-warning "The supplied directory path is not valid: $path"
break
}
}
}
Process {
#make sure we are able to establish a port connection
#Set our connection timeout
$timeout = 1000
#Create object to test the port connection
$tcpobject = New-Object System.Net.Sockets.TcpClient
#Connect to remote port
$connect = $tcpobject.BeginConnect($ComputerName,$Port,$null,$null)
#Configure connection timeout
$wait = $connect.AsyncWaitHandle.WaitOne($timeout,$false)
If (-NOT $Wait) {
Write-Warning "[$($ComputerName)] Connection to port $($Port) timed out after $($timeout) milliseconds"
return
} Else {
Try {
[void]$tcpobject.EndConnect($connect)
Write-Verbose "[$($ComputerName)] Successfully connected to port $($Port). Good!"
} Catch {
Write-Warning "[$($ComputerName)] $_"
return
}
}
#Note: This also works for validating the port connection, but the default timeout when unable to connect is a bit long.
<#
try {
(New-Object system.net.sockets.tcpclient -ArgumentList $computername,$port -ErrorAction stop).Connected
}
catch{
Write-Warning ("Unable to connect to {0} on port {1}"-f$ComputerName,$Port)
return
}
#>
Write-Verbose "[$($ComputerName)] Getting SSL certificate from port $($Port)."
#create our webrequest object for the ssl connection
$sslrequest = [Net.WebRequest]::Create("https://$ComputerName`:$port")
$sslrequest.Timeout = 100000
#make the connection and store the response (if any).
try{$Response = $sslrequest.GetResponse()}
catch{}
#load the returned SSL certificate using x509certificate2 class
if ($certificate = [Security.Cryptography.X509Certificates.X509Certificate2]$sslrequest.ServicePoint.Certificate.Handle){
Write-Verbose "[$($ComputerName)] Certificate found! Building certificate chain information and object data."
#build our certificate chain object
$chain = [Security.Cryptography.X509Certificates.X509Chain]::create()
$isValid = $chain.Build($certificate)
#get certificate subject names from our certificate extensions
$validnames = @()
try{[array]$validnames += @(($certificate.Extensions | ? {$_.Oid.Value -eq "2.5.29.17"}).Format($true).split("`n") | ? {$_} | % {$_.split("=")[1].trim()})}catch{}
try{[array]$validnames += @($certificate.subject.split(",")[0].split("=")[1].trim())}catch{}
#validate the target name
for($i=0;$i -le $validnames.count - 1;$i++){
if ($validnames[$i] -match '^\*'){
$wildcard = $validnames[$i] -replace '^\*\.'
if($computername -match "$wildcard$"){
$TargetNameIsValid = $true
break
}
$TargetNameIsValid = $false
}
else{
if($validnames[$i] -match "^$ComputerName$"){
$TargetNameIsValid = $true
break
}
$TargetNameIsValid = $false
}
}
#create custom object to later convert to PSobject (required in order to use the custom type name's default display properties)
$customized = $certificate | select *,
@{n="ExtensionData";e={$_.Extensions | % {@{$_.oid.friendlyname.trim()=$_.format($true).trim()}}}},
@{n="ResponseUri";e={if ($Response.ResponseUri){$Response.ResponseUri}else{$false}}},
@{n="ExpiresIn";e={if((get-date) -gt $_.NotAfter){"Certificate has expired!"}else{$timespan = New-TimeSpan -end $_.notafter;"{0} Days - {1} Hours - {2} Minutes" -f $timespan.days,$timespan.hours,$timespan.minutes}}},
@{n="TargetName";e={$ComputerName}},
@{n="CertificateValidNames";e={$validnames}},
@{n="ChainPath";e={$count=0;$chaincerts = @($chain.ChainElements.certificate.subject);$($chaincerts[($chaincerts.length -1) .. 0] | % {"{0,$(5+$count)}{1}" -f "---",$_;$count+=3}) -join "`n"}},
@{n="ChainCertificates";e={@{"Certificates"=$chain.ChainElements.certificate}}},
@{n="ChainStatus";e={if($isvalid -and !$_.chainstatus){"Good"}else{$chain.chainstatus.Status}}},
@{n="ChainStatusDetails";e={if($isvalid -and !$_.chainstatus){"The certificate chain is valid."}else{$chain.chainstatus.StatusInformation.trim()}}},
@{n="CertificateIsValid";e={$isValid}},
@{n="TargetNameIsValid";e={$TargetNameIsValid}},
@{n="TargetNameStatus";e={if($TargetNameIsValid){"Good"}else{"Invalid"}}},
@{n="TargetNameStatusDetails";e={if($TargetNameIsValid){"The target name appears to be valid: $computername"}else{"TargetName $computername does not match any certificate subject name."}}}
#get object properties for our PSObject
$objecthash = [Ordered]@{}
($customized | Get-Member -MemberType Properties).name | % {$objecthash+=@{$_=$customized.$_}}
#create the PSObject
$psobject = New-Object psobject -Property $objecthash
#add the custom type name to the PSObject
$psobject.PSObject.TypeNames.Insert(0,'Get.PortCertificate')
#save our certificate(s) to file if applicable
if ($path){
write-verbose "Saving certificate(s) to file."
try {
$psobject.RawData | Set-Content -Encoding Byte -Path "$path\Cert`_$ComputerName`_$port`.cer" -ErrorAction stop
write-verbose "Certificate saved to $path\Cert`_$ComputerName`_$port`.cer."
}
catch{write-warning ("Unable to save certificate to {0}: {1}" -f "$path\Cert`_$ComputerName`_$port`.cer",$_.exception.message)}
if($PSBoundParameters.ContainsKey('DownloadChain')){
New-Item -ItemType directory -path "$path\ChainCerts`_$ComputerName`_$port" -ErrorAction SilentlyContinue > $null
$psobject.chaincertificates.certificates | % {
try {
Set-Content $_.RawData -Encoding Byte -Path "$path\ChainCerts`_$ComputerName`_$port\$($_.thumbprint)`.cer" -ErrorAction stop
write-verbose "Certificate chain certificate saved to $path\ChainCerts`_$ComputerName`_$port\$($_.thumbprint)`.cer."
}
catch{
write-warning ("Unable to save certificate chain certificate to {0}: {1}" -f "$path\ChainCerts`_$ComputerName`_$port",$_.exception.message)
}
}
}
}
#abort any connections
$sslrequest.abort()
#return the object
$psobject
}
else{
#we were able to connect to the port but no ssl certificate was returned
write-warning ("[{0}] No certificate returned on port {1}."-f $ComputerName,$Port)
#abort any connections
$sslrequest.abort()
return $false
}
}
}
$ComputerName = import-csv "C:\TEMP\Failed Comp.csv" | select -ExpandProperty computer
$PortArray = '22 TCP',
'53 UDP',
'80 TCP',
'3389 TCP',
'443 TCP'
$objServersList = @()
Foreach ($Computer in $ComputerName){
$obj = @()
$obj = new-object psobject
$obj | add-member -name Computer -type noteproperty -value $Computer
foreach ($Port in $PortArray){
$Port1,$Port2 = $port.split(" ")
if ($Port2 -eq 'TCP'){
switch($Port1){
'3389'
{
$TestConnection = Test-NetConnection -ComputerName $Computer -Port $Port1
if($TestConnection.TcpTestSucceeded){
$Result = 'SUCCESS'
$obj | add-member -name $Port -type noteproperty -value $Result
$RdpCert = (Get-PortCertificate -ComputerName $Computer -port 3389) #
if($RdpCert -ne $false){ #sometimes 3389 is open but it's still unable to get a cert, this prevents it throwing an error.
$RdpCertString = ($RdPCert.subject).trimstart('CN=')
$obj | add-member -name 'RDP Cert' -type noteproperty -value $RdpCertString
}
}
else{
$Result = 'FAILURE'
$obj | add-member -name $Port -type noteproperty -value $result
}
}
'443'
{
$TestConnection = Test-NetConnection -ComputerName $Computer -Port $Port1
if($TestConnection.TcpTestSucceeded){
$Result = 'SUCCESS'
$obj | add-member -name $Port -type noteproperty -value $Result
$SslCert =(Get-PortCertificate -ComputerName $Computer -port 443)
if($SslCert -ne $false){ #sometimes 443 is open but it's still unable to get a cert, this prevents it throwing an error.
$SslCertString = ($SslCert.subject).replace(', ',' | ')
$obj | add-member -name 'SSL Cert' -type noteproperty -value $SslCertString
}
}
else{
$Result = 'FAILURE'
$obj | add-member -name $Port -type noteproperty -value $result
}
}
Default
{
$TestConnection = Test-NetConnection -ComputerName $Computer -Port $Port1
if($TestConnection.TcpTestSucceeded){
$Result = 'SUCCESS'
$obj | add-member -name $Port -type noteproperty -value $Result
}
else{
$Result = 'FAILURE'
$obj | add-member -name $Port -type noteproperty -value $Result
}
}
}
}
elseif($Port2 -eq 'UDP'){
$result = if((test-port -computer $computer -port $port1).open -eq $true){write-output "SUCCESS"}else{write-output "FAILURE"}
$obj | add-member -name $Port -type noteproperty -value $result
}
else{
$obj | add-member -name $Port -type noteproperty -value "Invalid protocol"
}
}
$obj | ft
$objServersList+=$obj
}
$objServersList | ft
最佳答案
Format-Table根据传递给它的前几个项目决定表头格式,因此,如果仅某些对象具有RDP Cert属性,而第一个此类对象不在列表的开头,则不会显示该表头格式。
解决方案是始终将属性添加到所有对象,而不管其是否具有值,或者通过请求Format-Table明确显示属性:
$objServersList | ft Computer,'22 TCP','53 UDP','80 TCP','3389 TCP','RDP Cert','443 TCP'
关于powershell - psobjects数组在扫描TCP和UDP端口脚本中丢失成员,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64500374/
25
4
0
我在 Ubuntu 10.04 LTS 上运行 Eclipse Galileo。今天 Ubuntu 在我身上崩溃了,重新启动后,我发现 Eclipse 已经完全失去了 Java Perspective
我使用配置了 sonata_user 的 SonataAdminBundle在 config.yml : sonata_user: impersonating: route:
我有 ubuntu 14.04 但它不见了 docker exec sudo docker exec -it ubuntu_bash bash 我希望在现有正在运行的 docker 容器中运行交互式
我正在使用 Ubuntu 8.04/32 位(作为虚拟机)。在一个不是 min 的项目上执行一些 make 时,我得到了错误: g++:/usr/lib/libstdc++.a: 没有这样的文件或目录
关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。 我们不允许在 Stack Overflow 上提出有关通用计算硬件和软件的问题。您可以编辑问题,使其成为
我正在尝试获取有关我在 UIImagePicker 中选择的视频的一些数据。 因此,当它进入 UIImagePicker 委托(delegate)方法(如下)时,我知道我需要使用信息字典中的 UIIm
我的网站最近被可能的黑客行为删除了。我上传了备份的文件夹和数据库,但现在我的 View 没有显示。其他一切都有效。我想不出有什么变化,只是上传了几天前的备份。 这些字段在 admin/build/vi
我执行以下操作来设置我的 session ,这是有效的,因为 echo 出现了。但是当我转到下一页或另一页时, session 不存在吗?我做错了什么? $session_start(); if ($
我试图在 BigQuery 中使用这段代码,显然是从 GA 中获取数据,但 _TABLE_SUFFIX 似乎有问题。错误显示“错误:无法识别的名称:_TABLE_SUFFIX at [12:3]”您能
输入:8(2 5 6 9 10 2 7 4)预期输出:(2 7 9 9 12 5 7 6)实际输出:(2 7 9 9) 这是我的大学作业,也是我第一次在这里提问。我不知道为什么,但 10 没有扫描,有
$('div'); // 我在上面的代码中遇到错误。在检查 .js 代码时,我找不到名为 $ 的函数,但根据文档,应该有一个。 最佳答案 试试 http://ajax.googleapis.co
以下简单代码的输出对我来说有点奇怪。它错过了在控制台上打印的 0 到 100 之间的一些数字。 谁能解释一下为什么省略打印?我对并发编程完全陌生。 import java.util.concurren
我正在学习 xamarin 以构建移动应用程序,但我对 Xamarin 和移动应用程序一无所知。我打开了一个空白的移动应用程序,其中有“Hello world”示例并编辑了一些文本,但我的应用程序图标
我正在将一些值存储到 sqlite 数据库中。因此,数据是作为字符串从文本字段收集的,然后转换为 double 并持久化。 这是我试过的 NSDecimalNumber 答案; value.answe
我有一个奇怪的案例。突然,其中一个表中的一些记录(这么多记录)丢失了。首先,我认为这是由我的 PHP 脚本中的错误引起的。但是,我检查了一下,我的脚本中没有DELETE操作,只有UPDATE。有谁知道
我正在复制 NSString来自 NSDictionary进入本地NSString使用 [[NSString alloc] initWithString:] ,对其进行处理(删除一些字符),然后将其发
当保存在根文件夹中时,我的非常基本的 html 页面保持样式。为一个组创建了一个新文件夹,但是当我将页面移动到该文件夹时,它们似乎失去了与 css 文件的连接。 认为问题可能出在链接上,因为它现在
我需要使用 OpenCV 训练一些图像。但问题是,我找不到 opencv_createsamples 程序。我以正常方式安装了 OpenCV,因为我使用的是 Windows 7。这个 opencv_c
我有一个绑定(bind)到 JTable 的 ArrayList。之后 bindingGroup.unbind(); bindingGroup.bind(); (完成刷新数据)我丢失了表格单元格渲
所以基本上我们只是丢失了一个 keystore 和备份 keystore 。但是我们可能知道原始 keystore 的密码。 我的问题是,如果我们知道原始 keystore 的密码,我们可以重新生成
我是一名优秀的程序员,十分优秀!