{"id":35341,"date":"2024-12-02T05:50:12","date_gmt":"2024-12-02T05:50:12","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=35341"},"modified":"2024-12-02T05:50:13","modified_gmt":"2024-12-02T05:50:13","slug":"scriptsentry","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/","title":{"rendered":"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts"},"content":{"rendered":"\n<p>ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and hazardous logon scripts that can pose significant security risks. <\/p>\n\n\n\n<p>It identifies unsafe permissions, plaintext credentials, and other vulnerabilities in UNC paths, GPOs, and NETLOGON\/SYSVOL shares. <\/p>\n\n\n\n<p>By highlighting these issues, ScriptSentry empowers organizations to secure their logon processes effectively.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Usage<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Run ScriptSentry and display results on the console\nIEX(Invoke-WebRequest 'https:\/\/raw.githubusercontent.com\/techspence\/ScriptSentry\/main\/Invoke-ScriptSentry.ps1')\nInvoke-ScriptSentry\n\n# Run ScriptSentry and save output to a text file\nIEX(Invoke-WebRequest 'https:\/\/raw.githubusercontent.com\/techspence\/ScriptSentry\/main\/Invoke-ScriptSentry.ps1')\nInvoke-ScriptSentry | Out-File c:\\temp\\ScriptSentry.txt\n\n# Run ScriptSentry and save results to separate csv files in the current directory\nIEX(Invoke-WebRequest 'https:\/\/raw.githubusercontent.com\/techspence\/ScriptSentry\/main\/Invoke-ScriptSentry.ps1')\nInvoke-ScriptSentry -SaveOutput $true<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Example Output<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code> _______  _______  _______ _________ _______ _________ _______  _______  _       _________ _______\n(  ____ \\(  ____ \\(  ____ )\\__   __\/(  ____ )\\__   __\/(  ____ \\(  ____ \\( (    \/|\\__   __\/(  ____ )|\\     \/|\n| (    \\\/| (    \\\/| (    )|   ) (   | (    )|   ) (   | (    \\\/| (    \\\/|  \\  ( |   ) (   | (    )|( \\   \/ )\n| (_____ | |      | (____)|   | |   | (____)|   | |   | (_____ | (__    |   \\ | |   | |   | (____)| \\ (_) \/\n(_____  )| |      |     __)   | |   |  _____)   | |   (_____  )|  __)   | (\\ \\) |   | |   |     __)  \\   \/\n      ) || |      | (\\ (      | |   | (         | |         ) || (      | | \\   |   | |   | (\\ (      ) (\n\/\\____) || (____\/\\| ) \\ \\_____) (___| )         | |   \/\\____) || (____\/\\| )  \\  |   | |   | ) \\ \\__   | |\n\\_______)(_______\/|\/   \\__\/\\_______\/|\/          )_(   \\_______)(_______\/|\/    )_)   )_(   |\/   \\__\/   \\_\/\n                              by: Spencer Alessi @techspence\n                                          v0.6\n                                      __,_______\n                                     \/ __.==---\/ * * * * * *\n                                    \/ (-'\n                                    `-'\n                            Setting phasers to stun, please wait..\n\n########## Unsafe UNC folder permissions ##########\n\nType                      File                                User          Rights\n----                      ----                                ----          ------\nUnsafeUNCFolderPermission \\\\eureka-dc01\\fileshare1            Everyone FullControl\nUnsafeUNCFolderPermission \\\\eureka-dc01\\fileshare1\\accounting Everyone FullControl\nUnsafeUNCFolderPermission \\\\eureka-dc01\\fileshare1\\IT         Everyone FullControl\n\n\n########## Unsafe logon script permissions ##########\n\nType                        File                                                   User                                                  Rights\n----                        ----                                                   ----                                                  ------\nUnsafeLogonScriptPermission \\\\eureka.local\\sysvol\\eureka.local\\scripts\\elevate.vbs NT AUTHORITY\\Authenticated Users ReadAndExecute, Synchronize\nUnsafeLogonScriptPermission \\\\eureka.local\\sysvol\\eureka.local\\scripts\\run.vbs     NT AUTHORITY\\Authenticated Users ReadAndExecute, Synchronize\nUnsafeLogonScriptPermission \\\\eureka.local\\sysvol\\eureka.local\\scripts\\test.cmd    EUREKA\\Domain Users                      Modify, Synchronize\n\n\n########## Unsafe GPO logon script permissions ##########\n\nType                           File                             User                                        Rights\n----                           ----                             ----                                        ------\nUnsafeGPOLogonScriptPermission \\\\eureka-dc01\\fileshare1\\run.bat EUREKA\\testuser Write, ReadAndExecute, Synchronize\nUnsafeGPOLogonScriptPermission \\\\eureka-dc01\\fileshare1\\run.bat Everyone                               FullControl\n\n\n########## Unsafe UNC file permissions ##########\n\nType                    File                                              User                                        Rights\n----                    ----                                              ----                                        ------\nUnsafeUNCFilePermission \\\\eureka-dc01\\fileshare1\\IT\\securit360pentest.bat Everyone                               FullControl\n\n\n########## Unsafe NETLOGON\/SYSVOL permissions ##########\n\nType                 Folder                  User                                          Rights\n----                 ------                  ----                                          ------\nUnsafeNetlogonSysvol \\\\eureka.local\\NETLOGON EUREKA\\Domain Users              Modify, Synchronize\nUnsafeNetlogonSysvol \\\\eureka.local\\SYSVOL   NT AUTHORITY\\Authenticated Users Modify, Synchronize\n\n########## Plaintext credentials ##########\n\nType        File                                                   Credential\n----        ----                                                   ----------\nCredentials \\\\eureka.local\\sysvol\\eureka.local\\scripts\\ADCheck.ps1 $password = ConvertTo-SecureString -String \"Password2468!\" -AsPlainText -Force\nCredentials \\\\eureka.local\\sysvol\\eureka.local\\scripts\\shares.cmd  net use f: \\\\eureka-dc01\\fileshare1\\it \/user:itadmin Password2468!\nCredentials \\\\eureka.local\\sysvol\\eureka.local\\scripts\\test.cmd    net use g: \\\\eureka-dc01\\fileshare1 \/user:user1 Password3355!\nCredentials \\\\eureka.local\\sysvol\\eureka.local\\scripts\\test.cmd    net use h: \\\\eureka-dc01\\fileshare1\\accounting \/user:userfoo Password5!\nCredentials \\\\eureka.local\\sysvol\\eureka.local\\scripts\\logon.kix   Use X: \"\\\\eureka-dc01\\fileshare2\" \/USER:itadmin \/P:Password2468!\n\n########## Nonexistent Shares ##########\n\nType             Server             Share                                 Script                                                   DNS Exploitable Admins\n----             ------             -----                                 ------                                                   --- ----------- ------\nNonexistentShare CUHOLDING          \\\\CUHOLDING\\QUICKBOOKS                \\\\eureka.local\\sysvol\\eureka.local\\scripts\\marketing.bat No  Potentially No    \nNonexistentShare eureka-srvnotexist \\\\eureka-srvnotexist\\NonExistingShare \\\\eureka.local\\sysvol\\eureka.local\\scripts\\test.cmd      No  Potentially No    \nNonexistentShare NAS                \\\\NAS\\PUBLIC                          \\\\eureka.local\\sysvol\\eureka.local\\scripts\\main.bat      No  Potentially No    \nNonexistentShare NAS                \\\\NAS\\SYMITAR                         \\\\eureka.local\\sysvol\\eureka.local\\scripts\\symregOLD.bat No  Potentially No    \n\n########## Admins with logonscripts ##########\n\nType             User                                                      LogonScript\n----             ----                                                      -----------\nAdminLogonScript LDAP:\/\/CN=Administrator,CN=Users,DC=eureka,DC=local       run.vbs\nAdminLogonScript LDAP:\/\/CN=it admin,OU=Admins,OU=Eureka,DC=eureka,DC=local elevate.vbs\n\n########## Admins with logonscripts mapped from nonexistent share ##########\n\nType                   Server             Share                                 Script                                              DNS Exploitable Admins                                                                \n----                   ------             -----                                 ------                                              --- ----------- ------                                                                \nExploitableLogonScript eureka-srvnotexist \\\\eureka-srvnotexist\\NonExistingShare \\\\eureka.local\\sysvol\\eureka.local\\scripts\\test.cmd No  Yes  LDAP:\/\/eureka.local\/CN=it admin,OU=Admins,OU=Eureka,DC=eureka,DC=local\nExploitableLogonScript eureka-srvnotexist \\\\eureka-srvnotexist\\NonExistingShare \\\\eureka.local\\sysvol\\eureka.local\\scripts\\test.cmd No  Yes  LDAP:\/\/eureka.local\/CN=user1,OU=Users,OU=Eureka,DC=eureka,DC=local  <\/code><\/pre>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and hazardous logon scripts that can pose significant security risks. It identifies unsafe permissions, plaintext credentials, and other vulnerabilities in UNC paths, GPOs, and NETLOGON\/SYSVOL shares. By highlighting these issues, ScriptSentry empowers organizations to secure their logon processes effectively. [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":35348,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,6321,6052,6325,6970],"class_list":["post-35341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools","tag-scriptsentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts<\/title>\n<meta name=\"description\" content=\"ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts\" \/>\n<meta property=\"og:description\" content=\"ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-02T05:50:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-02T05:50:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts\",\"datePublished\":\"2024-12-02T05:50:12+00:00\",\"dateModified\":\"2024-12-02T05:50:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\"},\"wordCount\":67,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp\",\"keywords\":[\"cybersecurity\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\",\"ScriptSentry\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\",\"name\":\"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp\",\"datePublished\":\"2024-12-02T05:50:12+00:00\",\"dateModified\":\"2024-12-02T05:50:13+00:00\",\"description\":\"ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts","description":"ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/","og_locale":"en_US","og_type":"article","og_title":"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts","og_description":"ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and","og_url":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-12-02T05:50:12+00:00","article_modified_time":"2024-12-02T05:50:13+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts","datePublished":"2024-12-02T05:50:12+00:00","dateModified":"2024-12-02T05:50:13+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/"},"wordCount":67,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","keywords":["cybersecurity","informationsecurity","kalilinux","kalilinuxtools","ScriptSentry"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/scriptsentry\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/","url":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/","name":"ScriptSentry : Uncovering And Mitigating Risks In Logon Scripts","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","datePublished":"2024-12-02T05:50:12+00:00","dateModified":"2024-12-02T05:50:13+00:00","description":"ScriptSentry finds misconfigured and dangerous logon scripts. ScriptSentry is a powerful tool designed to detect misconfigured and","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/scriptsentry\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/scriptsentry\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjIraVMmcJKGh4AtZKSK0NlX72xU20McvrwVZgFqmiJqxZsqE4Fa6vl_9Ps9C6j8-CYjhLnkgmdhgVpHOC0FgCiNx3TnA9wQo9DqBRpCPYcHEajK9xgFxvKVHkdtkyWpwDlPwIUKGhEhOVrL7J2zxLIm3Mo8PxMHqF0-t1KGtyblsETCEtSng1n7nmYNB8R\/s1600\/ScriptSentry%20.webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":7365,"url":"https:\/\/kalilinuxtutorials.com\/winpwn-automation-internal-windows-penetrationtest-ad-security\/","url_meta":{"origin":35341,"position":0},"title":"WinPwn : Automation for Internal Windows Penetrationtest \/ AD-Security","author":"R K","date":"November 21, 2019","format":false,"excerpt":"WinPwn is a automation for internal Windows Penetrationtest \/ AD-Security. In many past internal penetration tests I often had problems with the existing Powershell Recon \/ Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4439,"url":"https:\/\/kalilinuxtutorials.com\/winpwn-windows-penetrationtest-ad-security\/","url_meta":{"origin":35341,"position":1},"title":"WinPwn : Automation for Internal Windows Penetrationtest \/ AD-Security","author":"R K","date":"April 1, 2019","format":false,"excerpt":"In many past internal penetration tests I often had problems with the existing Powershell Recon \/ Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration called WinPwn. The script is mostly based on well-known large other offensive security\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":33470,"url":"https:\/\/kalilinuxtutorials.com\/invoke-adenum\/","url_meta":{"origin":35341,"position":2},"title":"Invoke-ADEnum : Comprehensive Guide To Active Directory Enumeratio","author":"Varshini","date":"June 25, 2024","format":false,"excerpt":"Invoke-ADEnum is an enumeration tool designed to automate the process of gathering information from an Active Directory environment. With Invoke-ADEnum, you can enumerate various aspects of Active Directory, including forests, domains, trusts, domain controllers, users, groups, computers, shares, subnets, ACLs, OUs, GPOs, and more. One of the features of Invoke-ADEnum\u2026","rel":"","context":"In &quot;Hacking Tools&quot;","block_context":{"text":"Hacking Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/hacking-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvYFhHfSZOzE7Kz7BihDgMfT5PPHcwF4nNDZiaEJebDs0VV7V3wNMVe_okW-8H_W8RH_v0Di3zB_hV_m3Yx-TkrF4FQ7GMiUEwDkZ2rGXbUpq2xq1n3wZc8Cg0yJBi_PvNcDxxtULFtgRBMXxf9metdcdhZWcCCQhcLHSglvbnDCgXzv1bm3sM8HZo1CcN\/s16000\/Invoke-ADEnum.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvYFhHfSZOzE7Kz7BihDgMfT5PPHcwF4nNDZiaEJebDs0VV7V3wNMVe_okW-8H_W8RH_v0Di3zB_hV_m3Yx-TkrF4FQ7GMiUEwDkZ2rGXbUpq2xq1n3wZc8Cg0yJBi_PvNcDxxtULFtgRBMXxf9metdcdhZWcCCQhcLHSglvbnDCgXzv1bm3sM8HZo1CcN\/s16000\/Invoke-ADEnum.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvYFhHfSZOzE7Kz7BihDgMfT5PPHcwF4nNDZiaEJebDs0VV7V3wNMVe_okW-8H_W8RH_v0Di3zB_hV_m3Yx-TkrF4FQ7GMiUEwDkZ2rGXbUpq2xq1n3wZc8Cg0yJBi_PvNcDxxtULFtgRBMXxf9metdcdhZWcCCQhcLHSglvbnDCgXzv1bm3sM8HZo1CcN\/s16000\/Invoke-ADEnum.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvYFhHfSZOzE7Kz7BihDgMfT5PPHcwF4nNDZiaEJebDs0VV7V3wNMVe_okW-8H_W8RH_v0Di3zB_hV_m3Yx-TkrF4FQ7GMiUEwDkZ2rGXbUpq2xq1n3wZc8Cg0yJBi_PvNcDxxtULFtgRBMXxf9metdcdhZWcCCQhcLHSglvbnDCgXzv1bm3sM8HZo1CcN\/s16000\/Invoke-ADEnum.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvYFhHfSZOzE7Kz7BihDgMfT5PPHcwF4nNDZiaEJebDs0VV7V3wNMVe_okW-8H_W8RH_v0Di3zB_hV_m3Yx-TkrF4FQ7GMiUEwDkZ2rGXbUpq2xq1n3wZc8Cg0yJBi_PvNcDxxtULFtgRBMXxf9metdcdhZWcCCQhcLHSglvbnDCgXzv1bm3sM8HZo1CcN\/s16000\/Invoke-ADEnum.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvYFhHfSZOzE7Kz7BihDgMfT5PPHcwF4nNDZiaEJebDs0VV7V3wNMVe_okW-8H_W8RH_v0Di3zB_hV_m3Yx-TkrF4FQ7GMiUEwDkZ2rGXbUpq2xq1n3wZc8Cg0yJBi_PvNcDxxtULFtgRBMXxf9metdcdhZWcCCQhcLHSglvbnDCgXzv1bm3sM8HZo1CcN\/s16000\/Invoke-ADEnum.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":10551,"url":"https:\/\/kalilinuxtutorials.com\/powersploit-a-powershell-post-exploitation-framework\/","url_meta":{"origin":35341,"position":3},"title":"PowerSploit : A PowerShell Post-Exploitation Framework","author":"R K","date":"May 12, 2020","format":false,"excerpt":"PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution Execute code on a target machine. Invoke-DllInjectionInjects a Dll into the process ID of your choosing.Invoke-ReflectivePEInjectionReflectively loads a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11782,"url":"https:\/\/kalilinuxtutorials.com\/deepbluecli\/","url_meta":{"origin":35341,"position":4},"title":"DeepBlueCLI : A PowerShell Module For Threat Hunting Via Windows Event Logs","author":"R K","date":"November 10, 2020","format":false,"excerpt":"DeepBlueCLI is a PowerShell Module for Threat Hunting via Windows Event Logs. Usage .\\DeepBlue.ps1 <event log name> <evtx filename> See the Set-ExecutionPolicy Readme if you receive a 'running scripts is disabled on this system' error. Process local Windows security event log (PowerShell must be run as Administrator): .\\DeepBlue.ps1or:.\\DeepBlue.ps1 -log security\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10662,"url":"https:\/\/kalilinuxtutorials.com\/nishang\/","url_meta":{"origin":35341,"position":5},"title":"Nishang : Offensive PowerShell For Red Team, Penetration Testing &#038; Offensive Security","author":"R K","date":"May 29, 2020","format":false,"excerpt":"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the current PowerShell session (PowerShell v3 onwards). PS C:\\nishang> Import-Module .\\nishang.psm1 Use\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/35341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=35341"}],"version-history":[{"count":4,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/35341\/revisions"}],"predecessor-version":[{"id":35346,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/35341\/revisions\/35346"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/35348"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=35341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=35341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=35341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}