RUN AS LOCALSYSTEM USER
This script will check for pending os patch updates. if there is any pending os patch updates are found, it will send them to given mail. you can find more information in the execution log of the script.
NOTE:
Gmail:
use this link to generate application password https://security.google.com/settings/security/apppasswords
1) Turn on Two-step verification ( https://security.google.com/settings/security )
2) select other in "select app" section
3) give any app name
4) select generate and use the 16 digit code as application password instead of email password
Outlook:
use this link to generate application password https://account.microsoft.com/security
1) Select Advance security options
2) Turn on Two-step verification
3) After completing Two-step verification scroll down in Advance security options page for App password Section
4) Select create a app password and use the 16 digit code as application password instead of email password
this script has been scanned with virustotal.com and xcitium verdict cloud.
PYTHON SCRIPT FILE SHA1 VALUE - c857f91971849ba6a383644ad4ad94fa45268de4
JSON FILE SHA1 VALUE - 7a5d9f82a60d3922fcfe6ec075471e6405614d84
Receiver = itsm.getParameter('EmailTo') ## Provide an Toemail address where the mail need to be sent.
Sender = itsm.getParameter('EmailFrom') ## Provide the From Email address from which the mail to be send
Password = itsm.getParameter('Password') ##Provide password for from email
MailFlag = itsm.getParameter('MailFlag') # Provide mail flag 1 or 0 (1 - outlook, 0 - gmail). the datatype should be a int.
import os
from subprocess import PIPE, Popen
import ctypes
import smtplib
import mimetypes
import socket
import ssl
from email.mime.multipart import MIMEMultipart
from email.message import Message
from email.mime.text import MIMEText
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
class ExecutionPolicy:
def __enter__(self):
with disable_file_system_redirection():
#getting current executionpolicy
self.old_policy = os.popen('powershell "Get-ExecutionPolicy"').read().strip()
#setting execution policy to RemoteSigned
os.popen('powershell "Set-ExecutionPolicy RemoteSigned"').read()
def __exit__(self, type, value, traceback):
with disable_file_system_redirection():
#setting execution policy back to previous policy
os.popen('powershell "Set-ExecutionPolicy %s"'%(self.old_policy)).read()
devicename = os.environ['COMPUTERNAME']
ip = socket.gethostbyname(socket.gethostname())
def gmail(sender_email,password,receiver,text):
msg = MIMEMultipart()
msg["From"] = sender_email
msg["To"] = receiver
msg["Subject"] = "OS pending patch update details for the DeviceName:%s and IP:%s"%(devicename,ip)
attachment = MIMEText(text, _subtype="plain")
attachment.add_header('Content-Disposition', 'attachment', filename="%s_OS_PendingPatchUpdates.txt"%(devicename))
msg.attach(attachment)
if MailFlag:
server = smtplib.SMTP("smtp.office365.com", 587)
else:
server = smtplib.SMTP("smtp.gmail.com", 587)
server.starttls()
server.login(sender_email,password)
server.sendmail(sender_email, receiver, msg.as_string())
server.quit()
print("successfully sent the pending os patch updates to mail")
def ecmd(command):
from subprocess import Popen, PIPE
import ctypes
with disable_file_system_redirection():
obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)
out, err = obj.communicate()
ret=obj.returncode
return ret,out,err
ps_content = """
$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=0 and Type='Software'").Updates | ft -a
"""
def OsUpdateCheck():
ps_name='powershell_file.ps1'
ps_path=os.path.join(os.environ['TEMP'], ps_name)
with open(ps_path, 'wb') as wr:
wr.write(ps_content)
with ExecutionPolicy():
ret,output,error = ecmd('powershell "%s"'%ps_path)
if ret==0:
if output:
print(output)
print("this system is vulnerable and it requires to update pending os patch updates")
gmail(Sender,Password,Receiver,output)
else:
print("there is no os pending updates")
else:
print("there has been an error occured")
print(error)
OsUpdateCheck()
Comments