AutoRun Enabled
ID: windows-autorun-enabled
Severity: medium
Author: princechaddha
Tags: windows,autorun,code,windows-audit
Description
Section titled “Description”Checks if AutoRun is enabled for removable media.
YAML Source
Section titled “YAML Source”id: windows-autorun-enabled
info: name: AutoRun Enabled author: princechaddha severity: medium description: Checks if AutoRun is enabled for removable media. impact: | Enabling AutoRun for removable media can lead to automatic execution of malicious software. remediation: | Disable AutoRun to prevent potential malware from running automatically when a device is connected. tags: windows,autorun,code,windows-audit
self-contained: true
code: - pre-condition: | IsWindows(); engine: - powershell.exe args: - -ExecutionPolicy - Bypass pattern: "*.ps1" source: | if ((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name 'NoDriveTypeAutoRun' -ErrorAction SilentlyContinue).NoDriveTypeAutoRun -ne '0xFF') { Write-Output 'AutoRun is enabled'; }
matchers: - type: word words: - "AutoRun is enabled"# digest: 4a0a00473045022043f59bb21d80f39d706a762ebb25bcd04866074dcc30e67188d6eff277fd47eb022100be9888f60d9f69d6b993829443131083030d1dd5b9d57dc29e79b480b303803b:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "code/windows/audit/windows-autorun-enabled.yaml"