Added PowerShell system information gathering.

README.md

@@ -7,7 +7,8 @@ available for the missing bulletins.
 
 It requires the 'systeminfo' command output from a Windows host in order to
 compare that the Microsoft security bulletin database and determine the 
-patch level of the host.
+patch level of the host. Can also parse 'systeminfo' generated using
+PowerShell Win32_OperatingSystem and Get-Hotfix.
 
 It has the ability to automatically download the security bulletin database
 from Microsoft with the --update flag, and saves it as an Excel spreadsheet.
@@ -87,6 +88,11 @@ $ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --ostext 'windo
 [M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical
 ```
 
+PowerShell system and hotfix information that mimics "systeminfo" command
+```
+PS C:\Users\user> Get-WmiObject Win32_OperatingSystem | Select * | Out-File -Encoding ASCII ${env:COMPUTERNAME}_$(get-date -f yyyyMMdd)_checks.txt; Get-Hotfix | Select-Object HotfixID | Out-File -Append -Encoding ASCII ${env:COMPUTERNAME}_$(get-date -f yyyyMMdd)_checks.txt
+```
+
 LIMITATIONS
 ===========
 Currently, if the 'systeminfo' command reveals 'File 1' as the output for

windows-exploit-suggester.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #
 # Windows Exploit Suggester
-# revision 3.3, 2017-02-13
+# revision 3.4, 2019-03-04
 #
 # author: Sam Bertram, Gotham Digital Science
 # contact: [email protected],[email protected],[email protected]
@@ -165,6 +165,12 @@
 #  Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
 #
 # CHANGE LOG
+# v34 2019-03-04
+# - added Service Pack test to accept ServicePackMajorVersion for Powershell sysinfo
+# - added Archtecture test to accept -bit for Powershell sysinfo
+# - Can now parse the output of the following PowerShell command that gathers system info and hotfixes
+#   - Get-WmiObject Win32_OperatingSystem | Select * | Out-File -Encoding ASCII ${env:COMPUTERNAME}_$(get-date -f yyyyMMdd)_checks.txt; Get-Hotfix | Select-Object HotfixID | Out-File -Append -Encoding ASCII ${env:COMPUTERNAME}_$(get-date -f yyyyMMdd)_checks.txt
+#
 # v33 2017-02-13
 # - added links to exploits and resources for each bulletins. can be ignored with the -q/--quiet flag
 # - hard coded ms11-011 to ignore false positives
@@ -571,11 +577,11 @@ def run(database):
         release = getrelease(haystack)
 
       # similar to OS, there is the words 'Service Pack' 
-      if "Service Pack" in haystack and not servicepack:
+      if "Service Pack" in haystack or "ServicePackMajorVersion" in haystack and not servicepack:
         servicepack = getservicepack(haystack)
 
       # get architecture only if -based is in the line, and --ostext hasn't been used
-      if "-based" in haystack and not architecture: 
+      if "-based" in haystack or "-bit" in haystack and not architecture: 
         architecture=getarchitecture(haystack)
 
     # look for kbs
@@ -1031,7 +1037,7 @@ def getarchitecture(ostext):
   # target Itanium with a simple search for 'tani'
   if "tani" in s: architecture="Itanium"
 
-  if getname(ostext) == "2008" and getrelease(ostext) == "2" and architecture == "32":
+  if getname(ostext) == "2008" and getrelease(ostext) == "3" and architecture == "32":
     if ARGS.verbose:
       ALERT("forcing unidentified architecture to 64-bit because OS identified as Windows 2008 R2 (although could be Itanium and wasn't detected?)")
     architecture = "64"