thai510-new · September 29, 2023 15:09
diff --git a/detect-webp-applications.ps1 b/detect-webp-applications.ps1
 # Set the DebugPreference to view debug messages
 $DebugPreference = 'Continue'

 # Download and import the CSV
 $url = "https://gist.githubusercontent.com/mttaggart/02ed50c03c8283f4c343c3032dd2e7ec/raw/8ad740330a071694450e7b84482b389e6a94abb0/20230927_electron-versions.csv"
 $csvContent = Invoke-WebRequest -Uri $url -UseBasicParsing
 $apps = $csvContent.Content | ConvertFrom-Csv

 # Expanded registry paths to search for installed apps
 $registryPaths = @(
    "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall",
    "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
    "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families",
    "HKLM:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families"
 )

 # Gather all installed apps from these paths
 $installedApps = $registryPaths | ForEach-Object {
    Get-ChildItem $_ -ErrorAction SilentlyContinue
 } | ForEach-Object {
    Get-ItemProperty $_.PSPath
 }

 $foundApplications = $false
 $outputString = "" # Initialize an empty string to collect output

 foreach ($app in $apps) {
    $installedApp = $installedApps | Where-Object { $_.DisplayName -match [regex]::Escape($app.app_name) }

    if ($installedApp) {
        if (-not $foundApplications) {
            $outputString += "Applications have been found installed on the machine that may be vulnerable to the WebP vulnerability. Please check their versions to see if they are affected.`r`n"
            $foundApplications = $true
        }
        
        $appName = $installedApp.DisplayName
        $appVersion = $installedApp.DisplayVersion
        $installDate = $installedApp.InstallDate
        $vendor = $installedApp.Publisher

        # Append the details to outputString
        $outputString += "`nApplication Name: $appName`r`n"
        $outputString += "Application Vendor Name: $vendor`r`n"
        $outputString += "Application Current Version: $appVersion`r`n"
        $outputString += "Application Installed Date: $installDate`r`n"
        $outputString += "Install Location: $($installedApp.InstallLocation)`r`n"
        $outputString += "Quiet Uninstall String: $($installedApp.QuietUninstallString)`r`n"
    }
 }

 # Only output and create an RMM Alert if an application was found
 if ($foundApplications) {
    # Print the outputString to standard output
    Write-Output $outputString

    # Comment out the following 2 lines below if using an RMM other than Syncro)
    Import-Module $env:SyncroModule
    Rmm-Alert -Category 'WebP Vulnerability Check' -Body $outputString
 } else {
    Write-Output "No applications found that match the list."
 }
	# Set the DebugPreference to view debug messages
	$DebugPreference = 'Continue'

	# Download and import the CSV
	$url = "https://gist.githubusercontent.com/mttaggart/02ed50c03c8283f4c343c3032dd2e7ec/raw/8ad740330a071694450e7b84482b389e6a94abb0/20230927_electron-versions.csv"
	$csvContent = Invoke-WebRequest -Uri $url -UseBasicParsing
	$apps = $csvContent.Content \| ConvertFrom-Csv

	# Expanded registry paths to search for installed apps
	$registryPaths = @(
	"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
	"HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall",
	"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
	"HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families",
	"HKLM:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families"
	)

	# Gather all installed apps from these paths
	$installedApps = $registryPaths \| ForEach-Object {
	Get-ChildItem $_ -ErrorAction SilentlyContinue
	} \| ForEach-Object {
	Get-ItemProperty $_.PSPath
	}

	$foundApplications = $false
	$outputString = "" # Initialize an empty string to collect output

	foreach ($app in $apps) {
	$installedApp = $installedApps \| Where-Object { $_.DisplayName -match [regex]::Escape($app.app_name) }

	if ($installedApp) {
	if (-not $foundApplications) {
	$outputString += "Applications have been found installed on the machine that may be vulnerable to the WebP vulnerability. Please check their versions to see if they are affected.`r`n"
	$foundApplications = $true
	}

	$appName = $installedApp.DisplayName
	$appVersion = $installedApp.DisplayVersion
	$installDate = $installedApp.InstallDate
	$vendor = $installedApp.Publisher

	# Append the details to outputString
	$outputString += "`nApplication Name: $appName`r`n"
	$outputString += "Application Vendor Name: $vendor`r`n"
	$outputString += "Application Current Version: $appVersion`r`n"
	$outputString += "Application Installed Date: $installDate`r`n"
	$outputString += "Install Location: $($installedApp.InstallLocation)`r`n"
	$outputString += "Quiet Uninstall String: $($installedApp.QuietUninstallString)`r`n"
	}
	}

	# Only output and create an RMM Alert if an application was found
	if ($foundApplications) {
	# Print the outputString to standard output
	Write-Output $outputString

	# Comment out the following 2 lines below if using an RMM other than Syncro)
	Import-Module $env:SyncroModule
	Rmm-Alert -Category 'WebP Vulnerability Check' -Body $outputString
	} else {
	Write-Output "No applications found that match the list."
	}