PingCastle Notify will run a PingCastle scan, compare the difference between a previous scan, highlight the diff and send the result into a Slack channel. The slack message will notify you regarding the different states: correction, recession etc
▶️ First scan
▶️ No new vulnerability but some rules have been updated
▶️ New vulnerabilty
▶️ Some vulnerability have been removed
▶️ No new vulnerability
No result in slack since reports are the same
SECU-TOOL-SCAN/
- PingCastle-Notify.ps1
- PingCastle/
- Reports/
- domain.local.xml
- domain.local.html
- Pingcastle.exe
- ...
- Download PingCastle
- Unzip the archive
- Create a "Reports" folder inside the PingCastle folder
- Download and add the file
PingCastle-Notify.ps1on the parent directory
- In Slack create an application https://api.slack.com/apps
- Add the following rights
- Click on "Add features and functionality" -> Bots (configure the name)
- Click on "Add features and functionality" -> Permissions (add the following permissions)
- Generate a "Bot User OAuth Token" on the Permissions tab
- Get your token add it to the PingCastle-Notify.ps1 script
- Create a slack channel and add your bot user to the channel
- You can test your bot using https://api.slack.com/methods/chat.postMessage/test
- Add the channel to the script
- Run the script to test using this command:
powershell.exe -exec bypass C:\YOUR_PATH\SECU-TOOL-SCAN\PingCastle-Notify.ps1
On your Windows Server go to
- Create a service account that will run the PS1 script every night
- Give privileges to the service account on the folder "Reports"
- Run taskschd.msc to open the Scheduler Task
- Create a Task and use the service account you just created
- Give the permission "Log on as Batch Job" to service account https://danblee.com/log-on-as-batch-job-rights-for-task-scheduler/
- Run the scheduled task to test the result
- Enjoy :)
- Vincent Le Toux - https://twitter.com/mysmartlogon
- Romain Tiennot - https://github.com/aikiox
- Lilian Arago - https://github.com/NahisWayard
MIT License