twigs for Windows

Windows assets can be discovered using twigs Powershell script (twigs.ps1). This is a simple, agent-less, low impact way to discover all windows services and components / patches on a Windows system. This results in accurate vulnerability assessment with zero false positives. This script can be run locally or remotely as often as needed via automation to get the most current snapshot of your entire Windows footprint.

Twigs Powershell script for windows discovery is digitally signed for security reasons. You can discover local or remote Windows hosts using Twigs Powershell script. Follow the steps below to perform discovery of Windows assets using twigs Powershell script:

  • Logon to the Windows machine for discovery
  • Download twigs PowerShell script from here
  • Install signing certificate for the Powershell script
    • Right click the Powershell script in Windows explorer and select Properties
    • In the Properties window, click on “Digital Signatures” tab
    • In the “Signature List” table, select row for “ThreatWorx”
    • Click on “Details” and then “View Certificate”
    • Click on “Install Certificate…” to install the certificate for “Local Machine” in “Trusted Root Certificate Authorities” and “Trusted Publishers” store.
  • Note you will need API token key to perform discovery.
  • Please ensure that ExecutionPolicy allows running Powershell scripts. To view current execution policy, please run ‘Get-ExecutionPolicy’. Refer to note below for details on how to change it.
  • The typical command parameters to twigs Powershell script are as below

.\twigs.ps1 [[-mode] <String>] [[-remote_hosts_csv] <String>] [[-host_list] <String>] [[-password] <String>] [-handle] <String> [[-token] <String>] [[-instance] <String>] [[-out] <String>] [[-assetid] <String>] [[-assetname] <String>] [[-tags] <String[]>] [-tag_critical] [-no_scan] [-email_report] [<CommonParameters>]

  • To view above help run ‘.\twigs.ps1 -?’ or for detailed help message run ‘Get-Help .\twigs.ps1 -detailed’
  • For remote host discovery, you need to specify remote Windows host details in a CSV file.
  • This CSV file has the format as below:

hostname,userlogin,userpwd <Windows machine name or IP or CIDR>,<Login ID>,<Password> MyWindowsMachine,MyWindowsDomain\MyWindowsUser,MyWindowsUserPassword

  • Note it is recommended that you secure the password in the CSV file by using ‘-host_list’ option provided by Twigs Powershell script.
  • Specify appropriate arguments and run twigs Powershell script.

Help video:

You may need to relax the execution policy for Powershell scripts on your Windows box. Typically you can set it using Set-ExecutionPolicy as below:Set-ExecutionPolicy RemoteSignedorSet-ExecutionPolicy AllSigned