A comprehensive security scanning tool for Windows systems
Project description
๐ Windows Security Auditor
A comprehensive Python-based security scanning tool for Windows systems. Identifies security misconfigurations, vulnerabilities, and potential threats with beautiful console output and detailed reports.
๐ Table of Contents
- Features
- Quick Start
- Installation
- Usage
- Security Checks
- Report Formats
- Configuration
- Requirements
- Contributing
- License
โจ Features
- ๐ Multiple Scan Modes: Basic (3 checks), Full (11 checks), or Custom scan profiles
- ๐ Beautiful Console UI: Rich tables, panels, and progress indicators
- ๐ Multiple Report Formats: Console, JSON, and HTML reports
- ๐ก๏ธ Comprehensive Security Checks: 11 security modules covering system, network, and software
- ๐ Threat Detection: Identifies suspicious startup programs, brute force attempts, and malicious PowerShell activity
- โก Fast & Lightweight: Efficient WMI and PowerShell integration
- ๐ค CI/CD Ready: JSON output and exit codes for automation
- ๐ฏ Modular Design: Easy to extend with new security checks
๐ Quick Start
Three commands to get started:
# Install the tool
pip install winsec-auditor
# Run an interactive scan
winsec-audit
# Generate a full HTML report
winsec-audit --scan full --html security_report.html
๐ฆ Installation
From PyPI (Recommended)
pip install winsec-auditor
From Source
# Clone the repository
git clone https://github.com/yourusername/winsec-auditor.git
cd winsec-auditor
# Create virtual environment (recommended)
python -m venv .venv
.venv\Scripts\activate # Windows
# Install in editable mode
pip install -e ".[dev]"
Requirements
- Operating System: Windows 10/11 or Windows Server 2016+
- Python: 3.9 or higher
- Privileges: Administrator rights recommended for best results
๐ฏ Usage
Interactive Mode
Launch the interactive menu to select your scan type:
winsec-audit
โญโโโโโโโโโโโโโโ Select Scan Type โโโโโโโโโโโโโโฎ
โ โ
โ 1. Basic Scan - Quick system overview โ
โ 2. Full Scan - Comprehensive audit โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Enter your choice [2]:
Basic Scan
Quick scan of essential security settings (3 checks):
winsec-audit --scan basic
Checks included:
- System information and resources
- Windows Update status
- Firewall configuration
Full Scan
Comprehensive security audit (11 checks):
winsec-audit --scan full
Custom Checks
Run only specific security checks:
# Check firewall and network only
winsec-audit --check firewall,network
# Check user accounts and services
winsec-audit --check users,services
# Multiple specific checks
winsec-audit --check firewall,users,registry,events
Generate Reports
JSON Output:
# Output to stdout
winsec-audit --scan full --json
# Save to file
winsec-audit --scan full --json results.json
HTML Report:
winsec-audit --scan full --html audit_report.html
Combined Output:
winsec-audit --scan full --json results.json --html report.html
List Available Checks
winsec-audit --list-checks
Output:
โโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ID โ Name โ Type โ Description โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ system โ System Information โ basic โ Basic system information and resource โ
โ โ โ โ usage โ
โ updates โ Windows Updates โ basic โ Check Windows Update status โ
โ firewall โ Firewall Status โ basic โ Check Windows Firewall status for all โ
โ โ โ โ profiles โ
โ autorun โ Autorun Programs โ full โ Check startup programs with suspicious โ
โ โ โ โ detection โ
โ users โ User Accounts โ full โ Analyze user accounts and privileges โ
โ ... โ ... โ ... โ ... โ
โโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Additional Options
# Verbose mode for detailed error information
winsec-audit --scan full --verbose
# Disable colored output (useful for logging)
winsec-audit --scan full --no-color
# Check version
winsec-audit --version
๐ Security Checks
The Windows Security Auditor performs 11 comprehensive security checks across your system:
| Check | Scan Type | Description |
|---|---|---|
| System Information | Basic | OS version, architecture, processor, disk space, memory usage, uptime |
| Windows Updates | Basic | Pending updates, Windows Update service status |
| Firewall Status | Basic | All profiles status (Domain, Private, Public) |
| Autorun Programs | Full | Startup items with suspicious path and keyword detection |
| User Accounts | Full | User enumeration, admin privileges, guest account status, active sessions |
| Running Services | Full | Service enumeration with risky service identification |
| Registry Security | Full | UAC settings, PowerShell execution policy, security settings |
| Network Security | Full | Listening ports, active connections, network interface status |
| Security Software | Full | Antivirus, firewall, and antispyware status via WMI |
| Event Log Analysis | Full | Brute force detection, account lockouts, suspicious PowerShell activity |
Security Levels
Findings are classified with clear severity indicators:
| Level | Color | Description | Action Required |
|---|---|---|---|
โน๏ธ info |
Blue | Informational | None - for awareness |
โ
ok |
Green | Secure/Good | None - maintain current state |
โ ๏ธ warning |
Yellow | Needs attention | Review and consider remediation |
๐จ critical |
Red | Security risk | Immediate action required |
๐ Report Formats
Console Output
Beautiful Rich-based output with tables and color-coded findings:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ Windows Security Audit Report โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Scan Summary
โโโโโโโโโโโโโโโณโโโโโโโโ
โ Metric โ Count โ
โกโโโโโโโโโโโโโโโโโโโโโโฉ
โ Total โ 45 โ
โ โ
Secure โ 12 โ
โ โ Warnings โ 5 โ
โ ๐จ Critical โ 1 โ
โ โน Info โ 27 โ
โโโโโโโโโโโโโโโดโโโโโโโโ
[bold blue]System Information[/bold blue]
โน Operating System: Windows 10 22H2
โน Architecture: 64bit
โน Processor: Intel64 Family 6 Model 158
โ
Disk Space (C:): 150.5 GB free of 500.0 GB (30% used)
โ
Memory: 8.2 GB available of 16.0 GB (49% used)
[bold green]Windows Updates[/bold green]
โ
System is up to date
โ
Windows Update service is running
[bold yellow]Registry Security[/bold yellow]
๐จ PowerShell execution policy is too permissive: unrestricted
[bold green]Security Software[/bold green]
โ
Active antivirus: Windows Defender
โ
Windows Firewall is active (3/3 profiles)
โ
Windows Defender Antispyware is enabled
JSON Output
Structured data perfect for automation and integration:
{
"timestamp": "2026-02-15T10:30:00",
"scan_type": "full",
"summary": {
"total": 45,
"info": 27,
"ok": 12,
"warning": 5,
"critical": 1,
"error": 0
},
"findings": [
{
"category": "System Information",
"status": "info",
"description": "Operating System: Windows 10 22H2",
"details": {
"version": "10.0.19045",
"machine": "AMD64"
}
},
{
"category": "Registry Security",
"status": "critical",
"description": "PowerShell execution policy is too permissive: unrestricted",
"details": null
}
]
}
HTML Report
Professional, responsive HTML report with dark theme:
Features:
- Modern gradient design
- Summary cards with color coding
- Categorized findings with icons
- Status badges for quick scanning
- Responsive layout for all devices
โ๏ธ Configuration
Environment Variables
| Variable | Description | Default |
|---|---|---|
WINSEC_NO_COLOR |
Disable colored output | false |
WINSEC_VERBOSE |
Enable verbose logging | false |
Exit Codes
| Code | Meaning |
|---|---|
0 |
Success - no issues found |
1 |
Warnings found (review recommended) |
2 |
Critical issues found (immediate action required) |
130 |
Scan interrupted by user |
๐ Requirements
System Requirements
- OS: Windows 10, Windows 11, Windows Server 2016, 2019, 2022
- Architecture: x64 (64-bit)
- Privileges: Administrator rights recommended
Python Dependencies
rich>=13.0.0
click>=8.0.0
psutil>=5.9.0
wmi>=1.5.1
colorama>=0.4.6
Windows Features Required
- Windows Management Instrumentation (WMI)
- PowerShell 5.1 or higher
- Windows Event Log access (for event analysis)
๐ค Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines on:
- Setting up the development environment
- Running tests
- Adding new security checks
- Code style requirements
- Pull request process
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Acknowledgments
Built with:
- Rich - Beautiful terminal formatting
- Click - Command-line interface framework
- psutil - System monitoring
- WMI - Windows Management Instrumentation
Made with โค๏ธ for the Windows security community
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
winsec_auditor-0.1.0.tar.gz
(58.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file winsec_auditor-0.1.0.tar.gz.
File metadata
- Download URL: winsec_auditor-0.1.0.tar.gz
- Upload date:
- Size: 58.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cb47afe736b984df31995ee7a832f0f3c6389f64e40de371e669e26f439dec08
|
|
| MD5 |
dcda0f5f9f5216b6f89fc0ee11953776
|
|
| BLAKE2b-256 |
7d956db60b2f7da1e52d93693e75f97f10996ef40d4917cd5b79b33dff2d552a
|
File details
Details for the file winsec_auditor-0.1.0-py3-none-any.whl.
File metadata
- Download URL: winsec_auditor-0.1.0-py3-none-any.whl
- Upload date:
- Size: 45.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
55a1410e30860a3ec0dc27acc632a0b7822ae43c5a0307e601c4223d33b8a40b
|
|
| MD5 |
86c327661c7727590ba8cc75e1496444
|
|
| BLAKE2b-256 |
f977269b5bedee619107d8d9a29ed0dd62a00290f5f578efdd97375b476ddac0
|
