🚀 AppLocker Inspector v0.1

🚀 AppLocker Inspector v0.1

Initial public release of AppLocker Inspector, a PowerShell-based tool for auditing and scoring AppLocker policies. AppLocker Inspector audits an AppLocker policy XML and reports weak/misconfigured settings, including actual ACL checks.

Disclaimer: ChatGPT, my coding partner in "crime", wrote most of this. It's been heavily edited by me to remove as much sillyness as I could find and to make it more readable. However, if anyone finds anything wacky, please let me know so I can fix it! Hope it's useful to some people!! 🙌

Features

• Parse AppLocker XML policies and extract FilePath, FileHash, and Publisher rules.
• Risk scoring engine with four levels:
  • High – Broad principals with Write/Modify access, AuditOnly/NotConfigured collections, unsafe wildcards, or execution from user-writable areas.
  • Medium – Wildcards in writable parent directories, overly-broad publisher rules.
  • Low – Hash rules applied to broad groups.
  • Info – Broad principal but target path is read-only/protected (e.g., Program Files).
• Local NTFS permissions testing – checks whether paths in rules are writable by broad principals.
• Network share ACL testing – attempts to read share-level permissions for UNC paths.
• Customizable severity sorting (High → Medium → Low → Info).
• Multiple output formats:
  • Console (table view)
  • CSV (-OutCsv)
  • JSON (-AsJson)
  • HTML (-OutHTML)

Shoutout to @MHaggis for adding a super awesome HTML report feature (-OutHTML), containing security insights into the identified issues. Thanks for your work on this dude 💪🤘

👾 Feedback, issues, and contributions are welcome!