Usage - fbprogmbh/Hardening-Audit-Tool-AuditTAP GitHub Wiki

Optionally, import ATAPAuditor module:

Import-Module -Name ATAPAuditor

By default the module creates a new report in Documents\ATAPReports folder. A list of all available reports can be found in above table. Just substitute the ReportName with the name of the benchmark. Append -Path to specify output folder.

❗ ATAP is only compatible with PowerShell 5. When run in a different PowerShell version, the user will be prompted to open a PowerShell 5 console or stop the script. ❗

Examples:

Save-ATAPHtmlReport -ReportName "Microsoft Windows 11 Stand-alone" -RiskScore -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10" -RiskScore -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 11" -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10 BSI" -RiskScore -Path C:\Temp
Save-ATAPHtmlReport -ReportName "Microsoft Windows Server 2022" -Path C:\Temp
Save-ATAPHtmlReport -ReportName "Google Chrome"
Save-ATAPHtmlReport -ReportName "Ubuntu 20.04"

Pro-Tip: After typing Save-ATAPHtmlReport -ReportName, use the keyboard shortcut <ctrl> + <space> to display all available parameters and select the desired report using arrow-keys.

The ATAPAuditor module also provides a simple menu based runner for reports. It can be found in ATAPAuditor\Helpers\Menu.ps1. When using the Windows based installer, a shortcut can be found in the start menu.

How to Update

In order to update AuditTAP, you need to update both modules "ATAPAuditor" and "ATAPHtmlReport". To do that, just run the following line of code:

For updating ATAPAuditor:

Update-Module ATAPAuditor

For updating ATAPHtmlReport:

Update-Module ATAPHtmlReport

If you want to update via Installer, make sure to download the latest version of AuditTAP. Then just follow the installation steps.

Good to know

  • Make sure your execution policy is set to at least remoteSigned (the scripts are not digitally signed)
Set-ExecutionPolicy RemoteSigned -scope CurrentUser
  • You can extend your AuditReports with a RiskScore by adding the RiskScore-Switch parameter (currently only available for Windows Reports):
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10" -Force -RiskScore
  • ATAPAuditor has a dependency on ATAPHtmlReport.
  • Some reports take more than a few seconds because hundreds of individual settings and controls are checked. Please be patient, the result will satisfy your needs 😉
  • If you used old versions of AuditTAP you may want to clean up your modules. Be sure you have not integrated AuditTAP functionality in reporting processes. In order to accomplish this task you can use the following script.
# Remove all old AuditTAP Reports if available
$collection = @("ATAPHtmlReport","Excel2016Audit","GoogleChromeAudit","IIS8Audit","IIS10Audit","MicrosoftIE11Audit","MozillaFirefoxAudit","Outlook2016Audit","Powerpoint2016Audit","Skype4Business2016Audit","SQL2016Benchmarks","Windows10Audit","Windows10GDPRAudit","WindowsServer2016Audit","Word2016Audit")
ForEach ($item in $collection)
{
  if (Get-Module -ListAvailable -Name $item)
  {
    # Module found, so remove it
    $installPath = Get-Module -ListAvailable $item | Select-Object -ExpandProperty Path | Split-Path -Parent
    Remove-Item -Path $installPath -Recurse -Force -Confirm:$false
  }
  else
  {
    # Module not installed, do nothing and take next item
  }
}

Sample reports

You can find several sample reports in the "Samples" folder.

⚠️ **GitHub.com Fallback** ⚠️