From d5b1f1ee3092875843b7e62cd41ab3cfa8b30f27 Mon Sep 17 00:00:00 2001 From: Alexander Date: Mon, 2 Jul 2018 23:30:06 -0500 Subject: [PATCH 1/3] Add IP Address Lookup --- PowerUpSQL.ps1 | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/PowerUpSQL.ps1 b/PowerUpSQL.ps1 index 4266f17..8e89b83 100644 --- a/PowerUpSQL.ps1 +++ b/PowerUpSQL.ps1 @@ -15660,6 +15660,11 @@ Function Get-SQLInstanceDomain HelpMessage = 'Performs UDP scan of servers managing SQL Server clusters.')] [switch]$CheckMgmt, + [Parameter(Mandatory = $false, + ValueFromPipelineByPropertyName = $true, + HelpMessage = 'Preforms a DNS lookup on the instance.')] + [switch]$IncludeIP, + [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = 'Timeout in seconds for UDP scans of management servers. Longer timeout = more accurate.')] @@ -15680,6 +15685,10 @@ Function Get-SQLInstanceDomain $null = $TblSQLServerSpns.Columns.Add('LastLogon') $null = $TblSQLServerSpns.Columns.Add('Description') + if($IncludeIP) + { + $null = $TblSQLServerSpns.Columns.Add('IPAddress') + } # Table for UDP scan results of management servers } @@ -15713,9 +15722,7 @@ Function Get-SQLInstanceDomain $SpnServerInstance = $SpnServerInstance -replace 'MSSQLSvc/', '' - # Add SQL Server spn to table - $null = $TblSQLServerSpns.Rows.Add( - [string]$_.ComputerName, + $TableRow = @([string]$_.ComputerName, [string]$SpnServerInstance, $_.UserSid, [string]$_.User, @@ -15723,7 +15730,27 @@ Function Get-SQLInstanceDomain [string]$_.Service, [string]$_.Spn, $_.LastLogon, - [string]$_.Description) + [string]$_.Description) + + if($IncludeIP) + { + try + { + $IPAddress = [Net.DNS]::GetHostAddresses([String]$_.ComputerName).IPAddressToString + if($IPAddress -is [Object[]]) + { + $IPAddress = $IPAddress -join ", " + } + } + catch + { + $IPAddress = "0.0.0.0" + } + $TableRow += $IPAddress + } + + # Add SQL Server spn to table + $null = $TblSQLServerSpns.Rows.Add($TableRow) } # Enumerate SQL Server instances from management servers From 981e6374f1a19d358a18eeaf51dcc79b2bbfe117 Mon Sep 17 00:00:00 2001 From: Alexander Date: Tue, 3 Jul 2018 08:17:41 -0500 Subject: [PATCH 2/3] Added Range Restriction to Get-SQLConnectionTest --- PowerUpSQL.ps1 | 54 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/PowerUpSQL.ps1 b/PowerUpSQL.ps1 index 8e89b83..c708fee 100644 --- a/PowerUpSQL.ps1 +++ b/PowerUpSQL.ps1 @@ -263,6 +263,16 @@ Function Get-SQLConnectionTest HelpMessage = 'SQL Server instance to connection to.')] [string]$Instance, + [Parameter(Mandatory = $false, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $true, + HelpMessage = 'IP Address of SQL Server.')] + [string]$IPAddress, + + [Parameter(Mandatory = $false, + HelpMessage = 'IP Address Range to Audit.')] + [string]$IPRange, + [Parameter(Mandatory = $false, HelpMessage = 'Connect using Dedicated Admin Connection.')] [Switch]$DAC, @@ -294,6 +304,33 @@ Function Get-SQLConnectionTest # Parse computer name from the instance $ComputerName = Get-ComputerNameFromInstance -Instance $Instance + if($IPRange -and $IPAddress) + { + if ($IPAddress.Contains(",")) + { + $ContainsValid = $false + foreach ($IP in $IPAddress.Split(",")) + { + if($(Test-Subnet -cidr $IPRange -ip $IP)) + { + $ContainsValid = $true + } + } + if (-not $ContainsValid) + { + Write-Warning "Skipping $ComputerName ($IPAddress)" + return + } + } + + if(-not $(Test-Subnet -cidr $IPRange -ip $IPAddress)) + { + Write-Warning "Skipping $ComputerName ($IPAddress)" + return + } + Write-Verbose "$ComputerName ($IPAddress)" + } + # Default connection to local default instance if(-not $Instance) { @@ -24686,6 +24723,22 @@ function Invoke-Parallel } +# Source: http://www.padisetty.com/2014/05/powershell-bit-manipulation-and-network.html +# Notes: Changed name from checkSubnet to Test-Subnet (Approved Verbs) +function Test-Subnet ([string]$cidr, [string]$ip) +{ + $network, [int]$subnetlen = $cidr.Split('/') + $a = [uint32[]]$network.split('.') + [uint32] $unetwork = ($a[0] -shl 24) + ($a[1] -shl 16) + ($a[2] -shl 8) + $a[3] + + $mask = (-bnot [uint32]0) -shl (32 - $subnetlen) + + $a = [uint32[]]$ip.split('.') + [uint32] $uip = ($a[0] -shl 24) + ($a[1] -shl 16) + ($a[2] -shl 8) + $a[3] + + $unetwork -eq ($mask -band $uip) +} + #endregion @@ -25541,7 +25594,6 @@ Function Invoke-SQLDumpInfo Write-Verbose -Message "$Instance - END" } - End { } From 6f978ffe4fdaf19aaad99ada603002addc40268a Mon Sep 17 00:00:00 2001 From: Alexander Date: Tue, 3 Jul 2018 09:34:02 -0500 Subject: [PATCH 3/3] Added Range Restrictions to Get-SQLConnectionTestThreaded --- PowerUpSQL.ps1 | 63 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 8 deletions(-) diff --git a/PowerUpSQL.ps1 b/PowerUpSQL.ps1 index c708fee..e95f485 100644 --- a/PowerUpSQL.ps1 +++ b/PowerUpSQL.ps1 @@ -270,7 +270,7 @@ Function Get-SQLConnectionTest [string]$IPAddress, [Parameter(Mandatory = $false, - HelpMessage = 'IP Address Range to Audit.')] + HelpMessage = 'IP Address Range In CIDR Format to Audit.')] [string]$IPRange, [Parameter(Mandatory = $false, @@ -301,6 +301,12 @@ Function Get-SQLConnectionTest Process { + # Default connection to local default instance + if(-not $Instance) + { + $Instance = $env:COMPUTERNAME + } + # Split Demarkation Start ^ # Parse computer name from the instance $ComputerName = Get-ComputerNameFromInstance -Instance $Instance @@ -319,6 +325,7 @@ Function Get-SQLConnectionTest if (-not $ContainsValid) { Write-Warning "Skipping $ComputerName ($IPAddress)" + $null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope') return } } @@ -326,17 +333,12 @@ Function Get-SQLConnectionTest if(-not $(Test-Subnet -cidr $IPRange -ip $IPAddress)) { Write-Warning "Skipping $ComputerName ($IPAddress)" + $null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope') return } Write-Verbose "$ComputerName ($IPAddress)" } - # Default connection to local default instance - if(-not $Instance) - { - $Instance = $env:COMPUTERNAME - } - # Setup DAC string if($DAC) { @@ -447,6 +449,16 @@ Function Get-SQLConnectionTestThreaded HelpMessage = 'SQL Server instance to connection to.')] [string]$Instance, + [Parameter(Mandatory = $false, + ValueFromPipeline = $true, + ValueFromPipelineByPropertyName = $true, + HelpMessage = 'IP Address of SQL Server.')] + [string]$IPAddress, + + [Parameter(Mandatory = $false, + HelpMessage = 'IP Address Range In CIDR Format to Audit.')] + [string]$IPRange, + [Parameter(Mandatory = $false, HelpMessage = 'Connect using Dedicated Admin Connection.')] [Switch]$DAC, @@ -489,10 +501,15 @@ Function Get-SQLConnectionTestThreaded if($Instance) { $ProvideInstance = New-Object -TypeName PSObject -Property @{ - Instance = $Instance + Instance = $Instance; } } + if($Instance -and $IPAddress) + { + $ProvideInstance | Add-Member -Name "IPAddress" -Value $IPAddress + } + # Add instance to instance list $PipelineItems = $PipelineItems + $ProvideInstance } @@ -509,10 +526,40 @@ Function Get-SQLConnectionTestThreaded $MyScriptBlock = { # Setup instance $Instance = $_.Instance + $IPAddress = $_.IPAddress # Parse computer name from the instance $ComputerName = Get-ComputerNameFromInstance -Instance $Instance + if($IPRange -and $IPAddress) + { + if ($IPAddress.Contains(",")) + { + $ContainsValid = $false + foreach ($IP in $IPAddress.Split(",")) + { + if($(Test-Subnet -cidr $IPRange -ip $IP)) + { + $ContainsValid = $true + } + } + if (-not $ContainsValid) + { + Write-Warning "Skipping $ComputerName ($IPAddress)" + $null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope') + return + } + } + + if(-not $(Test-Subnet -cidr $IPRange -ip $IPAddress)) + { + Write-Warning "Skipping $ComputerName ($IPAddress)" + $null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope') + return + } + Write-Verbose "$ComputerName ($IPAddress)" + } + # Setup DAC string if($DAC) {