Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

PSScriptAnalyzer: SAST Tool for PowerShell Script

3 min readOct 7, 2022
Press enter or click to view image in full size

PowerShell Script Analyzer, also known as PSScriptAnalyzer, is a static code analysis tool (SAST tool), which examines the PowerShell written code and evaluates it for various machine-measurable best practices. The module accomplishes this through rules, each of which defines a best practice and tells the engine how to scan for it. However, the rules can be customized and can be used to test for best scripting practices and Secure code review.

1- Open the CMD on windows with administrator access and type PowerShell.

Press enter or click to view image in full size

2- To get started, you first need to install and import the required PowerShell module. Type the below-mentioned commands.

Install-Module -Name PSScriptAnalyzer

Import-Module -Name PSScriptAnalyzer

3- To check the In-built rules available in PSScriptAnalyzer.

Get-ScriptAnalyzerRule | Select-Object RuleName

Press enter or click to view image in full size

4- To check the description of any mentioned rules

Get-ScriptAnalyzerRule -Name “RuleName”

Press enter or click to view image in full size

Invoke-ScriptAnalyzer .\Sample.ps1

Press enter or click to view image in full size

6- To arrange the results in systematic format.

Invoke-ScriptAnalyzer .\Script_Tags.ps1 | Select-Object Severity, Line, Message, RuleName | Format-List

Press enter or click to view image in full size

Security Auditing for PowerShell Scripts:

1- Copy and Paste the following command to install this package “InjectionHunter” (https://www.powershellgallery.com/packages/InjectionHunter/1.0.0 )

Install-Module -Name InjectionHunter

2- Check the path where InjectionHunter is deployed.

Get-Module InjectionHunter -List | Foreach-Object Path

Press enter or click to view image in full size

3- Invoke the Analyzer + InjectionHunter with the below mentioned command.

Invoke-ScriptAnalyzer .\Script_Tags.ps1 -CustomRulePath (Get-Module InjectionHunter -List | % Path) -v

Press enter or click to view image in full size

This is just an introduction to the SAST analysis with PSScriptAnalyzer, there is much more customization you can perform with this tool like creating your custom rules, perform security testing and so on. Feel free to navigate through the documentation of the tool.

(Reference URL: https://learn.microsoft.com/en-us/powershell/module/psscriptanalyzer/?view=ps-modules )

Stay Curious Stay Protected!!

Powershell
Cybersecurity
Bug Bounty
Coding
Hacking

--

--

Vaibhav Kumar Srivastava
Vaibhav Kumar Srivastava

Written by Vaibhav Kumar Srivastava

695 followers
47 following

Penetration Tester | Masters in Information Security

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech