Skip to content

Home

Jump to bottom
nneeoo edited this page Sep 7, 2022 · 9 revisions

Welcome to the PSStopBruteforce wiki! headimg

The PSStopBruteforce modules to stop bruteforce attack on SMB, RDP and WinRm.

Installation

Install-Module -Name StopBruteforce

List of commands and examples

The following is a list of commands which are available for you to use once you follow the steps in Installation

Command Description
Stop-Bruteforce Read Windows Event Log, search for Audit Failure. Adds ip adresses of attackers to deny firewall rule.
Get-Bruteforce Read Windows Event Log, search for Audit Failure and Audit success anonymous logon events. Return array of BruteStatistics.
Protect-FromBruteforce Read Windows Event Log, search for Audit Success. Add ip adresses of non anonymous users to default firewall rules.
Unprotect-FromBruteforce Reset remote scope of default firewall rules for SMB, WinRM or RDP back to ANY.

Change log

A full list of changes in each version can be found in the change log.

Clone this wiki locally