Skip to main content

This worklet takes advantage of output from netsh wlan show interfaces. The idea is to start a scheduled task and run that command every 30 minutes for 48 hours. The results are all stored in a CSV file on the drive for review later.



#remediation code



#Params

$TaskName = 'Wi-Fi Analysis 48-Hours'

$csv = 'Wi-Fi_Analysis.csv'

$workdir = 'C:\ProgramData\company\'

$file = $workdir + $csv

$repeatmin = 30 #minutes

$duration = 48 #hours



#cleanup before starting

IF(Test-Path $file){Remove-Item $file -Force}

$task = schtasks /query /tn "$TaskName"

IF($task){schtasks /Delete /TN "$TaskName"}



function Build-Scripts{

# Build script that will send message

$vbs = @"

command = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -windowstyle hidden -File $workdir`Get-wlanInterface.ps1 -Force"

set shell = CreateObject("WScript.Shell")

shell.Run command,0

"@

New-Item -Path "$workdir" -Name "RunPowerShellScript.vbs" -ItemType "file" -Value $vbs -force | Out-Null



$powershell = @"

`$interfaces = netsh wlan show interfaces

`$wlan = [pscustomobject] @{

Name = `$interfaces | Select-String -Pattern "Name" | % {((`$_ -split ":").Trim())[1]}

Description = `$interfaces | Select-String -Pattern "Description" | % {((`$_ -split ":").Trim())[1]}

GUID = `$interfaces | Select-String -Pattern "GUID" | % {((`$_ -split ":").Trim())[1]}

'Physical address' = (`$interfaces | Select-String -Pattern "Physical address" | % {((`$_ -split ":").Trim())[1..6]}) -Join ":"

State = `$interfaces | Select-String -Pattern "State" | % {((`$_ -split ":").Trim())[1]}

SSID = (`$interfaces | Select-String -Pattern "SSID")[0] | % {((`$_ -split ":").Trim())[1]}

BSSID = (`$interfaces | Select-String -Pattern "BSSID" | % {((`$_ -split ":").Trim())[1..6]}) -Join ":"

'Network type' = `$interfaces | Select-String -Pattern "Network type" | % {((`$_ -split ":").Trim())[1]}

'Radio type' = `$interfaces | Select-String -Pattern "Radio type" | % {((`$_ -split ":").Trim())[1]}

'Authentication' = `$interfaces | Select-String -Pattern "Authentication" | % {((`$_ -split ":").Trim())[1]}

Cipher = `$interfaces | Select-String -Pattern "Cipher" | % {((`$_ -split ":").Trim())[1]}

'Connection mode' = `$interfaces | Select-String -Pattern "Connection mode" | % {((`$_ -split ":").Trim())[1]}

Channel = `$interfaces | Select-String -Pattern "Channel" | % {((`$_ -split ":").Trim())[1]}

'Receive rate (Mbps)' = `$interfaces | Select-String -Pattern "Receive rate" | % {((`$_ -split ":").Trim())[1]}

'Transmit rate (Mbps)' = `$interfaces | Select-String -Pattern "Transmit rate" | % {((`$_ -split ":").Trim())[1]}

Signal = `$interfaces | Select-String -Pattern "Signal" | % {((`$_ -split ":").Trim())[1]}

Profile = `$interfaces | Select-String -Pattern "Profile" | % {((`$_ -split ":").Trim())[1]}

}

`$wlan | Export-Csv '$file' -Notypeinformation -Append

"@

New-Item -Path "$workdir" -Name "Get-wlanInterface.ps1" -ItemType "file" -Value $powershell -force | Out-Null



}

Build-Scripts



# Setup Scheduled Task

$action = New-ScheduledTaskAction -Execute "cscript" -Argument "$workdir\RunPowerShellScript.vbs"

$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes $repeatmin) -RepetitionDuration (New-TimeSpan -Hours $duration)

$desc = "Writes output of netsh wlan show interfaces to $output"

$task = Register-ScheduledTask -TaskName $TaskName -Action $action -Trigger $trigger -Description $desc -User "NT AUTHORITY\SYSTEM"

Start-ScheduledTask -TaskName $TaskName
Be the first to reply!

Reply