psobjects 数组在扫描 TCP 和 UDP 端口脚本时缺少成员

Array of psobjects missing members in scanning TCP and UDP ports script

我是 运行 这个扫描端口的脚本,将结果输出到 psobject。它首先检查端口是 TCP 还是 UDP,然后根据端口是 3389、443 还是其他端口运行开关。如果是 3389 或 443,它使用 get-portcertificate 函数获取证书的主题并将其添加到对象的成员中。

问题是,当脚本运行时,我可以从“$obj | ft”行看到它已将 RDP 证书和 SSL 证书成员添加到对象,但在“$objServersList | ft”行这两个不见了。这与 $obj 的某些实例具有“SSL 证书”成员而某些实例仅具有“RDP 证书”这一事实有关吗?我如何使它成为'merge'这两种类型的对象(或者如果不合适就放一个空值)

我正在使用 Caleb Keene 的 get-portcertificate 函数,我的代码在函数下面。


Function Get-PortCertificate {

<#

.SYNOPSIS
    Returns certificate information from a listening TLS/SSL service port.

.DESCRIPTION
    Gets the associated certificate from a TLS/SSL application service port.

.PARAMETER  Computername
    Hostname or IP address of the target system (Default: localhost).  The function uses the supplied computername to validate with the certificate's subject name(s).

.PARAMETER  Port
    Port to retrieve SSL certificate (Default: 443).

.PARAMETER  Path
    Directory path to save SSL certificate(s).  

.PARAMETER  DownloadChain
    Save all chain certificates to file.  A certificate chain folder will be created under the specfied -path directory.  -DownloadChain is dependent on the path parameter.

.NOTES
    Name: Get-PortCertificate
    Author: Caleb Keene
    Updated: 08-30-2016
    Version: 1.2

.EXAMPLE
    Get-PortCertificate -Computername Server1 -Port 3389 -Path C:\temp -verbose

.EXAMPLE
    "server1","server2","server3" | Get-PortCertificate 
#>   
 

[CmdletBinding()]
    param(
        [Parameter(Mandatory = $false, ValueFromPipeline = $true, Position = 0)]
        [Alias('IPAddress','Server','Computer')]              
        [string]$ComputerName =  $env:COMPUTERNAME,  
        [Parameter(Mandatory = $false,Position = 1)]
        [ValidateRange(1,65535)]
        [int]$Port = 443,
        [Parameter(Mandatory = $false)]
        [ValidateNotNullorEmpty()]
        [string]$Path

    )
    #use a dynamic parameter to prevent -downloadchain without -path.
    DynamicParam {
        #Need some sort of conditional check before allowing Dynamic Parameter
        If ($PSBoundParameters.ContainsKey('Path')) {
            #Same as [Parameter()]
            $attribute = new-object System.Management.Automation.ParameterAttribute
            $attribute.Mandatory = $false
            $AttributeCollection = new-object -Type System.Collections.ObjectModel.Collection[System.Attribute]
            $AttributeCollection.Add($attribute)

            #Build out the Dynamic Parameter
            # Need the Parameter Name, Type and Attribute Collection (Built already)
            $DynamicParam = new-object -Type System.Management.Automation.RuntimeDefinedParameter("DownloadChain", [switch], $AttributeCollection)
            
            $ParamDictionary = new-object -Type System.Management.Automation.RuntimeDefinedParameterDictionary
            $ParamDictionary.Add("DownloadChain", $DynamicParam)
            return $ParamDictionary
        }        
    }    

    Begin{
        #make sure the version is supported
        if ($psversiontable.psversion.Major -le 2 ){
                Write-warning "Function requires PowerShell version 3 or later."
                break            
        }

        #add a custom type name to control our objects default display properties
        try{ Update-TypeData -TypeName 'Get.PortCertificate' -DefaultDisplayPropertySet Subject,Issuer,NotAfter,NotBefore,ExpiresIn,CertificateValidNames,TargetName,TargetNameStatus,TargetNameStatusDetails,TargetNameIsValid,ChainPath,ChainStatus,ChainStatusDetails,CertificateIsValid -ErrorAction stop}
        catch{}

        #validate that the path is a filesystem directory
        if ($path) { 

            if(-not(test-path -PathType Container FileSystem::$path)){
                Write-warning "The supplied directory path is not valid: $path"
                break
            }

        }
       
    }

    Process {
        
        #make sure we are able to establish a port connection

        #Set our connection timeout
        $timeout = 1000

        #Create object to test the port connection
        $tcpobject = New-Object System.Net.Sockets.TcpClient 

        #Connect to remote port               
        $connect = $tcpobject.BeginConnect($ComputerName,$Port,$null,$null) 

        #Configure connection timeout
        $wait = $connect.AsyncWaitHandle.WaitOne($timeout,$false) 
        If (-NOT $Wait) {
            Write-Warning "[$($ComputerName)] Connection to port $($Port) timed out after $($timeout) milliseconds"
            return
        } Else {
            Try {
                [void]$tcpobject.EndConnect($connect)
                Write-Verbose "[$($ComputerName)] Successfully connected to port $($Port). Good!"
            } Catch {
                Write-Warning "[$($ComputerName)] $_"
                return
            }
        } 

        #Note: This also works for validating the port connection, but the default timeout when unable to connect is a bit long.
        <#
        try {
            (New-Object system.net.sockets.tcpclient -ArgumentList $computername,$port -ErrorAction stop).Connected
        }
        catch{            
            Write-Warning ("Unable to connect to {0} on port {1}"-f$ComputerName,$Port)
            return
        }
        #>


        Write-Verbose "[$($ComputerName)] Getting SSL certificate from port $($Port)."

        #create our webrequest object for the ssl connection
        $sslrequest = [Net.WebRequest]::Create("https://$ComputerName`:$port")
        $sslrequest.Timeout = 100000

        #make the connection and store the response (if any).
        try{$Response = $sslrequest.GetResponse()}
        catch{}

        #load the returned SSL certificate using x509certificate2 class
        if ($certificate = [Security.Cryptography.X509Certificates.X509Certificate2]$sslrequest.ServicePoint.Certificate.Handle){
            
            Write-Verbose "[$($ComputerName)] Certificate found!  Building certificate chain information and object data."

            #build our certificate chain object
            $chain = [Security.Cryptography.X509Certificates.X509Chain]::create()
            $isValid = $chain.Build($certificate)
            
            #get certificate subject names from our certificate extensions
            $validnames = @()
            try{[array]$validnames += @(($certificate.Extensions | ? {$_.Oid.Value -eq "2.5.29.17"}).Format($true).split("`n") | ? {$_} | % {$_.split("=")[1].trim()})}catch{}
            try{[array]$validnames += @($certificate.subject.split(",")[0].split("=")[1].trim())}catch{}
            
            #validate the target name
            for($i=0;$i -le $validnames.count - 1;$i++){
                if ($validnames[$i] -match '^\*'){
                    $wildcard = $validnames[$i] -replace '^\*\.'
                    if($computername -match "$wildcard$"){
                        $TargetNameIsValid = $true
                        break
                    }
                    $TargetNameIsValid = $false
                }
                else{
                    if($validnames[$i] -match "^$ComputerName$"){
                        $TargetNameIsValid = $true
                        break
                    }
                    $TargetNameIsValid = $false
                }
            }

            #create custom object to later convert to PSobject (required in order to use the custom type name's default display properties)
            $customized = $certificate | select *,
                @{n="ExtensionData";e={$_.Extensions | % {@{$_.oid.friendlyname.trim()=$_.format($true).trim()}}}},
                @{n="ResponseUri";e={if ($Response.ResponseUri){$Response.ResponseUri}else{$false}}},
                @{n="ExpiresIn";e={if((get-date) -gt $_.NotAfter){"Certificate has expired!"}else{$timespan = New-TimeSpan -end $_.notafter;"{0} Days - {1} Hours - {2} Minutes" -f $timespan.days,$timespan.hours,$timespan.minutes}}},
                @{n="TargetName";e={$ComputerName}},
                @{n="CertificateValidNames";e={$validnames}},
                @{n="ChainPath";e={$count=0;$chaincerts = @($chain.ChainElements.certificate.subject);$($chaincerts[($chaincerts.length -1) .. 0] | % {"{0,$(5+$count)}{1}" -f "---",$_;$count+=3}) -join "`n"}},
                @{n="ChainCertificates";e={@{"Certificates"=$chain.ChainElements.certificate}}},
                @{n="ChainStatus";e={if($isvalid -and !$_.chainstatus){"Good"}else{$chain.chainstatus.Status}}},
                @{n="ChainStatusDetails";e={if($isvalid -and !$_.chainstatus){"The certificate chain is valid."}else{$chain.chainstatus.StatusInformation.trim()}}},
                @{n="CertificateIsValid";e={$isValid}},
                @{n="TargetNameIsValid";e={$TargetNameIsValid}},
                @{n="TargetNameStatus";e={if($TargetNameIsValid){"Good"}else{"Invalid"}}},
                @{n="TargetNameStatusDetails";e={if($TargetNameIsValid){"The target name appears to be valid: $computername"}else{"TargetName $computername does not match any certificate subject name."}}} 
            
                 
            #get object properties for our PSObject
            $objecthash = [Ordered]@{}
            ($customized | Get-Member -MemberType Properties).name | % {$objecthash+=@{$_=$customized.$_}}
            
            #create the PSObject
            $psobject = New-Object psobject -Property $objecthash

            #add the custom type name to the PSObject
            $psobject.PSObject.TypeNames.Insert(0,'Get.PortCertificate')         
            
            #save our certificate(s) to file if applicable
            if ($path){

                write-verbose "Saving certificate(s) to file."

                try {
                    $psobject.RawData | Set-Content -Encoding Byte -Path "$path\Cert`_$ComputerName`_$port`.cer" -ErrorAction stop
                    write-verbose "Certificate saved to $path\Cert`_$ComputerName`_$port`.cer."
                }
                catch{write-warning ("Unable to save certificate to {0}: {1}" -f "$path\Cert`_$ComputerName`_$port`.cer",$_.exception.message)}

                if($PSBoundParameters.ContainsKey('DownloadChain')){
                    
                    New-Item -ItemType directory -path "$path\ChainCerts`_$ComputerName`_$port" -ErrorAction SilentlyContinue > $null
                    
                    $psobject.chaincertificates.certificates | % {
                        try {
                            Set-Content $_.RawData -Encoding Byte -Path "$path\ChainCerts`_$ComputerName`_$port$($_.thumbprint)`.cer" -ErrorAction stop
                            write-verbose "Certificate chain certificate saved to $path\ChainCerts`_$ComputerName`_$port$($_.thumbprint)`.cer."
                        }
                        catch{
                            write-warning ("Unable to save certificate chain certificate to {0}: {1}" -f "$path\ChainCerts`_$ComputerName`_$port",$_.exception.message)
                        }
                    }
                }
            }

            #abort any connections
            $sslrequest.abort()

            #return the object
            $psobject
                              
        }

        else{
            #we were able to connect to the port but no ssl certificate was returned
            write-warning ("[{0}] No certificate returned on port {1}."-f $ComputerName,$Port)

            #abort any connections
            $sslrequest.abort()
            return $false 
        }
    }
}


$ComputerName = import-csv "C:\TEMP\Failed Comp.csv" | select -ExpandProperty computer
$PortArray = '22 TCP',
             '53 UDP',
             '80 TCP',
             '3389 TCP',
             '443 TCP'

$objServersList = @()


Foreach ($Computer in $ComputerName){
    $obj = @()
    $obj = new-object psobject
    $obj | add-member -name Computer -type noteproperty -value $Computer

    foreach ($Port in $PortArray){
                $Port1,$Port2 = $port.split(" ")

                if ($Port2 -eq 'TCP'){
                    

                    switch($Port1){
                    '3389'
                        {
                            $TestConnection = Test-NetConnection -ComputerName $Computer -Port $Port1
                            if($TestConnection.TcpTestSucceeded){
                                $Result = 'SUCCESS'
                                $obj | add-member -name $Port -type noteproperty -value $Result

                                $RdpCert = (Get-PortCertificate -ComputerName $Computer -port 3389) #
                                if($RdpCert -ne $false){ #sometimes 3389 is open but it's still unable to get a cert, this prevents it throwing an error.
                                    $RdpCertString = ($RdPCert.subject).trimstart('CN=')
                                    $obj | add-member -name 'RDP Cert' -type noteproperty -value $RdpCertString
                                }

                            }
                            else{
                                $Result = 'FAILURE'
                                $obj | add-member -name $Port -type noteproperty -value $result
                            }   

                        }
                    '443'
                        {
                            $TestConnection = Test-NetConnection -ComputerName $Computer -Port $Port1
                            if($TestConnection.TcpTestSucceeded){
                                $Result = 'SUCCESS'
                                $obj | add-member -name $Port -type noteproperty -value $Result

                                $SslCert =(Get-PortCertificate -ComputerName $Computer -port 443)
                                if($SslCert -ne $false){ #sometimes 443 is open but it's still unable to get a cert, this prevents it throwing an error.
                                    $SslCertString = ($SslCert.subject).replace(', ',' | ')
                                    $obj | add-member -name 'SSL Cert' -type noteproperty -value $SslCertString
                                }

                            }
                            else{
                                $Result = 'FAILURE'
                                $obj | add-member -name $Port -type noteproperty -value $result
                            }     

                        }
                    Default
                        {
                            $TestConnection = Test-NetConnection -ComputerName $Computer -Port $Port1
                            if($TestConnection.TcpTestSucceeded){
                                $Result = 'SUCCESS'
                                $obj | add-member -name $Port -type noteproperty -value $Result
                            }
                            else{
                                $Result = 'FAILURE'
                                $obj | add-member -name $Port -type noteproperty -value $Result
                            }



                        }
                    }





                }
                elseif($Port2 -eq 'UDP'){
                   $result = if((test-port -computer $computer -port $port1).open -eq $true){write-output "SUCCESS"}else{write-output "FAILURE"}
                   $obj | add-member -name $Port -type noteproperty -value $result

                }
                else{
                    $obj | add-member -name $Port -type noteproperty -value "Invalid protocol"
                }          
    }
$obj | ft
$objServersList+=$obj

}

$objServersList | ft

Format-Table 根据传送给它的前几个项目决定 table header 格式,所以如果只有 some objects 有一个 RDP Cert 属性 并且第一个这样的 object 不在列表的开头,因此不会显示。

解决方案是 始终 将 属性 添加到所有 object 中,无论它是否有值,或者通过请求 Format-Table 显式显示 属性:

$objServersList | ft Computer,'22 TCP','53 UDP','80 TCP','3389 TCP','RDP Cert','443 TCP'