Skip to content

SDimitri05/programmatic-vulnerability-remediation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

Programmatic Vulnerability Remediations

Catalog of automation scripts used to remediate vulnerabilities identified by Tenable / Nessus scanners in Windows environments.

This repository serves as a catalog of remediation scripts used during a full vulnerability management program implementation.

The scripts demonstrate how security teams can automate vulnerability remediation and configuration hardening across Windows environments.

Each remediation includes a script reference and the script’s author.


Repository Ecosystem

This repository is part of a larger vulnerability management project demonstrating the full remediation lifecycle.

Repository Purpose
vulnerability-management-program End-to-end implementation of a vulnerability management program including policy creation, scanning, remediation, and validation.
programmatic-vulnerability-remediation (this repository) Catalog of remediation scripts used during the vulnerability remediation process.
cve-2013-3900-winverifytrust-mitigation Script-based remediation for CVE-2013-3900.
nessus-57608-smb-signing-required Script enforcing SMB signing.
nessus-10114-icmp-timestamp-mitigation Script mitigating ICMP timestamp disclosure.

Together, these repositories demonstrate how vulnerabilities can be identified, prioritized, remediated programmatically, and validated within a structured vulnerability management lifecycle.


Remediation Index

The following remediations are listed in the order they were implemented during the vulnerability remediation lifecycle.

Order Vulnerability Severity Type Plugin ID Script Source Remediation Repo Author
1 Outdated Wireshark Installation 🔴 Critical / High Software Multiple Script Josh Madakor
2 Deprecated TLS Protocols Enabled 🟠 Medium Configuration Various Script Josh Madakor
3 Weak Cipher Suites Enabled 🟠 Medium Configuration Various Script Josh Madakor
4 Guest Account in Administrators Group 🟠 Medium Configuration Google Tenable Plugin DB Script Josh Madakor
5 WinVerifyTrust CVE-2013-3900 🔴 High Configuration 166555 Repo Sun Dimitri NFANDA
6 SMB Signing Not Required 🟠 Medium Configuration 57608 Repo Sun Dimitri NFANDA
7 ICMP Timestamp Disclosure 🟡 Low Network 10114 Repo Sun Dimitri NFANDA

Purpose

These remediations demonstrate how security teams can implement programmatic vulnerability remediation as part of an enterprise vulnerability management program.

The process includes:

  1. Vulnerability discovery via authenticated scans
  2. Risk prioritization
  3. Script-based remediation
  4. Change management approval
  5. Validation via follow-up scans

This approach enables organizations to automate configuration hardening and reduce vulnerability exposure efficiently.


Technologies Used

  • PowerShell
  • Windows Server / Windows 10
  • Tenable Vulnerability Management
  • Nessus Plugin Database

Related Project

Full vulnerability management program implementation:

https://github.com/SDimitri05/vulnerability-management-program


License

MIT License

About

PowerShell automation scripts for programmatic remediation of vulnerabilities identified by Tenable / Nessus vulnerability scans.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors