SharpCGHunter
SharpCGHunter copied to clipboard
Receive the status of Windows Defender Credential Guard on network hosts.
SharpCGHunter
This tool can be used to identify the status of Windows Defender Credential Guard on network hosts.
At a high level, Credential Guard is a Windows feature that protects the host's secrets using virtualization-based security.
SharpCGHunter will query local and remote hosts to determine if Credential Guard is enabled and whether it is currently running. This tool will also return the virtualization-based security status on the host.
_____ _ _____ _____ _ _ _
/ ___| | / __ \ __ \| | | | | |
\ `--.| |__ __ _ _ __ _ __ | / \/ | \/| |_| |_ _ _ __ | |_ ___ _ __
`--. \ '_ \ / _` | '__| '_ \| | | | __ | _ | | | | '_ \| __/ _ \ '__|
/\__/ / | | | (_| | | | |_) | \__/\ |_\ \| | | | |_| | | | | || __/ |
\____/|_| |_|\__,_|_| | .__/ \____/\____/\_| |_/\__,_|_| |_|\__\___|_|
| |
|_|
Usage:
SharpCGHunter.exe --host=127.0.0.1
SharpCGHunter.exe --domain=net.local
Required Arguments:
NONE -Not specifying any arguments will execute it on the current host.
Optional Arguments:
--host= -Specify a single remote host, a list of comma-seperated hosts, or an IP with wildcards/CIDR notations.
A single host argument or comma-seperated host arguments can either be IPs or host names.
(I.E. --host=192.168.1.1,192.168.1.2 // --host=192.168.1.0/24 // --host=192.168.1.*)
--domain= -Specify the domain and the program will enumerate domain systems and query them for Credential Guard.
(I.E. --domain=TARGET.LOCAL // --domain=TARGET)
--help - Print help information.
Versions
0.0.2:
-
Added wildcard and CIDR notation to host argument
-
Supports domain enumeration and querying
-
Improved output with sorted results upon completion
0.0.1:
- Initial release
For reference:
Credential Guard: How it works
How to Verify if Device Guard is Enabled or Disabled in Windows 10