Premium Windows 11 Network & System Security Audit Tool. Enforce encrypted DNS-over-HTTPS (DoH), spoof MAC addresses dynamically, map open listening sockets, and hunt for sketchy running processes with a single interactive, administrator-elevated terminal dashboard.
- 📡 Port & Listener Audit: Scans active TCP and UDP sockets. Maps listening ports directly to their parent process name, process ID (PID), and file path, with an additional section highlighting established outbound network connections.
- 🔍 Sketchy Process Hunting: Employs heuristic analysis to identify anomalous running processes:
- Path Anomalies: Processes executing from dynamic or temporary directories (e.g.,
Temp,AppData\Local\Temp,Public,ProgramData). - System Process Mimicry: Flags core processes (like
svchost.exe,lsass.exe,explorer.exe) that are not executing from their standard, legitimate directories (C:\Windows\System32). - Digital Signature Check: Checks
Authenticodesignature validation on processes holding active open listeners, instantly flagging unsigned binaries.
- Path Anomalies: Processes executing from dynamic or temporary directories (e.g.,
- 🔒 DNS-over-HTTPS Enforcer:
- Performs system DNS leak checks.
- Automatically updates all active network interfaces to use secure Cloudflare DNS (IPv4:
1.1.1.1&1.0.0.1| IPv6:2606:4700:4700::1111&2606:4700:4700::1001). - Enforces global Windows 11
DoHPolicyin the registry to Require DoH (Encrypted Only), mitigating unencrypted fallback and local DNS snooping.
- 🔌 MAC Address Spoofing:
- Enumerates physical interfaces and their active MAC addresses.
- Generates valid Locally Administered Addresses (LAA) adhering to standard IEEE 802 rules (second digit as
2,6,A, orE). - Saves the new MAC to the registry, cycles the network interface, and verifies active registry updates automatically.
- Provides simple one-click restoration to revert adapters to their factory permanent hardware MAC.
- 📊 Unified Security Reporting: Auto-saves a comprehensive audit report in both JSON and stylized Markdown structures directly inside the
logs/directory for record-keeping and SIEM ingestion.
WinNetSentry/
├── README.md <- This file (Premium Project Documentation)
├── LICENSE <- MIT Open Source License
├── .gitignore <- Git exclusions for local logs and histories
├── WinNetSentry.ps1 <- Core PowerShell Interactive Script
└── logs/ <- Auto-generated Security Reports (JSON & MD)
- Operating System: Windows 11 (necessary for native DNS-over-HTTPS cmdlet support).
- Privileges: PowerShell must be executed as Administrator (the script will attempt to auto-elevate upon execution).
- PowerShell Version: PowerShell 5.1+ (Built-in standard) or PowerShell Core 7.x.
-
Clone this repository or copy files to your local system:
git clone https://github.com/yourusername/WinNetSentry.git cd WinNetSentry -
Open an elevated PowerShell terminal and bypass local execution restrictions for the current script session:
Set-ExecutionPolicy Bypass -Scope Process -Force
-
Launch the interactive dashboard:
.\WinNetSentry.ps1
-
Or run in Verbose Trace Mode for additional debug console lines during operation:
.\WinNetSentry.ps1 -VerboseOutput
graph TD
A[Start WinNetSentry.ps1] --> B{Is Admin?}
B -- No --> C[Auto Relaunch Elevated]
B -- Yes --> D[Show Interactive Menu]
D --> E1[1. Audit Network Ports]
D --> E2[2. Hunt Sketchy Processes]
D --> E3[3. Audit DNS Leak & DoH Status]
D --> E4[4. Enforce Cloudflare DoH]
D --> E5[5. Spoof Network MAC]
D --> E6[6. Restore Original MAC]
D --> E7[7. Export Reports]
D --> E8[8. Exit]
E4 --> F[Register CF Templates & Require DoH in Registry]
E5 --> G[Update Registry Subkey & Cycle Adapter]
E7 --> H[Write JSON & Markdown Logs in /logs]
This project is licensed under the MIT License. See the LICENSE file for details.
WinNetSentry is designed for local system auditing, personal privacy hardening, and network administration training. Always ensure you have authorization before conducting security configurations on enterprise environments.