Program is a script generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.

All parameters placed in databases with the names of the operating systems that are used to.

Parameters were checked and tested according to official MS documentation and researchers opinion.

Scripts generates in 2 modes - auto and manual.

All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).

For every operating system were made additional profiles that you can generate separate or after generating the general script:

1. Windows XP
   • Windows Firewall (ShieldUp mode has separate confirmation)
2. Windows Vista
   • Windows Firewall (ShieldUp mode has separate confirmation)
   • Windows Defender
3. Windows 7
   • Windows Firewall (ShieldUp mode has separate confirmation)
   • Windows Defender
   • BitLocker
4. Windows 8
   • Windows Firewall (ShieldUp mode has separate confirmation)
   • Windows Defender
   • BitLocker
5. Windows 8.1
   • Windows Firewall (ShieldUp mode has separate confirmation)
   • Windows Defender
   • BitLocker
6. Windows 10
   • Windows Firewall (ShieldUp mode has separate confirmation)
   • Windows Defender
   • BitLocker
   • MS Edge
   • Next Generation Security
7. Windows 11
   • Windows Firewall (ShieldUp mode has separate confirmation)
   • Windows Defender
   • BitLocker
   • MS Edge
   • Next Generation Security

In manual mode you can check every parameter with description. Description will be translated (Google Translate) to system language if you have internet connection.

Every generated script has command to create a system restore point (if it disabled, script will enable it (not addons)).

Applying parameters contains secedit template and db, auditpol parameters, disabling some services with powershell and parameters from dbs.

All scripts will be .bat files. I don't like Powershell syntax :)

All additional files like secedit templates and others placed in Templates folder.

1. Download files

2. Start with python AHWT.py

3. Choose OS

   

4. Enter the name to your script

   

5. Choose mode

   

6. Choose the level of hardening

   

7. Add parameters of additional profiles if you need

   

8. Get additional files from Templates and place it with generated script

   -> ->

9. Run it on targeted PC

• Enrich DBs with new parameters for every OS
• Optimize code (for now its shitty code, i know :))
• Add support for third party software, Server editions and everything that relates to Windows operating systems
• Anything else...

Made with desire to help all Blue Teamers ❤️