Detect failed connections and notify you with the IP of the person attempting to hack/connect to your PC. This script only works on Windows.
- Download and extract the
Bruteforcer_Alertpackage. - Locate
bruteforcealert.ps1andbruteforcealert.batin theps1_file/Englishorps1_file/Frenchdirectory.
-
Edit the
bruteforcealert.batfile to add the path to yourbruteforcealert.ps1file.
- Open Local Group Policy Editor (Win + R >
gpedit.msc). - Navigate to:
Windows settings > Security settings > Advanced Audit Policy Configuration > System Audit Policies > Logon/Logoff. - Double-click on
Audit Logonand configure as follows:- Select "Configure the following audit events:"
- Check both "Success" and "Failure".
- Open Task Scheduler and click on "Create Task".
- Follow the steps below to configure the task:
- Ensure the name is filled in both circled areas.
-
Click "New".
-
Configure as follows:
- Begin the task: "On an event".
- Log: "Security".
- Source: "Microsoft Windows security auditing".
- Event ID:
4625.
-
Click "New".
-
Configure as follows:
- Action: "Start a program".
- Program/script: Browse to
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. - Add arguments: Add the path to your
bruteforcealert.batfile.
-
Right click on any of the file go to properties and select unlock
-
do it with the other one
-
open powershell as admin
-
then type: and press the asked key for yes
Set-ExecutionPolicy RemoteSigned
To test the setup:
- Enable Remote Desktop Connection in settings.
- From another PC, use the Remote Desktop Connection app to attempt a connection with the correct username but an incorrect password.
- Both PCs must be on the same network.
If you encounter any issues or have suggestions for improvement, feel free to open an issue on GitHub.