Public Beta · v2.0.0

Windows security posture, assessed in minutes.

WinSecMon is a read-only, agentless assessment engine that inspects a Windows host against 137 checks across 20 security domains — from Active Directory and ADCS to attack paths, accounts, and host exposure — and produces forensic-grade, tamper-evident reports.

Download the beta Read the documentation

Read-only & non-intrusive Agentless — nothing installed PowerShell 5.1+ / Win 10 & Server 2016+

WINSECMON — scan (domaincontroller)

PS> .\WINSECMON.exe scan
[*] Collecting host, AD, ADCS & policy state…
[*] Running 137 checks across 20 domains…

PASS 64 WARN 18 FAIL 27
INFO 10 N/A 8 ERROR 0

FAIL ADCS-0005 ESC8 — HTTP web enrollment reachable
FAIL PATH-0001 DCSync rights for non-tier-0 principal
WARN ACC-0004 Non-expiring passwords detected

[+] Evidence manifest written (SHA-256)
[+] Integrity: INTACT · report: winsecmon-*.html

137

Security checks

Coverage domains

100%

Read-only

Agents to install

Coverage

Built for real Windows estates

One pass surfaces the misconfigurations and attack paths that matter — mapped to the techniques adversaries actually use.

Active Directory

Privileged group hygiene, delegation, Kerberos weaknesses, AdminSDHolder and domain-head ACLs.

Certificate Services (ADCS)

ESC1–ESC11 template and enrollment misconfigurations, including HTTP web-enrollment relay (ESC8).

Attack paths

DCSync rights, dangerous ACLs and privilege-escalation chains toward tier-0 assets.

Accounts & policy

Password policy, stale and non-expiring accounts, LAPS, audit policy and account hardening.

Host exposure

Exposed services, legacy protocols (SMBv1, PSv2), firewall posture and remote-access surface.

Forensic evidence

Every report ships with a SHA-256 evidence manifest and tamper-evident integrity verification.

Workflow

Three steps, no infrastructure

Drop the package on a host, run it elevated, and collect a signed report. No server, database or agent required.

Run

Launch WINSECMON.exe elevated. It self-elevates and runs entirely in memory, read-only.

Assess

Collectors gather host, AD, ADCS and policy state; 137 checks evaluate posture against known techniques.

Report

Get HTML, CSV and JSON reports with severity, evidence and remediation — plus an integrity manifest.

Get the beta

Download WinSecMon

Try the current pre-release build on a test or lab host and help shape the 2.0 release.

Windows · PowerShell 5.1+ · ~720 KB

WinSecMon 2.0.0 — Public Beta

Download .zip

Pre-release build. This is a beta under active testing, signed with a ScaryByte self-signed certificate. Run it on a lab or test host first and import the bundled publisher certificate to establish trust. See the beta notes before deploying.

Integrity: verify the download with the published SHA-256 on the beta page before running. The package self-verifies its own evidence manifest at runtime.

Reading the results, not just collecting them

Full documentation covers requirements, trust setup, profiles, the check catalog, and the forensic evidence model.

Open the docs About the beta