Update login-notication.ps1

2025-04-24 09:32:14 -04:00 · 2025-04-24 09:32:14 -04:00 · d099eaef78
commit d099eaef78
parent ca4f3a76c2
1 changed files with 64 additions and 64 deletions
--- a/login-notication.ps1
+++ b/login-notication.ps1
@ -1,64 +1,64 @@
-# =============================
+# =============================
-#        LOGIN LOGGER
+#        LOGIN LOGGER
-# =============================
+# =============================
-
+
-# --- Initialization ---
+# --- Initialization ---
-$time        = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
+$time        = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
-$username    = $env:USERNAME
+$username    = $env:USERNAME
-$hostname    = $env:COMPUTERNAME
+$hostname    = $env:COMPUTERNAME
-$remoteIp    = "Unknown"
+$remoteIp    = "Unknown"
-$asnInfo     = ""
+$asnInfo     = ""
-$locationInfo = ""
+$locationInfo = ""
-$logPath     = "C:\LOGIN-OUT-ALERT\log.txt"
+$logPath     = "C:\<YOUR_DIRECTORY>\log.txt"
-$ntfyUrl     = "<your_ntfy_instance>"
+$ntfyUrl     = "<your_ntfy_instance>"
-
+
-# --- Try to Get RDP Connection Info ---
+# --- Try to Get RDP Connection Info ---
-try {
+try {
-    $queryOutput = query session
+    $queryOutput = query session
-    $activeLine  = $queryOutput | Where-Object { $_ -match "$username" -and $_ -match "Active" }
+    $activeLine  = $queryOutput | Where-Object { $_ -match "$username" -and $_ -match "Active" }
-
+
-    if ($activeLine) {
+    if ($activeLine) {
-        # Normalize spacing and extract session ID
+        # Normalize spacing and extract session ID
-        $clean     = $activeLine -replace '\s{2,}', ' '
+        $clean     = $activeLine -replace '\s{2,}', ' '
-        $parts     = $clean.Split(' ')
+        $parts     = $clean.Split(' ')
-        $sessionId = $parts[2]
+        $sessionId = $parts[2]
-
+
-        # Find established remote connections on RDP port
+        # Find established remote connections on RDP port
-        $rdpConns = Get-NetTCPConnection -LocalPort 3389 -State Established
+        $rdpConns = Get-NetTCPConnection -LocalPort 3389 -State Established
-
+
-        foreach ($conn in $rdpConns) {
+        foreach ($conn in $rdpConns) {
-            if ($conn.RemoteAddress -ne "127.0.0.1" -and $conn.RemoteAddress -ne "::1") {
+            if ($conn.RemoteAddress -ne "127.0.0.1" -and $conn.RemoteAddress -ne "::1") {
-                $remoteIp = $conn.RemoteAddress
+                $remoteIp = $conn.RemoteAddress
-                break
+                break
-            }
+            }
-        }
+        }
-
+
-        # --- IP Info Lookup ---
+        # --- IP Info Lookup ---
-        if ($remoteIp -ne "Unknown") {
+        if ($remoteIp -ne "Unknown") {
-            $ipInfo = Invoke-RestMethod -Uri "https://ipinfo.io/$remoteIp/json"
+            $ipInfo = Invoke-RestMethod -Uri "https://ipinfo.io/$remoteIp/json"
-
+
-            if ($ipInfo) {
+            if ($ipInfo) {
-                $asnInfo      = $ipInfo.org
+                $asnInfo      = $ipInfo.org
-                $locationInfo = "$($ipInfo.city), $($ipInfo.region), $($ipInfo.country)"
+                $locationInfo = "$($ipInfo.city), $($ipInfo.region), $($ipInfo.country)"
-            }
+            }
-        }
+        }
-    }
+    }
-
+
-} catch {
+} catch {
-    $remoteIp = "Error: $($_.Exception.Message)"
+    $remoteIp = "Error: $($_.Exception.Message)"
-}
+}
-
+
-# --- Construct Final Message ---
+# --- Construct Final Message ---
-$eventMessage = @"
+$eventMessage = @"
-Time: [$time] 
+Time: [$time] 
-Who: $username logged into $hostname
+Who: $username logged into $hostname
-From: $remoteIp
+From: $remoteIp
-ASN: $asnInfo
+ASN: $asnInfo
-Location: $locationInfo
+Location: $locationInfo
-"@
+"@
-
+
-# --- Write to Log File ---
+# --- Write to Log File ---
-$eventMessage | Out-File $logPath -Append
+$eventMessage | Out-File $logPath -Append
-
+
-# --- Send to NTFY ---
+# --- Send to NTFY ---
-Invoke-RestMethod -Uri $ntfyUrl -Method Post -Body $eventMessage
+Invoke-RestMethod -Uri $ntfyUrl -Method Post -Body $eventMessage