script to configure browser security settings

#--------------------------------

#GOOGLE CHROME SECURITY SETTINGS

#--------------------------------

chrome_safe_browsing_options = 2 #edit here

"""

give 0 in the chrome_safe_browsing_options if you want to set the safe browsing to "NO PROTECTION"

give 1 in the chrome_safe_browsing_options if you want to set the safe browsing to "STANDARD PROTECTION"

give 2 in the chrome_safe_browsing_options if you want to set the safe browsing to "ENHANCED PROTECTION"

"""

​

chrome_HTTPS_Only_Mode_options = 1 #edit here

"""

give 0 in the chrome_HTTPS_Only_Mode_options if you Do not want to allow users to enable "Always use secure connections"

give 1 in the chrome_HTTPS_Only_Mode_options if you want to enable the "Always use secure connections"

"""

#--------------------------------

#MICROSOFT EDGE SECURITY SETTINGS

#--------------------------------

TrackingPrevention_options = 3 #edit here

"""

give 0 in the TrackingPrevention_options if you want to set the TrackingPrevention to "disable"

give 1 in the TrackingPrevention_options if you want to set the TrackingPrevention to "Basic"

give 2 in the TrackingPrevention_options if you want to set the TrackingPrevention to "Balanced"

give 3 in the TrackingPrevention_options if you want to set the TrackingPrevention to "Strict"

"""

EnhanceSecurityMode_options = 2 #edit here

"""

give 0 in the EnhanceSecurityMode_options if you want to set the "Enhance your security on the web" to "disable"

give 1 in the EnhanceSecurityMode_options if you want to set the "Enhance your security on the web" to "Balanced"

give 2 in the EnhanceSecurityMode_options if you want to set the "Enhance your security on the web" to "Strict"

"""

MD_SmartScreen_options = 1 #edit here

"""

give 0 in the MD_SmartScreen_options if you want disable "Microsoft Defender SmartScreen"

give 1 in the MD_SmartScreen_options if you want to enable "Microsoft Defender SmartScreen"

"""

BlockPotentiallyUnwantedApps_options = 1 #edit here

"""

give 0 in the BlockPotentiallyUnwantedApps_options if you want disable "block potentially unwanted apps"

give 1 in the BlockPotentiallyUnwantedApps_options if you want to enable "block potentially unwanted apps"

"""

WebsiteTypoProtection_options = 1 #edit here

"""

give 0 in the WebsiteTypoProtection_options if you want disable "Website typo protection"

give 1 in the WebsiteTypoProtection_options if you want to enable "Website typo protection"

"""

SiteSafetyServices_options = 1 #edit here

"""

give 0 in the SiteSafetyServices_options if you want to Turn off site safety services to get more info about the sites you visit

give 1 in the SiteSafetyServices_options if you want to Turn on site safety services to get more info about the sites you visit

"""

Scareware_Blocker_options = 1 #edit here

"""

give 0 in the Scareware_Blocker_options if you want to disable "Scareware Blocker"

give 1 in the Scareware_Blocker_options if you want to enable "Scareware Blocker"

"""

#--------------------------------

#FIREFOX SECURITY SETTINGS

#--------------------------------

EnableTrackingProtection_options = 1 #edit here

"""

give 0 in the EnableTrackingProtection_options if you want to disable the Enhanced Tracking Protection

give 1 in the EnableTrackingProtection_options if you want to enable the Enhanced Tracking Protection

"""

​

Https_Only_Mode_options = 1 #edit here

"""

give 0 in the Https_Only_Mode_options if you want to disable the HTTPS-Only Mode

give 1 in the Https_Only_Mode_options if you want to enable the HTTPS-Only Mode

"""

​

SafeBrowsing_options = 1 #edit here

"""

give 0 in SafeBrowsing_options if you want the following things to be disabled,

    |*| Block dangerous and deceptive content

    |*| Block dangerous downloads

    |*| Warn you about unwanted and uncommon software

​

give 1 in SafeBrowsing_options if you want the following things to be enabled,

    |*| Block dangerous and deceptive content

    |*| Block dangerous downloads

    |*| Warn you about unwanted and uncommon software

"""

​

PrivateBrowsing_options = 1 #edit here

"""

Use the value 0 in PrivateBrowsing_options if you want to enable private browsing

Use the value 1 in PrivateBrowsing_options if you want to disable private browsing

"""

import os

from subprocess import PIPE, Popen

import ctypes

import re

​

BatchScript = r"""

@echo off

​

set "user="

​

for /f "skip=1 tokens=1,* delims=\" %%A in ('

    wmic computersystem get username ^|

    powershell -noprofile -command "$input.trim()"

') do set "user=%%~B"

​

echo %user%

"""

​

class BrowserSettings:

    class disable_file_system_redirection:

        _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection

        _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection

        def __enter__(self):

            self.old_value = ctypes.c_long()

            self.success = self._disable(ctypes.byref(self.old_value))

        def __exit__(self, type, value, traceback):

            if self.success:

                self._revert(self.old_value)

    def ecmd(self,command):

        with self.disable_file_system_redirection():

            obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)

            out, err = obj.communicate()

            return out,err

    def chrome_settings(self):

        print(self.ecmd('REG ADD HKLM\Software\Policies\Google\Chrome /v SafeBrowsingProtectionLevel /t REG_DWORD /d %s /f'%(chrome_safe_browsing_options)))

        if chrome_HTTPS_Only_Mode_options==0:

            print(self.ecmd('REG ADD HKLM\Software\Policies\Google\Chrome /v HttpsOnlyMode /t REG_SZ /d disallowed /f'))

        elif chrome_HTTPS_Only_Mode_options==1:

            print(self.ecmd('REG ADD HKLM\Software\Policies\Google\Chrome /v HttpsOnlyMode /t REG_SZ /d force_enabled /f'))

    def Edge_settings(self):

        print(self.ecmd('REG ADD HKLM\Software\Policies\Microsoft\Edge /v TrackingPrevention /t REG_DWORD /d %s /f'%(TrackingPrevention_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Microsoft\Edge /v EnhanceSecurityMode /t REG_DWORD /d %s /f'%(EnhanceSecurityMode_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Microsoft\Edge /v TyposquattingCheckerEnabled /t REG_DWORD /d %s /f'%(WebsiteTypoProtection_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Microsoft\Edge /v SiteSafetyServicesEnabled /t REG_DWORD /d %s /f'%(SiteSafetyServices_options)))

        print(ecmd('REG ADD HKLM\Software\Policies\Microsoft\Edge /v ScarewareBlockerProtectionEnabled /t REG_DWORD /d %s /f'%(Scareware_Blocker_options)))

​

        batch_script_path = os.path.join(os.environ["TEMP"], "currentuser.bat")

        with open(batch_script_path, "w") as f:

            f.write(BatchScript)

​

        with self.disable_file_system_redirection():

            curusername = os.popen(batch_script_path).read().strip()

            users=os.popen("wmic UserAccount get Name").read().strip().splitlines()

            fil_users=[i.strip() for i in users if i.strip()!="Administrator" and i.strip()!="DefaultAccount" and i.strip()!="Guest" and i.strip()!="WDAGUtilityAccount"]

            curcheck = list(filter(lambda x: x.lower()==curusername.lower(),fil_users))

            if curcheck:

                try:

                    sid = os.popen("wmic useraccount where name=\"%s\" get sid"%(curusername)).read().splitlines()[1].strip()

                    print(self.ecmd('REG ADD "HKEY_USERS\%s\Software\Microsoft\Edge\SmartScreenEnabled" /v "" /t REG_DWORD /d %s /f'%(sid,MD_SmartScreen_options)))

                    print(self.ecmd('REG ADD "HKEY_USERS\%s\Software\Microsoft\Edge\SmartScreenPuaEnabled" /v "" /t REG_DWORD /d %s /f'%(sid,BlockPotentiallyUnwantedApps_options)))

                except Exception as err:

                    print(err)

                else:

                    fil_users.remove(curcheck[0])

            for i in fil_users:

                if os.path.exists("C:\\Users\\%s\\ntuser.dat"%(i)):

                    out,err = self.ecmd('reg load "HKU\\%s" "C:\\Users\\%s\\ntuser.dat"'%(i,i))

                    if out:

                        try:

                            print(self.ecmd('REG ADD "HKEY_USERS\%s\Software\Microsoft\Edge\SmartScreenEnabled" /v "" /t REG_DWORD /d %s /f'%(i,MD_SmartScreen_options)))

                            print(self.ecmd('REG ADD "HKEY_USERS\%s\Software\Microsoft\Edge\SmartScreenPuaEnabled" /v "" /t REG_DWORD /d %s /f'%(i,BlockPotentiallyUnwantedApps_options)))

                        except Exception as err:

                            print(err)

                        else:

                            unLoad = os.popen('reg unload "HKU\\%s"'%(i)).read()

                    else:

                        print(err)

    def Firefox_settings(self):

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\EnableTrackingProtection /v Value /t REG_DWORD /d %s /f'%(EnableTrackingProtection_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\Preferences /v dom.security.https_only_mode /t REG_DWORD /d %s /f'%(Https_Only_Mode_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\Preferences /v browser.safebrowsing.phishing.enabled /t REG_DWORD /d %s /f'%(SafeBrowsing_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\Preferences /v browser.safebrowsing.malware.enabled /t REG_DWORD /d %s /f'%(SafeBrowsing_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\Preferences /v browser.safebrowsing.downloads.enabled /t REG_DWORD /d %s /f'%(SafeBrowsing_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\Preferences /v browser.safebrowsing.downloads.remote.block_uncommon /t REG_DWORD /d %s /f'%(SafeBrowsing_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox\Preferences /v browser.safebrowsing.downloads.remote.block_potentially_unwanted /t REG_DWORD /d %s /f'%(SafeBrowsing_options)))

        print(self.ecmd('REG ADD HKLM\Software\Policies\Mozilla\Firefox /v DisablePrivateBrowsing /t REG_DWORD /d %s /f'%(PrivateBrowsing_options)))

    def change_settings(self):

        self.chrome_settings()

        self.Edge_settings()

        self.Firefox_settings()

​

​

browserOBJ = BrowserSettings()

browserOBJ.change_settings()