A high-performance PowerShell script to scan directories for signed executables, validate certificates, and check expiration dates. Optimized for speed with parallel processing, caching, and smart filtering. Generates detailed CSV and HTML reports.
- Certificate Validation: Detect expired or soon-to-expire certificates.
- Performance Optimizations: Parallel processing, caching, and smart file filtering.
- Customizable: Supports multiple file types, directory exclusions, and depth limits.
- Reporting: Export results to CSV and HTML.
- Integrity Checks: Optional SHA256 hash calculation.
- PowerShell: Version 5.1+ (PowerShell Core 7+ recommended).
- Permissions: Admin rights may be required for certain directories.
.\Certfinder.ps1 -dir "C:\Program Files".\Certfinder.ps1 -dir "C:\Program Files" -fast.\Certfinder.ps1 -dir "C:\Program Files" -csv -html.\Certfinder.ps1 -dir "C:\Program Files" -expired.\Certfinder.ps1 -dir "C:\Program Files" -ext ".exe", ".dll" -exclude "Temp" -maxFiles 5000| Parameter | Description | Default Value |
|---|---|---|
-dir |
Directory to scan (required). | None |
-ext |
File extensions to scan. | Common types |
-thresh |
Days before expiration to flag as warning. | 30 |
-csv |
Export results to CSV. | Disabled |
-html |
Export results to HTML. | Disabled |
-expired |
Show only expired/expiring certificates. | Disabled |
-fast |
Enable all performance optimizations. | Disabled |
-signedOnly |
Scan only files likely to be signed. | Disabled |
-maxFiles |
Limit the number of files to process. | Unlimited |
-threads |
Number of parallel threads. | Auto-detected |
- Console: Summary of scanned files, valid/expired certificates, and unsigned files.
- CSV/HTML: Detailed reports with file paths, certificate details, and expiration status.
=== SUMMARY ===
Total Files: 1200
Valid Certificates: 1150
Expired Certificates: 20
Expiring Soon: 30
Unsigned Files: 50