HardeningKitty Deep Dive¶
Platform: Windows only | Binary: HardeningKitty.psm1 | Type: PowerShell hardening framework
Overview¶
HardeningKitty is a community-driven PowerShell module that audits Windows systems against various hardening standards, including CIS benchmarks.
How CISentinel Uses HardeningKitty¶
1. Installation¶
Downloaded directly from the GitHub repository:
Saved to: %LOCALAPPDATA%\cis-sentinel\tools\HardeningKitty.psm1
2. Policy File Selection¶
CISentinel's WindowsWrapper dynamically selects the appropriate CSV policy file based on the Windows version: - Windows 10 → Windows 10 hardening list - Windows 11 22H2 → Windows 11 22H2 hardening list - Windows Server 2022 → Server 2022 hardening list
3. Scan Execution¶
4. Output Parsing¶
CISentinel parses the CSV output to extract: - Configuration item names - Expected vs. actual values - Pass/fail status - Severity levels
Requirements¶
- Windows OS (any desktop or server edition)
- PowerShell 5.1+ (included in Windows)
- Execution Policy: May need
Set-ExecutionPolicy Bypass -Scope Process
Output Artifacts¶
| Artifact | Format | Description |
|---|---|---|
| CSV Report | CSV | Per-rule audit results |
| Log File | TXT | Detailed execution log |
Supported Windows Versions¶
HardeningKitty provides hardening lists for: - Windows 10 (various builds) - Windows 11 (22H2, 23H2) - Windows Server 2016 - Windows Server 2019 - Windows Server 2022
Common Issues¶
| Issue | Cause | Solution |
|---|---|---|
| Module won't load | Execution policy | Set-ExecutionPolicy Bypass -Scope Process |
| Download fails | GitHub raw URL blocked | Download manually and place in tools dir |
| Wrong policy file | OS version detection | Check WindowsWrapper version mapping |