Simple PCIDSS Information and Configuration Extractor (SPICE) is a VERY SIMPLE console-based program for Microsoft Windows operating systems, designed to collect and export configuration data related with PCI DSS controls, aiming to QSA, ISA or administrators to review it offline in order to validate the application of settings described in the system hardening standard (req. 2.2). It is portable and does not need neither installation nor additional software to run (DLL, installers, compilers or interpreters). It performs basic validation rutines in specific variables with fixed values (password lenght, password expiration, password complexity and so on) and reports this results into a final log:

  • WARN: There is something wrong with extracted value
  • INFO: Everything is OK

¿Buscando la versión en Español? Clic aquí

  • Works with PCI DSS v3.0
  • Checks if computer belongs to AD domain
  • Extracts general identification data from the analyzed machine
  • Extracts:
    • Personal Firewall configuration data (Req. 1.4)
    • List of installed software (Req. 2.2.2)
    • List of running services (Req. 2.2.2)
    • List of running processes (Req. 2.2.2)
    • List of network connections (Req. 2.2.2)
    • Checks if IPv6 is active (Req. 2.2.2)
    • Obtains data related with miscellaneous security settings (Req. 2.2.4)
    • List of local drives (Req. 2.2.5)
    • List of shared folders (Req. 2.2.5)
    • Checks for operating system version (Req. 6.2)
    • List of installed updates (Req. 6.2)
    • Extracts information related with privilege rights and permissions (Reqs. 7.1.1, 7.1.2, 7.2.2)
    • Extracts and evaluate password policy, user list and status (Req. 8)
    • List log configuration settings (Reqs, 10.2 – 10.3)
    • Extracts NTP configuration (Req. 10.4)

Among others.

This program does not need installation. Just uncompress the .zip file and copy the main executable (SPICE_vX.X.bat, where X.X is the current version) into a temporary folder.

You need administrative privileges to execute this tool.

To run it:

  1. Go to the folder where the script was extracted
  2. From a Command Prompt (cmd.exe) with administrative privileges execute the script.
  3. If a problem is detected, it will be displayed in console
  4. When the program ends, a log (HOSTNAME.log) will be created on the same folder.

Main program execution window

SPICE_v1.0

SPICE_v1.0

Could this tool modify my files?
No. This tool only read, extract and export the configuration data from your PC/Server. It does not write, delete or modify any file or data from your systems.

Could this tool extract payment data stored in my systems?
No. All collected data is related to configuration settings and is exported into hostname.log file in text format.

How can I execute a Command Prompt (cmd.exe) with administrative privileges?

Because this program requires execution from a Command Prompt (cmd.exe) with administrative privileges, run these steps:

  • Use «runas»: runas /user:localmachinename\administrator cmd
  • Use the contextual menu of «Run as administrator»: Locate the icon of «Command Prompt» in the Start Menu -Right click -> Run as administrator.

When this steps have been performed, go to the folder where the script was extracted and execute it.

Run as administrator

Run as administrator

0.1 (Feb 2014)
* Upgrade to PCI DSS v3.0

0.09 (May 2013)
* First version PCI DSS v2.0 (not published)

License GNU GENERAL PUBLIC LICENSE Version 3

Download available at https://github.com/deacosta/SPICE