def _csv_list_scheduled_jobs(self):
self.logger.info('Health : Listing scheduled jobs')
file_tasks = self.output_dir + '_tasks.csv'
with open(file_tasks, 'wb') as tasks_logs:
proc = subprocess.Popen(["schtasks.exe", '/query', '/fo', 'CSV'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
res = proc.communicate()
res = get_terminal_decoded_string(res[0])
# clean and write the command output
write_to_output('"TASK_NAME","NEXT_SCHEDULE","STATUS"\r\n', tasks_logs, self.logger)
column_names = None
for line in res.split('\r\n'):
if line == "":
continue
if line[0] != '"':
continue
if not column_names:
column_names = line
continue
elif column_names == line:
continue
write_to_output(line+"\r\n", tasks_logs, self.logger)
self.logger.info('Health : Listing scheduled jobs')
with open(file_tasks, "r") as fr, open(self.output_dir + "_scheduled_jobs.csv", 'wb') as fw:
csv_writer = get_csv_writer(fw)
write_to_csv(["COMPUTER_NAME", "TYPE", "JOB_NAME", "TIME", "STATE"], csv_writer)
for l in fr.readlines():
l = l.decode('utf8')
if l.find('\\') > 0:
l = l[:-1].replace('"', '') # remove the end of line
arr_write = [self.computer_name, 'scheduled_jobs'] + l.split(',')
write_to_csv(arr_write, csv_writer)
self.logger.info('Health : Listing scheduled jobs')
record_sha256_logs(self.output_dir + '_scheduled_jobs.csv', self.output_dir + '_sha256.log')
def _json_list_scheduled_jobs(self):
self.logger.info('Health : Listing scheduled jobs')
if self.destination == 'local':
file_tasks = os.path.join(self.output_dir , '%s_tasks.json' % self.computer_name)
with open(file_tasks, 'wb') as tasks_logs:
json_writer = get_json_writer(tasks_logs)
proc = subprocess.Popen(["schtasks.exe", '/query', '/fo', 'CSV'], stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
res = proc.communicate()
res = get_terminal_decoded_string(res[0])
# clean and write the command output
header= ["COMPUTER_NAME", "TYPE",'TASK_NAME','NEXT_SCHEDULE',"STATUS"]
column_names = None
for line in res.split('\r\n'):
if line == "":
continue
if line[0] != '"':
continue
if not column_names:
column_names = line
continue
elif column_names == line:
continue
write_to_json(header, [self.computer_name, 'Scheduled Jobs'].extends(line.split(',')), json_writer)
def _json_list_scheduled_jobs(self):
self.logger.info('Health : Listing scheduled jobs')
if self.destination == 'local':
file_tasks = os.path.join(self.output_dir,
'%s_tasks.json' % self.computer_name)
with open(file_tasks, 'wb') as tasks_logs:
json_writer = get_json_writer(tasks_logs)
proc = subprocess.Popen(
["schtasks.exe", '/query', '/fo', 'CSV'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
res = proc.communicate()
res = get_terminal_decoded_string(res[0])
# clean and write the command output
header = [
"COMPUTER_NAME", "TYPE", 'TASK_NAME', 'NEXT_SCHEDULE',
"STATUS"
]
column_names = None
for line in res.split('\r\n'):
if line == "":
continue
if line[0] != '"':
continue
if not column_names:
column_names = line
continue
elif column_names == line:
continue
write_to_json(header,
[self.computer_name,
'Scheduled Jobs'].extends(line.split(',')),
json_writer)
def _list_arp_table(self):
cmd = "arp -a"
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output, errors = p.communicate()
output = get_terminal_decoded_string(output)
item = output.split("\n")
for i in item:
yield i
def _list_at_scheduled_jobs(self):
proc = subprocess.Popen('at', stdout=subprocess.PIPE)
res = proc.communicate()
res = get_terminal_decoded_string(res[0])
for line in res.splitlines()[1:]:
line = re.compile(' {2,}').split(line, 4)
if len(line) is 5:
yield line
def _list_network_adapters(self):
net = self.wmi.Win32_NetworkAdapter()
for n in net:
netcard = n.Caption
IPv4 = ''
IPv6 = ''
DHCP_server = ''
DNS_server = ''
adapter_type = ''
nbtstat_value = ''
if n.AdapterTypeID:
adapter_type = NETWORK_ADAPTATER[int(n.AdapterTypeID)]
net_enabled = n.NetEnabled
mac_address = n.MACAddress
description = n.Description
physical_adapter = unicode(n.PhysicalAdapter)
product_name = n.ProductName
speed = n.Speed
database_path = ''
if net_enabled:
nic = self.wmi.Win32_NetworkAdapterConfiguration(
MACAddress=mac_address)
for nc in nic:
database_path = nc.DatabasePath
if nc.IPAddress:
try:
IPv4 = nc.IPAddress[0]
IPv6 = nc.IPAddress[1]
except IndexError as e:
self.logger.error('Error to catch IP Address %s ' %
str(nc.IPAddress))
if IPv4:
nbtstat = 'nbtstat -A ' + IPv4
p = subprocess.Popen(nbtstat,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output, errors = p.communicate()
# output=utils.decode_output_cmd(output)
output = get_terminal_decoded_string(output)
nbtstat_value = output.split('\r\n')
nbtstat_value = ' '.join(
[n.replace('\n', '') for n in nbtstat_value])
if nc.DNSServerSearchOrder:
DNS_server = nc.DNSServerSearchOrder[0]
if nc.DHCPEnabled:
if nc.DHCPServer:
DHCP_server = nc.DHCPServer
yield netcard, adapter_type, description, mac_address, product_name, physical_adapter, product_name, speed, \
IPv4, IPv6, DHCP_server, DNS_server, database_path, nbtstat_value
def _list_scheduled_jobs(self):
proc = subprocess.Popen(["schtasks.exe", '/query', '/fo', 'CSV'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
res = proc.communicate()
res = get_terminal_decoded_string(res[0])
column_names = None
for line in res.splitlines():
if line == "":
continue
if line[0] != '"':
continue
if column_names is None:
column_names = line
continue
elif column_names == line:
continue
yield line
def _list_network_adapters(self):
net = self.wmi.Win32_NetworkAdapter()
for n in net:
netcard = n.Caption
IPv4 = ''
IPv6 = ''
DHCP_server = ''
DNS_server = ''
adapter_type = ''
nbtstat_value = ''
if n.AdapterTypeID:
adapter_type = NETWORK_ADAPTATER[int(n.AdapterTypeID)]
net_enabled = n.NetEnabled
mac_address = n.MACAddress
description = n.Description
physical_adapter = unicode(n.PhysicalAdapter)
product_name = n.ProductName
speed = n.Speed
database_path = ''
if net_enabled:
nic = self.wmi.Win32_NetworkAdapterConfiguration(MACAddress=mac_address)
for nc in nic:
database_path = nc.DatabasePath
if nc.IPAddress:
try:
IPv4 = nc.IPAddress[0]
IPv6 = nc.IPAddress[1]
except IndexError as e:
self.logger.error('Error to catch IP Address %s ' % str(nc.IPAddress))
if IPv4:
nbtstat = 'nbtstat -A ' + IPv4
p = subprocess.Popen(nbtstat, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output, errors = p.communicate()
# output=utils.decode_output_cmd(output)
output = get_terminal_decoded_string(output)
nbtstat_value = output.split('\r\n')
nbtstat_value = ' '.join([n.replace('\n', '') for n in nbtstat_value])
if nc.DNSServerSearchOrder:
DNS_server = nc.DNSServerSearchOrder[0]
if nc.DHCPEnabled:
if nc.DHCPServer:
DHCP_server = nc.DHCPServer
yield netcard, adapter_type, description, mac_address, product_name, physical_adapter, product_name, speed, \
IPv4, IPv6, DHCP_server, DNS_server, database_path, nbtstat_value