コード例 #1
0
ファイル: winlogon.py プロジェクト: vicgc/autoreg-parse
def getPlugin(reg_soft, reg_nt='', reg_sys=''):

    try:
        for k in winlogon_list:
            key = reg_soft.open(k)
            last_write = key.timestamp()
            for v in key.values():
                if v.name().lower() == "shell":
                    shell = v.name()
                    shell_path = v.value()
                elif v.name().lower() == "userinit":
                    userinit = v.name()
                    userinit_path = v.value()
                elif v.name().lower() == "taskman":
                    taskman = v.name()
                    taskman_path = v.value()
                else:
                    taskman = "???"
                    taskman_path = "???"
            
            objects_list.append(jsonOutput(header, \
                                            key_item = k, \
                                            value_item1 = shell, \
                                            value_item2 = shell_path, \
                                            value_item3 = userinit, \
                                            value_item4 = userinit_path, \
                                            value_item5 = taskman, \
                                            lastwrite_time = last_write, \
                                            sys_name = "???"))
    except Registry.RegistryKeyNotFoundException as e:
        pass

    outputRender(objects_list)
コード例 #2
0
ファイル: runkeys.py プロジェクト: vicgc/autoreg-parse
def getPlugin(reg_soft, reg_nt, reg_sys):
    computer_name = getComputerName(reg_sys)
    reg_hives = [reg_sys, reg_soft, reg_nt]
    run_entries = [
        "Microsoft\\Windows\\CurrentVersion\\Run",
        "Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
        "Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run",
        "Microsoft\\Windows\\CurrentVersion\\RunServicesOnce" "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
        "Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "Software\\Microsoft\\Windows\\CurrentVersion\\Run",
        "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",
        "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run",
    ]

    for k in run_entries:
        for hive in reg_hives:
            try:
                key = hive.open(k)
                for v in key.values():
                    try:
                        key_name = v.name()
                    except:
                        key_name = "???"
                    try:
                        key_value = v.value()
                    except:
                        key_value = "???"
                    try:
                        last_write = str(key.timestamp())
                    except:
                        last_write = "???"

                    objects_list.append(
                        jsonOutput(
                            header,
                            key_item=key_name,
                            value_item1=key_value,
                            value_item2=k,
                            value_item3="???",
                            value_item4="???",
                            value_item5="???",
                            lastwrite_time=last_write,
                            sys_name=computer_name,
                        )
                    )
            except Registry.RegistryKeyNotFoundException as e:
                pass

    outputRender(objects_list)
コード例 #3
0
ファイル: services.py プロジェクト: vicgc/autoreg-parse
def getPlugin(reg_sys, reg_nt='', reg_soft=''):
    computer_name = getComputerName(reg_sys)
    current = getControlSet(reg_sys)
    servicesnames = reg_sys.open('%s\\Services' % (current))

    for service in servicesnames.subkeys():
        service_list.append(service.name().lower())
    
    for service_name in service_list:
        k = reg_sys.open('%s\\Services\\%s' % (current, service_name))
        key_name = k.name()
        last_write = str(k.timestamp())
        try:
            type_name = k.value("Type").value()
        except:
            type_name = "???"
        try:
            image_path = k.value("ImagePath").value()
        except:
            image_path = "???"
        try:
            display_name = k.value("DisplayName").value()
        except:
            display_name = "???"
        try:
            start_type = k.value("Start").value()
        except:
            start_type = "???"
        try:
            service_dll = k.subkey("Parameters").value("ServiceDll").value()
        except:
            service_dll = "???"
            
        objects_list.append(jsonOutput(header, \
                                        key_item = key_name, \
                                        value_item1 = start_type, \
                                        value_item2 = image_path, \
                                        value_item3 = display_name, \
                                        value_item4 = type_name, \
                                        value_item5 = service_dll, \
                                        lastwrite_time = last_write,\
                                        sys_name = computer_name))
    outputRender(objects_list)
コード例 #4
0
ファイル: sysinfo.py プロジェクト: vicgc/autoreg-parse
def getPlugin(reg_soft, reg_sys, reg_nt=''):
    computer_name = getComputerName(reg_sys)
    current = getControlSet(reg_sys)
    timezone_key = [current + "\\Control\\TimeZoneInformation"]
    sysinfo_key = ["Microsoft\\Windows NT\\CurrentVersion"]
    

    for k in timezone_key:
        key = reg_sys.open(k)
        for v in key.values():
            if "StandardName" in v.name():
                time_zone = v.value()
            else:
                pass

    for k in sysinfo_key:
        key = reg_soft.open(k)
        for v in key.values():
            if "ProductName" in v.name():
                product_name = v.value()
            if "CurrentVersion" in v.name():
                current_version = v.value()
            if "CurrentBuildNumber" in v.name():
                current_build = v.value()
            if "CSDVersion" in v.name():
                csd_version = v.value()
            if "InstallDate" in v.name():
                install_date = time.strftime('%a %b %d %H:%M:%S %Y (UTC)', time.gmtime(v.value()))
            else:
                pass

        objects_list.append(jsonOutput(header, \
                            key_item = product_name, \
                            value_item1 = current_version, \
                            value_item2 = current_build, \
                            value_item3 = csd_version, \
                            value_item4 = install_date, \
                            value_item5 = time_zone, \
                            lastwrite_time = "???", \
                            sys_name = computer_name))

    outputRender(objects_list)
コード例 #5
0
ファイル: usbstor.py プロジェクト: vicgc/autoreg-parse
def getPlugin(reg_sys, reg_nt='', reg_soft=''):     
    computer_name = getComputerName(reg_sys)
    current = getControlSet(reg_sys)

    try:
        usbstor = reg_sys.open('%s\\Enum\USBSTOR' % (current))
        for k in usbstor.subkeys():
            last_write = k.timestamp()
            for usbstorsk in k.subkeys():
                #Vendor/Make/Version = k.name() 
                venmakever = k.name().split("&")
                #Serial Number = usbstorsk.name()
                serial_number = (str(usbstorsk.name().encode('ascii'))).split("&")
                #Populate the S/N list so we can search for it in Enum\USB
                # Using [0] since we split on the &0 above, which makes comparing easier below.
                vendor = venmakever[1].lstrip("Ven_").encode('ascii')
                make = venmakever[2].lstrip("Prod_").encode('ascii')
                ver = venmakever[3].lstrip("Rev_").encode('ascii')

                for usbstorv in usbstorsk.values():
                    if "ParentIdPrefix" in usbstorv.name():
                        #ParentIdPrefix = usbstorv.value()
                        pip = usbstorv.value()
                    else:
                        pass

                objects_list.append(jsonOutput(header, \
                                    key_item = usbstor.name(), \
                                    value_item1 = vendor + " " + make, \
                                    value_item2 = serial_number[0], \
                                    value_item3 = pip, \
                                    value_item4 = "", \
                                    value_item5 = "", \
                                    lastwrite_time = last_write, \
                                    sys_name = computer_name)) 
                
    except Registry.RegistryKeyNotFoundException as e:
        print "There is no USBSTOR Key."

    outputRender(objects_list)
コード例 #6
0
ファイル: bho.py プロジェクト: vicgc/autoreg-parse
def getPlugin(reg_soft, reg_sys='', reg_nt=''):
    for b in bho_keys:
        try:
            k = reg_soft.open(b)
            for v in k.subkeys():
                BHO_list.append(v.name())
        
        except Registry.RegistryKeyNotFoundException as e:
            pass
    
    for clsids in BHO_list:
        try:
            k = reg_soft.open("Classes\\CLSID\\%s" % (clsids))
            try:
                key_name = k.name()
            except:
                key_name = "???"
            try:
                key_value = k.subkey("InProcServer32").value('').value()
            except:
                key_value = "???"
            try:
                last_write = str(k.timestamp())
            except:
                last_write = "???"

            objects_list.append(jsonOutput(header, \
                                            key_item = k.name(), \
                                            value_item1 = k.subkey("InProcServer32").value('').value(), \
                                            value_item2 = "???", \
                                            value_item3 = "???", \
                                            value_item4 = "???", \
                                            value_item5 = "???", \
                                            lastwrite_time = last_write, \
                                            sys_name = "???"))
        except Registry.RegistryKeyNotFoundException as e:
            pass

    outputRender(objects_list)