def _csv_list_scheduled_jobs(self): self.logger.info('Health : Listing scheduled jobs') file_tasks = self.output_dir + '_tasks.csv' with open(file_tasks, 'wb') as tasks_logs: proc = subprocess.Popen(["schtasks.exe", '/query', '/fo', 'CSV'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) res = proc.communicate() res = get_terminal_decoded_string(res[0]) # clean and write the command output write_to_output('"TASK_NAME","NEXT_SCHEDULE","STATUS"\r\n', tasks_logs, self.logger) column_names = None for line in res.split('\r\n'): if line == "": continue if line[0] != '"': continue if not column_names: column_names = line continue elif column_names == line: continue write_to_output(line+"\r\n", tasks_logs, self.logger) self.logger.info('Health : Listing scheduled jobs') with open(file_tasks, "r") as fr, open(self.output_dir + "_scheduled_jobs.csv", 'wb') as fw: csv_writer = get_csv_writer(fw) write_to_csv(["COMPUTER_NAME", "TYPE", "JOB_NAME", "TIME", "STATE"], csv_writer) for l in fr.readlines(): l = l.decode('utf8') if l.find('\\') > 0: l = l[:-1].replace('"', '') # remove the end of line arr_write = [self.computer_name, 'scheduled_jobs'] + l.split(',') write_to_csv(arr_write, csv_writer) self.logger.info('Health : Listing scheduled jobs') record_sha256_logs(self.output_dir + '_scheduled_jobs.csv', self.output_dir + '_sha256.log')
def _json_list_scheduled_jobs(self): self.logger.info('Health : Listing scheduled jobs') if self.destination == 'local': file_tasks = os.path.join(self.output_dir , '%s_tasks.json' % self.computer_name) with open(file_tasks, 'wb') as tasks_logs: json_writer = get_json_writer(tasks_logs) proc = subprocess.Popen(["schtasks.exe", '/query', '/fo', 'CSV'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) res = proc.communicate() res = get_terminal_decoded_string(res[0]) # clean and write the command output header= ["COMPUTER_NAME", "TYPE",'TASK_NAME','NEXT_SCHEDULE',"STATUS"] column_names = None for line in res.split('\r\n'): if line == "": continue if line[0] != '"': continue if not column_names: column_names = line continue elif column_names == line: continue write_to_json(header, [self.computer_name, 'Scheduled Jobs'].extends(line.split(',')), json_writer)
def _json_list_scheduled_jobs(self): self.logger.info('Health : Listing scheduled jobs') if self.destination == 'local': file_tasks = os.path.join(self.output_dir, '%s_tasks.json' % self.computer_name) with open(file_tasks, 'wb') as tasks_logs: json_writer = get_json_writer(tasks_logs) proc = subprocess.Popen( ["schtasks.exe", '/query', '/fo', 'CSV'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) res = proc.communicate() res = get_terminal_decoded_string(res[0]) # clean and write the command output header = [ "COMPUTER_NAME", "TYPE", 'TASK_NAME', 'NEXT_SCHEDULE', "STATUS" ] column_names = None for line in res.split('\r\n'): if line == "": continue if line[0] != '"': continue if not column_names: column_names = line continue elif column_names == line: continue write_to_json(header, [self.computer_name, 'Scheduled Jobs'].extends(line.split(',')), json_writer)
def _list_arp_table(self): cmd = "arp -a" p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) output, errors = p.communicate() output = get_terminal_decoded_string(output) item = output.split("\n") for i in item: yield i
def _list_at_scheduled_jobs(self): proc = subprocess.Popen('at', stdout=subprocess.PIPE) res = proc.communicate() res = get_terminal_decoded_string(res[0]) for line in res.splitlines()[1:]: line = re.compile(' {2,}').split(line, 4) if len(line) is 5: yield line
def _list_network_adapters(self): net = self.wmi.Win32_NetworkAdapter() for n in net: netcard = n.Caption IPv4 = '' IPv6 = '' DHCP_server = '' DNS_server = '' adapter_type = '' nbtstat_value = '' if n.AdapterTypeID: adapter_type = NETWORK_ADAPTATER[int(n.AdapterTypeID)] net_enabled = n.NetEnabled mac_address = n.MACAddress description = n.Description physical_adapter = unicode(n.PhysicalAdapter) product_name = n.ProductName speed = n.Speed database_path = '' if net_enabled: nic = self.wmi.Win32_NetworkAdapterConfiguration( MACAddress=mac_address) for nc in nic: database_path = nc.DatabasePath if nc.IPAddress: try: IPv4 = nc.IPAddress[0] IPv6 = nc.IPAddress[1] except IndexError as e: self.logger.error('Error to catch IP Address %s ' % str(nc.IPAddress)) if IPv4: nbtstat = 'nbtstat -A ' + IPv4 p = subprocess.Popen(nbtstat, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) output, errors = p.communicate() # output=utils.decode_output_cmd(output) output = get_terminal_decoded_string(output) nbtstat_value = output.split('\r\n') nbtstat_value = ' '.join( [n.replace('\n', '') for n in nbtstat_value]) if nc.DNSServerSearchOrder: DNS_server = nc.DNSServerSearchOrder[0] if nc.DHCPEnabled: if nc.DHCPServer: DHCP_server = nc.DHCPServer yield netcard, adapter_type, description, mac_address, product_name, physical_adapter, product_name, speed, \ IPv4, IPv6, DHCP_server, DNS_server, database_path, nbtstat_value
def _list_scheduled_jobs(self): proc = subprocess.Popen(["schtasks.exe", '/query', '/fo', 'CSV'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) res = proc.communicate() res = get_terminal_decoded_string(res[0]) column_names = None for line in res.splitlines(): if line == "": continue if line[0] != '"': continue if column_names is None: column_names = line continue elif column_names == line: continue yield line
def _list_network_adapters(self): net = self.wmi.Win32_NetworkAdapter() for n in net: netcard = n.Caption IPv4 = '' IPv6 = '' DHCP_server = '' DNS_server = '' adapter_type = '' nbtstat_value = '' if n.AdapterTypeID: adapter_type = NETWORK_ADAPTATER[int(n.AdapterTypeID)] net_enabled = n.NetEnabled mac_address = n.MACAddress description = n.Description physical_adapter = unicode(n.PhysicalAdapter) product_name = n.ProductName speed = n.Speed database_path = '' if net_enabled: nic = self.wmi.Win32_NetworkAdapterConfiguration(MACAddress=mac_address) for nc in nic: database_path = nc.DatabasePath if nc.IPAddress: try: IPv4 = nc.IPAddress[0] IPv6 = nc.IPAddress[1] except IndexError as e: self.logger.error('Error to catch IP Address %s ' % str(nc.IPAddress)) if IPv4: nbtstat = 'nbtstat -A ' + IPv4 p = subprocess.Popen(nbtstat, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) output, errors = p.communicate() # output=utils.decode_output_cmd(output) output = get_terminal_decoded_string(output) nbtstat_value = output.split('\r\n') nbtstat_value = ' '.join([n.replace('\n', '') for n in nbtstat_value]) if nc.DNSServerSearchOrder: DNS_server = nc.DNSServerSearchOrder[0] if nc.DHCPEnabled: if nc.DHCPServer: DHCP_server = nc.DHCPServer yield netcard, adapter_type, description, mac_address, product_name, physical_adapter, product_name, speed, \ IPv4, IPv6, DHCP_server, DNS_server, database_path, nbtstat_value