def sysq():
query = "Select * from Win32_LogicalDisk"
searcher = ManagementObjectSearcher(query)
for drive in searcher.Get():
for p in drive.Properties:
print p.Name, p.Value
print
def cputemp():
import clr
clr.AddReference('System.Management')
from System.Management import (ManagementScope, ManagementObject,
ManagementObjectSearcher, WqlObjectQuery)
scope = ManagementScope("root\CPUThermometer")
searcher = ManagementObjectSearcher(
scope,
WqlObjectQuery(
"SELECT * FROM Sensor Where SensorType LIKE 'Temperature'"), None)
mo = ManagementObject()
print("\n")
print(" Temp Min Max")
strout = str(' ')
for mo in searcher.Get():
strout = '{0} {1} C {2} C {3} C\n{4}'.format(
mo["Name"], mo["Value"], mo["Min"], mo["Max"], strout)
print(strout)
def query(wqlString):
import clr
clr.AddReference('System.Management')
from System.Management import SelectQuery, ManagementObjectSearcher
q = SelectQuery(wqlString)
s = ManagementObjectSearcher(q)
return [i['commandline'] for i in s.Get()]
def unc_to_dletter(unc_path):
clr.AddReference('System.Management')
from System.Management import ManagementObjectSearcher
searcher = ManagementObjectSearcher(
"root\\CIMV2", "SELECT * FROM Win32_MappedLogicalDisk")
drives = {x['DeviceID']: x['ProviderName'] for x in searcher.Get()}
for mapped_drive, server_path in drives.items():
if server_path in unc_path:
return unc_path.replace(server_path, mapped_drive)
def processList():
summary = printHeader("PROCESS LIST")
search = ManagementObjectSearcher("select * from Win32_process")
summary += printSubheader("{0:<8} {1:<25} {2:<40} {3}".format("PID", "Name", "Owner", "Path"))
for result in sorted(search.Get(), key=lambda x: int(x["Handle"])):
args = Array[str](["", ""])
owner = result.InvokeMethod("GetOwner", args)
pOwn = "\\".join(args[::-1]) if args[0] != None else ""
summary += "{0:<8} {1:<25} {2:<40} {3}\n".format(result["Handle"], result["Name"][:25], pOwn, result["ExecutablePath"] or "" )
return summary
def dletter_to_unc(dletter_path):
clr.AddReference('System.Management')
from System.Management import ManagementObjectSearcher
searcher = ManagementObjectSearcher(
"root\\CIMV2", "SELECT * FROM Win32_MappedLogicalDisk")
drives = {x['DeviceID']: x['ProviderName'] for x in searcher.Get()}
dletter = dletter_path[:2]
for mapped_drive, server_path in drives.items():
if dletter.lower() == mapped_drive.lower():
return dletter_path.replace(dletter, server_path)
def RemoteConnect(computername):
options = ConnectionOptions()
options.EnablePrivileges = True
options.Username = "******" #set your username here
options.Password = "******" #set your password here
network_scope = r"\\%s\root\WMI" % computername
print network_scope
scope = ManagementScope(network_scope, options)
query = "Select * from MSAcpi_ThermalZoneTemperature"
searcher = ManagementObjectSearcher(scope, WqlObjectQuery(query), None)
for cpu in searcher.Get():
nowtemp = int(cpu["CurrentTemperature"])
print nowtemp
if nowtemp >= crtcltemp:
print " critical temprature on %s" % (computername, )
#command= "python c:\\alertsms.py %s" %(computername,) # calling another script with cpython for pyserial extension to work (alert by sms)
sender = '*****@*****.**' #set the sender e-mail address
receivers = ['*****@*****.**'] #set the receiver e-mail address
# setting the e-mail Message (from,to,Subject,body)
message = """From: From Person <*****@*****.**>
To: To Person <'*****@*****.**'>
Subject: Spider Temperature Control Alerting System
Temparature is critical on server %s .
""" % computername
#trying to send an e-mail
try:
mailobj = smtplib.SMTP(
"mailserver"
) #set the ip address of the SMTP mail server supporting open relay
mailobj.sendmail(sender, receivers, message)
print "Alert E-mail sent Successfully "
except:
print "Error: unable to send Alert using e-mail"
print command
os.popen(command)
else:
print "Temperature normal on %s" % (computername, )
import clr
clr.AddReference("System.Management")
from System.Management import ManagementObject, ManagementObjectSearcher
sysinfo = ManagementObjectSearcher(
"Select NumberOfProcessors, NumberOfLogicalProcessors from Win32_ComputerSystem"
).Get()
for sysdata in sysinfo:
physicalProcessors = sysdata.Item["NumberOfProcessors"]
logicalProcessors = sysdata.Item["NumberOfLogicalProcessors"]
sysinfo = ManagementObjectSearcher(
"Select NumberOfCores, MaxClockSpeed from Win32_Processor").Get()
cores = 0
for sysdata in sysinfo:
cores += sysdata.Item["NumberOfCores"]
cpuspeed = sysdata.Item["MaxClockSpeed"]
OUT = (physicalProcessors, logicalProcessors, cores, float(cpuspeed) / 1000)
def avLookup():
summary = printHeader("ANTIVIRUS CHECK")
table = {
'mcshield' : "McAfee AV",
'FrameworkService' : "McAfee AV",
'naPrdMgr' : "McAfee AV",
'windefend' : "Windows Defender AV",
'MSASCui' : "Windows Defender AV",
'msmpeng' : "Windows Defender AV",
'msmpsvc' : "Windows Defender AV",
'WRSA' : "WebRoot AV",
'savservice' : "Sophos AV",
'TMCCSF' : "Trend Micro AV",
'ntrtscan': "TrendMicro OfficeScan",
"symantec antivirus" : "Symantec AV",
'ccSvcHst' : "Symantec Endpoint Protection",
'TaniumClient' : "Tanium",
'mbae' : "MalwareBytes Anti-Exploit",
'parity' : "Bit9 application whitelisting",
'cb' : "Carbon Black behavioral analysis",
"bds-vision" : "BDS Vision behavioral analysis",
'Triumfant' : "Triumfant behavioral analysis",
'CSFalcon' : "CrowdStrike Falcon EDR",
'ossec' : "OSSEC intrusion detection",
'TmPfw' : "Trend Micro firewall",
'dgagent' : "Verdasys Digital Guardian DLP",
'kvoop' : "Forcepoint and others",
'xagt' : "FireEye Endpoint Agent",
'bdservicehost': 'BitDefender AV',
'bdagent': 'BitDefender AV',
'fsav32': 'F-Secure AV',
'ashServ': "Avast! AV",
'AVENGINE': "Panda AV",
'avgemc': "AVG AV",
'tmntsrv': "TrendMicro AV",
'nacapsvc': "Norton AV",
'avp': "Kaspersky AV"
}
states = {
"262144": "Up to date/Disabled",
"262160": "Out of date/Disabled",
"266240": "Up to date/Enabled",
"266256": "Out of date/Enabled",
"393216": "Up to date/Disabled",
"393232": "Out of date/Disabled",
"393488": "Out of date/Disabled",
"397312": "Up to date/Enabled",
"397328": "Out of date/Enabled",
"397584": "Out of date/Enabled",
"397568": "Up to date/Enabled",
"393472": "Up to date/Disabled"
}
results = {}
for av, name in table.items():
proc = Process.GetProcessesByName(av)
if proc:
summary += "{0:<15}: {1}\n".format("AVProduct", name)
summary += "{0:<15}: {1}\n".format("ProcessName", proc[0].ProcessName)
summary += "{0:<15}: {1}\n\n".format("PID", proc[0].Id)
scope = ManagementScope(r"\\%s\root\securitycenter2" % Env.MachineName)
query = "Select * from antivirusproduct"
search = ManagementObjectSearcher(scope, WqlObjectQuery(query), None)
for result in search.Get():
summary += "{0:<22}: {1}\n".format("Display Name", result.GetPropertyValue("displayName"))
summary += "{0:<22}: {1}\n".format("Signed Product EXE:", result.GetPropertyValue("pathToSignedProductExe"))
summary += "{0:<22}: {1}\n".format("Signed Reporting EXE:", result.GetPropertyValue("pathToSignedReportingExe"))
summary += "{0:<22}: {1}\n".format("Product State", states.get(result.GetPropertyValue("productState").ToString()) or result.GetPropertyValue("productState") )
summary += "{0:<22}: {1}\n\n".format("Update Time", result.GetPropertyValue("timestamp"))
return summary
def _list_processes():
searcher = ManagementObjectSearcher(
'SELECT ProcessID, CommandLine FROM Win32_Process')
for process in searcher.Get():
yield DotnetProcess.immutable(int(process['ProcessID']),
process['CommandLine'])
print 'Fail: Dataset summary was not updated'
else:
print 'Pass: Dataset summary updated successfully'
# Activate dataset on local machine
processid = 0
try:
childdataset.OnActivated += switchonactivate
childdataset.Activate(DistributionLocations.Local, SelectFrom)
# Wait for the activation event to fire
activateevent.WaitOne(2 * 60 * 1000)
parentprocessid = Process.GetCurrentProcess().Id
mos = ManagementObjectSearcher(
"root\\CIMV2", "SELECT * FROM Win32_Process WHERE ParentProcessId = " +
parentprocessid.ToString())
for result in mos.Get():
processid = result.GetPropertyValue("ProcessId")
if processid != 0:
print 'Pass: Dataset was activated successfully'
else:
print 'Fail: Dataset was not activated'
sys.exit(1)
except System.Exception, e:
print 'Fail: Dataset activation threw exception'
print e.ToString()
sys.exit(1)
# Deactivate dataset on local machine
import clr
clr.AddReference("System.Management")
from System.Management import ManagementObject, ManagementObjectSearcher
from System.Diagnostics import Process
sysinfo = ManagementObjectSearcher(
"Select Capacity from Win32_PhysicalMemory").Get()
installedMem = 0
for sysdata in sysinfo:
installedMem += sysdata.Item["Capacity"]
sysinfo = ManagementObjectSearcher(
"Select FreePhysicalMemory from Win32_OperatingSystem").Get()
for sysdata in sysinfo:
freeMem = sysdata.Item["FreePhysicalMemory"]
procMem = Process.GetCurrentProcess().WorkingSet64
OUT = (float(installedMem) / 1073741824, float(freeMem) / 1048576,
float(procMem) / 1073741824)