├── .gitignore ├── CarSeat.py ├── LICENSE ├── README.md ├── commands ├── __init__.py ├── amsiproviders_command.py ├── antivirus_command.py ├── applocker_command.py ├── auditpolicyregistry_command.py ├── autoruns_command.py ├── chromiumbookmarks_command.py ├── chromiumhistory_command.py ├── chromiumpresence_command.py ├── cloudcredentials_command.py ├── cloudsyncproviders_command.py ├── credguard_command.py ├── dnscache_command.py ├── dotnet_command.py ├── dpapimasterkeys_command.py ├── environmentvariables_command.py ├── explicitlogonevents_command.py ├── explorerruncommands_command.py ├── filezilla_command.py ├── firefoxhistory_command.py ├── firefoxpresence_command.py ├── hotfixes_command.py ├── iefavorites_command.py ├── ieurls_command.py ├── installedproducts_command.py ├── interestingprocesses_command.py ├── keepass_command.py ├── laps_command.py ├── lastshutdown_command.py ├── localgroups_command.py ├── localusers_command.py ├── logonevents_command.py ├── logonsessions_command.py ├── lsasettings_command.py ├── mappeddrives_command.py ├── networkprofiles_command.py ├── networkshares_command.py ├── ntlmsettings_command.py ├── optionalfeatures_command.py ├── osinfo_command.py ├── outlookdownloads_command.py ├── poweredonevents_command.py ├── powershell_command.py ├── powershellevents_command.py ├── powershellhistory_command.py ├── processcreationevents_command.py ├── processowners_command.py ├── pssessionsettings_command.py ├── puttyhostkeys_command.py ├── puttysessions_command.py ├── rdpsavedconnections_command.py ├── rdpsessions_command.py ├── rdpsettings_command.py ├── sccm_command.py ├── scheduledtasks_command.py ├── secureboot_command.py ├── slackdownloads_command.py ├── slackpresence_command.py ├── slackworkspaces_command.py ├── superputty_command.py ├── sysmon_command.py ├── sysmonevents_command.py ├── uac_command.py ├── windowsautologon_command.py ├── windowsdefender_command.py ├── windowseventforwarding_command.py ├── windowsfirewall_command.py ├── wmi_command.py └── wsus_command.py ├── lib ├── EVENHandler.py ├── MiscUtil.py ├── PrintHandler.py ├── SAMRHandler.py ├── SMBHandler.py ├── WMIHandler.py └── __init__.py └── requirements.txt /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | __pycache__/ -------------------------------------------------------------------------------- /CarSeat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/CarSeat.py -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/README.md -------------------------------------------------------------------------------- /commands/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /commands/amsiproviders_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/amsiproviders_command.py -------------------------------------------------------------------------------- /commands/antivirus_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/antivirus_command.py -------------------------------------------------------------------------------- /commands/applocker_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/applocker_command.py -------------------------------------------------------------------------------- /commands/auditpolicyregistry_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/auditpolicyregistry_command.py -------------------------------------------------------------------------------- /commands/autoruns_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/autoruns_command.py -------------------------------------------------------------------------------- /commands/chromiumbookmarks_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/chromiumbookmarks_command.py -------------------------------------------------------------------------------- /commands/chromiumhistory_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/chromiumhistory_command.py -------------------------------------------------------------------------------- /commands/chromiumpresence_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/chromiumpresence_command.py -------------------------------------------------------------------------------- /commands/cloudcredentials_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/cloudcredentials_command.py -------------------------------------------------------------------------------- /commands/cloudsyncproviders_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/cloudsyncproviders_command.py -------------------------------------------------------------------------------- /commands/credguard_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/credguard_command.py -------------------------------------------------------------------------------- /commands/dnscache_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/dnscache_command.py -------------------------------------------------------------------------------- /commands/dotnet_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/dotnet_command.py -------------------------------------------------------------------------------- /commands/dpapimasterkeys_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/dpapimasterkeys_command.py -------------------------------------------------------------------------------- /commands/environmentvariables_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/environmentvariables_command.py -------------------------------------------------------------------------------- /commands/explicitlogonevents_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/explicitlogonevents_command.py -------------------------------------------------------------------------------- /commands/explorerruncommands_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/explorerruncommands_command.py -------------------------------------------------------------------------------- /commands/filezilla_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/filezilla_command.py -------------------------------------------------------------------------------- /commands/firefoxhistory_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/firefoxhistory_command.py -------------------------------------------------------------------------------- /commands/firefoxpresence_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/firefoxpresence_command.py -------------------------------------------------------------------------------- /commands/hotfixes_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/hotfixes_command.py -------------------------------------------------------------------------------- /commands/iefavorites_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/iefavorites_command.py -------------------------------------------------------------------------------- /commands/ieurls_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/ieurls_command.py -------------------------------------------------------------------------------- /commands/installedproducts_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/installedproducts_command.py -------------------------------------------------------------------------------- /commands/interestingprocesses_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/interestingprocesses_command.py -------------------------------------------------------------------------------- /commands/keepass_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/keepass_command.py -------------------------------------------------------------------------------- /commands/laps_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/laps_command.py -------------------------------------------------------------------------------- /commands/lastshutdown_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/lastshutdown_command.py -------------------------------------------------------------------------------- /commands/localgroups_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/localgroups_command.py -------------------------------------------------------------------------------- /commands/localusers_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/localusers_command.py -------------------------------------------------------------------------------- /commands/logonevents_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/logonevents_command.py -------------------------------------------------------------------------------- /commands/logonsessions_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/logonsessions_command.py -------------------------------------------------------------------------------- /commands/lsasettings_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/lsasettings_command.py -------------------------------------------------------------------------------- /commands/mappeddrives_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/mappeddrives_command.py -------------------------------------------------------------------------------- /commands/networkprofiles_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/networkprofiles_command.py -------------------------------------------------------------------------------- /commands/networkshares_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/networkshares_command.py -------------------------------------------------------------------------------- /commands/ntlmsettings_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/ntlmsettings_command.py -------------------------------------------------------------------------------- /commands/optionalfeatures_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/optionalfeatures_command.py -------------------------------------------------------------------------------- /commands/osinfo_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/osinfo_command.py -------------------------------------------------------------------------------- /commands/outlookdownloads_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/outlookdownloads_command.py -------------------------------------------------------------------------------- /commands/poweredonevents_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/poweredonevents_command.py -------------------------------------------------------------------------------- /commands/powershell_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/powershell_command.py -------------------------------------------------------------------------------- /commands/powershellevents_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/powershellevents_command.py -------------------------------------------------------------------------------- /commands/powershellhistory_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/powershellhistory_command.py -------------------------------------------------------------------------------- /commands/processcreationevents_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/processcreationevents_command.py -------------------------------------------------------------------------------- /commands/processowners_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/processowners_command.py -------------------------------------------------------------------------------- /commands/pssessionsettings_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/pssessionsettings_command.py -------------------------------------------------------------------------------- /commands/puttyhostkeys_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/puttyhostkeys_command.py -------------------------------------------------------------------------------- /commands/puttysessions_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/puttysessions_command.py -------------------------------------------------------------------------------- /commands/rdpsavedconnections_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/rdpsavedconnections_command.py -------------------------------------------------------------------------------- /commands/rdpsessions_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/rdpsessions_command.py -------------------------------------------------------------------------------- /commands/rdpsettings_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/rdpsettings_command.py -------------------------------------------------------------------------------- /commands/sccm_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/sccm_command.py -------------------------------------------------------------------------------- /commands/scheduledtasks_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/scheduledtasks_command.py -------------------------------------------------------------------------------- /commands/secureboot_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/secureboot_command.py -------------------------------------------------------------------------------- /commands/slackdownloads_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/slackdownloads_command.py -------------------------------------------------------------------------------- /commands/slackpresence_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/slackpresence_command.py -------------------------------------------------------------------------------- /commands/slackworkspaces_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/slackworkspaces_command.py -------------------------------------------------------------------------------- /commands/superputty_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/superputty_command.py -------------------------------------------------------------------------------- /commands/sysmon_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/sysmon_command.py -------------------------------------------------------------------------------- /commands/sysmonevents_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/sysmonevents_command.py -------------------------------------------------------------------------------- /commands/uac_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/uac_command.py -------------------------------------------------------------------------------- /commands/windowsautologon_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/windowsautologon_command.py -------------------------------------------------------------------------------- /commands/windowsdefender_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/windowsdefender_command.py -------------------------------------------------------------------------------- /commands/windowseventforwarding_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/windowseventforwarding_command.py -------------------------------------------------------------------------------- /commands/windowsfirewall_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/windowsfirewall_command.py -------------------------------------------------------------------------------- /commands/wmi_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/wmi_command.py -------------------------------------------------------------------------------- /commands/wsus_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/commands/wsus_command.py -------------------------------------------------------------------------------- /lib/EVENHandler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/EVENHandler.py -------------------------------------------------------------------------------- /lib/MiscUtil.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/MiscUtil.py -------------------------------------------------------------------------------- /lib/PrintHandler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/PrintHandler.py -------------------------------------------------------------------------------- /lib/SAMRHandler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/SAMRHandler.py -------------------------------------------------------------------------------- /lib/SMBHandler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/SMBHandler.py -------------------------------------------------------------------------------- /lib/WMIHandler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/WMIHandler.py -------------------------------------------------------------------------------- /lib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xthirteen/Carseat/HEAD/lib/__init__.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | impacket 2 | pefile --------------------------------------------------------------------------------