├── clipboard.py ├── proclist.py ├── qfe.py └── registry_info.py /clipboard.py: -------------------------------------------------------------------------------- 1 | #Script file 2 | import win32clipboard 3 | win32clipboard.OpenClipboard() 4 | try: 5 | cf = win32clipboard.GetClipboardData() 6 | print cf 7 | except: 8 | print "Could not get clipboard data" 9 | win32clipboard.CloseClipboard() 10 | -------------------------------------------------------------------------------- /proclist.py: -------------------------------------------------------------------------------- 1 | __author__="Carlos Perez carlos_perez@darkoperator.com" 2 | __date__ ="$Sep 11, 2010 8:35:52 AM$" 3 | 4 | import getopt 5 | import sys 6 | import wmi 7 | 8 | 9 | def usage(): 10 | """ 11 | Function for presenting usage of the tool. 12 | """ 13 | print "Proclist by Carlos Perez carlos_perez@darkoperator.com" 14 | print "Tool for printing to STDOUT a list of processes running on a local" 15 | print "or remote computer and their details using WMI.\n" 16 | print "proclist.exe " 17 | print "\t-h\tRemote Host to connect to." 18 | print "\t-u\tUsername for Connection to Remote Host" 19 | print "\t-p\tPassword for Connection to Remote Host" 20 | print "\t-l\tPresent output in a list format to STDOUT." 21 | print "\t-c\tPresent output in a CSV format to STDOUT." 22 | sys.exit(0) 23 | 24 | 25 | def wmi_date_format(dtmDate): 26 | """ 27 | This function is for formatting the time returned by WMI in a more comprehensible format 28 | """ 29 | strDateTime = "" 30 | if (dtmDate[4] == 0): 31 | strDateTime = dtmDate[5] + '/' 32 | else: 33 | strDateTime = dtmDate[4] + dtmDate[5] + '/' 34 | if (dtmDate[6] == 0): 35 | strDateTime = strDateTime + dtmDate[7] + '/' 36 | else: 37 | strDateTime = strDateTime + dtmDate[6] + dtmDate[7] + '/' 38 | strDateTime = strDateTime + dtmDate[0] + dtmDate[1] + dtmDate[2] + dtmDate[3] + " " + dtmDate[8] + dtmDate[9] + ":" + dtmDate[10] + dtmDate[11] +':' + dtmDate[12] + dtmDate[13] 39 | return strDateTime 40 | 41 | 42 | def process_list_csv(out_type, c): 43 | 44 | # Set first line with field name in case output is CSV 45 | if out_type == 1: 46 | print "Name,Caption,Commad Line,Creation Date,Parent PID,PID,Owner" 47 | 48 | # Get data for each process 49 | for process in c.Win32_Process (): 50 | 51 | # Initialize variable for data per process 52 | name = "" 53 | command_line = "" 54 | date = "" 55 | ppid = "" 56 | pid = "" 57 | owner_name = "" 58 | caption = "" 59 | 60 | # Retrive data 61 | if process.Name != None: 62 | name = process.Name 63 | if process.Caption != None: 64 | caption = process.Caption 65 | if process.CommandLine != None: 66 | command_line = process.CommandLine 67 | if process.CreationDate != None: 68 | date = wmi_date_format(process.CreationDate) 69 | if process.ParentProcessId != None: 70 | ppid = process.ParentProcessId 71 | if process.ProcessId != None: 72 | pid = process.ProcessId 73 | 74 | # Check for Ownwer, this is not available in 2000 and may error in 75 | # modern versions of Windows. 76 | try: 77 | owner = process.GetOwner() 78 | if owner[0] != None: 79 | owner_name = owner[0] + "\\" + owner[2] 80 | except: 81 | pass 82 | 83 | # Print general output 84 | if out_type == 0: 85 | print "Name: ",name 86 | print "Caption: ", caption 87 | print "Command Line: ", command_line 88 | print "Creation Date: ", date 89 | print "Parent PID: ", ppid 90 | print "PID: ", pid 91 | print "Owner: "+ owner_name 92 | print "" 93 | 94 | # Print CSV formated output 95 | if out_type == 1: 96 | print name + "," + caption + ",\"" + command_line + "\"," + date + "," + str(ppid) + "," + str(pid) + "," + owner_name 97 | 98 | 99 | def main(): 100 | 101 | # Set Variables for Options 102 | user_name = None 103 | user_password = None 104 | computer = None 105 | out_type = 0 106 | 107 | # Set Options 108 | options, remainder = getopt.getopt(sys.argv[1:], 'u:p:h:lc') 109 | 110 | # Parse Options 111 | for opt, arg in options: 112 | if opt in ('-u'): 113 | user_name = arg 114 | elif opt in ('-p'): 115 | user_password = arg 116 | elif opt in ('-h'): 117 | computer = arg 118 | elif opt in ('-c'): 119 | out_type = 1 120 | # Create Connection depending the values passed 121 | if not user_name: 122 | c = wmi.WMI () 123 | else: 124 | c = wmi.WMI(computer, user=user_name, password=user_password) 125 | 126 | if len(sys.argv) > 1: 127 | process_list_csv(out_type,c) 128 | else: 129 | usage() 130 | if __name__ == '__main__': 131 | main() -------------------------------------------------------------------------------- /qfe.py: -------------------------------------------------------------------------------- 1 | __author__="Carlos Perez carlos_perez@darkoperator.com" 2 | 3 | import getopt 4 | import sys 5 | import wmi 6 | import hashlib 7 | 8 | # Set Variables for Options 9 | user_name = None 10 | user_password = None 11 | computer = None 12 | out_type = 0 13 | 14 | # Set Options 15 | options, remainder = getopt.getopt(sys.argv[1:], 'u:p:h:lc') 16 | 17 | # Parse Options 18 | for opt, arg in options: 19 | if opt in ('-u'): 20 | user_name = arg 21 | elif opt in ('-p'): 22 | user_password = arg 23 | elif opt in ('-h'): 24 | computer = arg 25 | elif opt in ('-c'): 26 | out_type = 1 27 | # Create Connection depending the values passed 28 | if not user_name: 29 | c = wmi.WMI () 30 | else: 31 | c = wmi.WMI(computer, user=user_name, password=user_password) 32 | 33 | def hash_file(file_name,hash_type): 34 | """ 35 | Compute md5 hash of the specified file 36 | """ 37 | 38 | if hash_type == "md5": 39 | m = hashlib.md5() 40 | 41 | elif hash_type == "sha1": 42 | m = hashlib.sha1() 43 | 44 | else: 45 | print "Hash Type",hash_type,"unknown!" 46 | sys.exit(1) 47 | 48 | try: 49 | fd = open(file_name,"rb") 50 | except IOError: 51 | print "Unable to open the file in readmode:", file_name 52 | return 53 | each_line = fd.readline() 54 | while each_line: 55 | m.update(each_line) 56 | each_line = fd.readline() 57 | fd.close() 58 | return m.hexdigest() 59 | 60 | def usage(): 61 | """ 62 | Function for presenting usage of the tool. 63 | """ 64 | print "Proclist by Carlos Perez carlos_perez@darkoperator.com" 65 | print "Tool for printing to STDOUT MS Updates installed on a local" 66 | print "or remote computer and their details using WMI.\n" 67 | print "qfe.exe " 68 | print "\t-h\tRemote Host to connect to." 69 | print "\t-u\tUsername for Connection to Remote Host" 70 | print "\t-p\tPassword for Connection to Remote Host" 71 | print "\t-l\tPresent output in a list format to STDOUT." 72 | print "\t-c\tPresent output in a CSV format to STDOUT." 73 | sys.exit(0) 74 | 75 | def patch_list(out_type): 76 | """ 77 | Function to list patches installed on given system 78 | """ 79 | for patch in c.Win32_QuickFixEngineering (): 80 | print "Host:", patch.Name 81 | print "ID:", patch.HotFixID 82 | print "Installed Date:", patch.InstalledOn 83 | print 84 | 85 | file2hash = "e:\osxserverkeys.txt" 86 | print hash_file(file2hash, "md5") 87 | -------------------------------------------------------------------------------- /registry_info.py: -------------------------------------------------------------------------------- 1 | import win32api 2 | import win32con 3 | import getopt 4 | import sys 5 | import re 6 | import string 7 | 8 | def get_key_time(regkey,recur): 9 | """ 10 | Function for getting the last write time of a given registry key. 11 | """ 12 | 13 | # Split the registry key into hive name and path 14 | hive,path = string.split(regkey,"\\",1) 15 | 16 | # Select proper hive 17 | if re.search(r"(HKLM|HKEY_LOCAL_MACHINE)",hive): 18 | key = win32con.HKEY_LOCAL_MACHINE 19 | 20 | elif re.search(r"(HKCU|HKEY_CURRENT_USER)",hive): 21 | key = win32con.HKEY_CURRENT_USER 22 | 23 | elif re.search(r"(HKU|HKEY_USERS)",hive): 24 | key = win32con.HKEY_USERS 25 | 26 | elif re.search(r"(HKCC|HKEY_CURRENT_CONFIG )",hive): 27 | key = win32con.HKEY_CURRENT_CONFIG 28 | 29 | elif re.search(r"(HKCR|HKEY_CLASSES_ROOT)",hive): 30 | key = win32con.HKEY_CLASSES_ROOT 31 | 32 | # Get the last write for the key, error if not possible 33 | 34 | try: 35 | access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE 36 | hkey = win32api.RegOpenKey(key, path, 0, access) 37 | num = win32api.RegQueryInfoKeyW(hkey) 38 | 39 | except Exception, e: 40 | print "could not open Key", hive + "\\" + path, e[2] 41 | sys.exit(1) 42 | 43 | if recur: 44 | for n in xrange(num["SubKeys"]): 45 | try: 46 | eKey = win32api.RegEnumKey(hkey,n) 47 | hKey = win32api.RegOpenKey(key, path+"\\"+eKey, 0, access) 48 | mod_time = win32api.RegQueryInfoKeyW(hKey)["LastWriteTime"] 49 | print '"' + hive + "\\" + path + "\\" + eKey + '",', '"' + str(mod_time) + '"' 50 | except: 51 | print '"' + hive + "\\" + path + "\\"+eKey + '",', "\"Access Denied\"" 52 | 53 | else: 54 | print '"' + hive + "\\" + path + '",', '"' + str(num["LastWriteTime"]) + '"' 55 | 56 | def usage(): 57 | """ 58 | Function for presenting usage of the tool. 59 | """ 60 | print "key_time by Carlos Perez carlos_perez@darkoperator.com" 61 | print "Tool for printing to STDOUT the last write time for a given key.\n" 62 | print "key_time.exe " 63 | print "\t-r\tRecursively get the last write date for the keys under the given key." 64 | print "\t-k\tRegistry key to get last write time" 65 | 66 | sys.exit(0) 67 | 68 | def main(): 69 | # Set Variables for Options 70 | recursive = None 71 | key = None 72 | 73 | # Set Options 74 | options, remainder = getopt.getopt(sys.argv[1:], 'rk:h') 75 | 76 | # Parse Options 77 | for opt, arg in options: 78 | if opt in ('-r'): 79 | recursive = True 80 | elif opt in ('-k'): 81 | key = arg 82 | elif opt in ('-h'): 83 | usage() 84 | get_key_time(key,recursive) 85 | 86 | if __name__ == '__main__': 87 | main() --------------------------------------------------------------------------------