Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/enum_applications.rb
19567 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Windows::Registry

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Gather Installed Application Enumeration',

14
        'Description' => %q{ This module will enumerate all installed applications on a Windows system },

15
        'License' => MSF_LICENSE,

16
        'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],

17
        'Platform' => [ 'win' ],

18
        'SessionTypes' => [ 'meterpreter' ],

19
        'Notes' => {

20
          'Stability' => [CRASH_SAFE],

21
          'SideEffects' => [],

22
          'Reliability' => []

23
        }

24
      )

25
    )

26
  end

27


28
  def app_list

29
    tbl = Rex::Text::Table.new(

30
      'Header' => 'Installed Applications',

31
      'Indent' => 1,

32
      'Columns' =>

33
      [

34
        'Name',

35
        'Version'

36
      ]

37
    )

38
    appkeys = [

39
      'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

40
      'HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

41
      'HKLM\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

42
      'HKCU\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

43
    ]

44
    apps = []

45
    appkeys.each do |keyx86|

46
      found_keys = registry_enumkeys(keyx86)

47
      next unless found_keys

48


49
      found_keys.each do |ak|

50
        apps << keyx86 + '\\' + ak

51
      end

52
    end

53


54
    t = []

55
    until apps.empty?

56


57
      1.upto(16) do

58
        t << framework.threads.spawn("Module(#{refname})", false, apps.shift) do |k|

59
          dispnm = registry_getvaldata(k.to_s, 'DisplayName')

60
          dispversion = registry_getvaldata(k.to_s, 'DisplayVersion')

61
          tbl << [dispnm, dispversion] if dispnm && dispversion

62
        rescue StandardError => e

63
          vprint_error(e.message)

64
        end

65
      end

66
      t.map(&:join)

67
    end

68


69
    results = tbl.to_s

70


71
    print_line("\n" + results + "\n")

72


73
    p = store_loot('host.applications', 'text/plain', session, results, 'applications.txt', 'Installed Applications')

74
    print_good("Results stored in: #{p}")

75
  end

76


77
  def run

78
    print_status("Enumerating applications installed on #{sysinfo['Computer']}")

79
    app_list

80
  end

81
end

82


83