CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/enum_applications.rb
Views: 11655
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Windows::Registry

8


9
  def initialize(info = {})

10
    super(

11
      update_info(

12
        info,

13
        'Name' => 'Windows Gather Installed Application Enumeration',

14
        'Description' => %q{ This module will enumerate all installed applications on a Windows system },

15
        'License' => MSF_LICENSE,

16
        'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],

17
        'Platform' => [ 'win' ],

18
        'SessionTypes' => [ 'meterpreter' ]

19
      )

20
    )

21
  end

22


23
  def app_list

24
    tbl = Rex::Text::Table.new(

25
      'Header' => 'Installed Applications',

26
      'Indent' => 1,

27
      'Columns' =>

28
      [

29
        'Name',

30
        'Version'

31
      ]

32
    )

33
    appkeys = [

34
      'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

35
      'HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

36
      'HKLM\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

37
      'HKCU\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',

38
    ]

39
    apps = []

40
    appkeys.each do |keyx86|

41
      found_keys = registry_enumkeys(keyx86)

42
      next unless found_keys

43


44
      found_keys.each do |ak|

45
        apps << keyx86 + '\\' + ak

46
      end

47
    end

48


49
    t = []

50
    until apps.empty?

51


52
      1.upto(16) do

53
        t << framework.threads.spawn("Module(#{refname})", false, apps.shift) do |k|

54
          dispnm = registry_getvaldata(k.to_s, 'DisplayName')

55
          dispversion = registry_getvaldata(k.to_s, 'DisplayVersion')

56
          tbl << [dispnm, dispversion] if dispnm && dispversion

57
        rescue StandardError

58
        end

59
      end

60
      t.map(&:join)

61
    end

62


63
    results = tbl.to_s

64


65
    print_line("\n" + results + "\n")

66


67
    p = store_loot('host.applications', 'text/plain', session, results, 'applications.txt', 'Installed Applications')

68
    print_good("Results stored in: #{p}")

69
  end

70


71
  def run

72
    print_status("Enumerating applications installed on #{sysinfo['Computer']}")

73
    app_list

74
  end

75
end

76


77