Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/enum_applications.rb
19567 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
include Msf::Post::Windows::Registry
8
9
def initialize(info = {})
10
super(
11
update_info(
12
info,
13
'Name' => 'Windows Gather Installed Application Enumeration',
14
'Description' => %q{ This module will enumerate all installed applications on a Windows system },
15
'License' => MSF_LICENSE,
16
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
17
'Platform' => [ 'win' ],
18
'SessionTypes' => [ 'meterpreter' ],
19
'Notes' => {
20
'Stability' => [CRASH_SAFE],
21
'SideEffects' => [],
22
'Reliability' => []
23
}
24
)
25
)
26
end
27
28
def app_list
29
tbl = Rex::Text::Table.new(
30
'Header' => 'Installed Applications',
31
'Indent' => 1,
32
'Columns' =>
33
[
34
'Name',
35
'Version'
36
]
37
)
38
appkeys = [
39
'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
40
'HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
41
'HKLM\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
42
'HKCU\\SOFTWARE\\WOW6432NODE\\Microsoft\\Windows\\CurrentVersion\\Uninstall',
43
]
44
apps = []
45
appkeys.each do |keyx86|
46
found_keys = registry_enumkeys(keyx86)
47
next unless found_keys
48
49
found_keys.each do |ak|
50
apps << keyx86 + '\\' + ak
51
end
52
end
53
54
t = []
55
until apps.empty?
56
57
1.upto(16) do
58
t << framework.threads.spawn("Module(#{refname})", false, apps.shift) do |k|
59
dispnm = registry_getvaldata(k.to_s, 'DisplayName')
60
dispversion = registry_getvaldata(k.to_s, 'DisplayVersion')
61
tbl << [dispnm, dispversion] if dispnm && dispversion
62
rescue StandardError => e
63
vprint_error(e.message)
64
end
65
end
66
t.map(&:join)
67
end
68
69
results = tbl.to_s
70
71
print_line("\n" + results + "\n")
72
73
p = store_loot('host.applications', 'text/plain', session, results, 'applications.txt', 'Installed Applications')
74
print_good("Results stored in: #{p}")
75
end
76
77
def run
78
print_status("Enumerating applications installed on #{sysinfo['Computer']}")
79
app_list
80
end
81
end
82
83