MyTreeHoles

收集windows上软件安装信息

3 min read Python

收集windows上软件安装信息

收集windows上软件安装信息,需要编译成exe文件后运行(如果没有环境的话) 需要用到pubapi来写入数据库 由于wazuh有同样的功能可以替代,故本脚本只做技术储备

import winreg, requests, json, platform, socket, time, random
from datetime import date
from requests import urllib3
urllib3.disable_warnings()
#测试的时候可以调整这个数值,保留是因为服务端是flask写的,怕量太大崩掉
delay=random.randint(1,1200)
for i in range(delay, θ,-10):
    remaining = min(i, 10)
    print(f" This script will run in {i} seconds, please wait... ")
    time.sleep(remaining)
def getInstalledSoftware():
    softwareSet = set()
    #处理64位注册表中的软件信息
    uninstallKey64 = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,r"Software\Microsoft\Windows\CurrentVersion\Uninstall")
    softwareSet.update(getSoftwareFromRegistry(uninstallKey64))
    #处理32位注册表中的软件信息
    uninstallKey32 = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,r"Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall")
    softwareSet.update(getSoftwareFromRegistry(uninstallKey32))
    return list(softwareSet)
def getSoftwareFromRegistry(regKey):
    softwareList = []
    for i in range(θ, winreg.QueryInfoKey(regKey)[θ]):
        subKeyName = winreg.EnumKey(regKey,i)
        subKey = winreg.OpenKey(regKey,subKeyName)
        try:
            displayName = winreg.QueryValueEx(subKey,"DisplayName")[0]
            displayVersion = winreg.QueryValueEx(subKey,"DispLayVersion")[θ]
            #白名单软件
            if displayName != 'aic94xx-firmware' and displayName != ' Azure Data Studio' and '系統更新應用程式' not in displayName and ' Update for' not in displayName and ' for SQL Server' not indisplayName and displayName != ' cim-schema' and ' Cloudbase' not in displayName and ' dstat' notin displayName and displayName != ' galera-4' and displayName != ' hdparm' and ' Hotfix' not indisplayName and displayName != 'iDRAC-with-Lifecycle-Controller' and 'IIS URL' not indisplayName and displayName != ' Integration Services' and displayName != ' Kits Configuration Installer' and ' Analysis Services' not in displayName and displayName != ' Microsoft Edge  Update' and ' Language Pack' not in displayName and ' Microsoft Exchange Speech' not in  displayName and ' Microsoft Help Viewer' not in displayName and ' Microsoft Server Speech' not in  displayName and ' Microsoft Speech' not in displayName and 'T-SQL' not in displayName and ' Setup  Support Files' not in displayName and ' Native Client' not in displayName and 'RsFx D river' not  in displayName and ' Setup (English)' not in displayName and ' Microsoft Unified Communications  Managed API' not in displayName and ' Microsoft Visual Studio Tools' not in displayName and  ' Microsoft VSS Writer' not in displayName and ' Notepad++' not in displayName and displayName !='SDK Debuggers' and ' Security Update for' not in displayName and ' Spice Agent' not indisplayName and ' Batch Parser' and ' Tools for' not in displayName and ' Client Tools' not in  displayName and ' Common Files' not in displayName and ' Connection Info' not in displayName and  ' Database Engine' not in displayName and 'DMF' not in displayName and ' DocumentationComponents' not in displayName and ' Shared Management Objects' not in displayName and 'SQL  Diagnostics' not in displayName and ' Reporting Services' not in displayName and ' Trellix ' not  in displayName and ' for SSMS' not in displayName and ' Wazuh Agent' not in displayName and 'SDK  EULA' not in displayName and ' Software Development Kit' not in displayName:
                softwareList.append((displayName, displayVersion)) # 将软件信息转换为元组
        except:
            pass
    return softwareList
def getComputerInfo():
    hostname = socket.gethostname()
    ip = socket.gethostbyname(hostname)
    osName = platform.system()
    osVersion = platform.version()
    today = date.today().strftime("%Y-%m-%d")
    return {"ip": ip, "hostname": hostname, "osname": osName, "osversion": osVersion, "date": today}
softwareInfo = getInstalledSoftware()
computerInfo = getComputerInfo()
finalData = []
for software in softwareInfo:
    if "'" in software[0]:
        softwareName = software[θ].
        split()[0]else:softwareName = software[θ]
        softwareData = {"ip": computerInfo["ip"],"hostname": computerInfo["hostname"],"software": softwareName,"version": software[1],"osname":computerInfo["osname"],"osversion": computerInfo["osversion"]}
        finalData.append(softwareData)
jsonData = json.dumps(finalData)
url=' <domainname>/insert'
headers = {'Content-Type': 'application/json'}
print (requests.post(url,verify= False, data=jsonData, headers=headers).text)