收集系统信息的脚本


Windows下的bat版本:
@echo off
echo #########system info collection
systeminfo
ver
hostname
net user
net localgroup
net localgroup administrators
net user guest
net user administrator

echo #######at- with atq#####
echo schtask /query

echo
echo ####task-list#############
tasklist /svc
echo
echo ####net-work infomation
ipconfig/all
route print
arp -a
netstat -anipconfig /displaydns
echo
echo #######service############
sc query type= service state= all
echo #######file-##############
cd
tree -F
Linux下的shell版本:
#!/bin/bash

echo #######geting sysinfo####
echo ######usage: ./getinfo.sh >/tmp/sysinfo.txt
echo #######basic infomation##
cat /proc/meminfo
echo
cat /proc/cpuinfo
echo
rpm -qa 2>/dev/null
######stole the mail……######
cp -a /var/mail /tmp/getmail 2>/dev/null
echo ‘u’r id is’ `id`
echo ###atq&crontab#####
atq
crontab -l
echo #####about var#####
set

echo #####about network###
####this is then point in pentest,but i am a new bird,so u need to add some in it
cat /etc/hosts
hostname
ipconfig -a
arp -v
echo ####user####
cat /etc/passwd|grep -i sh

echo ####service####
chkconfig –list

for i in {oracle,mysql,tomcat,samba,apache,ftp}
cat /etc/passwd|grep -i $i
done

locate passwd >/tmp/password 2>/dev/null
sleep 5
locate password >>/tmp/password 2>/dev/null
sleep 5
locate conf >/tmp/sysconfig 2>dev/null
sleep 5
locate config >>/tmp/sysconfig 2>/dev/null
sleep 5

###maybe can use "tree /"###
echo ##packing up#########
tar cvf getsysinfo.tar /tmp/getmail /tmp/password /tmp/sysconfig
rm -rf /tmp/getmail /tmp/password /tmp/sysconfig

从网上搜集而来的~

再补上一个vbs版本的:
'获取硬件性息的vbs脚本

REM '获取IP地址'
REM '判断DNS是否为空,判断IP地址开头是否为10或192'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=TRUE",,48)
For Each objItem in colItems
    If isNULL(objItem.DNSServerSearchOrder) Then
    Else
        IPX=objItem.IPAddress(0)
        LefIP=split(IPX,".")(0)
        If LefIP="10" OR LefIP="192" Then
           IP=IPX
           Wscript.Echo "ip:" & IP
        End If
    End If
Next

REM '获取SN号'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_BIOS",,48)
For Each objItem in colItems
    SN=objItem.SerialNumber
    Wscript.Echo "Sn: " & SN
Next


REM '获取CPU信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_Processor",,48)
For Each objItem in colItems
    Processor=objItem.Name
    Wscript.Echo "Processors:         " & Processor
Next

REM '获取内存信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_ComputerSystem",,48)
For Each objItem in colItems
    Memory= Round(objItem.TotalPhysicalMemory/1024^3) & "GB"
    Wscript.Echo "Memory: " & Memory
Next

REM '获取硬盘信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_DiskDrive",,48)
For Each objItem in colItems
    Disk=objItem.Model
    Wscript.Echo "Disk:         " & Disk
Next

REM '获取电脑品牌'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_BaseBoard",,48)
For Each objItem in colItems
    Pinpai=objItem.Manufacturer
Next

REM '获取Summary信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_BaseBoard",,48)
For Each objItem in colItems
    Product=objItem.Product
    Summary=Pinpai & " " & Product & "," & Processor & "," & Memory
    Wscript.Echo "Summary: " & Summary
Next

REM '获取Chipset信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_Processor",,48)
For Each objItem in colItems
    Chipset=objItem.Caption
    Wscript.Echo "Chipset:         " & Chipset
Next

REM '获取系统类型'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_OperatingSystem",,48)
For Each objItem in colItems
    OS=objItem.Caption
    Wscript.Echo "OS: " & OS
Next

REM '获取BIOS信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_BIOS",,48)
For Each objItem in colItems
    If isNull(objItem.BIOSVersion) Then
        Wscript.Echo "BIOS: "
    Else
        BIOS=Join(objItem.BIOSVersion,",")
        Wscript.Echo "BIOS: " & BIOS
    End If
Next

REM '获取计算机名'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_ComputerSystem",,48)
For Each objItem in colItems
    Hostname=objItem.DNSHostName
    Wscript.Echo "Hostname:" & Hostname
Next

REM '获取MAC地址'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE  IPEnabled = True",,48)
For Each objItem in colItems
    Macaddress=objItem.MACAddress
    Wscript.Echo "MACAddress: " & Macaddress
Next

REM '获取Network信息'
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootCIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE  IPEnabled = True",,48)
For Each objItem in colItems
    Network=Mid(objItem.Caption,InStr(objItem.Caption,"]")+1) & " " & Macaddress
    Wscript.Echo "Network: " & Network
Next

Dim Info
Info="Summary: " & Summary & Chr(13) & "Processors: " & Processor & Chr(13) & "Memory: " & Memory & Chr(13) & "Disk: " & Disk & Chr(13) & "Chipset: " & Chipset & Chr(13) & "Network: " & Network & Chr(13) & "BIOS: " & BIOS
MsgBox(Info)

=EOF=

, , ,

《“收集系统信息的脚本”》 有 16 条评论

  1. 找出所有.sh .pl .py .conf .cnf .ini .*history .*pass* (/usr/share目录里面的除外) 并且在当前目录zip打包。有些时候很多配置文件的权限配置不严,如果搜集完全的话对于进行下一步有很大帮助。

    `#Find all .sh .pl .py .conf .cnf .ini .*history .*pass* (Except in /usr/share) then zip in current directory
    find / ! -path “/usr/share/*” -iregex “.*.sh$|.*.pl$|.*.py$|.*.conf$|.*.cnf$|.*.ini$|.*/..*history$|.*/..*pass.*” -print | zip pack.zip -@
    `
    # http://insight-labs.org/?p=883

  2. 10 Tools To Check Every Hardware Detail Of Your Computer In Windows
    https://www.itechtics.com/check-hardware-details-windows/
    `
    自带的有 msinfo32 这个命令一般就能满足绝大部分需求;

    CPU-Z
    Speccy
    HWiNFO (32/64)
    PC Wizard
    SiSoftware Sandra Lite
    WinAudit
    BlackBox
    Flitskikker Info Tool
    Smart System Informer
    RWEverything
    `

    How to Get Detailed Information About Your PC
    https://www.howtogeek.com/80108/how-to-get-detailed-information-about-your-pc-2/
    `
    Win+R => msinfo32
    Command => systeminfo
    `

  3. AutoMacTC:一款针对macOS环境的自动化取证分类采集器
    https://www.freebuf.com/sectool/218812.html
    https://github.com/CrowdStrike/automactc
    `
    AutoMacTC是一个针对macOS环境的模块化自动取证分类收集框架,AutoMacTC旨在帮助研究人员轻松访问macOS环境中的各种取证信息以及数据文件,而且它还能够对这些取证文件及数据进行解析,并以可视化的形式呈现以供研究人员对其进行分析。除此之外,AutoMacTC的输出可以为研究人员解决macOS环境中的事件响应提供有价值的建议。值得一提的是,AutoMacTC可以在活动系统或固定磁盘(加载的卷)中直接运行。
    `

  4. How do I find the location of an executable in Windows?
    https://superuser.com/questions/49104/how-do-i-find-the-location-of-an-executable-in-windows
    `
    # Windows 7及以后的版本内置了 where.exe 命令,类似于Linux系统上的 whereis 命令

    where.exe does this on Windows 7 and Windows Server 2003 and later:

    Example
    C:\> where ping

    Output:
    C:\Windows\System32\PING.EXE

    In PowerShell use where.exe, Get-Command (or its abbreviation gcm), as where is the default alias for Where-Object.
    `

回复 a-z 取消回复

您的电子邮箱地址不会被公开。 必填项已用*标注