Category: | NT Admin |
Author/Contact Info | |
Description: | A quick and dirty software auditing script for an nt domain. Basically just takes everything out of the uninstall reg key and generates a couple reports based on the information it gets. |
# Before you run this make sure you create a directory on your # c drive called "thegoods", and then under that directory create # "machines" and "software". # # Drop me a line if you have any questions, comments, or improvements. # # Chad Juettner - cjuettner@gmail.com use Win32::NetAdmin; use Win32::Registry; chdir "c:\\thegoods\\machines"; print "Is there more than one domain you'd like to check? (y/n) "; $stf = <STDIN>; if ($stf =~ /y|n/i) { if ($stf =~ /y/) { print "\nEnter the domains you'd like to query, separa +ted\nby a space (ex. DOMAIN1 DOMAIN2): "; $domains = <STDIN>; @doms = split (/ /, $domains); foreach $dom ( @doms ) { chomp $dom; print "Getting machine names for $dom...\n\n"; Win32::NetAdmin::GetServers( '', $dom, SV_TYPE +_ALL, \@$dom ); push (@servers, @$dom); } } if ($sty=~ /n/) { Win32::NetAdmin::GetServers( '', '', SV_TYPE_ALL, \@se +rvers ); } } else { print "You have to enter either y or n."; exit 1; } foreach $machine ( @servers ) { if ( $HKEY_LOCAL_MACHINE->Connect( $machine, $software ) ) { my @programs; open( CURRENT, ">" . $machine . ".txt" ); $software->Open( "software\\microsoft\\windows\\curren +tversion\\uninstall", $installed ); unless ( defined($installed) ) { next }; $installed->GetKeys( \@programs ); print "Getting programs out of HKLM for $machine\n"; foreach $program ( @programs ) { print CURRENT "$program\n"; } $software->Close; $installed->Close; close( CURRENT ); } if ( $HKEY_USERS->Connect( $machine, $hku ) ) { my @hkusubkeys; open( CURRENT, ">>" . $machine . ".txt" ); $hku->Open( '', $hkusers ); $hkusers->GetKeys( \@hkusubkeys ); foreach $subkey ( @hkusubkeys ) { my @subkeyprograms; if ( $subkey eq ".DEFAULT" ) { next } $HKEY_USERS->Connect( $machine, $currentsubkey + ); print "Getting programs out of HKU for $machin +e\n"; $plethora = $subkey . "\\software\\microsoft\\ +windows\\currentversion\\uninstall"; if ( $currentsubkey->Open( $plethora, $subkins +talled ) ) { $subkinstalled->GetKeys( \@subkeyprogr +ams ); foreach $skp ( @subkeyprograms ) { print CURRENT "$skp\n"; } } } $hku->Close; $hkusers->Close; close( CURRENT ); } } print "\n\nBuilding reports...\n"; chdir "c:\\thegoods"; unlink "c:\\thegoods\\report.txt"; unlink <c:\\thegoods\\software\\*>; opendir (GOODS, "c:\\thegoods\\machines") || die "cannot get to the go +ods: $!"; while ($name = readdir(GOODS)) { print "Built report: $name\n"; $total += 1; open (CURRENT, "c:\\thegoods\\machines\\" . $name); while ($line = <CURRENT>) { if ($line =~ /Connecting to remote machine/) { next } if ($line =~ /network path was not found/) { $total--; nex +t } if ($line eq "\n") { next } if ($line =~ /{/) { next } $line =~ s/\[//; $line =~ s/\]//; chop $line; $length = @$line; $machinename = $name; $machinename =~ s/.txt//; @$line[$length] = $machinename; $list{$line} += 1; chdir "c:\\thegoods\\software"; open (SOFTWARE, ">>$line" . ".txt"); print SOFTWARE "@$line[$length]\n" unless ($line[$length] +eq "\n"); chdir "c:\\thegoods"; } } closedir(GOODS); print "\n\nMaking report.txt...\n\n"; open (REPORT, ">c:\\thegoods\\report.txt"); print REPORT "Total machines queried: $total\n\n"; foreach $install (sort keys(%list)) { print REPORT ("$install: $list{$install}\n"); } print "All done.\n"; |
Back to
Code Catacombs