基本信息
安全防护进程
msf信息收集模块
auxitiary系列
post系列
获取目标机器的分区情况
run post/windows/gather/arp_scanner
Device Name: Type: Size (bytes):
------------ ----- -------------
<Physical Drives:>
<Logical Drives:>
\\.\A: 4702111234474983745
\\.\D: 4702111234474983745
判断是否为虚拟机
run post/windows/gather/checkvm
[*] Checking if WIN-PAK5LLUK1FA is a Virtual Machine ...
[+] This is a VMware Virtual Machine
开启那些服务
run post/windows/gather/enum_services
安装那些应用
run post/windows/gather/enum_applications
查看共享
run post/windows/gather/enum_shares
获取主机最近的系统操作
run post/windows/gather/dumplinks
查看补丁
run post/windows/gather/enum_applications
scraper脚本 获取系统信息
winenum脚本
run winenum 同上脚本大同
操作记录
配置文件敏感信息
浏览器访问记录
浏览器记录密码
主机信息收集
IP、域名、计算机名、DNS等:ipconfig /all
本地用户、会话信息:net user
net localgroup administrators
query user
net session
域内用户名:net user /domain
dquery user
wmic useraccount get /all
域管理组成员:net group “domain admins” /domain
域控制器列表:net group “domain controllers” /domain
路由信息:arp -a
route print
域或工作组计算机列表:net view /domain
域控域名、时间:net time /domain
本地详细信息:systeminfo
本地端口信息:netstat -anp
netstat -ano
本地进程信息:tasklist /svc
wmic process list brief
本地服务信息:wmic service list brief
域内共享信息:net share
wmic share get name,path,status
本地启动信息:wmic startup get command,caption
计划任务信息:schtasks /query /fo LIST /v
本地补丁信息:wmic qfe get Caption,Description,HotFixID,InstalledOn
本地安装程序信息:wmic product get name,version
powershell “Get-WmiObject -class Win32_Product | Select-Object -Property name, version”
常见杀软进程
{"360tray.exe", "360安全卫士"},
{"360sd.exe", "360杀毒"},
{"a2guard.exe", "a-squared杀毒"},
{"ad-watch.exe", "Lavasoft杀毒"},
{"cleaner8.exe", "The Cleaner杀毒"},
{"vba32lder.exe", "vb32杀毒"},
{"MongoosaGUI.exe", "Mongoosa杀毒"},
{"CorantiControlCenter32.exe", "Coranti2012杀毒"},
{"F-PROT.EXE", "F-PROT杀毒"},
{"CMCTrayIcon.exe", "CMC杀毒"},
{"K7TSecurity.exe", "K7杀毒"},
{"UnThreat.exe", "UnThreat杀毒"},
{"CKSoftShiedAntivirus4.exe", "Shield Antivirus杀毒"},
{"AVWatchService.exe", "VIRUSfighter杀毒"},
{"ArcaTasksService.exe", "ArcaVir杀毒"},
{"iptray.exe", "Immunet杀毒"},
{"PSafeSysTray.exe", "PSafe杀毒"},
{"nspupsvc.exe", "nProtect杀毒"},
{"SpywareTerminatorShield.exe", "SpywareTerminator杀毒"},
{"BKavService.exe", "Bkav杀毒"},
{"MsMpEng.exe", "Microsoft Security Essentials"},
{"SBAMSvc.exe", "VIPRE"},
{"ccSvcHst.exe", "Norton杀毒"},
{"QQ.exe", "QQ"},
{"f-secure.exe", "冰岛"},
{"avp.exe", "卡巴斯基"},
{"KvMonXP.exe", "江民杀毒"},
{"RavMonD.exe", "瑞星杀毒"},
{"Mcshield.exe", "麦咖啡"},
{"egui.exe", "NOD32"},
{"kxetray.exe", "金山毒霸"},
{"knsdtray.exe", "可牛杀毒"},
{"TMBMSRV.exe", "趋势杀毒"},
{"avcenter.exe", "Avira(小红伞)"},
{"ashDisp.exe", "Avast网络安全"},
{"rtvscan.exe", "诺顿杀毒"},
{"ksafe.exe", "金山卫士"},
{"QQPCRTP.exe", "QQ电脑管家"},
{"Miner.exe", "流量矿石"},
{"AYAgent.aye", "韩国胶囊"},
{"patray.exe", "安博士"},
{"V3Svc.exe", "安博士V3"},
{"avgwdsvc.exe", "AVG杀毒"},
{"ccSetMgr.exe", "赛门铁克"},
{"QUHLPSVC.EXE", "QUICK HEAL杀毒"},
{"mssecess.exe", "微软杀毒"},
{"SavProgress.exe", "Sophos杀毒"},
{"fsavgui.exe", "F-Secure杀毒"},
{"vsserv.exe", "比特梵德"},
{"remupd.exe", "熊猫卫士"},
{"FortiTray.exe", "飞塔"},
{"safedog.exe", "安全狗"},
{"parmor.exe", "木马克星"},
{"beikesan.exe", "贝壳云安全"},
{"KSWebShield.exe", "金山网盾"},
{"TrojanHunter.exe", "木马猎手"},
{"GG.exe", "巨盾网游安全盾"},
{"adam.exe", "绿鹰安全精灵"},
{"AST.exe", "超级巡警"},
{"ananwidget.exe", "墨者安全专家"},
{"AVK.exe", "GData"},
{"ccapp.exe", "Symantec Norton"},
{"avg.exe", "AVG Anti-Virus"},
{"spidernt.exe", "Dr.web"},
{"Mcshield.exe", "Mcafee"},
{"avgaurd.exe", "Avira Antivir"},
{"F-PROT.exe", "F-Prot AntiVirus"},
{"vsmon.exe", "ZoneAlarm"},
{"avp.exee", "Kaspersky"},
{"cpf.exe", "Comodo"},
{"outpost.exe", "Outpost Firewall"},
{"rfwmain.exe", "瑞星防火墙"},
{"kpfwtray.exe", "金山网镖"},
{"FYFireWall.exe", "风云防火墙"},
{"MPMon.exe", "微点主动防御"},
{"pfw.exe", "天网防火墙"},
{"S.exe", "在抓鸡"},
{"1433.exe", "在扫1433"},
{"DUB.exe", "在爆破"},
{"ServUDaemon.exe", "发现S-U"},
{"BaiduSdSvc.exe", "百度杀软"},
安全狗
SafeDogGuardCenter.exe
safedogupdatecenter.exe
safedogguardcenter.exe
SafeDogSiteIIS.exe
SafeDogTray.exe
SafeDogServerUI.exe
D盾
D_Safe_Manage.exe
d_manage.exe
云锁
yunsuo_agent_service.exe
yunsuo_agent_daemon.exe
护卫神
HwsPanel.exe 护卫神·入侵防护系统(状态托盘)
hws_ui.exe 护卫神·入侵防护系统 - www.huweishen.com
hws.exe 护卫神·入侵防护系统 服务处理程序
hwsd.exe 护卫神·入侵防护系统 监控组件
火绒
hipstray.exe
wsctrl.exe
usysdiag.exe