Audit User Installed Softwares
Silent install package for Audit User Installed Softwares
12-1
Security
Security
- package: tis-audit-user-installed-softwares
- name: Audit User Installed Softwares
- version: 12-1
- categories: Security
- maintainer: WAPT Team,Tranquil IT,Simon Fonteneau,Jimmy PELÉ
- licence: wapt_public
- target_os: windows
- architecture: all
- signature_date:
- size: 9.29 Ko
package : tis-audit-user-installed-softwares
version : 12-1
architecture : all
section : base
priority : optional
name : Audit User Installed Softwares
categories : Security
maintainer : WAPT Team,Tranquil IT,Simon Fonteneau,Jimmy PELÉ
description : Audit User Installed Softwares
depends :
conflicts :
maturity : PROD
locale :
target_os : windows
min_wapt_version : 2.3
sources :
installed_size :
impacted_process :
description_fr :
description_pl :
description_de :
description_es :
description_pt :
description_it :
description_nl :
description_ru :
audit_schedule : 1d
editor :
keywords : audit,user,installed,softwares,software,inventory
licence : wapt_public
homepage :
package_uuid : 17e89675-2583-41fa-aa06-c5287702aed3
valid_from :
valid_until :
forced_install_on :
changelog :
min_os_version :
max_os_version :
icon_sha256sum : 7f00fc99ce8f9f34ed57f77501e4e635afaef7809c99755f6f108cdf53c5f955
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : rWslCNdvjJuvs9YO0exbGkQ7k3t3eQIgy1KGSQhe6p8pn4c7KoBMoxbCKMHU/tWmrjARWz4bN3cEV3XXAjHAeg6LwHZR12yI36AJTFZvGFrEJd9hmi35sxEIBYSnOti4D9s+IvnG1DDh8UTBzdJkfda7vl/MYRPbqd10FlF7fMotnls+tobhSgkQtF3sqbTaGvd2JtnPQITVTcUk34PNy0FyMumnTKh8RdXOYdpLj7v9Oy7KJ3QfTMKnyUe8/XMUSdOR687VG3wcobjOCflQT3OFMKX/YdgkzEWk5Iw2mqs3wxSA6Yt6OC83jK6GB8koly1FCNA/DC32Q7kok+2DGw==
signature_date : 2024-03-20T12:00:07.510848
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributesfrom setuphelpers import *
import winreg
import os
json_file = ".installed_softwares_user.json"
def install():
pass
def session_setup():
data_dict = installed_softwares_user()
json_path = makepath(os.environ["USERPROFILE"], json_file)
# if isfile(json_path):
# remove_file(json_path)
print(f"Writing: {json_path}")
json_write_file(json_path, data_dict)
set_file_hidden(json_path)
return "RERUN"
def audit():
audited_data = {}
for p in get_local_profiles():
json_path = makepath(p["profile_path"], json_file)
if r"C:\WINDOWS".lower() in p["profile_path"].lower():
continue
if not isfile(json_path):
print(f"session-setup have NOT been run for the profile_path: {p['profile_path']}")
continue
try:
print(f"session-setup have been run for the profile_path: {p['profile_path']}")
data_dict = json_load_file(json_path)
audited_data[p["profile_path"]] = data_dict
except:
pass
WAPT.write_audit_data_if_changed("audit-user-installed-softwares", "audit-user-installed-softwares", audited_data)
return "OK"
def installed_softwares_user(keywords=None, uninstallkey=None, name=None, ignore_empty_names=True):
"""Return list of installed software from registry (both 32bit and 64bit)
Args:
keywords (str or list): string to lookup in key, display_name or publisher fields
uninstallkey : filter on a specific uninstall key instead of fuzzy search
.. versionchanged:: 1.3.11
name (str regexp) : filter on a regular expression on software name
Returns:
list of dicts: [{'key', 'name', 'version', 'install_date', 'install_location'
'uninstall_string', 'publisher','system_component'}]
>>> softs = installed_softwares('libre office')
>>> if softs:
... for soft in softs:
... print uninstall_cmd(soft['key'])
???
"""
name_re = re.compile(name) if name is not None else None
def check_words(target, words):
mywords = target.lower()
result = not words or mywords
for w in words:
result = result and w in mywords
return result
def list_fromkey(uninstall, noredir=True):
result = []
with reg_openkey_noredir(winreg.HKEY_CURRENT_USER, uninstall, noredir=noredir) as key:
if isinstance(keywords, str):
mykeywords = keywords.lower().split()
elif isinstance(keywords, bytes):
mykeywords = str(keywords).lower().split()
elif keywords is not None:
mykeywords = [ensure_unicode(k).lower() for k in keywords]
else:
mykeywords = None
i = 0
while True:
try:
subkey = winreg.EnumKey(key, i)
appkey = reg_openkey_noredir(winreg.HKEY_CURRENT_USER, "%s\\%s" % (uninstall, subkey), noredir=noredir)
display_name = reg_getvalue(appkey, "DisplayName", "")
display_version = reg_getvalue(appkey, "DisplayVersion", "")
try:
date = str(reg_getvalue(appkey, "InstallDate", "")).replace("\x00", "")
try:
install_date = datetime.datetime.strptime(date, "%Y%m%d").strftime("%Y-%m-%d %H:%M:%S")
except:
try:
install_date = datetime.datetime.strptime(date, "%d/%m/%Y").strftime("%Y-%m-%d %H:%M:%S")
except:
install_date = date
except:
date = reg_getvalue(appkey, "InstallDate", "")
install_location = reg_getvalue(appkey, "InstallLocation", "")
uninstallstring = reg_getvalue(appkey, "UninstallString", "")
publisher = reg_getvalue(appkey, "Publisher", "")
if reg_getvalue(appkey, "ParentKeyName", "") == "OperatingSystem" or reg_getvalue(appkey, "SystemComponent", 0) == 1:
system_component = 1
else:
system_component = 0
if (not ignore_empty_names or display_name != "") and (
(uninstallkey is None or (subkey == uninstallkey))
and (mykeywords is None or check_words(subkey + " " + display_name + " " + publisher, mykeywords))
and (name_re is None or name_re.match(display_name))
):
result.append(
{
"key": subkey,
"name": display_name.replace("\x00", ""),
"version": ("%s" % display_version).replace("\x00", ""),
"install_date": ("%s" % install_date),
"install_location": install_location.replace("\x00", ""),
"uninstall_string": uninstallstring.strip("\x00"),
"publisher": publisher.replace("\x00", ""),
"system_component": system_component,
}
)
i += 1
except WindowsError as e:
# WindowsError: [Errno 259] No more data is available
if e.winerror == 259:
break
else:
raise
return result
result = list_fromkey("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall")
return result
403fc3474c89367643bf87ee871421e8727bbba00b1e21988d60eb7a96365a6c : setup.py
7f00fc99ce8f9f34ed57f77501e4e635afaef7809c99755f6f108cdf53c5f955 : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
7bafa7274e802d1f8dc6fc8541818012f1fb2e20fffc228dffa32eec94fb369f : luti.json
481a7b8830547994b7401ad7efcc392b55f895d7f59a243cdf5a27b36d1daa1e : WAPT/control