这篇文章上次修改于 1672 天前,可能其部分内容已经发生变化,如有疑问可询问作者。

0x01 说明

内网信息收集时,一行一行手动执行命令比较麻烦,所以萌生做一个自动化收集脚本​。网上类似的资源比较多了,有用批处理编写,有用powershell编写.
内网信息收集基于powershell的工具有很多了,Nishang,Empire等很著名等工具。

本次文章中的工具完全基于Windows系统命令编写里哥批处理脚本来收集信息,执行时最好使用管理员权限甚至更高权限。

0x02 代码

@echo off
echo >> basic-info.txt
echo #########system user info collection #########
whoami/all >> basic-info.txt
query user >> basic-info.txt
hostname >> basic-info.txt
net user >> basic-info.txt
net localgroup >> basic-info.txt
net localgroup administrators >> basic-info.txt
net user administrator >> basic-info.txt

echo #########system environment variables info#########
systeminfo >> basic-info.txt
ver >> basic-info.txt
set >> basic-info.txt
net start >> basic-info.txt

echo #########at- with atq######### 
echo schtask /query >> basic-info.txt

echo
echo #########task-list######### 
tasklist /svc >> basic-info.txt
tasklist /m >> basic-info.txt

echo ####net-work infomation#########
ipconfig/all >> basic-info.txt
ipconfig /displaydns >> basic-info.txt

echo #########system open port#########
netstat -ano >> basic-info.txt
netstat -anob >> basic-info.txt
netstat -ano | findstr "ESTABLISHED" >> basic-info.txt
netstat -ano | findstr "LISTENING" >> basic-info.txt
netstat -ano | findstr "TIME_WAIT" >> basic-info.txt


echo #########route info######### 
route print >> basic-info.txt
arp -a >> basic-info.txt

echo
echo #######service############ 
sc query type= service state= all >> basic-info.txt
echo #######file-############## 
tree -F >> basic-info.txt
echo


echo #######domain info#######
net user /domain  >> basic-info.txt
net user epoadmin /domain >> basic-info.txt
net accounts /domain      >> basic-info.txt
net config workstation   >> basic-info.txt
net view /domain        >> basic-info.txt
net view /domain:%USERDOMAIN% >> basic-info.txt
net time /domain         >> basic-info.txt
net group /domain         >> basic-info.txt
net group "domain admins" /domain      >> basic-info.txt
net group "domain computers" /domain >> basic-info.txt
net group "domain controllers" /domain >> basic-info.txt

echo =================
echo Detecting installed software
echo =================
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall reg.txt
find "DisplayName" reg.txt |find /V "ParentDisplayName" > tmplist.txt
for /f "tokens=2,3 delims==" %%a in (tmplist.txt) do (echo %%a >> software.txt)
echo Done!
echo.

echo =================
echo Host Information Gathering Script finished.
echo =================
echo.

0x03 参考