Advertisement
opexxx

CollectionScript.sh

Sep 15th, 2015
221
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.02 KB | None | 0 0
  1. #!/bin/bash
  2.  
  3. COLLECTIONDIR=~/collection/
  4. USER=adminuser 
  5. PASS=adminpass
  6. DOMAIN=DOM
  7.  
  8. while read HOST
  9. do
  10.  
  11.  mkdir -p $COLLECTIONDIR/$HOST
  12.  
  13.  mount -t cifs -o user=$USER,pass=$PASS,domain=$DOMAIN //$HOST/c$ /mnt/
  14.  
  15.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'netstat -an' | tee $COLLECTIONDIR/$HOST/netstat.txt
  16.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'ipconfig /all' | tee $COLLECTIONDIR/$HOST/ipconfig.txt
  17.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'cmd /C set' | tee $COLLECTIONDIR/$HOST/env.txt
  18.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'systeminfo' | tee $COLLECTIONDIR/$HOST/systeminfo.txt
  19.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'net user' | tee $COLLECTIONDIR/$HOST/netuser.txt
  20.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'net user /domain' | tee $COLLECTIONDIR/$HOST/netuserdomain.txt
  21.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'net localgroup' | tee $COLLECTIONDIR/$HOST/netlocalgroup.txt
  22.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'wmic product' | tee $COLLECTIONDIR/$HOST/installedproducts.txt
  23.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'wmic qfe' | tee $COLLECTIONDIR/$HOST/installedpatches.txt
  24.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'tasklist /V /FO CSV' | tee $COLLECTIONDIR/$HOST/tasklist.txt
  25.  winexe -U $DOMAIN/$USER%$PASS //$HOST "cmd /c echo . | powershell -Command \"gdr -PSProvider 'FileSystem' | convertto-csv\"" | tee $COLLECTIONDIR/$HOST/drives.txt
  26.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'cmd /C type \Windows\System32\drivers\etc\hosts' | tee $COLLECTIONDIR/$HOST/hosts.txt
  27.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'reg save hklm\sam c:\sam'
  28.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'reg save hklm\system c:\system'
  29.  
  30.  echo "Copying SAM/SYSTEM..."
  31.  mv /mnt/sam  $COLLECTIONDIR/$HOST/sam
  32.  mv /mnt/system  $COLLECTIONDIR/$HOST/system
  33.  
  34.  echo "Doing directory listing..."
  35.  winexe -U $DOMAIN/$USER%$PASS //$HOST 'echo . | powershell -Command "ls -recurse / | convertto-csv" ' > $COLLECTIONDIR/$HOST/directorylisting.txt
  36.  echo "Done."
  37.  
  38.  echo "Doing AV scan..."
  39.  clamdscan /mnt | tee $COLLECTIONDIR/$HOST/avscan.txt
  40.  echo "Done."
  41.  
  42.  umount /mnt
  43.  
  44. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement