-
Notifications
You must be signed in to change notification settings - Fork 81
/
Copy pathenumsecproducts.cna
26 lines (19 loc) · 1011 Bytes
/
enumsecproducts.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# author REDMED-X
beacon_command_register(
"enumsecproducts", "List security products running on the current- or remote host.",
"INFO:\nGet a list of security products like AV/EDR that are running on the current- or remote host. This is done by comparing running processes against a hardcoded list of 130 security products.\n\n" .
"ARGUMENTS:\n[hostname]: The FQDN or IP of the remote host OR leave empty for the current system.\n\n" .
"USAGE:\nenumsecproducts <(optional) hostname>\n\n" .
"EXAMPLES:\nenumsecproducts \nenumsecproducts WS01.example.local\n\n");
alias enumsecproducts {
$bid = $1;
$remotehost = $2;
# read in the right BOF file
$handle = openf(script_resource("enumsecproducts.o"));
$data = readb($handle, -1);
closef($handle);
# pack our arguments
$arg_data = bof_pack($bid, "z", $remotehost);
blog($bid, "Tasked to list running security products..");
beacon_inline_execute($bid, $data, "go", $arg_data);
}