Windows System Check Utility

From Bob's Basement

Jump to: navigation, search

This is a simple very small script utility using core windows programs to output system data into text files, upload this data to an FTP server and then delete the original batch script so far. Read the 'what it doesn't do yet' for me.

Project Leader: Bob Plonker

Project Members: Napster

Project Status: First phase complete.

Contents

What it does, phase one

Outputs the following from the registry:

  • Common startup applications
  • Startup process's
  • Runonce process's
  • Add/remove programs list
  • Running process's
  • Live connections
  • Available shares
  • Network drives
  • Local accounts
  • Machines on network
  • Logs on to FTP server, creates a new directory, then uploads the 10 text files.
  • Deletes the output above from the local machine and deletes the original batch script including FTP file.

What it doesn't do yet, phase two

  1. Include services
  2. Zip the original two files, placing them in a self extracting running exicutable
  3. Compress logs before upload
  4. Use a rewriten Perl webcrawler to look-up services, process's and applications from a list of good sources and output the results
  5. Create concise report from item 4
  6. Use SFTP
  7. Add module to get external IP address from FTP server log.
  8. Change the name of the upload directory each time, thus not deleting the previous entry.
  9. Run port/vunerability scan
  10. Port it to different OS's.

Script:

@echo on

rem *** COMMON STARTUP APPLICATIONS. ***
regedit /e c:\commonStartup.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start menu2\programs\startup"

rem *** STARTUP PROCESSES. ***
regedit /e c:\startupProcesses.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

rem *** RUNONCE PROCESSES. ***
regedit /e c:\runOnceProcesses.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

rem *** INSTALLED PROGRAMS, APPEARING IN ADD/REMOVE PROGRAMS. ***
regedit /e c:\installedPrograms.txt HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

rem *** RUNNING PROCESSES ***
tasklist.exe > c:\taskList.txt

rem *** RUNNING NETWORK CONNECTIONS ***
netstat -a -b -o -r -v > c:\connections.txt

rem *** AVAILABLE SHARES ***
net share > c:\shares.txt

rem *** NETWORK DRIVES ***
net use > c:\networkDrives.txt

rem *** LOCAL ACCOUNTS ***
net user > c:\localAccounts.txt

rem *** MACHINES ON NETWORK ***
net view > c:\poweredMachines.txt

rem *** FTP UPLOAD ***
ftp -s:ftp.txt kentgeek.org

rem *** DELETING TEMPORY FILES *** 
del c:\commonStartup.txt
del c:\startupProcesses.txt
del c:\runOnceProcesses.txt
del c:\installedPrograms.txt
del c:\taskList.txt
del c:\connections.txt
del c:\shares.txt
del c:\networkDrives.txt
del c:\localAccounts.txt
del c:\poweredMachines.txt

rem *** DELETING BATCH SCRIPT ***
del c:\cleanup.bat
del c:\ftp.txt

echo off

DOS FTP commands file

ftp_username
ftp_password
mkdir cleanup
cd cleanup
send c:\commonStartup.txt
send c:\startupProcesses.txt
send c:\runOnceProcesses.txt
send c:\installedPrograms.txt
send c:\taskList.txt
send c:\connections.txt
send c:\shares.txt
send c:\networkDrives.txt
send c:\localAccounts.txt
send c:\poweredMachines.txt
quit
Retrieved from "http://www.bobsbasement.co.uk/Windows_System_Check_Utility"
Personal tools