利用_winreg模块在注册表中分析无线访问热点
_winreg.OpenKey(key, sub_key, res, sam) key是一个已经打开的键,或者是HKEY_CLASSES_ROOT、HKEY_CURRENT_USER、HKEY_LOCAL_MACHINE、HKEY_USERS、HKEY_PERFORMANCE_DATA、HKEY_CURRENT_CONFIG这些中的一个。
_winreg.EnumKey(key, index) 枚举键,key is an already open key, or any one of the predefined HKEY_* constants.index is an integer that identifies the index of the key to retrieve.
_winreg.EnumValue(key, index) 枚举一个一打开的注册表键值,返回元组
for i in range(1,6): print EnumValue(netKey,i) ''' 输出结果: ('Description', u'xiaoming', 1) ('Source', 8, 4) ('DnsSuffix', u'workgroup', 1) ('FirstNetwork', u'xiaoming', 1) ('DefaultGatewayMac', '\xb0\xd5\x9d0\x94\xa2', 3) '''
提取无线访问热点名称及Mac地址:
1 #coding=utf-8 2 from _winreg import * 3 4 def va12addr(val): 5 addr="" 6 for ch in val: 7 addr += ("%02x " %ord(ch)) 8 addr = addr.strip(' ').replace(" ",":")[0:17] 9 return addr 10 11 def printNets(): 12 net ="SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged" 13 key = OpenKey(HKEY_LOCAL_MACHINE,net, 0, KEY_READ | KEY_WOW64_64KEY)
#我用的是32-bit Python on 64-bit Windows,所以要加KEY_READ | KEY_WOW64_64KEY这一参数,否则运行失败 14 print '\n[+] Networks You have Joined.' 15 for i in range(100): 16 try: 17 guid = EnumKey(key,i) 18 #print guid 19 netKey = OpenKey(key,str(guid)) 20 # for i in range(1,6): 21 # print EnumValue(netKey,i) 22 (n,name,t) = EnumValue(netKey,1) 23 (n,addr,t) = EnumValue(netKey,5) 24 macAddr = va12addr(addr) 25 netName = str(name) 26 print '[+] '+netName +' '+macAddr 27 CloseKey(netKey) 28 except Exception ,e: 29 print e 30 pass 31 32 def main(): 33 printNets() 34 if __name__=='__main__': 35 main()
运行结果:
[+] Networks You have Joined.
[+] xiaoming b0:d5:9d:30:94:a2
[+] ahu.portal 48:fd:8e:30:5e:d6
[+] asdfghjkl e8:cd:2d:23:10:f7
[+] qizi? c2:14:3d:da:e1:07
参考资料:Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers ,TJ O'Connor
http://stackoverflow.com/questions/28128446/how-do-i-use-python-to-retrieve-registry-values
