applications

$ target-query <path/to/target> -f applications
Details

Module

os.windows.regf.applications.WindowsApplicationsPlugin

Output

records

Module documentation

Windows Applications plugin.

Function documentation

Yields currently installed applications from the Windows registry.

Use the Windows eventlog plugin (evtx, evt) to parse install and uninstall events of applications and services (e.g. 4697, 110707, 1034 and 11724).

Resources:

Yields WindowsApplicationRecord records with the following fields:

ts_modified  (datetime): timestamp when the installation was modified according to the registry
ts_installed (datetime): timestamp when the application was installed according to the application
name         (string):   name of the application
version      (string):   version of the application
author       (string):   author of the application
type         (string):   type of the application, either user or system
path         (string):   path to the installed location or installer of the application
Details

Module

os.unix.applications.UnixApplicationsPlugin

Output

records

Module documentation

Unix Applications plugin.

Function documentation

Yield installed Unix GUI applications from GNOME and XFCE.

Resources:

Yields UnixApplicationRecord records with the following fields:

ts_modified  (datetime): timestamp when the installation was modified
ts_installed (datetime): timestamp when the application was installed on the system
name         (string):   name of the application
version      (string):   version of the application
author       (string):   author of the application
type         (string):   type of the application, either user or system
path         (string):   path to the desktop file entry of the application