applications
¶
$ target-query <path/to/target> -f applications
Module |
|
Output |
|
Module documentation
Windows Applications plugin.
Function documentation
Yields currently installed applications from the Windows registry.
Use the Windows eventlog plugin (evtx
, evt
) to parse install and uninstall events
of applications and services (e.g. 4697
, 110707
, 1034
and 11724
).
Yields WindowsApplicationRecord
records with the following fields:
ts_modified (datetime): timestamp when the installation was modified according to the registry
ts_installed (datetime): timestamp when the application was installed according to the application
name (string): name of the application
version (string): version of the application
author (string): author of the application
type (string): type of the application, either user or system
path (string): path to the installed location or installer of the application
Module |
|
Output |
|
Module documentation
Unix Applications plugin.
Function documentation
Yield installed Unix GUI applications from GNOME and XFCE.
- Resources:
Yields UnixApplicationRecord
records with the following fields:
ts_modified (datetime): timestamp when the installation was modified
ts_installed (datetime): timestamp when the application was installed on the system
name (string): name of the application
version (string): version of the application
author (string): author of the application
type (string): type of the application, either user or system
path (string): path to the desktop file entry of the application