applications¶
$ target-query <path/to/target> -f applications
Module |
|
Output |
|
Module documentation
Windows Applications plugin.
Function documentation
Yields currently installed applications from the Windows registry.
Use the Windows eventlog plugin (evtx, evt) to parse install and uninstall events
of applications and services (e.g. 4697, 110707, 1034 and 11724).
Yields WindowsApplicationRecord records with the following fields:
ts_modified (datetime): timestamp when the installation was modified according to the registry
ts_installed (datetime): the date when the application was installed according to the application
name (string): name of the application
version (string): version of the application
author (string): author of the application
type (string): type of the application, either user or system
path (string): path to the installed location or installer of the application
Module |
|
Output |
|
Module documentation
Unix Applications plugin.
Function documentation
Yield installed Unix GUI applications from GNOME and XFCE.
- References:
Yields UnixApplicationRecord records with the following fields:
ts_modified (datetime): timestamp when the installation was modified
ts_installed (datetime): timestamp when the application was installed on the system
name (string): name of the application
version (string): version of the application
author (string): author of the application
type (string): type of the application, either user or system
path (string): path to the desktop file entry of the application
Module |
|
Output |
|
Module documentation
iOS applications plugin.
Function documentation
Yield installed iOS apps.