本文整理汇总了Python中utils.utils.write_list_to_csv函数的典型用法代码示例。如果您正苦于以下问题:Python write_list_to_csv函数的具体用法?Python write_list_to_csv怎么用?Python write_list_to_csv使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了write_list_to_csv函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: csv_custom_registry_keys
def csv_custom_registry_keys(self):
with open(self.output_dir + "\\" + self.computer_name + "_custom_registry_keys" + self.rand_ext, "wb") as output:
csv_writer = get_csv_writer(output)
to_csv_list = self.__get_custom_registry_keys()
if to_csv_list:
write_list_to_csv(to_csv_list, csv_writer)示例2: csv_custom_registry_keys
def csv_custom_registry_keys(self):
"""
Extracts custom registry keys, the user specifies whether it should be recursive or not.
The list of registry keys to extract should be comma-separated
"""
if self.exec_custom_registry_keys:
self.logger.info("Extracting custom registry keys")
to_csv_list = [
("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
for paths in reader([self.custom_registry_keys]): # used as a kind of unpack
for path in paths:
temp = path.split("\\")
hive = temp[0].upper()
path = "\\".join(temp[1:])
if hive in ("HKLM", "HKEY_LOCAL_MACHINE"):
self._generate_hklm_csv_list(to_csv_list, "custom_registry_key", path,
is_recursive=self.registry_recursive)
elif hive in ("HKU", "HKEY_USERS"):
self._generate_hku_csv_list(to_csv_list, "custom_registry_key", path,
is_recursive=self.registry_recursive)
else: # error
self.logger.warn("Must specify HKLM/HKEY_LOCAL_MACHINE or HKU/HKEY_USERS as hive")
return
with open(self.output_dir + "\\" + self.computer_name + "_custom_registry_keys" + self.rand_ext, "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例3: _csv_networks_list
def _csv_networks_list(self, key):
with open(os.path.join(self.output_dir,'%s_network_list_%s' % (self.computer_name, self.rand_ext)), 'wb') as output:
csv_writer = get_csv_writer(output)
network_list_result = self._get_network_list(key)
arr_data = [v.values() for v in network_list_result.values()]
arr_data.insert(0,network_list_result.values()[0].keys())
write_list_to_csv(arr_data, csv_writer)示例4: csv_run_mru_start
def csv_run_mru_start(self):
"""Extracts run MRU, containing the last 26 oommands executed using the RUN command"""
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
self._generate_hku_csv_list(to_csv_list, "run_MRU_start", path)
#with open(self.output_dir + "\\" + self.computer_name + "_run_MRU_start.csv", "wb") as output:
#csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, None)示例5: _csv_user_assist
def _csv_user_assist(self, count_offset, is_win7_or_further):
"""
Extracts information from UserAssist registry key which contains information about executed programs
The count offset is for Windows versions before 7, where it would start at 6
"""
self.logger.info("Extracting user assist")
path = r"Software\Microsoft\Windows\CurrentVersion\Explorer\\UserAssist"
count = "\Count"
# logged on users
users = registry_obj.RegistryKey(registry_obj.HKEY_USERS)
hive_list = []
for i in xrange(users.get_number_of_sub_keys()):
user = users.get_sub_key(i)
user_assist_key = user.get_sub_key_by_path(path)
if user_assist_key:
for j in xrange(user_assist_key.get_number_of_sub_keys()):
# getting Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\*\Count
path_no_sid = "\\".join(user_assist_key.get_sub_key(j).get_path().split("\\")[1:])
hive_list += self._get_list_from_registry_key(registry_obj.HKEY_USERS, path_no_sid + count)
if is_win7_or_further:
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA", "DATA_SESSION", "DATA_COUNT", "DATA_FOCUS", "DATA_LAST_EXEC")]
else:
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA", "DATA_SESSION", "DATA_COUNT", "DATA_LAST_EXEC")]
for item in hive_list:
if item[KEY_VALUE_STR] == "VALUE":
str_value_name = codecs.decode(item[VALUE_NAME], "rot_13")
str_value_datatmp = item[VALUE_DATA]
# some data are less than 16 bytes for some reason...
if len(str_value_datatmp) < 16:
to_csv_list.append((self.computer_name,
"userassist",
item[VALUE_LAST_WRITE_TIME],
"HKEY_USERS",
item[VALUE_PATH],
item[VALUE_NAME],
item[KEY_VALUE_STR],
registry_obj.get_str_type(item[VALUE_TYPE]),
str_value_name))
else:
if is_win7_or_further:
data = csv_user_assist_value_decode_win7_and_after(str_value_datatmp, count_offset)
else:
data = csv_user_assist_value_decode_before_win7(str_value_datatmp, count_offset)
to_csv_list.append((self.computer_name,
"user_assist",
item[VALUE_LAST_WRITE_TIME],
"HKEY_USERS",
item[VALUE_PATH],
item[VALUE_NAME],
item[KEY_VALUE_STR],
registry_obj.get_str_type(item[VALUE_TYPE]),
str_value_name) + tuple(data))
with open(self.output_dir + "\\" + self.computer_name + "_user_assist" + self.rand_ext, "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例6: csv_clipboard
def csv_clipboard(self):
"""Exports the clipboard contents"""
# TODO : what happens if clipboard contents is a CSV string ?
with open(self.output_dir + '\\' + self.computer_name + '_clipboard' + self.rand_ext, 'wb') as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(self.__get_clipboard(), csv_writer)
record_sha256_logs(self.output_dir + '\\' + self.computer_name + '_clipboard' + self.rand_ext,
self.output_dir + '\\' + self.computer_name + '_sha256.log')示例7: csv_registry_services
def csv_registry_services(self):
"""Extracts services"""
path = r"System\CurrentControlSet\Services"
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
self._generate_hklm_csv_list(to_csv_list, "registry_services", path)
with open(self.output_dir + "\\" + self.computer_name + "_registry_services.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例8: csv_installer_folder
def csv_installer_folder(self):
"""Extracts information about folders which are created at installation"""
self.logger.info("Extracting installer folders")
path = r"Software\Microsoft\Windows\CurrentVersion\Installer\Folders"
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
self._generate_hklm_csv_list(to_csv_list, "installer_folder", path)
with open(self.output_dir + "\\" + self.computer_name + "_installer_folder" + self.rand_ext, "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例9: _csv_all_modules_opened_files
def _csv_all_modules_opened_files(self):
with open(self.output_dir + '\\' + self.computer_name + '_processes_opened_files' + self.rand_ext,
'wb') as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(self.__get_all_modules_opened_files(), csv_writer)
record_sha256_logs(self.output_dir + '\\' + self.computer_name + '_processes_opened_files' + self.rand_ext,
self.output_dir + '\\' + self.computer_name + '_sha256.log')示例10: csv_shell_bags
def csv_shell_bags(self):
"""
Extracts shellbags: size, view, icon and position of graphical windows
In particular, executed graphical programs will leave a key here
"""
self.logger.info("Extracting shell bags")
paths = [r"Software\Microsoft\Windows\Shell\Bags",
r"Software\Microsoft\Windows\Shell\BagMRU"]
paths_usrclass = [r"Local Settings\Software\Microsoft\Windows\Shell\Bags",
r"Local Settings\Software\Microsoft\Windows\Shell\BagMRU"]
hive_list = []
for path in paths:
hive_list += self._get_list_from_registry_key(registry_obj.HKEY_USERS, path)
for path in paths_usrclass:
hive_list += self._get_list_from_registry_key(registry_obj.HKEY_USERS, path, is_usrclass=True)
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
for item in hive_list:
if "ItemPos" in item[VALUE_NAME]:
try:
data = decode_shellbag_itempos_data(item[VALUE_DATA])
except IndexError:
self.logger.error("Error in shellbag data format for " + item[VALUE_NAME])
data = None
if data:
if item[KEY_VALUE_STR] == "VALUE":
for data in data:
for d in data:
to_csv_list.append((self.computer_name,
"shellbags",
item[VALUE_LAST_WRITE_TIME],
"HKEY_USERS",
item[VALUE_PATH],
item[VALUE_NAME],
item[KEY_VALUE_STR],
registry_obj.get_str_type(item[VALUE_TYPE]),
d))
else:
if item[KEY_VALUE_STR] == "VALUE":
to_csv_list.append((self.computer_name,
"shellbags",
item[VALUE_LAST_WRITE_TIME],
"HKEY_USERS",
item[VALUE_PATH],
item[VALUE_NAME],
item[KEY_VALUE_STR],
registry_obj.get_str_type(item[VALUE_TYPE]),
item[VALUE_DATA]))
with open(self.output_dir + "\\" + self.computer_name + "_shellbags" + self.rand_ext, "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例11: csv_windows_values
def csv_windows_values(self):
"""
Extracts windows values, in particular AppInit_DLLs, where any DLL specified here will be loaded by any
application
"""
path = r"Software\Microsoft\Windows NT\CurrentVersion\Windows"
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
self._generate_hklm_csv_list(to_csv_list, "windows_values", path)
self._generate_hku_csv_list(to_csv_list, "windows_values", path)
with open(self.output_dir + "\\" + self.computer_name + "_windows_values.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例12: csv_winlogon_values
def csv_winlogon_values(self):
"""
Extracts winlogon values, in particular UserInit, where the specified executable will be executed at
system startup
"""
path = r"Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
self._generate_hklm_csv_list(to_csv_list, "winlogon_values", path)
self._generate_hku_csv_list(to_csv_list, "winlogon_values", path)
with open(self.output_dir + "\\" + self.computer_name + "_winlogon_values.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例13: csv_installed_components
def csv_installed_components(self):
"""
Extracts installed components key
When an installed component key is in HKLM but not in HKCU, the path specified in HKLM will be added in HKCU
and will be executed by the system
"""
path = r"Software\Microsoft\Active Setup\Installed Components"
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
self._generate_hklm_csv_list(to_csv_list, "installed_components", path)
with open(self.output_dir + "\\" + self.computer_name + "_installed_components.csv", "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例14: csv_startup_programs
def csv_startup_programs(self):
"""Extracts programs running at startup from various keys"""
self.logger.info("Extracting startup programs")
software = "Software"
wow = r"\Wow6432Node"
ts_run = (r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\Run")
ts_run_once = (r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\RunOnce")
paths = [r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run",
ts_run,
ts_run_once]
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
for path in paths:
full_path = software + path
self._generate_hklm_csv_list(to_csv_list, "startup", full_path)
full_path = software + wow + path
self._generate_hklm_csv_list(to_csv_list, "startup", full_path)
paths = [r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run",
ts_run,
ts_run_once]
for path in paths:
full_path = software + path
self._generate_hku_csv_list(to_csv_list, "startup", full_path)
full_path = software + wow + path
self._generate_hku_csv_list(to_csv_list, "startup", full_path)
if self.get_autoruns:
to_csv_list = self._get_files_and_hashes(to_csv_list[1:])
to_csv_list.insert(0,
("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA", "MD5", "SHA1", "SHA256")
)
with open(self.output_dir + "\\" + self.computer_name + "_startup" + self.rand_ext, "wb") as output:
csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, csv_writer)示例15: csv_startup_programs
def csv_startup_programs(self):
"""Extracts programs running at startup from various keys"""
software = "Software"
wow = r"\Wow6432Node"
ts_run = (r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\Run")
ts_run_once = (r"\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software"
r"\Microsoft\Windows\CurrentVersion\RunOnce")
paths = [r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
# r"\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit",
# r"\Microsoft\Windows NT\CurrentVersion\Windows",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run",
ts_run,
ts_run_once]
to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE",
"ATTR_TYPE", "ATTR_DATA")]
for path in paths:
full_path = software + path
self._generate_hklm_csv_list(to_csv_list, "startup", full_path)
full_path = software + wow + path
self._generate_hklm_csv_list(to_csv_list, "startup", full_path)
paths = [r"\Microsoft\Windows\CurrentVersion\Run",
r"\Microsoft\Windows\CurrentVersion\RunOnce",
r"\Microsoft\Windows\CurrentVersion\RunOnceEx",
r"\Microsoft\Windows\CurrentVersion\RunServices",
r"\Microsoft\Windows\CurrentVersion\RunServicesOnce",
r"\Microsoft\Windows NT\CurrentVersion\Windows",
r"\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run",
ts_run,
ts_run_once]
for path in paths:
full_path = software + path
self._generate_hku_csv_list(to_csv_list, "startup", full_path)
full_path = software + wow + path
self._generate_hku_csv_list(to_csv_list, "startup", full_path)
# with open(self.output_dir + "\\" + self.computer_name + "_startup.csv", "wb") as output:
#csv_writer = get_csv_writer(output)
write_list_to_csv(to_csv_list, None)