Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

go-autoruns

Collect records of programs registered for persistence on the running system. It currently supports Linux, Mac, Windows and FreeBSD. The coverage on the different platforms may vary. Contributions for extended support are very welcome.

Usage

Invoke the Autoruns() function, which will return a slice of Autorun structs with the following properties:

type Autorun struct {
	Type		string `json:"type"`
	Location	string `json:"location"`
	ImagePath	string `json:"image_path"`
	ImageName	string `json:"image_name"`
	Arguments	string `json:"arguments"`
	MD5 		string `json:"md5"`
	SHA1		string `json:"sha1"`
	SHA256		string `json:"sha256"`
}

The values are:

  • Type: a description of the type of autorun record (e.g. "run_key" or "services").
  • Location: either a registry key or a file path where the record is stored.
  • ImagePath: the file path to the executable registered for persistence.
  • ImageName: just the file name of the executable.
  • Arguments: any arguments passed to the executable.
  • MD5: MD5 hash of the executable.
  • SHA1: SHA1 hash of the executable.
  • SHA256: SHA256 hash of the executable.

Following is a working example:

package main

import (
	"fmt"
	"github.com/botherder/go-autoruns"
)

func main() {
	autoruns := autoruns.Autoruns()

	for _, autorun := range(autoruns) {
		fmt.Println(autorun.Type)
		fmt.Println(autorun.Location)
		fmt.Println(autorun.ImagePath)
		fmt.Println(autorun.Arguments)
		fmt.Println("")
	}
}

TODO

  • Extend support for other autorun records on all platforms.

About

Collect autorun records from running system

Resources

License

Packages

No packages published

Languages