Skip to main content

bitness identification for Windows based on environment

Project description

windows_tools

Collection of useful python functions around Microsoft Windows

License Percentage of issues still open Maintainability codecov windows-tests GitHub Release

windows_tools is a set of various recurrent functions amongst

  • antivirus: antivirus state and list of installed AV engines
  • bitlocker: drive encryption status and protector key retrieval
  • bitness: simple bitness identification
  • file_utils: file ownership handling, NTFS & ReFS ACL handling, file listing with permission fixes
  • impersonate: python Runas implementation
  • installed_software: list of installed software from registry, 32 and 64 bits
  • logical_disk: logical disk listing
  • misc: basic time related functions to convert windows ticks into epoch / date strings
  • office: microsoft Office version identification, works for click & run, O365 and legacy
  • powershell: powershell wrapper to identify interpreter and run scripts or commands
  • product_key: windows product key retrieval
  • registry: registry 32 and 64 bit API
  • securityprivilege: enable / disable various security privileges for user
  • server: windows server identification
  • signtool: Easily sign executables with Authenticode
  • updates: get all installed windows updates based on COM, WMI and registry retrieval methods
  • users: user lookup for SID/PySID/username
  • virtualization: virtualization platform identification for guest
  • windows_firewall: windows firewall state retrieval
  • wmi_queries: windows WMI query wrapper, wmi timezone converters

It is compatible with Python 3.5+ and is tested on Windows only (obviously).

Setup

You may install the whole windows_tools package or any subpackage using the following commands

pip install windows_tools
pip install windows_tools.<subpackage>

Usage

antivirus

The antivirus package tries to list installed Antivirus products via the SecurityCenter API (using WMI calls). Since SecurityCenter API does not exist on Windows Servers, we also need to check for installed antivirus software using the uninstall registry keys. These checks are more fuzzy, but allow to detect the following products:

  • avast
  • avira
  • avg technologies
  • bitdefender
  • dr web
  • eset
  • f-secure
  • g data software
  • kaspersky
  • mcafee
  • panda security
  • sophos
  • trend micro
  • malwarebytes
  • vipre
  • sentinel one

On top of that list, it will detect any installed software containing "antivirus/antiviral/antimalware" in the name.

Please report back if your antivirus is not detected, so we can improve the fuzzy detection here.

Usage

import windows_tools.antivirus

result = windows_tools.antivirus.get_installed_antivirus_software()

result will contain a list of dict like

[{
        'name': 'Windows Defender',
        'version': None,
        'publisher': None,
        'enabled': False,
        'is_up_to_date': True,
        'type': 'Windows Defender / Security Essentials'
    }, {
        'name': 'Malwarebytes version 4.4.6.132',
        'version': '4.4.6.132',
        'publisher': 'Malwarebytes',
        'enabled': None,
        'is_up_to_date': None,
        'type': None
    }
]

Warning Keys enabled, is_up_to_date and type are only filled via securityCenter API*. Keys version and publisher are only filled via installed software list. The only guaranteed filled key will always be name

bitlocker

Bitlocker can only work on NTFS or ReFS formatted disks. Bitlocker keys can only be retrieved on local disks.

Usage

import windows_tools.bitlocker

result = windows_tools.bitlocker.get_bitlocker_full_status()

result will contain a dict as follows containing raw strings from manage-bde windows tool:

{
	'C:': {
		'status': 'Chiffrement de lecteur BitLocker\xa0: outil de configuration version 10.0.19041\nCopyright (C) 2013 Microsoft Corporation. Tous droits réservés.\n\nVolume C: [Windows ]\n[Volume du système d?exploitation]\n\n    Taille :                     855,14 Go\n    Version de BitLocker :       Aucun\n    État de la conversion :      Intégralement déchiffré\n    Pourcentage chiffré :        0,0%\n    Méthode de chiffrement :     Aucun\n    État de la protection\xa0:      Protection désactivée\n    État du verrouillage :       Déverrouillé\n    Champ d?identification :     Aucun\n    Protecteurs de clés :        Aucun trouvé\n\n', 
		'protectors': None
	},
	'D:': {
		'status': 'Chiffrement de lecteur BitLocker\xa0: outil de configuration version 10.0.19041\nCopyright (C) 2013 Microsoft Corporation. Tous droits réservés.\n\nVolume D: [Étiquette inconnue]\n[Volume de données]\n\n    Taille :                     Inconnu Go\n    Version de BitLocker :       2.0\n    État de la conversion :      Inconnu\n    Pourcentage chiffré :        Inconnu%\n    Méthode de chiffrement :     XTS-AES 128\n    État de la protection\xa0:      Inconnu\n    État du verrouillage :       Verrouillé\n    Champ d?identification :     Inconnu\n    Déverrouillage automatique : Désactivé\n    Protecteurs de clés\xa0:\n        Password\n        Mot de passe numérique\n\n',
		'protectors': 'Chiffrement de lecteur BitLocker\xa0: outil de configuration version 10.0.19041\nCopyright (C) 2013 Microsoft Corporation. Tous droits réservés.\n\nVolume D: [Étiquette inconnue]\nTous les protecteurs de clés\n\n    Password :\n      ID : {SOMEPASS-WORD-ICAN-NNOT-REMEMBERWELL}\n\n    Mot de passe numérique :\n      ID : {SOMEPASS-GUID-ICAN-NNOT-REMEMBERWELL}\n\n'
	}
}

You may parse those or simply pretty print since print will not interpret special characters from a dict or multiple variables at once:

result = windows_tools.bitlocker.get_bitlocker_full_status()


result = get_bitlocker_full_status()
for drive in result:
    for designation, content in result[drive].items():
        print(designation, content)

Warning bitlocker needs to be run as admin. Running as non administrator will produce the following logs

Don't have permission to get bitlocker drive status for C:.
Don't have permission to get bitlocker drive protectors for C:.
Don't have permission to get bitlocker drive status for D:.
Don't have permission to get bitlocker drive protectors for D:.

Output shall be

{
    'C:': {
        'status': None,
        'protectors': None
    },
    'D:': {
        'status': None,
        'protectors': None
    }
}

You can check that you have administrator rights with windows_utils.users module

bitness

file_utils

impersonate

installed_software

logical_disk

misc

office

powershell

product_key

registry

securityprivilege

server

signtool

signtool is designed to make the windows executable signature as simple as possible.
Once the Windows SDK is installed on your machine, you can sign any executable with the following commands:

from windows_tools.signtool import SignTool
signer = SignTool()
signer.sign(r"c:\path\to\executable", bitness=64)

Note that current versions of signtool.exe that come with Windows 10 SDK automagically detect hardware EV certificate tokens like Safenet.

When using former certificate files in order to sign an executable, one should use the following syntax:

from windows_tools.signtool import SignTool
signer = SignTool(certificate=r"c:\path\to\cert.pfx", pkcs12_password="the_certificate_file_password")
signer.sign(r"c:\path\to\executable", bitness=64)

If the wrong certificate is used to sign, please open certmgr.msc, go to Private > Certificates and remove the certificate you don't want.

updates

Windows updates can be retrieved via a COM object that talks to Windows Update service, via WMI requests or via registry entries. All methods can return different results, so they are combined into one function.

Usage

import windows_tools.updates

result = windows_tools.updates.get_windows_updates(filter_duplicates=True, include_all_states=False)

result will contain a list of dict like

[{
        'kb': 'KB123456',
        'date': '2021-01-01 00:01:02',
        'title': 'Some update title',
        'description': 'Some update description',
        'supporturl': 'https://support.microsoft.com/someID',
        'operation': 'Installation'
        'result': 'Installed'
    }, {
        'kb': None,
        'date': '2021-01-01 00:01:02',
        'title': 'Windows 10 20H1 update',
        'description': 'Pretty big system update',
        'supporturl': 'https://support.microsoft.com/someID',
        'operation': 'Installation'
        'result': 'Installed'
    }
]

Using filter_duplicates will avoid returning multiple times the same KB from different sources. This setting is enabled by default.

The parameter include_all_states set to True will include all updates, even those who failed to install or are superseeded.

users

virtualization

windows_firewall

wmi_queries

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

windows_tools.bitness-0.2.0.tar.gz (8.9 kB view details)

Uploaded Source

Built Distribution

windows_tools.bitness-0.2.0-py3-none-any.whl (7.9 kB view details)

Uploaded Python 3

File details

Details for the file windows_tools.bitness-0.2.0.tar.gz.

File metadata

  • Download URL: windows_tools.bitness-0.2.0.tar.gz
  • Upload date:
  • Size: 8.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.5

File hashes

Hashes for windows_tools.bitness-0.2.0.tar.gz
Algorithm Hash digest
SHA256 111b5b0b3ec94dc46e176e262aeee595807986244c95cce99dc17c9fda28576f
MD5 1a5d1f851c44907eb60c8a4fbd1154a7
BLAKE2b-256 28d2a62699cf88cdd288eacb36b00cf52c02b2c3a411918fcdb081fb089a4a0c

See more details on using hashes here.

File details

Details for the file windows_tools.bitness-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for windows_tools.bitness-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ad42e1dd550f256441338e3dc3aae64cddb4337cf78d7de7b4d0f792e325bcdb
MD5 57f4707e6c9375e096d4b8de81bee905
BLAKE2b-256 6bdcd0342b37b1d0c8b96780e44bd595bbeeb037fe13cb9244ce74c4b295f744

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page