#!perl # This script looks for Microsoft OS machines on a list of subnets; if our context gives us # sufficient rights to read the resulting machine's registries, add them to a report # V Who When What # --------------------------------------------------------------------------- # 1.4 skendric 05-17-2004 Add support for additional fields # 1.3 skendric 10-27-2003 Look for local admin account # 1.2 skendric 10-22-2003 Add support for multiple networks of varying # classes # 1.1 skendric 10-21-2003 Gather info via NBTStat and MachineInfo # 1.0 skendric 10-20-2003 First Version # # Author: Stuart Kendrick, sbk@skendric.com # # Source: http://www.skendric.com/microsoft # # This software is available under the GNU GENERAL PUBLIC LICENSE, see # http://www.fsf.org/licenses/gpl.html # # # I used Paul Popour's (ppopour@infoave.net) SRVCPUMEM.PL script as inspiration # # This script takes the following approach: # -Ping first address on first subnet # -If answers, query for a test registry entry # -If succeed, query for a list of interesting registry entries # -Add to report # # Requirements: # -The target(s) must be pingable (ICMP Echo) and must be listening # on either TCP port 139 or 445 # -Perl 5.8.3 or better # -Win32::TieRegistry, Net::Ping, Net::Telnet # # # Assumptions: # # # Tested on: # -perl-5.8.3 # # # Instructions: # -Customize the script for your site: find the 'user-configurable # variables' section and modify as appropriate # -Try it out # # # Caveats: # # # Known Bugs: # # # To do: # -Figure out a way to more accurately identify devices running a # Microsoft OS # -Add "are you sure?" about wiping old report # # # Begin script # Load modules use strict; use warnings; use Net::Ping; use Net::Telnet; our $Registry; use Win32::AdminMisc; use Win32::MachineInfo; use Win32::NBTStat; use Win32::TieRegistry ( TiedRef => \$Registry, Delimiter => "/", ArrayValues => 1, SplitMultis => 1, AllowLoad => 1, qw( REG_SZ REG_EXPAND_SZ REG_DWORD REG_BINARY REG_MULTI_SZ KEY_READ KEY_WRITE KEY_ALL_ACCESS ), ); # Declare variables our @class; # A, B, or C our $debug; # Debug level our $drive; # Logical drive letter to query for space information our @host; # Device(s) to query our $i; # Iterates across @majorNetwork, @class, and @mask our $icmpTimeout; # Timeout in seconds for ICMP Echo our @mask; # Subnet mask used in @majorNetwork our $netString; # Holds text used in reports our @majorNetwork; # Major network number our $report; # Report file our $sa; # Subnet address our @sample; # Addresses we ping to determine whether or not a subnet # is alive our @subNet; # A list of subnets to ping our @suffix; # @majorNetwork with the trailing zeroes stripped off our $tcpTimeout; # Timeout in seconds for TCP SYN our $usage; our $verbose; # Print status to the screen our $ComputerName; our $CurrentBuildNumber; our $OSVersion; our $ServicePack; our $DefaultUser; our $DellServiceTag; our $NumProc; our $PercentFree; # TotalFree / TotalSize our $ProcName; our $Ram; our $Speed; our $SystemBiosDate; our $SystemBiosVersion; our $TotalFree; our $TotalSize; # Define global variables $| = 1; # Set AUTOFLUSH to true to support # printing the "!" progress marks $debug = 1; # 3 = Enable grody debugging # 2 = Enable verbose debugging # 1 = Enable basic debugging # 0 = Disable debugging $usage = "Usage: query-ms-hosts.plx [target1 target2 target3 ...]"; # Define user-configureable variables $drive = "C:\\"; $report = "c:\\temp\\query-ms-hosts.txt"; $icmpTimeout = 1; $tcpTimeout = 2; $verbose = 1; # Network definition @class = qw /B/; @majorNetwork = qw /10.5.0.0/; @mask = qw /24/; $sa = "0"; @sample = qw /1 255/; @subNet = qw / 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 /; # Calculated variables # Create @suffix for (my $i = 0; $i < @majorNetwork; $i++) { if ($class[$i] eq "A") { ($suffix[$i]) = ($majorNetwork[$i] =~ /(\d+)\./); } elsif ($class[$i] eq "B") { ($suffix[$i]) = ($majorNetwork[$i] =~ /(\d+\.\d+)\./); } elsif ($class[$i] eq "C") { ($suffix[$i]) = ($majorNetwork[$i] =~ /(\d+\.\d+\.\d+)\./); } } # Build $netString for (my $i = 0; $i < @majorNetwork; $i++) { if (defined $netString) { $netString = $netString . "\n# "; $netString = $netString . $majorNetwork[$i]; } else { $netString = $majorNetwork[$i]; } } # Grab arguments @host = @ARGV; ##### Begin Main Program ############################################### { error_check(); prepare(); walk_targets(); clean_up(); } ##### End Main Program ################################################# ######################################################################## # Clean up ######################################################################## sub clean_up { # Debug trace if ($debug) { &trace_location("begin") } close OUTPUT; # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Check for obvious errors ######################################################################## sub error_check { # Debug trace if ($debug) { &trace_location("begin") } # Class must belong to A|B|C foreach my $class (@class) { unless ($class eq "A" or $class eq "B" or $class eq "C") { die "\@class must contain only A|B|C\n"; } } # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Gather data ######################################################################## sub gather_data { my %info; my $key; my $target = shift; # Address to examine # Debug trace if ($debug) { &trace_location("begin") } # Use Win32::MachineInfo to acquire a bunch of stats (Win32::MachineInfo::GetMachineInfo($target, \%info)); # BIOS_Date $SystemBiosDate = $info{system_bios_date}; # BIOS_Version $SystemBiosVersion = $info{system_bios_version}; # ComputerName $ComputerName = $info{computer_name}; # OSVersion $OSVersion = $info{osversion}; # ProcName $ProcName = $info{processor_name}; # RAM $Ram = $info{memory}; ($Ram) = ($Ram =~ /(\d+)/); # Service Pack $ServicePack = $info{service_pack}; ($ServicePack) = ($ServicePack =~ /Service Pack (\d+)/); # Speed $Speed = $info{processor_speed}; ($Speed) = ($Speed =~ /(\d+)/); # CurrentBuildNumber if ($key = $Registry->Open("//$target/LMachine/SOFTWARE/Microsoft/Windows NT/CurrentVersion/", {Access=>KEY_READ}) ) { $CurrentBuildNumber = $key->GetValue("CurrentBuildNumber"); } # Use Win32::AdminMisc for the drive info ($TotalSize, $TotalFree) = (Win32::AdminMisc::GetDriveSpace($drive)); $PercentFree = $TotalFree / $TotalSize; $PercentFree = $PercentFree * 100; ($PercentFree) = ($PercentFree =~ /(^\d+)/); $TotalSize = $TotalSize / (1024 * 1024 * 1024); ($TotalSize) = ($TotalSize =~ /(^\d+)/); $TotalFree = $TotalFree / (1024 * 1024 * 1024); ($TotalFree) = ($TotalFree =~ /(^\d+)/); # Read the registry for the rest # DefaultUserName if ($key = $Registry->Open("//$target/LMachine/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon/", {Access=>KEY_READ}) ) { $DefaultUser = $key->GetValue("DefaultUserName"); } # Number of Processors if ($key = $Registry->Open("//$target/LMachine/SYSTEM/CurrentControlSet/Control/Session Manager/Environment/", {Access=>KEY_READ})) { $NumProc = $key->GetValue("NUMBER_OF_PROCESSORS"); } # Dell Service Tag if ($key = $Registry->Open("//$target/HKEY_USERS/.DEFAULT/Software/Microsoft/Windows Media/WMSDK/General/", {Access=>KEY_READ})) { $DellServiceTag = $key->GetValue("ComputerName"); } # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Figure out if this address is alive ######################################################################## sub is_alive { my $alive; # Does it an answer an ICMP Echo? my $p; # Net::Ping object my $target = shift; # IP address to ping # Debug trace if ($debug > 1) { &trace_location("begin") } # Send an ICMP Echo to the target, set $alive appropriately $p = Net::Ping->new("icmp", $icmpTimeout); if ($p->ping($target)) { $alive = 1; } else { $alive = 0; } $p->close(); # Entertain operator if ($verbose) { if ($alive) { print "!" } else { print "." } } # Debug trace if ($debug > 2) { if ($alive) { print "$target is alive\n" } else { print "$target is dead\n" } } if ($debug > 1) { &trace_location("end") } # Return answer return $alive; } ######################################################################## # Figure out if this target is running a Microsoft OS. This routine # incorrectly identifies machines running Samba and other SMB servers # as running Windows. ######################################################################## sub is_microsoft { my $microsoft; # Is this device running a Microsoft OS? my $mode; # Errmode for Net::Telnet my $obj; my $ok; # Result of Net::Telnet my $p; # Net::Ping object my @ports; # TCP ports to try my $target = shift; # Address to examine my $timeout; # How long to wait for machine to respond # Debug trace if ($debug > 1) { &trace_location("begin") } # Define variables $microsoft = 0; $mode = "return"; @ports = qw /445 139/; $timeout = 5; # If the target is listening on port 445 or 139, assume that it is running # a Microsoft OS foreach my $port (@ports) { $obj = new Net::Telnet ( Errmode => $mode, Port => $port, Timeout => $timeout ); $ok = $obj->open($target); if ($ok) { $microsoft = 1; last; } } # Debug trace if ($debug > 2) { if ($microsoft) { print "$target runs Windows\n" } else { print "$target not Windows\n" } } if ($debug > 1) { &trace_location("end") } # Return answer return $microsoft; } ######################################################################## # Figure out if we are running in a context with sufficient privileges # to read this machine's registry ######################################################################## sub is_ours { my $identifier; my $key; my $obj; my $ours; # Does this device fall within our purvue? my $target = shift; # Address to examine # Debug trace if ($debug > 1) { &trace_location("begin") } # If we can attach to the registry and read System{Identifier}, set $ours appropriately if ($key = $Registry->Open("//$target/LMachine/HARDWARE/DESCRIPTION/System/", {Access=>KEY_READ}) ) { if ($identifier = $key->GetValue("Identifier") ) { $ours = 1; } else { $ours = 0; } } else { $ours = 0; } # If the box isn't ours, record its IP address, ComputerName, and UserName and move on unless ($ours) { $obj = new Win32::NBTStat (ip => $target); if (defined $obj->computername) { $ComputerName = $obj->computername } else { $ComputerName = "" } if (defined $obj->username) { $DefaultUser = $obj->username } else { $DefaultUser = "" } print OUTPUT "$target\t$ComputerName\t$DefaultUser\n"; } # Debug trace if ($debug > 2) { if ($ours) { print "$target is ours\n" } else { print "$target not ours\n" } } if ($debug > 1) { &trace_location("end") } # Return answer return $ours; } ######################################################################## # Open report file ######################################################################## sub prepare { # Debug trace if ($debug) { &trace_location("begin") } # Wipe old report if (-e $report) { unlink $report or die "Can't erase $report:$!" } # Open report open (OUTPUT, ">>$report") or die "Can't open $report:$!"; print OUTPUT "IP\tName\tUser\tVersion\tBuild\tSP\tSpeed\tProcName\tNumProc\tRAM\tTotal Size\tTotal Free\tPercent Free\tDell Service Tag\tBIOS Version\tBIOS Date\n"; # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Print data ######################################################################## sub print_data { my $target = shift; # Address we have been examining # Debug trace if ($debug) { &trace_location("begin") } print OUTPUT "$target\t$ComputerName\t$DefaultUser\t$OSVersion\t$CurrentBuildNumber\t$ServicePack\t$Speed\t$ProcName\t$NumProc\t$Ram\t$TotalSize\t$TotalFree\t$PercentFree\t$DellServiceTag\t$SystemBiosDate\t$SystemBiosVersion\n"; # Verbosity if ($verbose) { print "\nProcessing $target: $ComputerName\n"; } # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Show the progRammer where we are ######################################################################## sub trace_location { my $location = shift; my ($subroutine) = (caller (1))[3]; if ($location eq "begin") { print "\nEntering &$subroutine\n"; } elsif ($location eq "end") { print "Leaving &$subroutine\n"; } return 1; } ######################################################################## # Walk hosts, gathering data and adding to the report as we go ######################################################################## sub walk_hosts { my $host; # Debug trace if ($debug) { &trace_location("begin") } # Walk through hosts foreach $host (@host) { # If it answers a ping if (&is_alive($host)) { # If it is running a Microsoft OS if (&is_microsoft($host)) { # If it falls within our purvue, then ask it questions and add it # to the report if (&is_ours($host)) { &gather_data($host); &print_data($host); } # Ours } # Microsoft } # Alive } # Hosts # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Walk networks ######################################################################## sub walk_networks { my $subNet; my $target; # Debug trace if ($debug) { &trace_location("begin") } # Loop through networks for ($i = 0; $i < @suffix; $i++) { if ($class[$i] eq "A") { foreach $subNet (@subNet) { $target = $suffix[$i] . "." . $subNet; foreach $subNet (@subNet) { $target = $target . "." . $subNet; &walk_subnets ($target); } } } elsif ($class[$i] eq "B") { foreach $subNet (@subNet) { $target = $suffix[$i] . "." . $subNet; &walk_subnets ($target); } } elsif ($class[$i] eq "C") { $target = $suffix[$i]; &walk_subnets ($target); } } # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Walk subnets, gathering data and appending to report ######################################################################## sub walk_subnets { my $alive; # Does the subnet exist? my $ip; # Address we are currently examining my $network = shift; # Class C network to examine my $p; # Net::Ping object my $test_address; # Address to ping to determine whether or # not the subnet exists # Debug trace if ($debug) { &trace_location("begin") } # See if the subnet exists by pinging the @sample addresses on it # Assume that if fping returns "is alive" for any one address # that the subnet exists. If fping returns "Permission denied" (the OS # on which I develop this script refuses to allow pings to the broadcast # address if it knows that this is a broadcast address), assume that the # subnet is alive. $alive = 0; foreach my $sample (@sample) { $test_address = $network . "." . $sample; if (&is_alive($test_address)) { $alive = 1; last; } } # If the subnet exists, then ping the nodes on it if ($alive) { # Walk through nodes foreach my $node (1 .. 254) { $ip = $network . "." . $node; # If it answers a ping if (&is_alive($ip)) { # If it is running a Microsoft OS if (&is_microsoft($ip)) { # If it falls within our purvue, then ask it questions and add it # to the report if (&is_ours($ip)) { &gather_data($ip); &print_data($ip); } # Ours } # Microsoft } # Alive } # Nodes } # Subnet exists # Otherwise, subnet does not exist: do nothing else { my $target = $network . ".0/" . $mask[$i]; if ($debug > 2) { print "$target is not reachable\n" } } # Debug trace if ($debug) { &trace_location("end") } return 1; } ######################################################################## # Walk targets ######################################################################## sub walk_targets { # Debug trace if ($debug) { &trace_location("begin") } if (@host > 0) { &walk_hosts } else { &walk_networks } # Debug trace if ($debug) { &trace_location("end") } return 1; }