Skip to content

Gathering handlers from Windows systems #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
+3,165 −2
Open

Gathering handlers from Windows systems #17

Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
16657e8
Initial PowerShell script for listing handlers in Windows
execgit Jul 23, 2016
6f0d03d
Change app dict to list, modified example accordingly
execgit Jul 23, 2016
8825fdf
Fixed bugs: output on Win10, command line handling
execgit Jul 23, 2016
7d99140
Modified to work with Server2008
execgit Jul 24, 2016
fcfba15
Stripped directory from handler path. Add utf-16 support to merge.
execgit Jul 24, 2016
d118bda
Modified example with new handlers-list.ps1
execgit Jul 24, 2016
f205f7e
Flake8 fix
execgit Jul 24, 2016
7d4864a
Updated handlers-example.json with new launchers.
execgit Jul 24, 2016
fff67e8
Added README.md for windows
execgit Jul 24, 2016
83c957c
Fixed the handling of encodings in handlers-merge.py
execgit Jul 25, 2016
a02347b
Added handlers
execgit Jul 25, 2016
5ee1859
Script tested with Windows 8.1
execgit Jul 25, 2016
8d9e973
Added handlers
execgit Jul 26, 2016
9a5fdec
handlers-merge.py: Added option to force lowercase
execgit Aug 2, 2016
357d522
Added handlers, removed duplicates
execgit Aug 2, 2016
25597e6
Moved JSON lowercasing to handlers-list.ps1
execgit Aug 3, 2016
fd6cdc8
handlers-list.ps1: Add colon
execgit Aug 5, 2016
73ea235
Modified handlers-example.json according to fd6cdc85f24bc325c5d5942f8…
execgit Aug 5, 2016
55b64ac
Added handlers from a clean Asus install.
execgit Aug 23, 2016
ca25217
Added handlers from a default HP install.
execgit Aug 23, 2016
04f7d48
Added handlers
execgit Sep 22, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions bin/handlers-merge.py
View file
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@
from optparse import OptionParser

# original code of merge() received from a kind anonymous coder with MIT license
ENCODINGS = ['ascii', 'latin-1', 'utf-8', 'utf-16']


def merge(left, right):
@@ -105,11 +106,20 @@ def clean_spaces(string):

for arg in args:
with open(arg) as jsonfile:
data = jsonfile.read()
_dict = {}
for encoding in ENCODINGS:
try:
_data = data.decode(encoding)
_dict = json.loads(_data)
except (UnicodeDecodeError, UnicodeEncodeError, ValueError):
continue

if not currentdict:
currentdict = json.load(jsonfile)
currentdict = _dict
continue

nextdict = json.load(jsonfile)
nextdict = _dict
currentdict = merge(currentdict, nextdict)

if options.pretty:
7 changes: 7 additions & 0 deletions windows/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## Enumerate URL handlers on Windows

A powershell script for Windows, tested on Windows 7, 8.1, 10 and Server 2008. The ExecutionPolicy bypass might be needed, as the PowerShell script is not signed.

```shell
powershell -ExecutionPolicy Bypass -File handlers-list.ps1 -output handlers.json
```
3,025 changes: 3,025 additions & 0 deletions windows/handlers-example.json
View file

Large diffs are not rendered by default.

121 changes: 121 additions & 0 deletions windows/handlers-list.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
[CmdletBinding()]
param (
[Parameter(mandatory=$true)][string]$output
)

# Invoke with:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This useful information should be moved to README.md.

# powershell -ExecutionPolicy Bypass -File handlers-list.ps1 -output handlers.json
# Probably needs an user account with privileged access

# Make-Json expects hashtables and arrays as container data types
# and anything with a working ToString method as values.
function Make-Json {
[CmdletBinding()]
Param(
[Parameter(ValueFromPipeline=$true)][HashTable]$InputObject,
[Parameter(Mandatory=$false)]$tab
)
begin {
$ser = @{}
$jsona = @()
}
process {
function serialize($data) {
$data = [regex]::Replace($data.ToString(), '(?<!\\)\\', '\\')
$data = [regex]::Replace($data, '(?<!\\)"', '\"')
'"' + $data + '"'
}
function handle_array($val) {
$out = ""
$tab += 1
$nexttab += 1
foreach ($member in $val) {
if ($member -is [System.Collections.Hashtable]) {
$out += Make-Json $member $nexttab
} elseif ($member -is [System.Array]) {
$out += "`t" * $tab + "[`n" + (handle_array($member))
} else {
$out += "`t" * $tab + (serialize $member) + ",`n"
}
}
$tab -= 1
$nexttab -= 1
$out += "`n" + "`t" * $tab + "]"
$out
}

if(!$tab) {
$tab = 1
$starttab = 0
} else {
$starttab = $tab - 1
}
$nexttab = $tab + 1
$jsoni =
foreach($input in $InputObject.GetEnumerator() | Where { $_.Value } ) {
$val = $input.Value
if($val -is [System.Collections.Hashtable]) {
"`t" * $tab + '"'+$input.Key+':": ' + "`n" + (Make-Json $input.Value $nexttab)
} elseif($val -is [System.Array]) {
"`t" * $tab + '"'+$input.Key+'": [' + "`n" + (handle_array($val))
} else {
"`t" * $tab + '"'+$input.Key+'": ' + (serialize $val)
}
}

$jsona += "`t" * $starttab + "{`n" +($jsoni -join ",`n")+ "`n" + "`t" * $starttab + "}"
}
end {
if($jsona.Count -gt 1) {
"[$($jsona -join ",`n")]".ToLower()
} else {
$jsona.ToLower()
}
}}

function Check-Command($cmdname) {
return [bool](Get-Command -Name $cmdname -ErrorAction SilentlyContinue)
}

# Now, let's enumerate the registy. First, add HKCR
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null
Push-Location
Set-Location HKCR:\

# Let's enumeration!
$handlers = @{}
Get-ChildItem HKCR:\ -ErrorAction SilentlyContinue |
Where-Object {$_.GetValueNames() | Where-Object {$_ -eq "URL Protocol"}} |
foreach {
$ext = $_.PsPath.Split("\")[2]
if(!$handlers.contains($ext)) {
$handlers.item($ext) = @{"apps"=@()}
}
$extapp = @{"registrykey"=$_.Name}

$values = Get-ItemProperty $_
$shellopen = Get-ItemProperty "$($_)\Shell\Open\Command" -ErrorAction SilentlyContinue
if ($shellopen) {
$shellopen = $shellopen | Select-Object -ExpandProperty '(Default)' -ErrorAction SilentlyContinue
if ($shellopen) {
$shellopen = $shellopen -replace "`n","" -replace "`r",""
$shellopen = $shellopen.split("\")[-1]
$shellopen = $shellopen.split(" ")[0]
$shellopen = $shellopen.split('"')[0]
$extapp.item("path") = $shellopen
}
}
$descr = $values | Select-Object -ExpandProperty '(Default)' -ErrorAction SilentlyContinue
if ($descr) {
$extapp.item("name") = $descr -replace "`n","" -replace "`r",""
}
$name = $values | Select-Object -ExpandProperty FriendlyTypeName -ErrorAction SilentlyContinue
if ($name) {
$extapp.item("friendlytypename") = $name -replace "`n","" -replace "`r",""
}
$handlers.item($ext).item("apps") += $extapp
}


Pop-Location
Make-Json $handlers | out-file $output