Quickly audit software on a Windows network using the command line
2010-04-05 1 Comment
We recently received a notice from one of our Vendors that we must provide them with a software audit of all machines on our network, but we did not have a reliable system in place at the time.
My first thought was to scrape the registry, but I had not played with that too much. Next idea was WMI, or specifically WMIC, teamed with a NMAP scan to get a list of online machines.
To enumerate the computers that are actually online I used the basic NMAP command, from that a quick FOR loop to extract the IP address. The TYPE command is used to “convert” the ANSI text into ASCII text
nmap -sP 10.1.1.0/24 | find “report for ” >> online.tmp && type online.tmp >> online.log
for /F “tokens=5 delims= ” %i in (online.log) DO wmic /node:%i PRODUCT LIST BRIEF > software_%i.txt
Assuming you are using static IP’s you can easily skip the machines already scanned by running NMAP with the –excludefile option. If you are going to do this you may want to change script to something like this:
nmap -sP 10.1.1.0/24 –excludefile scanned.log | find “report for ” >> online.tmp
for /F “tokens=5 delims= ” %i in (online.tmp) do @echo %i >> online2.tmp && type online2.tmp >> online.log && type online2.tmp>> scanned.log
for /F “tokens=5 delims= ” %i in (online.log) DO wmic /node:%i PRODUCT LIST BRIEF > software_%i.txt
At this stage you should have a set of text files that are TAB seperated, one for each computer scanned. If you want a single file you can change the wmic command to
for /F “tokens=5 delims= ” %i in (online.log) DO wmic /node:%i PRODUCT LIST BRIEF >> software.txt
For those that do not want to install software you can also use the PING command to do a ping sweep
FOR /L %i in (1,1,255) do @ping -n 1 10.1.1.%i | find “time=” >> online.tmp
Compared to using NMAP, which in my testing took from 30-120 seconds, a ping sweep takes a significantly longer time to scan a class C network. If you are planning on scanning larger networks it is a really good idea to consider using NMAP.
Remember if you use variables in a batch file you will need to use %%i instead of %i.
Command Reference
Thanks to the guys at the COMMAND LINE KUNG FU blog for the ideas that brought this post and concept about.
Pingback: Tweets that mention My Place › Quickly audit software on a Windows network using the command line -- Topsy.com