Monday, April 15, 2024

Uncovering Cybersecurity Insights: Python Script to Retrieve Installed Software on Windows

 In the vast landscape of cybersecurity, understanding the software ecosystem within a system is paramount. Malicious software often hides within the labyrinth of installed applications, making it crucial for cybersecurity professionals to have tools to analyze and assess the software environment comprehensively. In this blog post, we'll explore a Python script designed to retrieve information about installed software on Windows systems and discuss its importance in cybersecurity.


The Python Script

The Python script presented in this post utilizes the winreg module to access the Windows Registry, where information about installed software is stored. By traversing specific registry keys, the script extracts details such as software names and versions. The retrieved data is then presented in a structured manner, making it easy to analyze.

Importance in Cybersecurity

1. Vulnerability Management:

Understanding the software landscape is crucial for effective vulnerability management. Outdated or vulnerable software can serve as potential entry points for cyber threats. By regularly running scripts like the one provided, cybersecurity professionals can identify outdated software versions and prioritize patching efforts accordingly.

2. Threat Detection:

Malicious software often disguises itself as legitimate applications. By maintaining an inventory of installed software and regularly comparing it against known good software lists, security teams can detect anomalies and potential threats. Any unanticipated or unauthorized software installations can raise red flags, triggering further investigation.

3. Incident Response:

During incident response procedures, having comprehensive information about installed software is invaluable. It allows responders to quickly assess the software landscape, identify potentially compromised applications, and take appropriate mitigation actions. Moreover, analyzing software versions can provide insights into the attack vector and help in attributing the incident.

4. Compliance and Auditing:

Many cybersecurity regulations and standards require organizations to maintain an inventory of installed software as part of compliance and auditing processes. By automating the retrieval of software information using scripts, organizations can streamline compliance efforts and ensure adherence to regulatory requirements.

Conclusion

In the ever-evolving landscape of cybersecurity, having tools to gain insights into the software environment is indispensable. The Python script showcased in this post serves as a valuable asset for cybersecurity professionals, enabling them to retrieve essential information about installed software on Windows systems. Whether it's for vulnerability management, threat detection, incident response, or compliance, understanding the software ecosystem lays the foundation for a robust cybersecurity posture.

By leveraging automation and scripting, cybersecurity teams can enhance their capabilities, stay proactive in identifying potential risks, and ultimately bolster the overall security posture of their organizations. It's not just about knowing what software is installed—it's about using that knowledge to fortify defenses and safeguard against emerging cyber threats.


Here is the code:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import sys
from PyQt6.QtWidgets import QApplication, QMainWindow, QTableWidget, QTableWidgetItem, QVBoxLayout, QWidget, QHeaderView
from PyQt6.QtCore import Qt
import winreg

class MainWindow(QMainWindow):
    def __init__(self):
        super().__init__()

        self.setWindowTitle("Installed Software")
        self.setGeometry(100, 100, 600, 400)

        self.central_widget = QWidget()
        self.setCentralWidget(self.central_widget)
        self.layout = QVBoxLayout()
        self.central_widget.setLayout(self.layout)

        self.table_widget = QTableWidget()
        self.layout.addWidget(self.table_widget)

        self.populate_table()

    def populate_table(self):
        self.table_widget.setColumnCount(2)
        self.table_widget.setHorizontalHeaderLabels(["Software", "Version"])

        installed_software = self.get_installed_software()
        row_count = len(installed_software)
        self.table_widget.setRowCount(row_count)

        for row, (software, version) in enumerate(installed_software):
            self.table_widget.setItem(row, 0, QTableWidgetItem(software))
            self.table_widget.setItem(row, 1, QTableWidgetItem(version))

        # Set resizing policy and initial column widths
        self.table_widget.horizontalHeader().setSectionResizeMode(0, QHeaderView.ResizeMode.Fixed)
        self.table_widget.setColumnWidth(0, 250)
        self.table_widget.horizontalHeader().setSectionResizeMode(1, QHeaderView.ResizeMode.Stretch)

    def get_installed_software(self):
        software_list = []
        uninstall_key = r"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
        with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, uninstall_key) as key:
            for i in range(winreg.QueryInfoKey(key)[0]):
                try:
                    subkey_name = winreg.EnumKey(key, i)
                    subkey = winreg.OpenKey(key, subkey_name)
                    display_name = winreg.QueryValueEx(subkey, "DisplayName")[0]
                    version = winreg.QueryValueEx(subkey, "DisplayVersion")[0]
                    software_list.append((display_name, version))
                    winreg.CloseKey(subkey)
                except FileNotFoundError:
                    continue
        return software_list

def main():
    app = QApplication(sys.argv)
    window = MainWindow()
    window.show()
    sys.exit(app.exec())

if __name__ == "__main__":
    main()

No comments:

Post a Comment