Ladon UsbLog查看USB使用记录,检测是否被他人用U盘插过自己电脑
目录 1.Ladon查看USB使用记录
更新功能 Ladon 8.7 2021.8.14
Ladon查看
C#查看 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 USBConnKey = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Enum\USBSTOR", false); foreach (string sub1 in USBConnKey.GetSubKeyNames()) { RegistryKey sub1key = USBConnKey.OpenSubKey(sub1, false); foreach (string sub2 in sub1key.GetSubKeyNames()) { try { RegistryKey sub2key = sub1key.OpenSubKey(sub2, false); if (sub2key.GetValue("Service", "").Equals("disk")) { String Path = "USBSTOR" + "\\" + sub1 + "\\" + sub2; String Name = (string)sub2key.GetValue("FriendlyName", ""); Console.WriteLine("USB_Name: " + Name); Console.WriteLine("UID_Tag: " + sub2); Console.WriteLine("Path: " + Path + "\r\n"); } } catch (Exception msg) { Console.WriteLine(msg.Message); } } } ``` ### Cmd查看 ```Bash for /f %i in ('reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR') do @for /f %x in ('reg query "%i"') do @reg query "%x" /v FriendlyName | findstr FriendlyName
Bat查看 1 for /f %%i in ('reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR' ) do @for /f %%x in ('reg query "%%i"' ) do @reg query "%%x" /v FriendlyName | findstr FriendlyName
Ladon其它信息收集模块 Getinfo 渗透基础信息收集(常用命令)
Ladon下载 历史版本: https://github.com/k8gege/Ladon/releases http://k8gege.org/Download
