Recon Modules Local

Computer Name

Overview

Displays the current systems name

PowerShell

[WheresMyImplant.Recon]::ComputerName()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Recon,ComputerName

Computer Domain

Overview

Displays the current systems domain name

PowerShell

[WheresMyImplant.Recon]::DomainName()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Recon,DomainName

Antivirus

Overview

Queries WMI for registered Antivirus Product. This may require Administrative privileges.

PowerShell

[WheresMyImplant.Recon]::AntivirusProduct()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Recon,AntivirusProduct

OSInfo

Overview

Queries WMI for information about the current operating system.

PowerShell

[WheresMyImplant.Recon]::OSInfo()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Recon,OSInfo

Mapped Drives

Overview

Queries WMI for information currently mapped network drives.

PowerShell

[WheresMyImplant.Recon]::MappedDrives()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Recon,MappedDrives

Tasklist

Overview

Displays the currently running processes on the system.

PowerShell

[WheresMyImplant.Recon]::TaskList()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Recon,TaskList

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Recon Modules Local

Computer Name

Overview

PowerShell

rundotnetdll32

Computer Domain

Overview

PowerShell

rundotnetdll32

Antivirus

Overview

PowerShell

rundotnetdll32

OSInfo

Overview

PowerShell

rundotnetdll32

Mapped Drives

Overview

PowerShell

rundotnetdll32

Tasklist

Overview

PowerShell

rundotnetdll32

Clone this wiki locally