[Tools]获取域环境内所有用户登录信息(附源码及程序)
来源:互联网 发布:linux 安装gcc4.8 编辑:程序博客网 时间:2024/06/05 06:03
博主写了一个小脚本/工具(Github下载地址包含全部源码及pyinstaller转的exe可执行程序),用来获取域环境内所有用户登录信息,大家觉得不错就收下吧,欢迎交流提建议。
本工具已更新,最新版请至Github下载
EventLogonStat.bat
@echo offcd %~dp0wevtutil qe security /format:text /q:"Event[System[(EventID=4624 or EventID=4634)]]" > EvtLogon.datEventLogonStat.exe EvtLogon.datdel /F EvtLogon.dat
EventLogonStat.py
# -- coding:utf-8 --# Python v2.7.10# EventLogonStat.py# Written by Gaearrowimport sys# Logon Type Dictionarylogontypedic = { 0 :'Unknown 0', 1 :'Unknown 1', 2 :'Interactive', 3 :'Network', 4 :'Batch', 5 :'Service', 6 :'Unknown 6', 7 :'Unlock', 8 :'NetworkCleartext', 9 :'NewCredentials', 10:'RemoteInteractive', 11:'CachedInteractive',}# Logon ID Setlogonidset = set()# Process Inputif len(sys.argv) != 2: print 'Usage: ' print 'wevtutil qe security /format:text /q:"Event[System[(EventID=4624 or EventID=4634)]]" > EvtLogon.dat' print '%s EvtLogon.dat' % sys.argv[0].split('\\')[-1] sys.exit(1)evt = sys.argv[1]fevt = open(evt,'r')flogon = open('LogonStat.csv','w')print >>flogon,'Event No.; Task; Date; Account Name; Account Domain; Logon ID; Logon Type; Logon Address'try: # Perform the Statistics numevent = 0 numlogon = 0 numlogoff = 0 # For Eliminate redundancies lastdate = 'lastdate' lasttask = 'lasttask' for eachline in fevt: if eachline.find('Event[') > -1: # Reset evtno = '' task = '' date = '' accname = '' accdomain = '' logonid = '' logontype = '' logonaddr = '' skip = 0 evtno = eachline.split('[')[1].split(']')[0] numevent = numevent + 1 elif eachline.find('Date:') > -1: date = eachline[(eachline.find(':')+1):].strip() elif eachline.find('Task:') > -1: task = eachline.split(':')[1].strip() if (date == lastdate) and (task == lasttask): ## reduce skip = 1 else: lastdate = date lasttask = task elif eachline.find('Logon Type:') > -1: ltnum = int(eachline.split(':')[1]) logontype = logontypedic[ltnum] if ltnum in [0,1,5,6]: ## reduce skip = 1 elif eachline.find('Account Name:') > -1: accname = eachline.split(':')[1].strip() if (task == 'Logon') and (accname.find('$') > -1): ## reduce skip = 1 elif eachline.find('Account Domain:') > -1: accdomain = eachline.split(':')[1].strip() elif eachline.find('Logon ID:') > -1: logonid = eachline.split(':')[1].strip() if (skip == 0) and (task == 'Logoff') and (logonid in logonidset): print >>flogon,evtno+';'+task+';'+date+';'+accname+';'+accdomain+';'+logonid+';'+logontype+';'+logonaddr numlogoff = numlogoff + 1 logonidset.remove(logonid) elif eachline.find('Source Network Address:') > -1: logonaddr = eachline[(eachline.find(':')+1):].strip() if logonaddr == '-': ## reduce skip = 1 if (skip == 0) and (task == 'Logon'): print >>flogon,evtno+';'+task+';'+date+';'+accname+';'+accdomain+';'+logonid+';'+logontype+';'+logonaddr numlogon = numlogon + 1 logonidset.add(logonid) # Print Summary Infomation print >>flogon,'=============================' print >>flogon,'Summary Information' print >>flogon,'Logon Event : ',numlogon print >>flogon,'Logoff Event : ',numlogoff print >>flogon,'Total Event : ',numevent print >>flogon,'=============================' print 'Event Statistics Success to LogonStat.csv'except Exception as e: print 'Error: %s' % e sys.exit(1)fevt.close()flogon.close()
LogonStat.csv
Event No.; Task; Date; Account Name; Account Domain; Logon ID; Logon Type; Logon Address1520;Logon;2017-03-27T12:38:38.941;Administrator;OHMYAD;0x4d7a3;Network;192.168.20.1511521;Logon;2017-03-27T12:38:38.956;Administrator;OHMYAD;0x4d7b1;Network;192.168.20.1511522;Logon;2017-03-27T12:38:38.972;Administrator;OHMYAD;0x4d7c4;Network;192.168.20.151...4579;Logoff;2017-03-27T21:50:29.703;aduser02;OHMYAD;0x32f922;;4589;Logon;2017-03-27T21:51:49.559;aduser01;OHMYAD;0x332774;Network;192.168.20.1514590;Logon;2017-03-27T21:51:50.074;aduser01;OHMYAD;0x332788;Network;192.168.20.151...=============================Summary InformationLogon Event : 142Logoff Event : 133Total Event : 99908=============================
0 0
- [Tools]获取域环境内所有用户登录信息(附源码及程序)
- [Tools]获取系统开关机信息(附源码及程序)
- 微信小程序例子——获取用户登录信息
- dorado获取用户登录信息
- Android JNI 练手实例(获取系统信息,附源码)
- Yii用户登录信息。获取用户ID
- 获取手机内所有视频信息
- java获取局域网内所有ip信息
- 用JavaScript实现用户登录验证、注册信息格式检验(附代码)
- LocalOS 0.1.1 版发布(内附本程序源码及Java版网游找CALL示例源码)
- LocalOS 0.1.1 版发布(内附本程序源码及Java版网游找CALL示例源码)
- 获取所有用户表及根据表Id取得表字段信息
- 三级联动下拉框,获取省市区信息(内附Oracle城市三级联动数据表)
- JavaScript中的跨域详解(内附源码)
- 用Javascript获取SharePoint当前登录用户的用户名及Group信息
- shiro源码分析篇3:用户登录缓存登录信息
- j2me 通过程序获取jad内信息
- 整理PackageManager,获取所有安装程序信息
- Servlet简介
- 矩阵快速幂_求一个邻接矩阵中走m步的方法数
- opencv 图像金字塔
- Git学习-第二节:Egit使用
- 网页顶部横向导航栏的制作(最最基本的导航栏)
- [Tools]获取域环境内所有用户登录信息(附源码及程序)
- UVa 227 Puzzle(小心输入输出!)
- Linux查看文件编码格式及文件编码转换
- redis安装及其相关配置
- 杭电ACM2012:素数判定
- 快速排序、冒泡排序、插入排序、选择排序
- 详解在Docker容器内外互相拷贝数据的方法
- Java 实现批量重命名,亲测可用(精简版)
- Nagios简介及部署