Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • sherlock
  • xlmmacrodeobfuscator
  • additional-dockerfile-tests
  • binwalk-modifications
  • volatility3
  • johntheripper
  • ioc_parser_fix
  • pdf2john
  • ioc_parser
  • de4dot
  • fix-trufflehog
  • update-thunderbird
  • add-input-output-meta
  • pev
  • exiftool
  • ci-pipeline-rework
  • tcpdump-to-scrape-website
  • regipy
  • eml-parser
20 results

regripper

  • Clone with SSH
  • Clone with HTTPS
    • Niklas Saari's avatar
    regripper: rebuild image
    Niklas Saari authored
    231de8c8
    History
    Niklas Saari's avatar 231de8c8
    History
    Name Last commit Last update
    ..
    Dockerfile
    README.md
    meta.json
    test_regripper.py
    README.md

    Extract data from Windows registry

    RegRipper CLI (rip.pl) can be used to read data out of Windows registry hives with plugins. Written by Harlan 'keydet89' Carvey.

    Input

    Windows registry hive files

    Output

    report data

    Supported tags and respective Dockerfile links

    Usage

    To see what plugins are supported by regripper, run the -l option with the cincan tool:

    cincan run cincan/regripper -l

    Extract Run and RunOnce keys from registry (commands that run every time a user logs on) with docker

    docker run --rm -v `pwd`:/samples cincan/regripper -r /samples/SOFTWARE -p soft_run

    Extract user and group information from the 'SAM' hive file with the samparse plugin:

    cincan run cincan/regripper -r samples/SAM -p samparse

    Extract installed applications

    cincan run cincan/regripper -r samples/SOFTWARE -p product

    Extract the exact Windows version of the registry

    cincan run cincan/regripper -r samples/SOFTWARE -p winver

    Project homepage

    https://github.com/keydet89/RegRipper3.0