how to list all software installed on Windows environments with PowerShell ?

Posted by

Once you have escalated system privileges on a Windows host and some other times when you do some forensics, besides system information, running services, open ports, etc. some good information is what software is installed on the host to explore if the system could have other “doors open” to exploit or not.

With PowerShell you can get the entire list of the software installled, the information you get will depend on the parametrization of the command you use, on the following example we are collecting Display Name, Display Version, Publisher and Install Date of the software. But you can check the Object-Properties to check all available options.

To do that you can use the following command,

Note: You need to run as “Administrator” the application PowerShell.

PS C:\windows\system32> Get-ItemProperty HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate

2018-12-23 02_14_28-_new 3 - Notepad++
PowerShell Windows 8.1

Also, if you don’t want to get the information on the window powershell, you can export that information to a plane text file. To do that you just need to add the following parameters at the end of the previous command,

Ex: | Format-Table -AutoSize > C:\securitytweak.txt

Complete:

PS C:\windows\system32> Get-ItemProperty HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table -AutoSize > C:\FILENAME.txt

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s