June 19, 2020: regripper-plugins-20200528-1.{fc27,fc28,fc29,fc20,fc31,fc32,el7,el8}.noarch.rpm -
Regripper-plugins
are the plugins packaged separately from the regripper application.
This package is taken from the plugins directory at the Github source code site as of 2020-05-28.
October 19, 2018: regripper-plugins-20181017-1.{fc23,fc24,fc25,fc26,fc27,fc28,el6,el7}.noarch.rpm - Regripper-plugins
are the plugins packaged separately from the regripper application.
This package is taken from the plugins directory at the Github source code site as of 2018-10-17.
August 11, 2017: regripper-plugins-20170809-1.{fc20,fc21,fc22,fc23,fc24,fc25,fc26,el6,el7}.noarch.rpm - Regripper-plugins
are the plugins packaged separately from the regripper application.
This package is taken from the plugins directory at the Github source code site as of 2017-08-09.
December 18, 2015: regripper-plugins-20151216-1.{fc17,fc18,fc19,fc20,fc21,fc22,fc23,el5,el6,el7}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
This package is taken from the plugins directory at the Github source code site.
April 30, 2013: regripper-plugins-20130429-1.{fc15,fc16,fc17,fc18,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
See the Update History for the list of changes made in this release.
April 22, 2013: regripper-plugins-20130404-1.{fc15,fc16,fc17,fc18,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
The plugins added are the following:
NOTE: these are the packager's comments on what is new in this release, not the authors.
NEW PLUGIN attachmgr.pl The Windows Attachment Manager manages how attachments are handled, and settings are on a per-user basis. Malware has been shown to access
these settings and make modifications.
NEW PLUGIN javasoft.pl Gets contents of JavaSoft/UseJava2IExplorer value
NEW PLUGIN lsa_packages.pl Lists various *Packages key contents beneath LSA key
NEW PLUGIN olsearch.pl Gets contents of user's OutLook Searches
NEW PLUGIN outlook2.pl Gets MAPI (Outlook) settings *BETA*
NEW PLUGIN photos.pl Read data on images opened via Win8 Photos app
NEW PLUGIN scanwithav.pl Checks ScanWithAV value in Software hive, per KB 883260
NEW PLUGIN uac.pl Get User Account Control (UAC) Values from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
UPDATE appinitdlls.pl updated to address 64-bit systems
UPDATE ares.pl updated based on data provided by J. Weg
UPDATE ie_settings.pl added "AutoConfigURL" value info
UPDATE inprocserver.pl fixed retrieving LW time from correct key
UPDATE landesk.pl added Wow6432Node path
UPDATE sevenzip.pl minor updates added
UPDATE soft_run.pl updated to include Policies keys; added additional keys
UPDATE ssh_host_keys.pl Added rptMsg for key not found errors by Corey Harrell
UPDATE termserv.pl updated with autostart locations
UPDATE user_run.pl added additional keys; updated to include Policies keys; updated to include additional keys; updated to include 64-bit, additional keys/values
UPDATE winlogon_u updated with ThreatExpert info
UPDATE winscp_sessions.pl Added rptMsg for key not found errors by Corey Harrell
NOTE RegRipperPluginsPackage (RRPP) now counts 236 plugins
March 5, 2013: regripper-plugins-20130218-1.{fc15,fc16,fc17,fc18,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application. The plugins added are the following:
NEW PLUGIN by Corey Harrell: uac.pl that gets UAC configuration values (SOFTWARE)
UPDATE by Harlan Carvey to comdlg32.pl, many updates (NTUSER)
NOTE profile software-all was updated
NOTE profiles all DO NOT contain plugins TLN versions: you must create your own profiles or use them directly
October 11, 2012: regripper-plugins-20120926-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application. The plugins added are the following:
NEW PLUGIN by Harlan Carvey: appcertdlls.pl that gets entries from AppCertDlls key (SYSTEM)
NEW PLUGIN by Harlan Carvey: appcompatcache.pl that parses files from the Shim Cache (SYSTEM)
NEW PLUGIN by Harlan Carvey: appcompatcache_tln.pl that parses files from the Shim Cache, TLN output (SYSTEM)
NEW PLUGIN by Harlan Carvey: applets_tln.pl that gets the content of Applets key, TLN output (NTUSER)
NEW PLUGIN by Harlan Carvey: appspecific.pl that gets contents of user's Intellipoint\AppSpecific subkeys (NTUSER)
NEW PLUGIN by Harlan Carvey: ares.pl that gets contents of user's Software\Ares key (NTUSER)
NEW PLUGIN by Corey Harrell: backuprestore.pl that gets FilesNotToSnapshot, KeysNotToRestore, FilesNotToBackup (SYSTEM)
NEW PLUGIN by Harlan Carvey: compatassist.pl that checks user's Compatibility Assistant\Persisted values (NTUSER)
NEW PLUGIN by Harlan Carvey: direct.pl that searches Direct keys for MostRecentApplication subkeys (SOFTWARE)
NEW PLUGIN by Harlan Carvey: direct_tln.pl that searches Direct keys for MostRecentApplication subkeys, TLN output (SOFTWARE)
NEW PLUGIN by Corey Harrell: disablesr.pl that gets the on/off value for System Restore (SOFTWARE)
NEW PLUGIN by Harlan Carvey: installer.pl that determines products install information (SOFTWARE)
NEW PLUGIN by Harlan Carvey: javafx.pl that gets contents of user's JavaFX key (NTUSER)
NEW PLUGIN by Harlan Carvey: legacy_tln.pl that lists LEGACY entries in Enum\Root key, TLN output (SYSTEM)
NEW PLUGIN by Harlan Carvey: networklist_tln.pl that collects network info from NetworkList key, TLN output (SOFTWARE)
NEW PLUGIN by Harlan Carvey: osversion.pl that checks for OSVersion value, malware related (NTUSER)
NEW PLUGIN by Corey Harrell: prefetch.pl that gets the Prefetch Parameters (SYSTEM)
NEW PLUGIN by Harlan Carvey: runmru_tln.pl that gets contents of user's RunMRU key, TLN output (NTUSER)
NEW PLUGIN by Harlan Carvey: shellbags.pl that gets contents of users's Shell/BagMRU keys, Windows7 (USRCLASS)
NEW PLUGIN by Harlan Carvey: sysinternals.pl that checks for SysInternals apps keys (NTUSER)
NEW PLUGIN by Harlan Carvey: sysinternals_tln.pl that checks for SysInternals apps keys, TLN output (NTUSER)
NEW PLUGIN by Harlan Carvey: tracing.pl that gets list of apps that can be traced (SOFTWARE)
NEW PLUGIN by Harlan Carvey: tracing_tln.pl that gets list of apps that can be traced, TLN output (SOFTWARE)
NEW PLUGIN by Harlan Carvey: trustrecords.pl that gets user's Office 2010 TrustRecords values (NTUSER)
NEW PLUGIN by Harlan Carvey: trustrecords_tln.pl that gets user's Office 2010 TrustRecords values, TLN output (NTUSER)
NEW PLUGIN by Harlan Carvey: tsclient_tln.pl that gets contents of user's Terminal Server Client key, TLN output (NTUSER)
NEW PLUGIN by Harlan Carvey: typedpaths_tln.pl that gets contents of user's typedpaths key, TLN output (NTUSER)
NEW PLUGIN by Harlan Carvey: userassist_tln.pl that displays contents of UserAssist subkeys, TLN output (NTUSER)
NEW PLUGIN by Mari DeGrazia: winbackup.pl that gets Windows Backup settings (SOFTWARE)
NEW PLUGIN by Harlan Carvey: wpdbusenum.pl that gets WpdBusEnumRoot subkey info (SYSTEM)
UPDATE by Harlan Carvey to legacy.pl, added analysis tip (SYSTEM)
UPDATE by Harlan Carvey to muicache.pl, the plugin works both on NTUSER and/or USRCLASS hives (NTUSER,USRCLASS)
UPDATE by Harlan Carvey to networklist.pl, added NameType value reporting (SOFTWARE)
UPDATE by Harlan Carvey to soft_run.pl, added support to newer OS and 64 bits (SOFTWARE)
UPDATE by Harlan Carvey to tsclient.pl, added parsing of Servers key (NTUSER)
UPDATE by Harlan Carvey to userassist.pl (NTUSER)
REMOVED TEMPORARILY plugin typedurlstime.pl, postponed on next packages
REMOVED TEMPORARILY plugin typedurlstime_tln.pl, postponed on next packages
REMOVED plugin bagtest.pl, deprecated
REMOVED plugin bagtest2.pl, deprecated
REMOVED plugin crashcontrol.pl, too similar to crashdump.pl
REMOVED plugin filesnottosnapshot.pl, superseded by backuprestore.pl
REMOVED plugin pstools.pl, superseded by the more general sysinternals.pl plugin
REMOVED plugin userassist2.pl, deprecated since userassist.pl was updated
REMOVED plugin vista_comdlg32.pl, deprecated since comdlg32.pl was updated
REMOVED plugin win7_ua.pl, Windows7-RC and Vigenerè encryption are obsolete
NOTE added profile usrclass-all for USRCLASS.DAT hive
NOTE profiles '-all' DO NOT contain plugins TLN versions: you must create your own profiles or use them directly
NOTE source code repository was switched to GIT and it was aligned to the current release
NOTE RegRipperPluginsPackage (RRPP) now counts 236 plugins
August 21, 2012: regripper-plugins-20120812-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
This version includes version 20120612 of the plugins from here.
The plugins added are the following:
NEW PLUGIN by Hal Pomeranz: ssh_host_keys.pl that extracts stored Putty and WinSCP host keys from NTUSER hive
NEW PLUGIN by Hal Pomeranz: ssh_host_keys.pl that extracts stored Putty and WinSCP host keys from NTUSER hive
NEW PLUGIN by Hal Pomeranz: winscp_sessions.pl that extracts WinSCP saved session data from NTUSER hive (with password decoding)
NOTE profiles all-all, ntuser-all, sam-all, security-all, software-all and system-all were updated
NOTE source code repository was aligned to current release
NEW PLUGIN by John Lukach: pstools.pl that displays the content for PsTools EULA Agreements
NEW PLUGIN by K. Johnson (with Harlan Carvey updates): filehistory.pl that parses NTUSER FileHistory Registry keys from Windows 8
NEW PLUGIN by Elizabeth Schweinsberg: user_runplus.pl that gets contents of the Run, RunOnce, and RunServices keys from NTUSER hive
NEW PLUGIN by Elizabeth Schweinsberg: soft_runplus.pl that gets contents of the Run, RunOnce, and RunServices keys from SOFTWARE hive
NEW PLUGIN by Elizabeth Schweinsberg: svc_plus.pl that gets services, displaied in short format, from SYSTEM hive
June 27, 2012: regripper-plugins-20120612-1.{fc14,fc15,fc16,fc17,el5,el6}.noarch.rpm - Regripper-plugins are the plugins packaged separately from
the regripper application.
This version includes version 20120612 of the plugins from here.
The plugins added are the following:
NEW PLUGIN by Jason Hale: typedurlstime.pl that parses and correlates the TypedURLs and TypedURLsTime subkeys
NEW PLUGIN by Jason Hale: typedurlstime_tln.pl that parses and correlates the TypedURLs and TypedURLsTime subkeys (output in TLN format)