Chapter 3 【Python绝技：用Python进行取证调查】

代码来自《Python绝技：运用Python成为顶级黑客》第三章：用Python进行取证调查
环境：Win 7，python 2.7

1、你曾经去过哪里？——在注册表中分析无线访问热点

# -*- coding:utf-8 -*-
from _winreg import *

def va12addr(val):
    addr=""
    for ch in val:
        addr += ("%02x " %ord(ch))
    addr = addr.strip(' ').replace(" ",":")[0:17]
    return addr

def printNets():
    net ="SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged"
    key = OpenKey(HKEY_LOCAL_MACHINE,net, 0)
    print '\n[+] Networks You have Joined.'
    for i in range(100):
       try:
            guid = EnumKey(key,i)
            netKey = OpenKey(key,str(guid))
            (n,name,t) = EnumValue(netKey,1)
            (n,addr,t) = EnumValue(netKey,5)
            macAddr = va12addr(addr)
            netName = str(name)
            print '[+] '+netName +' '+macAddr
            CloseKey(netKey)
       except Exception ,e:
            print e
            pass

def main():
    printNets()
if __name__=='__main__':
    main()