Description
The Registry Ripper, or RegRipper, is an open-source application for extracting, correlating, and displaying information from Windows NT registry hive files.
| Platform | Perl |
| Author | H. Carvey |
| License | GPLv3 |
| URL | https://github.com/warewolf/regripper |
Usage
Rip 2.8_20130801 - CLI RegRipper tool
Rip [-r Reg hive file] [-f plugin file] [-p plugin module] [-l] [-h]
Parse Windows Registry files, using either a single module, or a plugins file.
-r Reg hive file...Registry hive file to parse
-g ................Guess the hive file (experimental)
-f [profile].......use the plugin file (default: plugins\\plugins)
-p plugin module...use only this module
-l ................list all plugins
-c ................Output list in CSV format (use with -l)
-s system name.....Server name (TLN support)
-u username........User name (TLN support)
-h.................Help (print this information)
Ex: C:\\>rip -r c:\\case\\system -f system
C:\\>rip -r c:\\case\\ntuser.dat -p userassist
C:\\>rip -l -c
All output goes to STDOUT; use redirection (ie, > or >>) to output to a file\.
copyright 2013 Quantum Analytics Research, LLCExamples
rip.pl -r SAM -f sam > /cases/sam.txt
rip.pl -r SYSTEM -f system > /cases/system.txt
Blog Posts