metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

Msf::Post::Windows::CliParse#win_parse_results

Parses output of some windows CLI commands and returns a hash with the
keys/vals detected.  If the item has multiple values, they will all be
returned in the val separated by commas. Keys are downcased and
symbolized (key.downcase.to_sym)

sc.exe example (somewhat contrived):
   SERVICE_NAME: dumbservice
   DISPLAY_NAME: KernelSmith Dumb Service - User-mode
   TYPE               : 20  WIN32_SHARE_PROCESS
   STATE              : 4  RUNNING
                           (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
   START_TYPE         : 2   AUTO_START
   BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
   DEPENDENCIES       : PlugPlay
                      : DumberService
   SERVICE_START_NAME : LocalSystem

returns:
   {
     :service_name     => "dumbservice",
     :display_name     => "KernelSmith Dumb Service - User-mod",
     :state            => "4  RUNNING",
     :start_type       => "2   AUTO_START",
     :binary_path_name => "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted",
     :dependencies     => "PlugPlay,DumberService"
     <...etc...>
   }

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open lib/msf/core/post/windows/cli_parse.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-Msf--Post--Windows--CliParse-win_parse_results-for-pr

# Commit to git

git add lib/msf/core/post/windows/cli_parse.rbgit commit -m "better docs for Msf::Post::Windows::CliParse#win_parse_results"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-Msf--Post--Windows--CliParse-win_parse_results-for-pr

hub pull-request

# Celebrate!