Windows – Using osQuery Tool

The osQuery Tool is a cross-platform tool to query your devices like a database for Windows, Linux and iOS.

Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

You can dowload it here

osQuery installation on Windows is running the MSI to get it running.

After the installation you will see the binaries in C:\ProgramData\osquery

image

As you can see it has a few PowerShell scripts as well.

But most importantly is the osQuery Shell called osqueryi.exe

If you run the shell command you can see all features like this :

osqueryi .help

image

in the background it uses SQLite Smile

image

You can list all the tables that can be queried like this

image

image

Since you now have the list of the tables you can start using it in a Query.

How to use it :

Example :

osqueryi -line "select * from video_info"

image

osqueryi -line "select * from cpu_info"

image

PowerShell :

You can use osqueryi.exe in PowerShell like this

image

Enjoy !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: