{"id":19390627,"url":"https://github.com/mandiant/msi-search","last_synced_at":"2025-04-24T00:31:26.861Z","repository":{"id":182179512,"uuid":"660318205","full_name":"mandiant/msi-search","owner":"mandiant","description":null,"archived":true,"fork":false,"pushed_at":"2023-07-20T18:12:49.000Z","size":49,"stargazers_count":274,"open_issues_count":0,"forks_count":29,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-13T12:32:07.629Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mandiant.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-29T18:31:56.000Z","updated_at":"2025-03-11T14:24:44.000Z","dependencies_parsed_at":"2023-07-19T02:23:41.114Z","dependency_job_id":"b4d7b09f-f239-4cdb-ba03-b9d853dbef5c","html_url":"https://github.com/mandiant/msi-search","commit_stats":null,"previous_names":["mandiant/msi-search"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2Fmsi-search","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2Fmsi-search/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2Fmsi-search/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandiant%2Fmsi-search/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mandiant","download_url":"https://codeload.github.com/mandiant/msi-search/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250539408,"owners_count":21447303,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T10:22:24.370Z","updated_at":"2025-04-24T00:31:24.202Z","avatar_url":"https://github.com/mandiant.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MSI Search\n\nWindows caches MSI files at `C:\\Windows\\Installer\\` with randomized filenames consisting of letters and numbers followed by the \".msi\" extension. This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs. Read more about MSI repair vulnerabilities at [Escalating Privileges via Third-Party Windows Installers].\n\nAuthor: Andrew Oliveau (@AndrewOliveau)\n\n## Compile\n\n```\nx86_64-w64-mingw32-gcc -c msi_search.c -o msi_search.x64.o\ni686-w64-mingw32-gcc -c msi_search.c -o msi_search.x86.o\n```\n\n## Usage\n\nAggressor script included. Import it into Cobalt Strike and run `msi_search`. Alternatively, run the PowerShell script `msi_search.ps1`.\n\n\n\u003cimg src=\"https://github.com/mandiant/msi-search/assets/32691065/a83752e5-52ac-4137-8dad-6d76b5a30fcf\" width=\"360\" height=\"456\"\u003e\n\n\n\u003cbr\u003e\n\n\n\u003cimg src=\"https://github.com/mandiant/msi-search/assets/32691065/2e486fc1-8184-40d1-80b5-85b7b794cf12\" width=\"360\" height=\"280\"\u003e\n\n\n[Escalating Privileges via Third-Party Windows Installers]: https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandiant%2Fmsi-search","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmandiant%2Fmsi-search","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandiant%2Fmsi-search/lists"}