Documentation

FAQ:
Question: Will lastAudit send my report to a web server?
Answer: No, lastAudit saves reports on local or USB disk. It doesn’t send them to any server.

 

Full list of features:

Configuration and vulnerabilities
• User account level and blank password detection
• Vulnerabilities and update status
• Antivirus Software status
• Firewall status
• Applocker status
• Powershell execute permissions
• Autostart programs in the Windows Registry
• Torrent software
• Passwords found in browsers
• Browser history and cookies
• Outlook address book entries
• File extensions and associated programs
• WiFi geolocation
• Hotspot history
• Open hotspots
• USB disks
• Screenshot
• Explorer files
• Clipboard data
• Uncommon processes listening on localhost
• Recent MS Office files
• Camera picture
• RDP connections

File system
• Credential and password files
• Virtual machine disks
• Sensitive files based on parsing for keywords
• Email, calendar and contact files
• Database files
• Macros found in documents
• Scripts
• Encrypted TrueCrypt/Veracrypt containers
• Encrypted MS Office documents
• Encrypted zip archives
• Mobile apps
• Pictures
• Geolocation data from images
• Unsigned executable files outside standard locations
• Weak permissions on system drive
• Files and folders outside the user profile with write access
• Programs malware may exploit

LAN
• Performs LAN port scanning
• Lists network resources, shares and files

Active Directory
• Organizational Units
• Users
• Servers
• Services
• Shares and files

 

Command line interface (version 1.52)

Usage: lastauditc [scan type(s)] [options]
Scan types:
-sall - all scans
-sv - vulnerabilities, misconfigurations
-sf <disks letters> - filesystem
-sad - Active Directory
-slan <network strings> - LAN
Options:
-v - verbose
-l <comma-separated level numbers> - threat levels
-out "file path" - report file path
-i - ignore selected vulnerabilities, misconfigurations and other information
Available ignore option strings:
admin - don't check for administrator rights
scr - don't take screenshot
cam - don't take webcam photo

Usage examples:

Scan vulnerbilities and misconfigurations only
lastauditc -sv

Scand C and Y disks in verbose mode
lastauditc -sf C,Y -v

Scan selected LANs (subnets that contain “192.168” octets) and Active Directory
lastauditc -sad -slan 192.168

Perform all scans reporting only level 1 and level 2 threats:
lastauditc -sall -l 1,2

Perform all scans and save the report to “c:\users\user\desktop\my_report.html”.
lastauditc.exe -sall -out "c:\users\user\desktop\my_report.html"

Scan vulnerabilities and misconfigurations without screenshot, ignoring admin rights warning.
lastauditc.exe -sv -i scr,admin

Advertisements