Dump URI Handlers

DUH.vbs

' Taken from https://www.blackhat.com/presentations/bh-europe-08/McFeters-Rios-Carter/Whitepaper/bh-eu-08-mcfeters-rios-carter-WP.pdf
' Dump URL Handlers (DUH! v1) Tested  on win2k and winXP should work on other windows as well
' enumerates all the URL handlers registed on the system, by Erik Cabetas March 2007
'
' You should run this command once and never again!
' cscript.exe //H:CScript
'
' Now run this command to execute the script, you can run it multiple times
' cscript.exe //Nologo DUH.vbs
'
' Change the Const delim  to be some sort of delimter, default is tab
' Then import the output into Openoffice or Excel for a nice data view
'
' satebackire

On Error Resume Next
Const HKCR = &H80000000
Dim wsh
Dim comment
Dim command
Dim isHandler
Const delim = &H09


Set wsh = WScript.CreateObject("WScript.Shell")
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

ret = oReg.EnumKey(HKCR, "/", arrSubKeys)

if ret<>0 Then
    ret = oReg.EnumKey(HKCR, "", arrSubKeys)
end if
 
if ret=0 and IsArray(arrSubKeys) Then

    For Each subkey In arrSubKeys
        isHandler = wsh.RegRead("HKCR\" & subkey & "\URL Protocol")
        if Err=0 Then
            comment = wsh.RegRead("HKCR\" & subkey & "\")
            command = wsh.RegRead("HKCR\" & subkey & "\shell\open\command\")
            Wscript.Echo subkey & Chr(delim) & comment & Chr(delim) & command
        else
            Err = 0
        end if
    Next
else
    WScript.Echo "Something got messed up ret=" & ret & " err=" & Err & " " & IsArray(arrSubKeys)
    WScript.Echo "Look for the ret code in winerror.h and debug the problem yourself"
    WScript.Echo "or you can try and run it again...sometimes it does not work correctly on the first run"
end if