Situation

  • Home
  • Installation
  • Quick start
  • Configuration
  • Backends
  • Roadmap
Guides
  • Ansible
  • jq one-liners
  • FastAPI
Modules
  • Reference
  • App User
  • ARP
  • Chassis
  • Docker
  • DPKG
  • Host Basic
  • Host CPU
  • Host Disk
  • Host GPU
  • Host Network
  • JA4
  • MSI
  • Netstat
  • Ping
  • Reverse Lookup
  • RPM
  • SNMP
  • SSH
  • TCP Scan
  • TLS
  • Zypper
Developer
  • Overview
  • Architecture
  • Contributing
  • Module
  • Store

App User

Previous Next

Fills user information from the PID of an application

windows linux

AppUserModule fills user information from the PID of an application

Details

On Linux, it uses the /proc/\/status entrypoint. On Windows, it calls OpenProcessToken, GetTokenInformation and LookupAccountSidW.

On windows, even if the agent is run as administrator, it may not have the required privileges to scan some processes like wininit.exe, services.exe.

Dependencies

  • bufio

  • errors

  • fmt

  • os

  • os/user

  • strconv

  • strings

  • syscall

  • unsafe

Modules reference ARP
Menu
Home Installation Quick start Configuration Backends Roadmap
Guides
Ansible jq one-liners FastAPI
Modules
Reference App User ARP Chassis Docker DPKG Host Basic Host CPU Host Disk Host GPU Host Network JA4 MSI Netstat Ping Reverse Lookup RPM SNMP SSH TCP Scan TLS Zypper
Developer
Overview Architecture Contributing Module Store

On This Page

Details Dependencies
shadcn theme provided by @asiffer