Find Office addins installed by your users. It includes COM Addins, VSTO Addins, and Web Addins.
Find-Addins checks the registry and scans user %APPDATA% folders looking for Office Add-Ins.
Use it to detect unexpected Add-Ins; such as those installed by a malicious user. See Technique 3 in Covert Attack Mystery Box: A Few Novel Techniques for Exploiting Microsoft Features
For best results, run as a user with Administrator privileges. When run as an unprivileged user, Find-Addins.ps1 will only reliably find Addins either installed for the current user or all users.
Find-Addins.ps1
Find-Addins.ps1 -OutPath C:\Temp\addinscan.csv
- Thanks to @dafthack and @ustayready for exposing the need for a script like this (and the awesome talk at Wild West Hackin Fest 2018)
- Swamprat
- LadyCoder2098
- @chono91
- @captaingig
- Friend who forbid me from crediting them