Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. Adversaries may use the information from [Process Discovery](https://attack.mitre.org/techniques/T1057) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.An example command that would obtain details on processes is "tasklist" using the Tasklist utility.
In Mac and Linux, this is accomplished with the
pscommand.
Utilize ps to identify processes
Supported Platforms: macOS, CentOS, Ubuntu, Linux
| Name | Description | Type | Default Value |
|---|---|---|---|
| output_file | path of output file | path | /tmp/loot.txt |
ps >> #{output_file}
ps aux >> #{output_file}