RegRipper
둘러보기로 가기
검색하러 가기
소개[편집]
Regripper는 Harlan Carvey에서 개발한 레지스트리 분석 도구로 오픈소스로 제공된다. 최신 업데이트는 2013년 4월이며, 최신 버전은 v2.8이다. 본 항에서는 최신버전인 v2.8버전을 사용하였다. Regripper는 CLI, GUI 모두 지원하며, Windows운영체제 환경에서 사용 가능하다. Regripper는 일반적인 Registry 뷰어와 달리 Registry에서 특정한 정보를 파싱하는 기능 가지고 있으며, 이를 위하여 plugin을 따로 다운로드 하여 설치하여야 한다. Regirpper의 CUI 인터페이스는 [그림 1]과 같으며, GUI 인터페이스는 [그림 2]와 같다.
사용법[편집]
GUI 환경에서 Regripper는 다운로드 한 파일을 압축을 풀어, 폴더 내의 rr.exe를 실행하여 사용할 수 있다. 단, 사용 이전에 rr.exe가 존재하는 폴더 내부에 plugins라는 폴더를 생성하여 plugin을 설치하여야만 실행가능하다. plugin 설치 후 rr.exe를 실행시키면 Profile에서 다음과 같은 Profile을 확인할 수 있다. [그림 3]의 화면에서 Plugin을 SAM으로 설정하고 SAM 파일의 경로를 설정하여 Rip It 버튼을 클릭했을 경우 나타나는 결과는 Report File에 설정한 경로와 같으며 결과 파일을 오픈한 화면은 [그림 4]와 같다.
CUI 환경의 rip.exe의 사용 명령어는 [표 1]과 같다.
| Rip [-r Reg hive file] [-f plugin file] [-p plugin module] [-l] [-h] |
rip.exe에서 상기한 rr.exe의 실행 예제와 동일한 실행 결과를 얻을 수 있는 명령어는 [표 2]와 같으며 실행 결과는 [그림 5]와 같다.
| rip -r ./SAM -f ./sam |
도구 기능[편집]
Regripper가 파싱 가능한 Profile의 목록은 [표 3]과 같다.
| Profiles |
|---|
| ntuser |
| sam |
| security |
| software |
| system |
| usrclass |
Regripper가 지원하는 플러그인은 [표 4]와 같다. GUI 환경인 rr.exe에서는 플러그인 개별 사용이 불가능하며, CUI 환경인 rip.exe에서는 개별 플러그인을 명령 옵션으로 지정하여 사용할 수 있다.
| 플러그인 | 대상 하이브 | 설명 |
|---|---|---|
| acmru | NTUSER.DAT | Gets contents of user's ACMru key |
| adoberdr | NTUSER.DAT | Gets user's Adobe Reader cRecentFiles values |
| aim | NTUSER.DAT | Gets info from the AOL Instant Messenger (not AIM) install |
| aports | NTUSER.DAT | Extracts the install path for SmartLine Inc. Active Ports. |
| appcertdlls | System | Get entries from AppCertDlls key |
| appcompatcache | System | Parse files from System hive Shim Cache |
| appcompatflags | NTUSER.DAT | Extracts AppCompatFlags for Windows. |
| appinitdlls | Software | Gets contents of AppInit_DLLs value |
| applets | NTUSER.DAT | Gets contents of user's Applets key |
| applets_tln | NTUSER.DAT | Gets contents of user's Applets key (TLN) |
| apppaths | Software | Gets content of App Paths subkeys |
| apppaths_tln | Software | Gets content of App Paths subkeys (TLN) |
| appspecific | NTUSER.DAT | Gets contents of user's Intellipoint\AppSpecific subkeys |
| ares | NTUSER.DAT | Gets contents of user's Software/Ares key |
| arpcache | NTUSER.DAT | Retrieves CurrentVersion\App Management\ARPCache entries |
| assoc | Software | Get list of file ext associations |
| auditfail | System | Get CrashOnAuditFail value |
| auditpol | Security | Get audit policy from the Security hive file |
| autoendtasks | NTUSER.DAT | Automatically end a non-responsive task |
| autorun | NTUSER.DAT | Gets autorun settings |
| backuprestore | System | Gets the contents of the FilesNotToSnapshot |
| banner | Software | Get HKLM\SOFTWARE.. Logon Banner Values |
| baseline | All | Scans a hive file |
| bho | Software | Gets Browser Helper Objects from Software hive |
| bitbucket | Software | Get HKLM\..\BitBucket keys\values |
| bitbucket_user | NTUSER.DAT | TEST - Get user BitBucket values |
| brisv | NTUSER.DAT | Detect artifacts of a Troj.Brisv.A infection |
| btconfig | Software | Determines BlueTooth devices 'seen' by BroadComm drivers |
| bthport | System | Gets Bluetooth-connected devices from System hive |
| cain | NTUSER.DAT | Extracts details for Cain & Abel by oxid.it |
| ccleaner | NTUSER.DAT | Gets User's CCleaner Settings |
| clampi | NTUSER.DAT | TEST - Checks for keys set by Trojan.Clampi PROT module |
| clampitm | NTUSER.DAT | Checks for IOCs for Clampi (per Trend Micro) |
| clsid | Software | Get list of CLSID/registered classes |
| cmdproc | NTUSER.DAT | Autostart - get Command Processor\AutoRun value from NTUSER.DAT hive |
| cmdproc_tln | NTUSER.DAT | Autostart - get Command Processor\AutoRun value from NTUSER.DAT hive (TLN) |
| cmd_shell | Software | Gets shell open cmds for various file types |
| cmd_shell_tln | Software | Gets shell open cmds for various file types |
| cmd_shell_u | USRCLASS.DAT | Gets shell open cmds for various file types from USRCLASS.DAT |
| codeid | Software | Gets CodeIdentifier DefaultLevel value |
| comdlg32 | NTUSER.DAT | Gets contents of user's ComDlg32 key |
| compatassist | NTUSER.DAT | Checks user's Compatibility Assistant\Persisted values |
| compdesc | NTUSER.DAT | Gets contents of user's ComputerDescriptions key |
| compname | System | Gets ComputerName and Hostname values from System hive |
| controlpanel | NTUSER.DAT | Look for RecentTask* values in ControlPanel key (Vista) |
| cpldontload | NTUSER.DAT | Gets contents of user's Control Panel don't load key |
| crashcontrol | System | Get crash control information |
| ctrlpnl | Software | Get Control Panel info from Software hive |
| ddm | System | Get DDM data from Control Subkey |
| decaf | NTUSER.DAT | Extracts the EULA value for DECAF. |
| defbrowser | Software | Gets default browser setting from HKLM |
| dependency_walker | NTUSER.DAT | Extracts Recent File List for Dependency Walker. |
| devclass | System | Get USB device info from the DeviceClasses keys in the System hive |
| dfrg | Software | Gets content of Dfrg BootOptim. key |
| diag_sr | System | Get Diag\SystemRestore values and data |
| direct | Software | Searches Direct* keys for MostRecentApplication subkeys |
| direct_tln | Software | Searches Direct* keys for MostRecentApplication subkeys (TLN) |
| disablelastaccess | System | Get NTFSDisableLastAccessUpdate value |
| disablesr | Software | Gets the value that turns System Restore either on or off |
| dllsearch | System | Get crash control information |
| dnschanger | System | Check for indication of DNSChanger infection. |
| domains | NTUSER.DAT | Gets contents Internet Settings\ZoneMap\Domains key |
| drivers32 | Software | Get values from the Drivers32 key |
| drwatson | Software | Gets Dr. Watson settings from Software hive |
| emdmgmt | Software | Gets contents of EMDMgmt subkeys and values |
| environment | NTUSER.DAT | Extracts user's Environment paths from NTUSER.DAT |
| esent | Software | Get ESENT\Process key contents |
| eventlog | System | Get EventLog configuration info |
| eventlogs | System | Gets Event Log settings from System hive |
| fileexts | NTUSER.DAT | Get user FileExts values |
| filehistory | NTUSER.DAT | Gets filehistory settings |
| findexes | All | Scans a hive file looking for binary value data that contains MZ |
| fw_config | System | Gets the Windows Firewall config from the System hive |
| gauss | Software | Checks Reliability key for TimeStampforUI value |
| gthist | NTUSER.DAT | Gets Google Toolbar Search History |
| gtwhitelist | NTUSER.DAT | Gets Google Toolbar whitelist values |
| haven_and_hearth | NTUSER.DAT | Extracts the username and savedtoken for Haven & Hearth. |
| hibernate | System | Check hibernation status |
| ide | System | Get IDE device info from the System hive file |
| iejava | NTUSER.DAT | Checks NTUSER for status of kill bit for IE Java ActiveX control |
| ie_main | NTUSER.DAT | Gets values beneath user's Internet Explorer\Main key |
| ie_settings | NTUSER.DAT | Gets important user IE settings |
| ie_version | Software | Get IE version and build |
| imagedev | System | |
| imagefile | Software | Checks IFEO subkeys for Debugger & CWDIllegalInDllSearch values |
| init_dlls | Software | Check for odd **pInit_Dlls keys |
| inprocserver | Software | Checks CLSID InProcServer32 values for indications of ZeroAccess infection |
| inprocserver_u | USRCLASS.DAT | Checks CLSID InProcServer32 values for indications of ZeroAccess infection |
| installedcomp | Software | Get info about Installed Components/StubPath |
| installer | Software | Determines product install information |
| internet_explorer_cu | NTUSER.DAT | Get HKCU information on Internet Explorer |
| internet_settings_cu | NTUSER.DAT | Get HKCU information on Internet Settings |
| itempos | NTUSER.DAT | Shell/Bags/1/Desktop ItemPos* value parsing; Win7 NTUSER.DAT hives |
| javafx | NTUSER.DAT | Gets contents of user's JavaFX key |
| javasoft | Software | Gets contents of JavaSoft/UseJava2IExplorer value |
| kb950582 | Software | KB950582 - Gets autorun settings from HKLM hive |
| kbdcrash | System | Checks to see if system is config to crash via keyboard |
| landesk | Software | Get list of programs monitored by LANDESK - Software hive |
| landesk_tln | Software | Get list of programs monitored by LANDESK from Software hive |
| legacy | System | Lists LEGACY_* entries in Enum\Root key |
| legacy_tln | System | Lists LEGACY_* entries in Enum\Root key in TLN format |
| licenses | Software | Get contents of HKLM/Software/Licenses key |
| listsoft | NTUSER.DAT | Lists contents of user's Software key |
| liveContactsGUID | NTUSER.DAT | Gets user Windows Live Messenger GUIDs |
| load | NTUSER.DAT | Gets load and run values from user hive |
| logonusername | NTUSER.DAT | Get user's Logon User Name value |
| lsasecrets | Security | TEST - Get update times for LSA Secrets |
| lsa_packages | System | Lists various *Packages key contents beneath LSA key |
| macaddr | Software | |
| menuorder | NTUSER.DAT | Gets contents of user's MenuOrder subkeys |
| mmc | NTUSER.DAT | Get contents of user's MMC\Recent File List key |
| mmc_tln | NTUSER.DAT | Get contents of user's MMC\Recent File List key (TLN) |
| mmo | NTUSER.DAT | Checks NTUSER for Multimedia\Other values [malware] |
| mndmru | NTUSER.DAT | Get contents of user's Map Network Drive MRU |
| mndmru_tln | NTUSER.DAT | Get user's Map Network Drive MRU (TLN) |
| mountdev | System | Return contents of System hive MountedDevices key |
| mountdev2 | System | Return contents of System hive MountedDevices key |
| mp2 | NTUSER.DAT | Gets user's MountPoints2 key contents |
| mp3 | NTUSER.DAT | Gets user's MountPoints2 key contents |
| mpmru | NTUSER.DAT | Gets user's Media Player RecentFileList values |
| mrt | Software | Check to see if Malicious Software Removal Tool has been run |
| msis | Software | Determine MSI packages installed on the system |
| mspaper | NTUSER.DAT | Gets images listed in user's MSPaper key |
| muicache | NTUSER.DAT | USRCLASS.DAT |
| nero | NTUSER.DAT | Gets contents of Ahead\Nero Recent File List subkeys |
| netassist | NTUSER.DAT | Check for Firefox Extensions. |
| network | System | Gets info from System\Control\Network GUIDs |
| networkcards | Software | Get NetworkCards |
| networklist | Software | Collects network info from Vista+ NetworkList key |
| networklist_tln | Software | Collects network info from NetworkList key (TLN) |
| networkuid | Software | Gets Network key UID value |
| nic | System | Gets NIC info from System hive |
| nic2 | System | Gets NIC info from System hive |
| nic_mst2 | System | Gets NICs from System hive; looks for MediaType = 2 |
| nolmhash | System | Gets NoLMHash value |
| ntusernetwork | NTUSER.DAT | Returns contents of user's Network subkeys |
| odysseus | NTUSER.DAT | Extract registry keys for Odysseus by bindshell.net. |
| officedocs | NTUSER.DAT | Gets contents of user's Office doc MRU keys |
| officedocs2010 | NTUSER.DAT | Gets user's Office 2010 doc MRU values |
| officedocs2010_tln | NTUSER.DAT | Gets user's Office 2010 doc MRU values; TLN output |
| oisc | NTUSER.DAT | Gets contents of user's Office Internet Server Cache |
| olsearch | NTUSER.DAT | Gets contents of user's OutLook Searches |
| osversion | NTUSER.DAT | Checks for OSVersion value |
| osversion_tln | NTUSER.DAT | Checks for OSVersion value (TLN) |
| outlook | NTUSER.DAT | Gets user's Outlook settings |
| outlook2 | NTUSER.DAT | Gets MAPI (Outlook) settings *BETA* |
| pagefile | System | Get info on pagefile(s) |
| phdet | System | Check for a Phdet infection |
| photos | USRCLASS.DAT | Shell/BagMRU traversal in Win7 USRCLASS.DAT hives |
| polacdms | Security | Get local machine SID from Security hive |
| policies_u | NTUSER.DAT | Get values from the user's Policies key |
| prefetch | SYSTEM | Gets the the Prefetch Parameters |
| printermru | NTUSER.DAT | Gets user's Printer Wizard MRU listing |
| printers | NTUSER.DAT | Get user's printers |
| privoxy | NTUSER.DAT | Extracts the install path for Privoxy. |
| product | Software | Get installed product info |
| productpolicy | System | Parse ProductPolicy value (Vista & Win2008 ONLY) |
| producttype | System | Queries System hive for Windows Product info |
| profilelist | Software | Get content of ProfileList key |
| proxysettings | NTUSER.DAT | Gets contents of user's Proxy Settings |
| publishingwizard | NTUSER.DAT | Extract AddNetPlace\LocationMRU for Microsoft Publishing Wizard |
| putty | NTUSER.DAT | Extracts the saved SshHostKeys for PuTTY. |
| rdphint | NTUSER | Gets hosts logged onto via RDP and the Domain\Username |
| rdpport | System | Queries System hive for RDP Port |
| realplayer6 | NTUSER.DAT | Gets user's RealPlayer v6 MostRecentClips(Default) values |
| realvnc | NTUSER.DAT | Gets user's RealVNC MRU listing |
| recentdocs | NTUSER.DAT | Gets contents of user's RecentDocs key |
| regback | Software | List all tasks along with logfile name and last written date/time |
| regtime | All | Dumps entire hive - all keys sorted by LastWrite time |
| regtime_tln | All | Dumps entire hive - all keys sorted by LastWrite time |
| removdev | Software | Parses Windows Portable Devices key (Vista) |
| renocide | Software | Check for Renocide malware |
| rootkit_revealer | NTUSER.DAT | Extracts the EULA value for Sysinternals Rootkit Revealer. |
| routes | System | Get persistent routes |
| runmru | NTUSER.DAT | Gets contents of user's RunMRU key |
| runmru_tln | NTUSER.DAT | Gets contents of user's RunMRU key (TLN) |
| safeboot | System | Check SafeBoot entries |
| samparse | SAM | Parse SAM file for user & group mbrshp info |
| samparse_tln | SAM | Parse SAM file for user acct info (TLN) |
| schedagent | Software | Get SchedulingAgent key contents |
| secctr | Software | Get data from Security Center key |
| securityproviders | System | Gets SecurityProvider value from System hive |
| services | System | Lists services/drivers in Services key by LastWrite times |
| sevenzip | NTUSER.DAT | Gets records of histories from 7-Zip keys |
| sfc | Software | Get SFC values |
| shares | System | Get list of shares from System hive file |
| shc | NTUSER.DAT | Gets SHC entries from user hive |
| shellbags | USRCLASS.DAT | Shell/BagMRU traversal in Win7 USRCLASS.DAT hives |
| shellbags_tln | USRCLASS.DAT | Shell/BagMRU traversal in Win7 USRCLASS.DAT hives |
| shellexec | Software | Gets ShellExecuteHooks from Software hive |
| shellext | Software | Gets Shell Extensions from Software hive |
| shellfolders | NTUSER.DAT | Retrieve user Shell Folders values |
| shelloverlay | Software | Gets ShellIconOverlayIdentifiers values |
| shutdown | System | Gets ShutdownTime value from System hive |
| shutdowncount | System | Retrieves ShutDownCount value |
| skype | NTUSER.DAT | Gets data user's Skype key |
| snapshot | Software | Check ActiveX comp kill bit; Access Snapshot |
| snapshot_viewer | NTUSER.DAT | Extracts Recent File List for Microsoft Snapshot Viewer. |
| soft_run | Software | [Autostart] Get autostart key contents from Software hive |
| spp_clients | Software | Determines volumes monitored by VSS |
| sql_lastconnect | Software | MDAC cache of successful connections |
| srun_tln | Software | [Autostart] Get autostart key contents from Software hive (TLN) |
| ssh_host_keys | NTUSER.DAT | Extracts Putty/WinSCP SSH Host Keys |
| ssid | Software | Get WZCSVC SSID Info |
| startmenuinternetapps_cu | NTUSER.DAT | Start Menu Internet Applications info current user |
| startmenuinternetapps_lm | SOFTWARE | Start Menu Internet Applications info |
| startpage | NTUSER.DAT | Gets contents of user's StartPage key |
| stillimage | System | Get info on StillImage devices |
| streammru | NTUSER.DAT | streammru |
| streams | NTUSER.DAT | Parse Streams and StreamsMRU entries |
| svc | System | Lists services/drivers in Services key by LastWrite times (short format) |
| svc2 | System | Lists Services key contents by LastWrite times (CSV) |
| svcdll | System | Lists Services keys with ServiceDll values |
| svchost | Software | Get entries from SvcHost key |
| svc_plus | System | Lists services/drivers in Services key by LastWrite times in a short format with warnings for type mismatches |
| sysinternals | NTUSER.DAT | Checks for SysInternals apps keys |
| sysinternals_tln | NTUSER.DAT | Checks for SysInternals apps keys (TLN) |
| systemindex | Software | Gets systemindex\..\Paths info from Windows Search key |
| termcert | System | Gets Terminal Server certificate |
| termserv | System | Gets Terminal Server values from System hive |
| timezone | System | Get TimeZoneInformation key contents |
| tracing | Software | Gets list of apps that can be traced |
| tracing_tln | Software | Gets list of apps that can be traced (TLN) |
| trappoll | Software | Get TrapPollTimeMilliSecs value |
| trustrecords | NTUSER.DAT | Gets user's Office 2010 TrustRecords values |
| trustrecords_tln | NTUSER.DAT | Gets user's Office 2010 TrustRecords values; TLN output |
| tsclient | NTUSER.DAT | Displays contents of user's Terminal Server Client\Default key |
| tsclient_tln | NTUSER.DAT | Displays contents of user's Terminal Server Client key (TLN) |
| typedpaths | NTUSER.DAT | Gets contents of user's typedpaths key |
| typedpaths_tln | NTUSER.DAT | Gets contents of user's typedpaths key (TLN) |
| typedurls | NTUSER.DAT | Returns contents of user's TypedURLs key. |
| typedurlstime | NTUSER.DAT | Returns contents of user's TypedURLsTime key. |
| typedurlstime_tln | NTUSER.DAT | Returns contents of Win8 user's TypedURLsTime key (TLN). |
| typedurls_tln | NTUSER.DAT | Returns MRU for user's TypedURLs key (TLN) |
| uac | Software | Get Select User Account Control (UAC) Values from HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem |
| uninstall | Software | Gets contents of Uninstall keys (64- & 32-bit) from Software hive |
| uninstall_tln | Software | Gets contents of Uninstall keys (64- & 32-bit) from Software hive (TLN format) |
| unreadmail | NTUSER.DAT | Gets contents of Unreadmail key |
| urlzone | Software | URLZONE detection |
| urun_tln | NTUSER.DAT | [Autostart] Get autostart key contents from NTUSER.DAT hive |
| usb | System | Get USB device info |
| usbdevices | System | Parses Enum\USB key for devices |
| usbstor | System | Get USBStor key info |
| usbstor2 | System | Get USBStor key info; csv output |
| usbstor3 | System | Get USBStor key info |
| userassist | NTUSER.DAT | Displays contents of UserAssist subkeys |
| userassist_tln | NTUSER.DAT | Displays contents of UserAssist subkeys in TLN format |
| userinfo | NTUSER.DAT | Gets contents of MS Office UserInfo values |
| userlocsvc | NTUSER.DAT | Displays contents of User Location Service\Client key |
| user_run | NTUSER.DAT | [Autostart] Get autostart key contents from NTUSER.DAT hive |
| user_win | NTUSER.DAT | |
| virut | Software | Detect Virut artifacts |
| vista_bitbucket | NTUSER.DAT | Get BitBucket settings from Vista via NTUSER.DAT |
| vmplayer | NTUSER.DAT | Extracts full filepath for recent VMware Player VM images. |
| vmware_vsphere_client | NTUSER.DAT | Extract recent connections list for VMware vSphere Client. |
| vnchooksapplicationprefs | NTUSER.DAT | Get VNCHooks Application Prefs list |
| vncviewer | NTUSER.DAT | Get VNCViewer system list |
| volinfocache | Software | Gets VolumeInfoCache from Windows Search key |
| wallpaper | NTUSER.DAT | Parses Wallpaper MRU Entries |
| warcraft3 | NTUSER.DAT | Extract usernames for Warcraft 3. |
| wbem | Software | Get contents of WBEM\WDM key |
| winbackup | Software | Get Windows Backup |
| winlivemail | NTUSER.DAT | Get & display the contents of the Windows Live Mail key |
| winlogon | Software | Get values from the WinLogon key |
| winlogon_tln | Software | Alerts on values from the WinLogon key (TLN) |
| winlogon_u | NTUSER.DAT | Get values from the user's WinLogon key |
| winnt_cv | Software | Get & display the contents of the Windows NT\CurrentVersion key |
| winrar | NTUSER.DAT | Get WinRAR\ArcHistory entries |
| winrar_tln | NTUSER.DAT | Get WinRAR\ArcHistory entries (TLN) |
| winscp_sessions | NTUSER.DAT | Extracts WinSCP stored session data |
| winver | Software | Get Windows version |
| winvnc | NTUSER.DAT | Extracts the encrypted password for WinVNC. |
| winzip | NTUSER.DAT | Get WinZip extract and filemenu values |
| win_cv | Software | Get & display the contents of the Windows\CurrentVersion key |
| wordwheelquery | NTUSER.DAT | Gets contents of user's WordWheelQuery key |
| wpdbusenum | System | Get WpdBusEnumRoot subkey info |
| xpedition | System | Queries System hive for XP Edition info |
| yahoo_cu | NTUSER.DAT | Yahoo Messenger parser |
| yahoo_lm | SOFTWARE | Yahoo Messenger parser |
rip.exe의 명령어 옵션은 [표 5]와 같다.
| 옵션 | 설명 |
|---|---|
| -r | parsing 대상 hive 파일을 선정 |
| -g | hive 파일을 자동으로 추정함 |
| -f | 플러그인 파일 경로를 특정 |
| -p | 특정 플러그인만을 사용함 |
| -l | 모든 플러그인을 목록을 출력 |
| -c | -l과 함께 쓰이며 출력 결과를 CSV 포맷으로 출력 |
| -s | 서버 명을 특정 |
| -u | 사용자 명을 특정 |
| -h | 도움말 출력 |
제한 사항[편집]
Regripper는 상기한 [그림 4]와 [그림 5]에서 확인할 수 있듯이, 한글 출력을 지원하지 않는다. 또한 대부분의 지원 플러그인이 2012년 이전에 작성된 것으로 플러그인의 사용 대상이 업데이트 된 경우 제대로 작업 결과를 수행하지 못하는 문제가 존재할 수 있다. 레지스트리 Hive을 자체적으로 수집하는 기능 또한 존재하지 않는다.
수사 활용 방안[편집]
Regripper는 수집된 Windows가 영문판일 경우에, GUI 또는 CUI 환경에서 레지스트리의 내용 중 플러그인이 지원하는 세부적인 아티팩트를 찾고자 할 때 사용할 수 있는 도구로서 활용할 수 있다.
