OptionalFeatures

Overview
Syntax
Remote Execution
Output
Use Cases
Example Output
Remote Execution
Detection Considerations
Related Commands

Overview

The OptionalFeatures command enumerates Windows optional features and roles installed on the system via WMI. These features include server roles, administrative tools, and optional Windows components that may affect the system’s attack surface.

Syntax

Seatbelt.exe OptionalFeatures

Remote Execution

Seatbelt.exe OptionalFeatures -computername=TARGET.domain.com [-username=DOMAIN\user -password=pass]

Output

Returns optional feature information:

Feature name
Installation state (Enabled/Disabled)
Feature description

Use Cases

Red Team
Blue Team

Identify installed server roles
Discover administrative features
Find potential attack vectors
Determine system purpose (web server, file server, etc.)

Example Output

====== OptionalFeatures ======

Name        : IIS-WebServer
State       : Enabled
Description : Web Server (IIS)

Name        : TelnetClient
State       : Disabled
Description : Telnet Client

Name        : SMB1Protocol
State       : Disabled
Description : SMB 1.0/CIFS File Sharing Support

Remote Execution

This command supports remote execution using the -computername parameter.

Detection Considerations

Low detection risk - queries WMI for feature information.

OSInfo - Operating system information
Services - Running services
WindowsFirewall - Firewall configuration

LastShutdown AppLocker

⌘I

Getting Started

System - OS & Environment

System - Security Configuration

System - Authentication & Access

System - Network

System - Monitoring & Enterprise

System - Advanced

User - Credentials

User - Browser Data

User - Cloud & Remote Access

User - Recent Activity

User - Communication

Misc - Event Logs

Misc - Browser History

Misc - File & Registry

Misc - System Details

Overview

Syntax

Remote Execution

Output

Use Cases

Example Output

Remote Execution

Detection Considerations

Getting Started

System - OS & Environment

System - Security Configuration

System - Authentication & Access

System - Network

System - Monitoring & Enterprise

System - Advanced

User - Credentials

User - Browser Data

User - Cloud & Remote Access

User - Recent Activity

User - Communication

Misc - Event Logs

Misc - Browser History

Misc - File & Registry

Misc - System Details

​Overview

​Syntax

​Remote Execution

​Output

​Use Cases

​Example Output

​Remote Execution

​Detection Considerations

​Related Commands

Overview

Syntax

Remote Execution

Output

Use Cases

Example Output

Remote Execution

Detection Considerations

Related Commands