@R0n I wonder if you could create an augeas lens to parse:

%userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

is there something to pull what is in the file?

What do you mean by pull, R0n?

i meant get the content from the file

The only two ways i know to pull content from a file like this is either a custom extension (probably simple to write, allows safely dropping privileges) OR an augeas lens and a query. In my opinion writing an extension is simpler - at least I haven’t yet grokked how the language behind augeas works, and I don’t know how it handles untrusted input from a file like this.

something like this

Yea, sort of - depends on if your aim is to include it in the core or as an extension. I’m not the gate keeper but my understanding is that one off files like this make more sense as an extension, but if this is very useful for wide userbase then it can be included in the core.

yes, it would make more sense as an extension/plugin . i'll try to find information about extensions and how to implement them

https://github.com/osquery/osquery-python/blob/master/README.md and https://github.com/kolide/osquery-go/blob/master/README.md

👍 thank you