Debian: Listing all user-installed packages?

Question

For a cyber security competition I participate in, I\'m given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.

Answer 1

This takes into account also packages installed with aptitude (not only apt install or apt-get install, like Benny Hill's answer which I based on):

( ( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon ; ( zcat $( ls -tr /var/log/aptitude.*.gz ) ; cat /var/log/aptitude ) ) | egrep '^Commandline:.*install|^\[INSTALL\]' | sed 's#Commandline: ##' | awk '/INSTALL/ { print $2 }; !/INSTALL/ { print $0 }; ' 1>installed_packages.txt

Example output (the last line comes from aptitude logs):

apt-get install nodejs
apt install tidy
mc:amd64