PEASS-ng/README.md

# LinPE - Linux Privilege Escalation (with colors)


[![asciicast](https://asciinema.org/a/250532.png)](https://asciinema.org/a/250532)


The goal of this script is to search for possible **Privilege Escalation vectors inside a linux machine**.

This script does not have any dependency.

There is no need even for bash shell, **it runs using /bin/sh**.

It could take from **2 to 3 minutes** to execute the hole script (less than 1 min to make almost all the checks, almost 1 min to search for possible passwords inside all the accesible files of the system and 1 min to monitor the processes in order to find very frequent cron jobs).

This script has several lists included inside of it to be able to color the results in order to discover PE vector.

The script **automatically finds a writable directory** and writes the output of the checks there. The first console output will be the path of the file created.

![](https://github.com/carlospolop/linPE/blob/master/images/linpe-exec.png)

## Colors

LinPE uses colors to indicate where does each section begin. But **it also uses them the identify potencial misconfigurations**.

The ![](https://placehold.it/15/b32400/000000?text=+) **Red/Yellow** ![](https://placehold.it/15/fff500/000000?text=+) color is used for identifing configurations that lead to PE (99% sure).

The ![](https://placehold.it/15/b32400/000000?text=+) **Red** color is used for identifing suspicious configurations that could lead to PE:
- Possible exploitable kernel versions
- Vulnerable sudo versions
- Identify processes running as root
- Not mounted devices
- Dangerous fstab permissions
- Writable files in interesting directories
- SUID/SGID binaries that have some vulnerable version (it also specifies the vulnerable version)
- SUDO binaries that can be used to escalate privileges in sudo -l (without passwd) (https://gtfobins.github.io/)
- 127.0.0.1 in netstat
- Known files that could contain passwords
- Capabilities in interesting binaries
- Interesting capabilities of a binary
- Writable folders and wilcards inside info about cron jobs
- Writables folders in PATH
- Groups that could lead to root
- Files that could contains passwords

The ![](https://placehold.it/15/66ff33/000000?text=+) **Green** color is used for:
- Common processes run by root
- Common not interesting devices to mount
- Not dangerous fstab permissions
- SUID/SGID common binaries (the bin was already found in other machines and searchsploit doesn't identify any vulnerable version)
- Common .sh files in path
- Common names of users executing processes

The ![](https://placehold.it/15/0066ff/000000?text=+) **Blue** color is used for:
- Users without shell
- Mounted devices

The ![](https://placehold.it/15/33ccff/000000?text=+) **Light Cyan** color is used for:
- Users with shell

The ![](https://placehold.it/15/bf80ff/000000?text=+) **Light Magenta** color is used for:
- Current username


**The color filtering is not available in the one-liner** (the lists are too big)


## One liner

Here you have an old linpe version script in one line, **just copy and paste it**;)

This one-liner is deprecated (I am not going to update it more), but it could be useful in some cases so it will remain here:

The default file where all the data is recorded is: */tmp/linPE* (you can change it at the beginning of the script)


```sh
file="/tmp/linPE";RED='\033[0;31m';Y='\033[0;33m';B='\033[0;34m';NC='\033[0m';rm -rf $file;echo "File: $file";echo "[+]Gathering system information...";printf $B"[*] "$RED"BASIC SYSTEM INFO\n"$NC >> $file ;echo "" >> $file;printf $Y"[+] "$RED"Operative system\n"$NC >> $file;(cat /proc/version || uname -a ) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"PATH\n"$NC >> $file;echo $PATH 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Date\n"$NC >> $file;date 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Sudo version\n"$NC >> $file;sudo -V 2>/dev/null| grep "Sudo ver" >> $file;echo "" >> $file;printf $Y"[+] "$RED"selinux enabled?\n"$NC >> $file;sestatus 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Useful software?\n"$NC >> $file;which nc ncat netcat wget curl ping gcc make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Capabilities\n"$NC >> $file;getcap -r / 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Environment\n"$NC >> $file;(set || env) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Top and cleaned proccesses\n"$NC >> $file;ps aux 2>/dev/null | grep -v "\[" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Binary processes permissions\n"$NC >> $file;ps aux 2>/dev/null | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Services\n"$NC >> $file;(/usr/sbin/service --status-all || /sbin/chkconfig --list || /bin/rc-status) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Different processes executed during 1 min (HTB)\n"$NC >> $file;if [ "`ps -e --format cmd`" ]; then for i in {1..121}; do ps -e --format cmd >> $file.tmp1; sleep 0.5; done; sort $file.tmp1 | uniq | grep -v "\[" | sed '/^.\{500\}./d' >> $file; rm $file.tmp1; fi;echo "" >> $file;printf $Y"[+] "$RED"Proccesses binary permissions\n"$NC >> $file;ps aux 2>/dev/null | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Scheduled tasks\n"$NC >> $file;crontab -l 2>/dev/null >> $file;ls -al /etc/cron* 2>/dev/null >> $file;cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root /var/spool/anacron 2>/dev/null | grep -v "^#" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Any sd* disk in /dev?\n"$NC >> $file;ls /dev 2>/dev/null | grep -i "sd" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Storage information\n"$NC >> $file;df -h 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Unmounted file-system?\n"$NC >> $file;cat /etc/fstab 2>/dev/null | grep -v "^#" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Printer?\n"$NC >> $file;lpstat -a 2>/dev/null >> $file;echo "" >> $file;echo "" >> $file;echo "[+]Gathering network information...";printf $B"[*] "$RED"NETWORK INFO\n"$NC >> $file ;echo "" >> $file;printf $Y"[+] "$RED"Hostname, hosts and DNS\n"$NC >> $file;cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" >> $file;dnsdomainname 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Networks and neightbours\n"$NC >> $file;cat /etc/networks 2>/dev/null >> $file;(ifconfig || ip a) 2>/dev/null >> $file;iptables -L 2>/dev/null >> $file;ip n 2>/dev/null >> $file;route -n 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Ports\n"$NC >> $file;(netstat -punta || ss -t; ss -u) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Can I sniff with tcpdump?\n"$NC >> $file;timeout 1 tcpdump >> $file 2>&1;echo "" >> $file;echo "" >> $file;echo "[+]Gathering users information...";printf $B"[*] "$RED"USERS INFO\n"$NC >> $file ;echo "" >> $file;printf $Y"[+] "$RED"Me\n"$NC >> $file;(id || (whoami && groups)) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Sudo -l without password\n"$NC >> $file;echo '' | sudo -S -l -k 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Do I have PGP keys?\n"$NC >> $file;gpg --list-keys 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Superusers\n"$NC
```


## What does linpe look for
- **System Information**
  - [x] SO, kernel version & sudo version
  - [x] PATH, Date, time, selinux & env (and exports a new path if basic folders lacks)
  - [x] Useful software installed (special search for compilers)
  - [x] Processes (Current, Executed within a minute, Binary permissions)
  - [x] Services
  - [x] Scheduled tasks
  - [x] sd* disk in /dev, storage info, mem info, ummounted file-sys, printers


- **Network Information**
  - [x] Hostname, hosts & dns 
  - [x] Intefaces, networks and neightbours
  - [x] Active ports
  - [x] Sniff permissions


- **Users Information**
  - [x] Info about current user (whoami, groups, sudo, PGPkeys)
  - [x] `sudo -l` without password
  - [x] Try to login using `su` as other users (using null pass and the username)
  - [x] List of superusers
  - [x] Login info
  - [x] Available users with console
  - [x] List of all users


- **Software Sensitive Information**
  - [x] MySQl (Version, user being configured, loging as "root:root","root:toor","root:", user hashes extraction via DB and file, possible backup user configured)
  - [x] PostgreSQL (Version, try login in "template0" and "template1" as: "postgres:", "psql:")
  - [x] Apache (Version)
  - [x] Wordpress (Database credentials)
  - [x] Tomcat (Credentials)
  - [x] Mongo (Version)
  - [x] Supervisor (Credentials)
  - [x] Cesi (Credentials)
  - [x] Rsyncd (Credentials)
  - [x] Hostapd (Credentials)
  - [x] Network (Credentials)
  - [x] Anaconda-ks (Credentials)
  - [x] VNC (Credentials)
  - [x] LDAP database (Credentials)
  - [x] Open VPN files (Credentials)
  - [x] SSH (private keys, known_hosts, authorized_hosts, authorized_keys, root login permitted)
  - [x] AWS (Files with AWS keys)
  - [x] NFS (privilege escalation misconfiguration)


- **Generic Interesting Files**
  - [x] Pkexec policy, SUID & SGID files
  - [x] Capabilities
  - [x] .sh scripts in PATH
  - [x] Reduced list of files inside home
  - [x] Mails
  - [x] Hashes (passwd, shadow & master.passwd)
  - [x] Try to read root dir
  - [x] Check if Docker or LXC container
  - [x] List ALL writable files for current user (global, user and groups)
  - [x] Files that can contain passwords (and search for passwords inside *_history files)
  - [x] List of all hidden files
  - [x] Search buckup files
  - [x] Inside /tmp, /var/tmp and /var/backups
  - [x] Web files
  - [x] Search for backup files
  - [x] Get IPs, passwords and emails from logs
  - [x] "pwd" and "passw" inside files (and get most probable lines)


By Polop<sup>(TM)</sup>
Update README.md 2019-06-08 16:57:16 +02:00			`# LinPE - Linux Privilege Escalation (with colors)`
first commit 2019-01-13 21:14:35 +01:00
asciinema 2019-06-03 22:44:05 +02:00
Asciinema updated 2019-06-08 12:59:40 +02:00			`[![asciicast](https://asciinema.org/a/250532.png)](https://asciinema.org/a/250532)`
asciinema 2019-06-03 22:44:05 +02:00

			`The goal of this script is to search for possible Privilege Escalation vectors inside a linux machine.`
first commit 2019-01-13 21:14:35 +01:00
more checks, better colors, update readme 2019-04-29 23:10:21 +02:00			`This script does not have any dependency.`
first commit 2019-01-13 21:14:35 +01:00
Update README.md 2019-06-08 16:43:05 +02:00			`There is no need even for bash shell, it runs using /bin/sh.`
supervisord, cesi, sh colors, more lists 2019-05-08 23:02:00 +02:00
v1.1 2019-06-08 12:34:41 +02:00			`It could take from 2 to 3 minutes to execute the hole script (less than 1 min to make almost all the checks, almost 1 min to search for possible passwords inside all the accesible files of the system and 1 min to monitor the processes in order to find very frequent cron jobs).`
first commit 2019-01-13 21:14:35 +01:00
Update README.md 2019-06-08 16:43:05 +02:00			`This script has several lists included inside of it to be able to color the results in order to discover PE vector.`
Update README.md 2019-02-23 16:39:02 +01:00
fstab colors 2019-05-11 18:40:50 +02:00			`The script automatically finds a writable directory and writes the output of the checks there. The first console output will be the path of the file created.`

change image 2019-06-08 16:46:26 +02:00			`![](https://github.com/carlospolop/linPE/blob/master/images/linpe-exec.png)`
move photo 2019-06-03 22:46:13 +02:00
colors 2019-06-03 23:04:53 +02:00			`## Colors`

Update README.md 2019-06-08 16:43:05 +02:00			`LinPE uses colors to indicate where does each section begin. But it also uses them the identify potencial misconfigurations.`
colors 2019-06-03 23:04:53 +02:00
Added DirtyCow versions 2019-06-06 01:59:48 +02:00			`The ![](https://placehold.it/15/b32400/000000?text=+) Red/Yellow ![](https://placehold.it/15/fff500/000000?text=+) color is used for identifing configurations that lead to PE (99% sure).`
colors 2019-06-03 23:04:53 +02:00
			`The ![](https://placehold.it/15/b32400/000000?text=+) Red color is used for identifing suspicious configurations that could lead to PE:`
			`- Possible exploitable kernel versions`
			`- Vulnerable sudo versions`
			`- Identify processes running as root`
			`- Not mounted devices`
			`- Dangerous fstab permissions`
			`- Writable files in interesting directories`
Update README.md 2019-06-08 16:43:05 +02:00			`- SUID/SGID binaries that have some vulnerable version (it also specifies the vulnerable version)`
colors 2019-06-03 23:04:53 +02:00			`- SUDO binaries that can be used to escalate privileges in sudo -l (without passwd) (https://gtfobins.github.io/)`
			`- 127.0.0.1 in netstat`
			`- Known files that could contain passwords`
			`- Capabilities in interesting binaries`
			`- Interesting capabilities of a binary`
			`- Writable folders and wilcards inside info about cron jobs`
			`- Writables folders in PATH`
			`- Groups that could lead to root`
			`- Files that could contains passwords`

			`The ![](https://placehold.it/15/66ff33/000000?text=+) Green color is used for:`
			`- Common processes run by root`
			`- Common not interesting devices to mount`
			`- Not dangerous fstab permissions`
Update README.md 2019-06-08 16:43:05 +02:00			`- SUID/SGID common binaries (the bin was already found in other machines and searchsploit doesn't identify any vulnerable version)`
colors 2019-06-03 23:04:53 +02:00			`- Common .sh files in path`
			`- Common names of users executing processes`

			`The ![](https://placehold.it/15/0066ff/000000?text=+) Blue color is used for:`
			`- Users without shell`
			`- Mounted devices`

			`The ![](https://placehold.it/15/33ccff/000000?text=+) Light Cyan color is used for:`
			`- Users with shell`

			`The ![](https://placehold.it/15/bf80ff/000000?text=+) Light Magenta color is used for:`
			`- Current username`


			`The color filtering is not available in the one-liner (the lists are too big)`


			`## One liner`

			`Here you have an old linpe version script in one line, just copy and paste it;)`

Update README.md 2019-06-08 16:43:05 +02:00			`This one-liner is deprecated (I am not going to update it more), but it could be useful in some cases so it will remain here:`
colors 2019-06-03 23:04:53 +02:00
			`The default file where all the data is recorded is: /tmp/linPE (you can change it at the beginning of the script)`


Update README.md 2019-06-03 23:06:38 +02:00			```sh
			file="/tmp/linPE";RED='\033[0;31m';Y='\033[0;33m';B='\033[0;34m';NC='\033[0m';rm -rf $file;echo "File: $file";echo "[+]Gathering system information...";printf $B"[] "$RED"BASIC SYSTEM INFO\n"$NC >> $file ;echo "" >> $file;printf $Y"[+] "$RED"Operative system\n"$NC >> $file;(cat /proc/version \|\| uname -a ) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"PATH\n"$NC >> $file;echo $PATH 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Date\n"$NC >> $file;date 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Sudo version\n"$NC >> $file;sudo -V 2>/dev/null\| grep "Sudo ver" >> $file;echo "" >> $file;printf $Y"[+] "$RED"selinux enabled?\n"$NC >> $file;sestatus 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Useful software?\n"$NC >> $file;which nc ncat netcat wget curl ping gcc make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Capabilities\n"$NC >> $file;getcap -r / 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Environment\n"$NC >> $file;(set \|\| env) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Top and cleaned proccesses\n"$NC >> $file;ps aux 2>/dev/null \| grep -v "\[" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Binary processes permissions\n"$NC >> $file;ps aux 2>/dev/null \| awk '{print $11}'\|xargs -r ls -la 2>/dev/null \|awk '!x[$0]++' 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Services\n"$NC >> $file;(/usr/sbin/service --status-all \|\| /sbin/chkconfig --list \|\| /bin/rc-status) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Different processes executed during 1 min (HTB)\n"$NC >> $file;if [ "`ps -e --format cmd`" ]; then for i in {1..121}; do ps -e --format cmd >> $file.tmp1; sleep 0.5; done; sort $file.tmp1 \| uniq \| grep -v "\[" \| sed '/^.\{500\}./d' >> $file; rm $file.tmp1; fi;echo "" >> $file;printf $Y"[+] "$RED"Proccesses binary permissions\n"$NC >> $file;ps aux 2>/dev/null \| awk '{print $11}'\|xargs -r ls -la 2>/dev/null \|awk '!x[$0]++' 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Scheduled tasks\n"$NC >> $file;crontab -l 2>/dev/null >> $file;ls -al /etc/cron 2>/dev/null >> $file;cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root /var/spool/anacron 2>/dev/null \| grep -v "^#" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Any sd* disk in /dev?\n"$NC >> $file;ls /dev 2>/dev/null \| grep -i "sd" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Storage information\n"$NC >> $file;df -h 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Unmounted file-system?\n"$NC >> $file;cat /etc/fstab 2>/dev/null \| grep -v "^#" >> $file;echo "" >> $file;printf $Y"[+] "$RED"Printer?\n"$NC >> $file;lpstat -a 2>/dev/null >> $file;echo "" >> $file;echo "" >> $file;echo "[+]Gathering network information...";printf $B"[] "$RED"NETWORK INFO\n"$NC >> $file ;echo "" >> $file;printf $Y"[+] "$RED"Hostname, hosts and DNS\n"$NC >> $file;cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null \| grep -v "^#" >> $file;dnsdomainname 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Networks and neightbours\n"$NC >> $file;cat /etc/networks 2>/dev/null >> $file;(ifconfig \|\| ip a) 2>/dev/null >> $file;iptables -L 2>/dev/null >> $file;ip n 2>/dev/null >> $file;route -n 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Ports\n"$NC >> $file;(netstat -punta \|\| ss -t; ss -u) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Can I sniff with tcpdump?\n"$NC >> $file;timeout 1 tcpdump >> $file 2>&1;echo "" >> $file;echo "" >> $file;echo "[+]Gathering users information...";printf $B"[] "$RED"USERS INFO\n"$NC >> $file ;echo "" >> $file;printf $Y"[+] "$RED"Me\n"$NC >> $file;(id \|\| (whoami && groups)) 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Sudo -l without password\n"$NC >> $file;echo '' \| sudo -S -l -k 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Do I have PGP keys?\n"$NC >> $file;gpg --list-keys 2>/dev/null >> $file;echo "" >> $file;printf $Y"[+] "$RED"Superusers\n"$NC
			```
colors 2019-06-03 23:04:53 +02:00
move photo 2019-06-03 22:46:13 +02:00
Update README.md 2019-06-08 16:43:05 +02:00			`## What does linpe look for`
LinPE v1 2019-02-23 16:34:58 +01:00			`- System Information`
Update README.md 2019-06-08 16:43:05 +02:00			`- [x] SO, kernel version & sudo version`
			`- [x] PATH, Date, time, selinux & env (and exports a new path if basic folders lacks)`
			`- [x] Useful software installed (special search for compilers)`
			`- [x] Processes (Current, Executed within a minute, Binary permissions)`
			`- [x] Services`
			`- [x] Scheduled tasks`
			`- [x] sd* disk in /dev, storage info, mem info, ummounted file-sys, printers`
LinPE v1 2019-02-23 16:34:58 +01:00
Update README.md 2019-02-23 16:39:02 +01:00
LinPE v1 2019-02-23 16:34:58 +01:00			`- Network Information`
Update README.md 2019-06-08 16:43:05 +02:00			`- [x] Hostname, hosts & dns`
			`- [x] Intefaces, networks and neightbours`
			`- [x] Active ports`
			`- [x] Sniff permissions`
LinPE v1 2019-02-23 16:34:58 +01:00
Update README.md 2019-02-23 16:39:02 +01:00
LinPE v1 2019-02-23 16:34:58 +01:00			`- Users Information`
Update README.md 2019-06-08 16:43:05 +02:00			`- [x] Info about current user (whoami, groups, sudo, PGPkeys)`
			- [x] `sudo -l` without password
			- [x] Try to login using `su` as other users (using null pass and the username)
			`- [x] List of superusers`
			`- [x] Login info`
			`- [x] Available users with console`
			`- [x] List of all users`
Update README.md 2019-02-23 16:39:02 +01:00
LinPE v1 2019-02-23 16:34:58 +01:00
V1.0 2019-06-07 20:29:44 +02:00			`- Software Sensitive Information`
Update README.md 2019-06-08 16:43:05 +02:00			`- [x] MySQl (Version, user being configured, loging as "root:root","root:toor","root:", user hashes extraction via DB and file, possible backup user configured)`
			`- [x] PostgreSQL (Version, try login in "template0" and "template1" as: "postgres:", "psql:")`
			`- [x] Apache (Version)`
			`- [x] Wordpress (Database credentials)`
			`- [x] Tomcat (Credentials)`
			`- [x] Mongo (Version)`
			`- [x] Supervisor (Credentials)`
			`- [x] Cesi (Credentials)`
			`- [x] Rsyncd (Credentials)`
			`- [x] Hostapd (Credentials)`
			`- [x] Network (Credentials)`
			`- [x] Anaconda-ks (Credentials)`
			`- [x] VNC (Credentials)`
			`- [x] LDAP database (Credentials)`
			`- [x] Open VPN files (Credentials)`
			`- [x] SSH (private keys, known_hosts, authorized_hosts, authorized_keys, root login permitted)`
			`- [x] AWS (Files with AWS keys)`
			`- [x] NFS (privilege escalation misconfiguration)`
more checks, better colors, update readme 2019-04-29 23:10:21 +02:00
V1.0 2019-06-07 20:29:44 +02:00
			`- Generic Interesting Files`
Update README.md 2019-06-08 16:43:05 +02:00			`- [x] Pkexec policy, SUID & SGID files`
			`- [x] Capabilities`
			`- [x] .sh scripts in PATH`
			`- [x] Reduced list of files inside home`
			`- [x] Mails`
			`- [x] Hashes (passwd, shadow & master.passwd)`
			`- [x] Try to read root dir`
			`- [x] Check if Docker or LXC container`
			`- [x] List ALL writable files for current user (global, user and groups)`
			`- [x] Files that can contain passwords (and search for passwords inside *_history files)`
			`- [x] List of all hidden files`
			`- [x] Search buckup files`
			`- [x] Inside /tmp, /var/tmp and /var/backups`
			`- [x] Web files`
			`- [x] Search for backup files`
			`- [x] Get IPs, passwords and emails from logs`
			`- [x] "pwd" and "passw" inside files (and get most probable lines)`


			`By Polop<sup>(TM)</sup>`