improvements

build_lists/download_regexes.ps1

@@ -0,0 +1,5 @@
+$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
+$filePath = Join-Path $scriptDir "regexes.yaml"
+$url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
+
+Invoke-WebRequest $url -OutFile $filePath

build_lists/download_regexes.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import os
+import requests
+from pathlib import Path
+
+
+def download_regexes():
+    print("[+] Downloading regexes...")
+    url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
+    response = requests.get(url)
+    if response.status_code == 200:
+        # Save the content of the response to a file
+        script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
+        target_file = script_folder / 'regexes.yaml'
+
+        with open(target_file, "w") as file:
+            file.write(response.text)
+        print(f"Downloaded and saved in '{target_file}' successfully!")
+    else:
+        print("Error: Unable to download the regexes file.")
+        exit(1)
+
+download_regexes()

linPEAS/builder/linpeas_parts/10_api_keys_regex.sh

@@ -37,6 +37,7 @@ search_for_regex(){
         timeout 120 find /tmp /srv /Applications -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
     fi
     wait
+    printf "\033[2K\r"
 }
 
 

linPEAS/builder/linpeas_parts/2_container.sh

@@ -218,7 +218,7 @@ checkProcSysBreakouts(){
 ##############################################
 containerCheck
 
-print_2title "Container related tools present"
+print_2title "Container related tools present (if any):"
 command -v docker 
 command -v lxc 
 command -v rkt 
@@ -226,8 +226,10 @@ command -v kubectl
 command -v podman
 command -v runc
 
-print_2title "Am I Containered?"
+if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
-execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+  print_2title "Am I Containered?"
+  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+fi
 
 print_2title "Container details"
 print_list "Is this a container? ...........$NC $containerType"
@@ -260,7 +262,7 @@ if echo "$containerType" | grep -qi "docker"; then
     print_2title "Docker Container details"
     inDockerGroup
     print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "Looking and enumerating Docker Sockets\n"$NC
+    print_list "Looking and enumerating Docker Sockets (if any):\n"$NC
     enumerateDockerSockets
     print_list "Docker version .................$NC$dockerVersion"
     checkDockerVersionExploits
@@ -268,7 +270,7 @@ if echo "$containerType" | grep -qi "docker"; then
     print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     if [ "$inContainer" ]; then
         checkDockerRootless
-        print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
+        print_list "Rootless Docker? ............... $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
         echo ""
     fi
     if df -h | grep docker; then
@@ -328,7 +330,6 @@ if [ "$inContainer" ]; then
     print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "binfmt_misc breakout ........... $binfmt_misc_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "uevent_helper breakout ......... $uevent_helper_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "is modprobe present ............ $modprobe_present\n" | sed -${E} "s,/.*,${SED_RED},"
     print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,Yes,${SED_RED},"
     print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,Yes,${SED_RED},"

linPEAS/builder/linpeas_parts/6_users_information.sh

@@ -95,9 +95,9 @@ if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then
     echo "Current user has .sudo_as_admin_successful file, so he can execute with sudo" | sed -${E} "s,.*,${SED_RED},";
   fi
 
-  if ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -qE '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'; then
+  if ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -qE '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'; then
-    echo "Current user has other interactive shells running" | sed -${E} "s,.*,${SED_RED},g";
+    echo "Current user has other interactive shells running: " | sed -${E} "s,.*,${SED_RED},g";
-    ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
+    ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
   fi
 
 else 

linPEAS/builder/linpeas_parts/linpeas_base.sh

@@ -527,7 +527,7 @@ STRINGS="$(command -v strings 2>/dev/null)"
 LDD="$(command -v ldd 2>/dev/null)"
 READELF="$(command -v readelf 2>/dev/null)"
 
-shscripsG="/0trace.sh|/alsa-info.sh|amuFormat.sh|/blueranger.sh|/crosh.sh|/dnsmap-bulk.sh|/dockerd-rootless.sh|/dockerd-rootless-setuptool.sh|/get_bluetooth_device_class.sh|/gettext.sh|/go-rhn.sh|/gvmap.sh|/kernel_log_collector.sh|/lesspipe.sh|/lprsetup.sh|/mksmbpasswd.sh|/pm-utils-bugreport-info.sh|/power_report.sh|/setuporamysql.sh|/setup-nsssysinit.sh|/readlink_f.sh|/rescan-scsi-bus.sh|/start_bluetoothd.sh|/start_bluetoothlog.sh|/testacg.sh|/testlahf.sh|/unix-lpr.sh|/url_handler.sh|/write_gpt.sh"
+shscripsG="/0trace.sh|/alsa-info.sh|amuFormat.sh|/blueranger.sh|/crosh.sh|/dnsmap-bulk.sh|/dockerd-rootless.sh|/dockerd-rootless-setuptool.sh|/get_bluetooth_device_class.sh|/gettext.sh|/go-rhn.sh|/gvmap.sh|/kernel_log_collector.sh|/lesspipe.sh|/lprsetup.sh|/mksmbpasswd.sh|/pm-utils-bugreport-info.sh|/power_report.sh|/prl-opengl-switcher.sh|/setuporamysql.sh|/setup-nsssysinit.sh|/readlink_f.sh|/rescan-scsi-bus.sh|/start_bluetoothd.sh|/start_bluetoothlog.sh|/testacg.sh|/testlahf.sh|/unix-lpr.sh|/url_handler.sh|/write_gpt.sh"
 
 notBackup="/tdbbackup$|/db_hotbackup$"
 
@@ -542,7 +542,7 @@ mail_apps="Postfix|Dovecot|Exim|SquirrelMail|Cyrus|Sendmail|Courier"
 
 profiledG="01-locale-fix.sh|256term.csh|256term.sh|abrt-console-notification.sh|appmenu-qt5.sh|apps-bin-path.sh|bash_completion.sh|cedilla-portuguese.sh|colorgrep.csh|colorgrep.sh|colorls.csh|colorls.sh|colorxzgrep.csh|colorxzgrep.sh|colorzgrep.csh|colorzgrep.sh|csh.local|cursor.sh|gawk.csh|gawk.sh|im-config_wayland.sh|kali.sh|lang.csh|lang.sh|less.csh|less.sh|flatpak.sh|sh.local|vim.csh|vim.sh|vte.csh|vte-2.91.sh|which2.csh|which2.sh|xauthority.sh|Z97-byobu.sh|xdg_dirs_desktop_session.sh|Z99-cloudinit-warnings.sh|Z99-cloud-locale-test.sh"
 
-knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|rogershimizu@gmail.com|thmarques@gmail.com"
+knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|mmyangfl@gmail.com|rogershimizu@gmail.com|thmarques@gmail.com"
 
 timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|dpkg-db-backup.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|plocate-updatedb.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ua-license-check.timer|ua-messaging.timer|ua-timer.timer|ureadahead-stop.timer"
 
@@ -697,8 +697,8 @@ print_3title(){
 }
 
 print_3title_no_nl(){
-  echo -ne "\033[2K\r"
+  printf "\033[2K\r"
-  printf ${BLUE}"\r══╣ $GREEN${1}..."$NC #There are 2 "═"
+  printf ${BLUE}"══╣ $GREEN${1}..."$NC #There are 2 "═"
 }
 
 print_list(){

linPEAS/builder/src/linpeasBuilder.py

@@ -377,7 +377,7 @@ class LinpeasBuilder:
 
         for values in regexes:
             section_name = values["name"]
-            regexes_search_section += f'print_2title "Searching {section_name}"\n'
+            regexes_search_section += f'    print_2title "Searching {section_name}"\n'
 
             for entry in values["regexes"]:
                 name = entry["name"]

linPEAS/builder/src/yamlGlobals.py

@@ -1,26 +1,11 @@
 import os
 import yaml
-import requests
 from pathlib import Path
 
 
-def download_regexes():
+script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
-    print("[+] Downloading regexes...")
+target_file = script_folder / '..' / '..' / '..' / 'build_lists' / 'download_regexes.py'
-    url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
+os.system(target_file)
-    response = requests.get(url)
-    if response.status_code == 200:
-        # Save the content of the response to a file
-        script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
-        target_file = script_folder / '..' / '..' / '..' / 'build_lists' / 'regexes.yaml'
-
-        with open(target_file, "w") as file:
-            file.write(response.text)
-        print(f"Downloaded and saved in '{target_file}' successfully!")
-    else:
-        print("Error: Unable to download the regexes file.")
-        exit(1)
-
-download_regexes()
 
 CURRENT_DIR = os.path.dirname(os.path.realpath(__file__))
 

winPEAS/winPEASexe/README.md

@@ -53,6 +53,7 @@ $wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions someti
 ## Parameters Examples
 
 ```bash
+winpeas.exe -h # Get Help
 winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
 winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
 winpeas.exe notcolor #Do not color the output
@@ -64,35 +65,6 @@ winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpea
 winpeas.exe -lolbas  #Execute also additional LOLBAS search check
 ```
 
-## Help
-```
-domain               Enumerate domain information
-systeminfo           Search system information
-userinfo             Search user information
-processinfo          Search processes information
-servicesinfo         Search services information
-applicationsinfo     Search installed applications information
-networkinfo          Search network information
-windowscreds         Search windows credentials
-browserinfo          Search browser information
-filesinfo            Search generic files that can contains credentials
-fileanalysis         Search specific files that can contains credentials and for regexes inside files
-eventsinfo           Display interesting events information
-
-quiet                Do not print banner
-notcolor             Don't use ansi colors (all white)
-searchpf             Search credentials via regex also in Program Files folders
-wait                 Wait for user input between checks
-debug                Display debugging information - memory usage, method execution time
-log[=logfile]        Log all output to file defined as logfile, or to "out.txt" if not specified
-MaxRegexFileSize=1000000        Max file size (in Bytes) to search regex in. Default: 1000000B
-
-Additional checks (slower):
--lolbas              Run additional LOLBAS check
--linpeas=[url]       Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
-                     (default: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh)
-```
-
 ## Basic information
 
 The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.