Update 7_interesting_files.sh

Update 6_software_information.sh
Update linpeas_base.sh
2025-12-10 10:49:02 +00:00 · 2022-05-11 21:13:18 +01:00 · 2022-05-11 21:09:43 +01:00 · 2022-05-11 20:36:51 +01:00 · 2022-05-11 20:25:37 +01:00 · 2022-05-11 20:23:27 +01:00
5 changed files with 26 additions and 21 deletions
--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@@ -149,11 +149,7 @@ if [ "$(command -v bash 2>/dev/null)" ]; then
    print_2title "Executing Linux Exploit Suggester"
    print_info "https://github.com/mzet-/linux-exploit-suggester"
    les_b64="peass{LES}"
-    if [ "$EXTRA_CHECKS" ]; then
-        echo $les_b64 | base64 -d | bash -s -- --checksec | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | sed -E "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
-    else
-        echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
-    fi
+    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,\[CVE-[0-9]+-[0-9]+\].*,${SED_RED},g"
    echo ""
 fi

--- a/linPEAS/builder/linpeas_parts/4_network_information.sh
+++ b/linPEAS/builder/linpeas_parts/4_network_information.sh
@@ -99,7 +99,7 @@ fi
 echo ""

 #-- NI) Internet access
-if ! [ "$SUPERFAST" ] && [ "$EXTRA_CHECKS" ] && ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then
+if [ "$AUTO_NETWORK_SCAN" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then
  print_2title "Internet Access?"
  check_tcp_80 2>/dev/null &
  check_tcp_443 2>/dev/null &
@@ -109,7 +109,7 @@ if ! [ "$SUPERFAST" ] && [ "$EXTRA_CHECKS" ] && ! [ "$FAST" ] && [ "$TIMEOUT" ]
  echo ""
 fi

-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] || [ "$AUTO_NETWORK_SCAN" ]; then
+if [ "$AUTO_NETWORK_SCAN" ]; then
  if ! [ "$FOUND_NC" ]; then
    printf $RED"[-] $SCAN_BAN_BAD\n$NC"
    echo "The network is not going to be scanned..."
@@ -181,4 +181,4 @@ if [ "$MACOS" ]; then
    warn_exec system_profiler SPUSBDataType
    echo ""
  fi
-fi
+fi
--- a/linPEAS/builder/linpeas_parts/6_software_information.sh
+++ b/linPEAS/builder/linpeas_parts/6_software_information.sh
@@ -43,8 +43,12 @@ fi

 #-- SI) Mysql version
 if [ "$(command -v mysql)" ] || [ "$(command -v mysqladmin)" ] || [ "$DEBUG" ]; then
-  print_2title "MySQL version"
+  print_2title "MySQL"
  mysql --version 2>/dev/null || echo_not_found "mysql"
+  mysqluser=$(systemctl status mysql 2>/dev/null | grep -o ".\{0,0\}user.\{0,50\}" | cut -d '=' -f2 | cut -d ' ' -f1)
+  if [ "$mysqluser" ]; then
+    echo "MySQL user: $mysqluser" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+  fi
  echo ""

  #-- SI) Mysql connection root/root
@@ -80,7 +84,7 @@ fi
 if [ "$PSTORAGE_MYSQL" ] || [ "$DEBUG" ]; then
  print_2title "Searching mysql credentials and exec"
  printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do
-    if [ -f "$d" ]; then
+    if [ -f "$d" ] && ! [ "$(basename $d)" = "mysql" ]; then
      STRINGS="`command -v strings`"
      echo "Potential file containing credentials:"
      ls -l "$d"
--- a/linPEAS/builder/linpeas_parts/7_interesting_files.sh
+++ b/linPEAS/builder/linpeas_parts/7_interesting_files.sh
@@ -448,9 +448,9 @@ FILECMD="$(command -v file 2>/dev/null)"
 if [ "$PSTORAGE_DATABASE" ]; then
  printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
    if [ "$FILECMD" ]; then
-      echo "Found: $(file $f)" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
+      echo "Found "$(file "$f") | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
    else
-      echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
+      echo "Found $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
    fi
  done
  SQLITEPYTHON=""
@@ -635,4 +635,4 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then

  ##-- IF) Find possible regexes
  peass{REGEXES}
-fi
+fi
--- a/linPEAS/builder/linpeas_parts/linpeas_base.sh
+++ b/linPEAS/builder/linpeas_parts/linpeas_base.sh
@@ -69,21 +69,21 @@ THREADS="$( ( (grep -c processor /proc/cpuinfo 2>/dev/null) || ( (command -v lsc
 HELP=$GREEN"Enumerate and search Privilege Escalation vectors.
 ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors.
      ${YELLOW}-h${BLUE} To show this message
-      ${YELLOW}-q${BLUE} Do not show banner
      ${YELLOW}-e${BLUE} Perform extra enumeration
-      ${YELLOW}-s${BLUE} SuperFast (don't check some time consuming checks) - Stealth mode
-      ${YELLOW}-a${BLUE} All checks (1min of processes and su brute) - Noisy mode, for CTFs mainly
-      ${YELLOW}-w${BLUE} Wait execution between big blocks of checks
-      ${YELLOW}-N${BLUE} Do not use colours
-      ${YELLOW}-D${BLUE} Debug mode
-      ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
+      ${YELLOW}-s${BLUE} Stealth & faster (don't check some time consuming checks)
+      ${YELLOW}-a${BLUE} All checks except Internet connectivity checks and automatic network recon (use -t to enable them)
+      ${YELLOW}-t${BLUE} Automatic network scan & Internet conectivity checks - This option writes to files
      ${YELLOW}-o${BLUE} Only execute selected checks (peass{CHECKS}). Select a comma separated list.
+      ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
+      ${YELLOW}-w${BLUE} Wait execution between big blocks of checks
      ${YELLOW}-L${BLUE} Force linpeas execution.
      ${YELLOW}-M${BLUE} Force macpeas execution.
+      ${YELLOW}-N${BLUE} Do not use colours
+      ${YELLOW}-D${BLUE} Debug mode
+      ${YELLOW}-q${BLUE} Do not show banner
      ${YELLOW}-d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
      ${YELLOW}-p <PORT(s)> -d <IP/NETMASK>${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139
      ${YELLOW}-i <IP> [-p <PORT(s)>]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
-      ${YELLOW}-t${BLUE} Automatic network scan (host discovery and port scanning) - This option writes to files
      $GREEN Notice${BLUE} that if you specify some network scan (options -d/-p/-i but NOT -t), no PE check will be performed$NC"

 while getopts "h?asd:p:i:P:qo:LMwNDte" opt; do
@@ -910,6 +910,11 @@ printf $LG"Hostname: "$NC
 hostname 2>/dev/null
 printf $LG"Writable folder: "$NC;
 echo $Wfolder
+
+if ! [ "$FAST" ] && ! [ "$AUTO_NETWORK_SCAN" ]; then
+	printf $LG"Remember that you can use the '-t' option to call the Internet connectivity checks and automatic network recon!\n"$NC;
+fi
+
 if [ "$DISCOVER_BAN_GOOD" ]; then
  printf $YELLOW"[+] $DISCOVER_BAN_GOOD\n$NC"
 else
Author	SHA1	Message	Date
Carlos Polop	fa0f2e17fb	Update 7_interesting_files.sh	2022-05-11 21:13:18 +01:00
Carlos Polop	f8e0090962	Update 6_software_information.sh	2022-05-11 21:09:43 +01:00
Carlos Polop	10960f2456	Update linpeas_base.sh	2022-05-11 20:36:51 +01:00
Carlos Polop	0c9bee903a	Update 4_network_information.sh	2022-05-11 20:25:37 +01:00
Carlos Polop	7f2b14d8d7	Update 1_system_information.sh	2022-05-11 20:23:27 +01:00
Carlos Polop	0a41095a1b	Update 6_software_information.sh	2022-05-09 12:13:07 +01:00