Update FileAnalysis.cs

2025-12-10 10:49:02 +00:00 · 2022-11-02 18:58:53 +00:00 · 2022-11-02 18:50:36 +00:00 · 2022-11-02 18:42:29 +00:00 · 2022-11-02 18:37:11 +00:00 · 2022-11-02 18:28:08 +00:00
5 changed files with 41 additions and 8 deletions
--- a/linPEAS/README.md
+++ b/linPEAS/README.md
@@ -47,6 +47,12 @@ chmod +x linpeas_linux_amd64
 ./linpeas_linux_amd64
 ```
 ```bash
 # Execute from memory in Penelope session
 # From: https://github.com/brightio/penelope
 > run peass-ng
 ```
 ## Firmware Analysis
 If you have a **firmware** and you want to **analyze it with linpeas** to **search for passwords or bad configured permissions** you have 2 main options.
--- a/parsers/README.md
+++ b/parsers/README.md
@@ -3,7 +3,7 @@
 These scripts allows you to transform the output of linpeas/macpeas/winpeas to JSON and then to PDF and HTML.
 ```python3
-python3 peass2json.py </path/to/executed_peass.out> </path/to/peass.json>
+python3 peas2json.py </path/to/executed_peass.out> </path/to/peass.json>
 python3 json2pdf.py </path/to/peass.json> </path/to/peass.pdf>
 python3 json2html.py </path/to/peass.json> </path/to/peass.html>
 ```
--- a/winPEAS/winPEASexe/winPEAS/App.config
+++ b/winPEAS/winPEASexe/winPEAS/App.config
@@ -3,4 +3,7 @@
    <startup useLegacyV2RuntimeActivationPolicy="true"> 
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/></startup>
    <runtime>
 		<AppContextSwitchOverrides value="Switch.System.IO.UseLegacyPathHandling=false" />
 	</runtime>
 </configuration>
--- a/winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
@@ -154,15 +154,39 @@ namespace winPEAS.Checks
            try
            {
                Regex rgx;
-                if (caseinsensitive)
+                bool is_re_match = false;
-                    rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
+                try
-                else
+                {
-                    rgx = new Regex(regex_str.Trim());
+                    // Use "IsMatch" because it supports timeout, if exception is thrown exit the func to avoid ReDoS in "rgx.Matches"
                    if (caseinsensitive)
                    {
                        is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.IgnoreCase, TimeSpan.FromSeconds(120));
                        rgx = new Regex(regex_str.Trim(), RegexOptions.IgnoreCase);
                    }
                    else
                    {
                        is_re_match = Regex.IsMatch(text, regex_str.Trim(), RegexOptions.None, TimeSpan.FromSeconds(120));
                        rgx = new Regex(regex_str.Trim());
                    }
                }
                catch (RegexMatchTimeoutException e)
                {
                    if (Checks.IsDebug)
                    {
                        Beaprint.GrayPrint($"The regex {regex_str} had a timeout (ReDoS avoided but regex unchecked in a file)");
                    }
                    return foundMatches;
                }
                if (!is_re_match)
                {
                    return foundMatches;
                }
                int cont = 0;
                foreach (Match match in rgx.Matches(text))
                {
-                    if (cont > 4) break;
+                    if (cont > 10) break;
                    if (match.Value.Length < 400 && match.Value.Trim().Length > 2)
                        foundMatches.Add(match.Value);
@@ -349,7 +373,7 @@ namespace winPEAS.Checks
                                        timer.Stop();
                                        TimeSpan timeTaken = timer.Elapsed;
-                                        if (timeTaken.TotalMilliseconds > 1000)
+                                        if (timeTaken.TotalMilliseconds > 20000)
                                            Beaprint.PrintDebugLine($"\nThe regex {regex.regex} took {timeTaken.TotalMilliseconds}s in {f.FullPath}");
                                    }
                                }
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
@@ -105,7 +105,7 @@ namespace winPEAS.Helpers
            PrintLegend();
            Console.WriteLine();
-            LinkPrint("https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:");
+            Console.WriteLine(BLUE + " You can find a Windows local PE Checklist here: "+YELLOW+"https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation");
        }
        static void PrintLegend()
Author	SHA1	Message	Date
Carlos Polop	27d954e03a	Update FileAnalysis.cs	2022-11-02 18:58:53 +00:00
Carlos Polop	9416b924cb	Update FileAnalysis.cs	2022-11-02 18:50:36 +00:00
Carlos Polop	6ec25656f2	Update FileAnalysis.cs	2022-11-02 18:42:29 +00:00
Carlos Polop	3039ce555d	Update FileAnalysis.cs	2022-11-02 18:37:11 +00:00
Carlos Polop	d382de1cb1	Merge pull request #319 from motikan2010/fix/small-typo Fix small typo in /parser/README.md	2022-11-02 18:28:08 +00:00
Carlos Polop	c62a8f8b54	Update App.config	2022-11-02 18:27:42 +00:00
Carlos Polop	a70b9773db	Update FileAnalysis.cs	2022-11-02 18:26:18 +00:00
Carlos Polop	7a19b0968f	Update README.md	2022-10-12 14:56:18 +02:00
Carlos Polop	ce002b9f33	Update README.md	2022-10-12 14:34:05 +02:00
motikan2010	1afac19979	Fix typo in /parser/README.md	2022-10-09 13:56:29 +09:00
Carlos Polop	219b1669c3	Update Beaprint.cs	2022-10-06 17:46:45 +02:00