Merge branch 'aicoder' of https://github.com/carlospolop/PEASS-ng into aicoder

path contains spaces check

.github/workflows/AIPRChecker.yml

@@ -0,0 +1,13 @@
+name: AIPRChecker - Check for security issues and code smells
+on: [pull_request_target]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run AIPRChecker
+        uses: AI-Gents/AIPRChecker@main
+        with:
+          api-key: ${{ secrets.OPENAI_API_KEY }}
+          model: 'gpt-4'
+          github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/CI-master_tests.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - master
+    paths-ignore:
+        - '.github/**'
   
   schedule:
     - cron: "5 4 * * SUN"

.github/workflows/aicoder.yml

@@ -0,0 +1,23 @@
+name: aicoder
+
+on:
+  workflow_dispatch:
+
+jobs:
+  Build_and_test_winpeas_master:
+    runs-on: ubuntu-latest
+
+    steps:
+      # checkout
+      - name: AICoder GH Action
+        uses: AICoderHub/GH_Action@v0.11
+        with:
+          INPUT_MODE: 'file-optimizer'
+          INPUT_PROMPT: ''
+          INPUT_OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          INPUT_MODEL: 'gpt-4'
+          TEMPLATE_FILES: ''
+          ORIGIN_BRANCH: 'aicoder'
+          TO_BRANCH: 'master'
+          CHECK_PATH: './parsers/json2pdf.py'
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

linPEAS/builder/linpeas_parts/1_system_information.sh

@@ -99,145 +99,3 @@ if [ "$(command -v smbutil)" ] || [ "$DEBUG" ]; then
     warn_exec smbutil statshares -a
     echo ""
 fi
-
-#-- SY) Environment vars
-print_2title "Environment"
-print_info "Any private information inside environment variables?"
-(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs|USEFUL_SOFTWARE|PSTORAGE_KUBERNETES" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set"
-echo ""
-
-#-- SY) Dmesg
-if [ "$(command -v dmesg 2>/dev/null)" ] || [ "$DEBUG" ]; then
-    print_2title "Searching Signature verification failed in dmesg"
-    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#dmesg-signature-verification-failed"
-    (dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg"
-    echo ""
-fi
-
-#-- SY) Kernel extensions
-if [ "$MACPEAS" ]; then
-    print_2title "Kernel Extensions not belonging to apple"
-    kextstat 2>/dev/null | grep -Ev " com.apple."
-
-    print_2title "Unsigned Kernel Extensions"
-    macosNotSigned /Library/Extensions
-    macosNotSigned /System/Library/Extensions
-fi
-
-if [ "$(command -v bash 2>/dev/null)" ]; then
-    print_2title "Executing Linux Exploit Suggester"
-    print_info "https://github.com/mzet-/linux-exploit-suggester"
-    les_b64="peass{LES}"
-    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
-    echo ""
-fi
-
-if [ "$(command -v perl 2>/dev/null)" ]; then
-    print_2title "Executing Linux Exploit Suggester 2"
-    print_info "https://github.com/jondonas/linux-exploit-suggester-2"
-    les2_b64="peass{LES2}"
-    echo $les2_b64 | base64 -d | perl 2>/dev/null | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
-    echo ""
-fi
-
-if [ "$MACPEAS" ] && [ "$(command -v brew 2>/dev/null)" ]; then
-    print_2title "Brew Doctor Suggestions"
-    brew doctor
-    echo ""
-fi
-
-
-
-#-- SY) AppArmor
-print_2title "Protections"
-print_list "AppArmor enabled? .............. "$NC
-if [ "$(command -v aa-status 2>/dev/null)" ]; then
-    aa-status 2>&1 | sed "s,disabled,${SED_RED},"
-elif [ "$(command -v apparmor_status 2>/dev/null)" ]; then
-    apparmor_status 2>&1 | sed "s,disabled,${SED_RED},"
-elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then
-    ls -d /etc/apparmor*
-else
-    echo_not_found "AppArmor"
-fi
-
-#-- SY) AppArmor2
-print_list "AppArmor profile? .............. "$NC
-(cat /proc/self/attr/current 2>/dev/null || echo "unconfined") | sed "s,unconfined,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
-
-#-- SY) LinuxONE
-print_list "is linuxONE? ................... "$NC
-( (uname -a | grep "s390x" >/dev/null 2>&1) && echo "Yes" || echo_not_found "s390x")
-
-#-- SY) grsecurity
-print_list "grsecurity present? ............ "$NC
-( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity")
-
-#-- SY) PaX
-print_list "PaX bins present? .............. "$NC
-(command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX")
-
-#-- SY) Execshield
-print_list "Execshield enabled? ............ "$NC
-(grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED},"
-
-#-- SY) SElinux
-print_list "SELinux enabled? ............... "$NC
-(sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED},"
-
-#-- SY) Seccomp
-print_list "Seccomp enabled? ............... "$NC
-([ "$(grep Seccomp /proc/self/status 2>/dev/null | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
-
-#-- SY) AppArmor
-print_list "User namespace? ................ "$NC
-if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then echo "enabled" | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi
-
-#-- SY) cgroup2
-print_list "Cgroup2 enabled? ............... "$NC
-([ "$(grep cgroup2 /proc/filesystems 2>/dev/null)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
-
-#-- SY) Gatekeeper
-if [ "$MACPEAS" ]; then
-    print_list "Gatekeeper enabled? .......... "$NC
-    (spctl --status 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED},"
-
-    print_list "sleepimage encrypted? ........ "$NC
-    (sysctl vm.swapusage | grep "encrypted" | sed "s,encrypted,${SED_GREEN},") || echo_no
-
-    print_list "XProtect? .................... "$NC
-    (system_profiler SPInstallHistoryDataType 2>/dev/null | grep -A 4 "XProtectPlistConfigData" | tail -n 5 | grep -Iv "^$") || echo_no
-
-    print_list "SIP enabled? ................. "$NC
-    csrutil status | sed "s,enabled,${SED_GREEN}," | sed "s,disabled,${SED_RED}," || echo_no
-
-    print_list "Connected to JAMF? ........... "$NC
-    warn_exec jamf checkJSSConnection
-
-    print_list "Connected to AD? ............. "$NC
-    dsconfigad -show && echo "" || echo_no
-fi
-
-#-- SY) ASLR
-print_list "Is ASLR enabled? ............... "$NC
-ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null)
-if [ -z "$ASLR" ]; then
-    echo_not_found "/proc/sys/kernel/randomize_va_space";
-else
-    if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi
-    echo ""
-fi
-
-#-- SY) Printer
-print_list "Printer? ....................... "$NC
-(lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null
-
-#-- SY) Running in a virtual environment
-print_list "Is this a virtual machine? ..... "$NC
-hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor)
-if [ "$(command -v systemd-detect-virt 2>/dev/null)" ]; then
-    detectedvirt=$(systemd-detect-virt)
-    if [ "$hypervisorflag" ]; then printf $RED"Yes ($detectedvirt)"$NC; else printf $GREEN"No"$NC; fi
-else
-    if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi
-fi

linPEAS/builder/linpeas_parts/linpeas_base.sh

@@ -454,7 +454,7 @@ else
   sh_usrs=$(cat /etc/passwd 2>/dev/null | grep -v "^root:" | grep -i "sh$" | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|bin|/|bin[\\\s:]|^bin$|/' | sed 's/|sys|/|sys[\\\s:]|^sys$|/' | sed 's/|daemon|/|daemon[\\\s:]|^daemon$|/')"ImPoSSssSiBlEee" #Modified bin, sys and daemon so they are not colored everywhere
   nosh_usrs=$(cat /etc/passwd 2>/dev/null | grep -i -v "sh$" | sort | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|bin|/|bin[\\\s:]|^bin$|/')"ImPoSSssSiBlEee"
 fi
-knw_usrs='_amavisd|_analyticsd|_appinstalld|_appleevents|_applepay|_appowner|_appserver|_appstore|_ard|_assetcache|_astris|_atsserver|_avbdeviced|_calendar|_captiveagent|_ces|_clamav|_cmiodalassistants|_coreaudiod|_coremediaiod|_coreml|_ctkd|_cvmsroot|_cvs|_cyrus|_datadetectors|_demod|_devdocs|_devicemgr|_diskimagesiod|_displaypolicyd|_distnote|_dovecot|_dovenull|_dpaudio|_driverkit|_eppc|_findmydevice|_fpsd|_ftp|_fud|_gamecontrollerd|_geod|_hidd|_iconservices|_installassistant|_installcoordinationd|_installer|_jabber|_kadmin_admin|_kadmin_changepw|_knowledgegraphd|_krb_anonymous|_krb_changepw|_krb_kadmin|_krb_kerberos|_krb_krbtgt|_krbfast|_krbtgt|_launchservicesd|_lda|_locationd|_logd|_lp|_mailman|_mbsetupuser|_mcxalr|_mdnsresponder|_mobileasset|_mysql|_nearbyd|_netbios|_netstatistics|_networkd|_nsurlsessiond|_nsurlstoraged|_oahd|_ondemand|_postfix|_postgres|_qtss|_reportmemoryexception|_rmd|_sandbox|_screensaver|_scsd|_securityagent|_softwareupdate|_spotlight|_sshd|_svn|_taskgated|_teamsserver|_timed|_timezone|_tokend|_trustd|_trustevaluationagent|_unknown|_update_sharing|_usbmuxd|_uucp|_warmd|_webauthserver|_windowserver|_www|_wwwproxy|_xserverdocs|daemon\W|^daemon$|message\+|syslog|www|www-data|mail|noboby|Debian\-\+|rtkit|systemd\+'
+knw_usrs='_amavisd|_analyticsd|_appinstalld|_appleevents|_applepay|_appowner|_appserver|_appstore|_ard|_assetcache|_astris|_atsserver|_avbdeviced|_calendar|_captiveagent|_ces|_clamav|_cmiodalassistants|_coreaudiod|_coremediaiod|_coreml|_ctkd|_cvmsroot|_cvs|_cyrus|_datadetectors|_demod|_devdocs|_devicemgr|_diskimagesiod|_displaypolicyd|_distnote|_dovecot|_dovenull|_dpaudio|_driverkit|_eppc|_findmydevice|_fpsd|_ftp|_fud|_gamecontrollerd|_geod|_hidd|_iconservices|_installassistant|_installcoordinationd|_installer|_jabber|_kadmin_admin|_kadmin_changepw|_knowledgegraphd|_krb_anonymous|_krb_changepw|_krb_kadmin|_krb_kerberos|_krb_krbtgt|_krbfast|_krbtgt|_launchservicesd|_lda|_locationd|_logd|_lp|_mailman|_mbsetupuser|_mcxalr|_mdnsresponder|_mobileasset|_mysql|_nearbyd|_netbios|_netstatistics|_networkd|_nsurlsessiond|_nsurlstoraged|_oahd|_ondemand|_postfix|_postgres|_qtss|_reportmemoryexception|_rmd|_sandbox|_screensaver|_scsd|_securityagent|_softwareupdate|_spotlight|_sshd|_svn|_taskgated|_teamsserver|_timed|_timezone|_tokend|_trustd|_trustevaluationagent|_unknown|_update_sharing|_usbmuxd|_uucp|_warmd|_webauthserver|_windowserver|_www|_wwwproxy|_xserverdocs|daemon\W|^daemon$|message\+|syslog|www|www-data|mail|nobody|Debian\-\+|rtkit|systemd\+'
 if ! [ "$USER" ]; then
   USER=$(whoami 2>/dev/null || echo -n "UserUnknown")
 fi
@@ -1141,7 +1141,7 @@ if [ "$SEARCH_IN_FOLDER" ] || echo $CHECKS | grep -q procs_crons_timers_srvcs_so
   #GENERATE THE STORAGES OF THE FOUND FILES
   peass{STORAGES_HERE}
 
-  ##### POST SERACH VARIABLES #####
+  ##### POST SEARCH VARIABLES #####
   backup_folders_row="$(echo $PSTORAGE_BACKUPS | tr '\n' ' ')"
   printf ${YELLOW}"DONE\n"$NC
   echo ""

linPEAS/builder/src/linpeasBuilder.py

@@ -353,7 +353,7 @@ class LinpeasBuilder:
     
     def __get_gtfobins_lists(self) -> tuple:
         r = requests.get("https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins")
-        bins = re.findall(r'/GTFOBins/GTFOBins.github.io/blob/master/_gtfobins/([\w_ \-]+).md', r.text)
+        bins = re.findall(r'_gtfobins/([\w_ \-]+).md', r.text)
 
         sudoVB = []
         suidVB = []

winPEAS/winPEASbat/winPEAS.bat

@@ -10,6 +10,14 @@ REM Registry scan of other drives besides
 REM /////true or false
 SET long=false
 
+REM Check if the current path contains spaces
+SET "CurrentFolder=%~dp0"
+IF "!CurrentFolder!" NEQ "!CurrentFolder: =!" (
+    ECHO winPEAS.bat cannot run if the current path contains spaces.
+	ECHO Exiting.
+    EXIT /B 1
+)
+
 :Splash
 ECHO.
 CALL :ColorLine "            %E%32m((,.,/((((((((((((((((((((/,  */%E%97m"

winPEAS/winPEASps1/README.md

@@ -14,9 +14,9 @@ The official **maintainer of this script is [RandolphConley](https://github.com/
 
 Download the **[latest releas from here](https://github.com/carlospolop/PEASS-ng/releases/latest)**.
 
+
 ```bash
-powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/WinPeas.ps1')"
-```
+powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1')"
 
 ## Advisory