mirror of
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git
synced 2026-02-12 07:36:35 +00:00
Compare commits
18 Commits
20260211-9
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
ec746e73e3 | ||
|
|
6a1d1efe95 | ||
|
|
cf3565d7e0 | ||
|
|
386ef0642a | ||
|
|
0680509774 | ||
|
|
3b0a8fd616 | ||
|
|
62ef61af0f | ||
|
|
b6c4474c27 | ||
|
|
4650d6b8ad | ||
|
|
354e3b81fb | ||
|
|
2848feda9b | ||
|
|
0bec3535dc | ||
|
|
2b1ab21f66 | ||
|
|
a8c5967d21 | ||
|
|
1e68040be3 | ||
|
|
143a20f17e | ||
|
|
de542f05a4 | ||
|
|
a10675d58f |
@@ -1,4 +1,4 @@
|
||||
name: Codex PR Triage
|
||||
name: Chack-Agent PR Triage
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
@@ -6,12 +6,15 @@ on:
|
||||
types: [completed]
|
||||
|
||||
jobs:
|
||||
codex_triage:
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
chack_agent_triage:
|
||||
# Temporarily disabled by maintainer request.
|
||||
if: ${{ false && github.event.workflow_run.conclusion == 'success' }}
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
env:
|
||||
CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
|
||||
outputs:
|
||||
should_run: ${{ steps.gate.outputs.should_run }}
|
||||
pr_number: ${{ steps.gate.outputs.pr_number }}
|
||||
@@ -80,110 +83,70 @@ jobs:
|
||||
${{ steps.gate.outputs.base_ref }} \
|
||||
+refs/pull/${{ steps.gate.outputs.pr_number }}/head
|
||||
|
||||
- name: Set up Python
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install chack-agent
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -e chack-agent
|
||||
|
||||
- name: Run Chack Agent
|
||||
id: run_codex
|
||||
id: run_chack
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
env:
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
INPUT_PROVIDER: openai
|
||||
INPUT_MODEL_PRIMARY: gpt-5.2-codex
|
||||
INPUT_SYSTEM_PROMPT: You are an advanced research agent.
|
||||
run: |
|
||||
cat <<'EOF' > chack_prompt.txt
|
||||
You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
|
||||
uses: carlospolop/chack-agent@master
|
||||
with:
|
||||
provider: openrouter
|
||||
model_primary: CHEAP_BUT_QUALITY
|
||||
main_action: peass-ng
|
||||
sub_action: Chack-Agent PR Triage
|
||||
system_prompt: |
|
||||
You are Chack Agent, an elite PR reviewer for PEASS-ng.
|
||||
Be conservative: merge only if changes are simple, safe, and valuable accoding to the uers give guidelines.
|
||||
If in doubt, comment with clear questions or concerns.
|
||||
Remember taht you are an autonomouts agent, use the exec tool to run the needed commands to list, read, analyze, modify, test...
|
||||
tools_config_json: "{\"exec_enabled\": true}"
|
||||
session_config_json: "{\"long_term_memory_enabled\": false}"
|
||||
agent_config_json: "{\"self_critique_enabled\": false, \"require_task_list_init_first\": true}"
|
||||
output_schema_file: .github/chack-agent/pr-merge-schema.json
|
||||
user_prompt: |
|
||||
You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
|
||||
|
||||
Decide whether to merge or comment. Merge only if all of the following are true:
|
||||
- Changes are simple and safe (no DoS, no long operations, no backdoors).
|
||||
- Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
|
||||
- Changes simplify code or add new useful checks without breaking anything.
|
||||
Decide whether to merge or comment. Merge only if all of the following are true:
|
||||
- Changes are simple and safe (no DoS, no long operations, no backdoors).
|
||||
- Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
|
||||
- Changes simplify code or add new useful checks without breaking anything.
|
||||
|
||||
If you don't have any doubts, and all the previous conditions are met, decide to merge.
|
||||
If you have serious doubts, choose "comment" and include your doubts or questions.
|
||||
If you decide to merge, include a short rationale.
|
||||
If you don't have any doubts, and all the previous conditions are met, decide to merge.
|
||||
If you have serious doubts, choose "comment" and include your doubts or questions.
|
||||
If you decide to merge, include a short rationale.
|
||||
|
||||
Pull request title and body:
|
||||
----
|
||||
${{ steps.gate.outputs.pr_title }}
|
||||
${{ steps.gate.outputs.pr_body }}
|
||||
Pull request title and body:
|
||||
----
|
||||
${{ steps.gate.outputs.pr_title }}
|
||||
${{ steps.gate.outputs.pr_body }}
|
||||
|
||||
Review ONLY the changes introduced by the PR:
|
||||
git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
|
||||
Review ONLY the changes introduced by the PR:
|
||||
git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
|
||||
|
||||
Output JSON only, following the provided schema:
|
||||
.github/codex/pr-merge-schema.json
|
||||
EOF
|
||||
Output JSON only, following the provided schema:
|
||||
.github/chack-agent/pr-merge-schema.json
|
||||
openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
|
||||
python - <<'PY' > chack_output.txt
|
||||
import os
|
||||
from chack_agent import (
|
||||
Chack,
|
||||
ChackConfig,
|
||||
ModelConfig,
|
||||
AgentConfig,
|
||||
SessionConfig,
|
||||
ToolsConfig,
|
||||
CredentialsConfig,
|
||||
LoggingConfig,
|
||||
)
|
||||
|
||||
with open("chack_prompt.txt", "r", encoding="utf-8") as handle:
|
||||
user_prompt = handle.read()
|
||||
|
||||
config = ChackConfig(
|
||||
model=ModelConfig(
|
||||
primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
|
||||
provider=os.environ.get("INPUT_PROVIDER", "openai"),
|
||||
),
|
||||
agent=AgentConfig(
|
||||
main_action="github_action",
|
||||
sub_action="run",
|
||||
),
|
||||
session=SessionConfig(),
|
||||
tools=ToolsConfig(exec_enabled=True),
|
||||
credentials=CredentialsConfig(
|
||||
openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
|
||||
),
|
||||
logging=LoggingConfig(level="INFO"),
|
||||
system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
|
||||
env={},
|
||||
)
|
||||
|
||||
agent = Chack(config)
|
||||
result = agent.run(session_id="github-action", text=user_prompt)
|
||||
print(result.output)
|
||||
PY
|
||||
|
||||
{
|
||||
echo "final-message<<EOF"
|
||||
cat chack_output.txt
|
||||
echo "EOF"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Parse Codex decision
|
||||
- name: Parse Chack Agent decision
|
||||
id: parse
|
||||
if: ${{ steps.gate.outputs.should_run == 'true' }}
|
||||
env:
|
||||
CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
|
||||
CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
|
||||
run: |
|
||||
python3 - <<'PY'
|
||||
import json
|
||||
import os
|
||||
|
||||
data = json.loads(os.environ.get('CODEX_MESSAGE', '') or '{}')
|
||||
decision = data.get('decision', 'comment')
|
||||
message = data.get('message', '').strip() or 'Codex did not provide details.'
|
||||
raw = (os.environ.get('CHACK_MESSAGE', '') or '').strip()
|
||||
decision = 'comment'
|
||||
message = 'Chack Agent did not provide details.'
|
||||
try:
|
||||
data = json.loads(raw or '{}')
|
||||
if isinstance(data, dict):
|
||||
decision = data.get('decision', 'comment')
|
||||
message = data.get('message', '').strip() or message
|
||||
else:
|
||||
message = raw or message
|
||||
except Exception:
|
||||
message = raw or message
|
||||
with open(os.environ['GITHUB_OUTPUT'], 'a') as handle:
|
||||
handle.write(f"decision={decision}\n")
|
||||
handle.write("message<<EOF\n")
|
||||
@@ -193,31 +156,32 @@ jobs:
|
||||
|
||||
merge_or_comment:
|
||||
runs-on: ubuntu-latest
|
||||
needs: codex_triage
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' && needs.codex_triage.outputs.should_run == 'true' && needs.codex_triage.outputs.decision != '' }}
|
||||
needs: chack_agent_triage
|
||||
# Temporarily disabled by maintainer request.
|
||||
if: ${{ false && github.event.workflow_run.conclusion == 'success' && needs.chack_agent_triage.outputs.should_run == 'true' && needs.chack_agent_triage.outputs.decision != '' }}
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
steps:
|
||||
- name: Merge PR when approved
|
||||
if: ${{ needs.codex_triage.outputs.decision == 'merge' }}
|
||||
if: ${{ needs.chack_agent_triage.outputs.decision == 'merge' }}
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
PR_NUMBER: ${{ needs.codex_triage.outputs.pr_number }}
|
||||
PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
|
||||
run: |
|
||||
gh api \
|
||||
-X PUT \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
/repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge \
|
||||
-f merge_method=squash \
|
||||
-f commit_title="Auto-merge PR #${PR_NUMBER} (Codex)"
|
||||
-f commit_title="Auto-merge PR #${PR_NUMBER} (Chack Agent)"
|
||||
|
||||
- name: Comment with doubts
|
||||
if: ${{ needs.codex_triage.outputs.decision == 'comment' }}
|
||||
if: ${{ needs.chack_agent_triage.outputs.decision == 'comment' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_NUMBER: ${{ needs.codex_triage.outputs.pr_number }}
|
||||
CODEX_MESSAGE: ${{ needs.codex_triage.outputs.message }}
|
||||
PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
|
||||
CHACK_MESSAGE: ${{ needs.chack_agent_triage.outputs.message }}
|
||||
with:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
@@ -225,5 +189,5 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: Number(process.env.PR_NUMBER),
|
||||
body: process.env.CODEX_MESSAGE,
|
||||
body: process.env.CHACK_MESSAGE,
|
||||
});
|
||||
@@ -1,4 +1,4 @@
|
||||
name: CI-master Failure Codex PR
|
||||
name: CI-master Failure Chack-Agent PR
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
@@ -6,9 +6,10 @@ on:
|
||||
types: [completed]
|
||||
|
||||
jobs:
|
||||
codex_fix_master_failure:
|
||||
chack_agent_fix_master_failure:
|
||||
# Temporarily disabled by maintainer request.
|
||||
if: >
|
||||
${{ github.event.workflow_run.conclusion == 'failure' &&
|
||||
${{ false && github.event.workflow_run.conclusion == 'failure' &&
|
||||
github.event.workflow_run.head_branch == 'master' &&
|
||||
!startsWith(github.event.workflow_run.head_commit.message, 'Fix CI-master failures for run #') }}
|
||||
runs-on: ubuntu-latest
|
||||
@@ -19,7 +20,8 @@ jobs:
|
||||
actions: read
|
||||
env:
|
||||
TARGET_BRANCH: master
|
||||
FIX_BRANCH: codex/ci-master-fix-${{ github.event.workflow_run.id }}
|
||||
FIX_BRANCH: chack-agent/ci-master-fix-${{ github.event.workflow_run.id }}
|
||||
CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
|
||||
steps:
|
||||
- name: Checkout failing commit
|
||||
uses: actions/checkout@v5
|
||||
@@ -27,12 +29,12 @@ jobs:
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
fetch-depth: 0
|
||||
persist-credentials: true
|
||||
token: ${{ secrets.CODEX_FIXER_TOKEN }}
|
||||
token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
|
||||
- name: Configure git author
|
||||
run: |
|
||||
git config user.name "codex-action"
|
||||
git config user.email "codex-action@users.noreply.github.com"
|
||||
git config user.name "chack-agent"
|
||||
git config user.email "chack-agent@users.noreply.github.com"
|
||||
|
||||
- name: Create fix branch
|
||||
run: git checkout -b "$FIX_BRANCH"
|
||||
@@ -42,7 +44,7 @@ jobs:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
RUN_ID: ${{ github.event.workflow_run.id }}
|
||||
run: |
|
||||
failed_logs_file="$(pwd)/codex_failed_steps_logs.txt"
|
||||
failed_logs_file="$(pwd)/chack_failed_steps_logs.txt"
|
||||
if gh run view "$RUN_ID" --repo "${{ github.repository }}" --log-failed > "$failed_logs_file"; then
|
||||
if [ ! -s "$failed_logs_file" ]; then
|
||||
echo "No failed step logs were returned by gh run view --log-failed." > "$failed_logs_file"
|
||||
@@ -70,11 +72,11 @@ jobs:
|
||||
lines.append("")
|
||||
|
||||
summary = "\n".join(lines).strip() or "No failing job details found."
|
||||
with open('codex_failure_summary.txt', 'w') as handle:
|
||||
with open('chack_failure_summary.txt', 'w') as handle:
|
||||
handle.write(summary)
|
||||
PY
|
||||
|
||||
- name: Create Codex prompt
|
||||
- name: Create Chack Agent prompt
|
||||
env:
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
|
||||
@@ -86,7 +88,7 @@ jobs:
|
||||
echo "The target branch for the final PR is: ${TARGET_BRANCH}"
|
||||
echo ""
|
||||
echo "Failure summary:"
|
||||
cat codex_failure_summary.txt
|
||||
cat chack_failure_summary.txt
|
||||
echo ""
|
||||
echo "Failed-step logs file absolute path (local runner): ${FAILED_LOGS_PATH}"
|
||||
echo "Read that file to inspect the exact failing logs."
|
||||
@@ -94,71 +96,24 @@ jobs:
|
||||
echo "Please identify the cause, apply an easy, simple and minimal fix, and update files accordingly."
|
||||
echo "Run any fast checks you can locally (no network)."
|
||||
echo "Leave the repo in a state ready to commit; changes will be committed and pushed automatically."
|
||||
} > codex_prompt.txt
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install chack-agent
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -e chack-agent
|
||||
} > chack_prompt.txt
|
||||
|
||||
- name: Run Chack Agent
|
||||
id: run_codex
|
||||
env:
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
INPUT_PROVIDER: openai
|
||||
INPUT_MODEL_PRIMARY: gpt-5.2-codex
|
||||
INPUT_SYSTEM_PROMPT: You are an advanced research agent.
|
||||
run: |
|
||||
python - <<'PY' > chack_output.txt
|
||||
import os
|
||||
from chack_agent import (
|
||||
Chack,
|
||||
ChackConfig,
|
||||
ModelConfig,
|
||||
AgentConfig,
|
||||
SessionConfig,
|
||||
ToolsConfig,
|
||||
CredentialsConfig,
|
||||
LoggingConfig,
|
||||
)
|
||||
|
||||
with open("codex_prompt.txt", "r", encoding="utf-8") as handle:
|
||||
user_prompt = handle.read()
|
||||
|
||||
config = ChackConfig(
|
||||
model=ModelConfig(
|
||||
primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
|
||||
provider=os.environ.get("INPUT_PROVIDER", "openai"),
|
||||
),
|
||||
agent=AgentConfig(
|
||||
main_action="github_action",
|
||||
sub_action="run",
|
||||
),
|
||||
session=SessionConfig(),
|
||||
tools=ToolsConfig(exec_enabled=True),
|
||||
credentials=CredentialsConfig(
|
||||
openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
|
||||
),
|
||||
logging=LoggingConfig(level="INFO"),
|
||||
system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
|
||||
env={},
|
||||
)
|
||||
|
||||
agent = Chack(config)
|
||||
result = agent.run(session_id="github-action", text=user_prompt)
|
||||
print(result.output)
|
||||
PY
|
||||
|
||||
{
|
||||
echo "final-message<<EOF"
|
||||
cat chack_output.txt
|
||||
echo "EOF"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
id: run_chack
|
||||
uses: carlospolop/chack-agent@master
|
||||
with:
|
||||
provider: openrouter
|
||||
model_primary: CHEAP_BUT_QUALITY
|
||||
main_action: peass-ng
|
||||
sub_action: CI-master Failure Chack-Agent PR
|
||||
system_prompt: |
|
||||
Diagnose the failing gh actions workflow, propose the minimal and effective safe fix, and implement it.
|
||||
Run only fast, local checks (no network). Leave the repo ready to commit.
|
||||
prompt_file: chack_prompt.txt
|
||||
tools_config_json: "{\"exec_enabled\": true}"
|
||||
session_config_json: "{\"long_term_memory_enabled\": false}"
|
||||
agent_config_json: "{\"self_critique_enabled\": false, \"require_task_list_init_first\": true}"
|
||||
openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
|
||||
- name: Commit and push fix branch if changed
|
||||
id: push_fix
|
||||
@@ -169,33 +124,51 @@ jobs:
|
||||
exit 0
|
||||
fi
|
||||
|
||||
rm -f codex_failure_summary.txt codex_prompt.txt codex_failed_steps_logs.txt chack_output.txt
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
git add -A
|
||||
git reset -- codex_failure_summary.txt codex_prompt.txt codex_failed_steps_logs.txt chack_output.txt
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
if git diff --cached --quiet; then
|
||||
echo "No committable changes left after filtering."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
|
||||
git push origin HEAD:"$FIX_BRANCH"
|
||||
if ! git push origin HEAD:"$FIX_BRANCH"; then
|
||||
echo "Push failed (likely token workflow permission limits); skipping PR creation."
|
||||
echo "pushed=false" >> "$GITHUB_OUTPUT"
|
||||
exit 0
|
||||
fi
|
||||
echo "pushed=true" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Create PR to master
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' }}
|
||||
id: create_pr
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.CODEX_FIXER_TOKEN }}
|
||||
GH_TOKEN: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
run: |
|
||||
pr_url=$(gh pr create \
|
||||
--title "Fix CI-master_test failure (run #${{ github.event.workflow_run.id }})" \
|
||||
--body "Automated Codex fix for failing CI-master_test run: ${RUN_URL}" \
|
||||
--body "Automated Chack Agent fix for failing CI-master_test run: ${RUN_URL}" \
|
||||
--base "$TARGET_BRANCH" \
|
||||
--head "$FIX_BRANCH")
|
||||
echo "url=$pr_url" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Comment on created PR with Codex result
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_codex.outputs.final-message != '' }}
|
||||
- name: Comment on created PR with Chack Agent result
|
||||
if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_chack.outputs.final-message != '' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_URL: ${{ steps.create_pr.outputs.url }}
|
||||
CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
|
||||
CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
|
||||
with:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
@@ -209,5 +182,5 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: Number(match[1]),
|
||||
body: process.env.CODEX_MESSAGE,
|
||||
body: process.env.CHACK_MESSAGE,
|
||||
});
|
||||
@@ -1,4 +1,4 @@
|
||||
name: PR Failure Codex Dispatch
|
||||
name: PR Failure Chack-Agent Dispatch
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
@@ -7,8 +7,9 @@ on:
|
||||
|
||||
jobs:
|
||||
resolve_pr_context:
|
||||
# Temporarily disabled by maintainer request.
|
||||
if: >
|
||||
${{ github.event.workflow_run.conclusion == 'failure' &&
|
||||
${{ false && github.event.workflow_run.conclusion == 'failure' &&
|
||||
github.event.workflow_run.pull_requests &&
|
||||
github.event.workflow_run.pull_requests[0] &&
|
||||
!startsWith(github.event.workflow_run.head_commit.message, 'Fix CI failures for PR #') }}
|
||||
@@ -41,8 +42,8 @@ jobs:
|
||||
pr_labels=$(gh api -H "Accept: application/vnd.github+json" \
|
||||
/repos/${{ github.repository }}/issues/${PR_NUMBER} \
|
||||
--jq '.labels[].name')
|
||||
if echo "$pr_labels" | grep -q "^codex-fix-attempted$"; then
|
||||
echo "codex fix already attempted for PR #${PR_NUMBER}; skipping."
|
||||
if echo "$pr_labels" | grep -q "^chack-agent-fix-attempted$"; then
|
||||
echo "chack-agent fix already attempted for PR #${PR_NUMBER}; skipping."
|
||||
should_run=false
|
||||
else
|
||||
should_run=true
|
||||
@@ -55,15 +56,18 @@ jobs:
|
||||
echo "should_run=${should_run}"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
|
||||
codex_on_failure:
|
||||
chack_agent_on_failure:
|
||||
needs: resolve_pr_context
|
||||
if: ${{ needs.resolve_pr_context.outputs.author == 'carlospolop' && needs.resolve_pr_context.outputs.should_run == 'true' }}
|
||||
# Temporarily disabled by maintainer request.
|
||||
if: ${{ false && needs.resolve_pr_context.outputs.author == 'carlospolop' && needs.resolve_pr_context.outputs.should_run == 'true' }}
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
issues: write
|
||||
actions: read
|
||||
env:
|
||||
CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
|
||||
steps:
|
||||
- name: Comment on PR with failure info
|
||||
uses: actions/github-script@v7
|
||||
@@ -75,7 +79,7 @@ jobs:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
const prNumber = Number(process.env.PR_NUMBER);
|
||||
const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Codex to attempt a fix.`;
|
||||
const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Chack Agent to attempt a fix.`;
|
||||
await github.rest.issues.createComment({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
@@ -90,7 +94,7 @@ jobs:
|
||||
run: |
|
||||
gh api -X POST -H "Accept: application/vnd.github+json" \
|
||||
/repos/${{ github.repository }}/issues/${PR_NUMBER}/labels \
|
||||
-f labels[]=codex-fix-attempted
|
||||
-f labels[]=chack-agent-fix-attempted
|
||||
|
||||
- name: Checkout PR head
|
||||
uses: actions/checkout@v5
|
||||
@@ -99,12 +103,12 @@ jobs:
|
||||
ref: ${{ github.event.workflow_run.head_sha }}
|
||||
fetch-depth: 0
|
||||
persist-credentials: true
|
||||
token: ${{ secrets.CODEX_FIXER_TOKEN }}
|
||||
token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
|
||||
|
||||
- name: Configure git author
|
||||
run: |
|
||||
git config user.name "codex-action"
|
||||
git config user.email "codex-action@users.noreply.github.com"
|
||||
git config user.name "chack-agent"
|
||||
git config user.email "chack-agent@users.noreply.github.com"
|
||||
|
||||
- name: Fetch failure summary
|
||||
env:
|
||||
@@ -129,11 +133,11 @@ jobs:
|
||||
lines.append("")
|
||||
|
||||
summary = "\n".join(lines).strip() or "No failing job details found."
|
||||
with open('codex_failure_summary.txt', 'w') as handle:
|
||||
with open('chack_failure_summary.txt', 'w') as handle:
|
||||
handle.write(summary)
|
||||
PY
|
||||
|
||||
- name: Create Codex prompt
|
||||
- name: Create Chack Agent prompt
|
||||
env:
|
||||
PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
|
||||
RUN_URL: ${{ github.event.workflow_run.html_url }}
|
||||
@@ -145,76 +149,30 @@ jobs:
|
||||
echo "The PR branch is: ${HEAD_BRANCH}"
|
||||
echo ""
|
||||
echo "Failure summary:"
|
||||
cat codex_failure_summary.txt
|
||||
cat chack_failure_summary.txt
|
||||
echo ""
|
||||
echo "Please identify the cause, apply a easy, simple and minimal fix, and update files accordingly."
|
||||
echo "Run any fast checks you can locally (no network)."
|
||||
echo "Leave the repo in a state ready to commit as when you finish, it'll be automatically committed and pushed."
|
||||
} > codex_prompt.txt
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install chack-agent
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
python -m pip install -e chack-agent
|
||||
} > chack_prompt.txt
|
||||
|
||||
- name: Run Chack Agent
|
||||
id: run_codex
|
||||
env:
|
||||
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
||||
INPUT_PROVIDER: openai
|
||||
INPUT_MODEL_PRIMARY: gpt-5.2-codex
|
||||
INPUT_SYSTEM_PROMPT: You are an advanced research agent.
|
||||
run: |
|
||||
python - <<'PY' > chack_output.txt
|
||||
import os
|
||||
from chack_agent import (
|
||||
Chack,
|
||||
ChackConfig,
|
||||
ModelConfig,
|
||||
AgentConfig,
|
||||
SessionConfig,
|
||||
ToolsConfig,
|
||||
CredentialsConfig,
|
||||
LoggingConfig,
|
||||
)
|
||||
|
||||
with open("codex_prompt.txt", "r", encoding="utf-8") as handle:
|
||||
user_prompt = handle.read()
|
||||
|
||||
config = ChackConfig(
|
||||
model=ModelConfig(
|
||||
primary=os.environ.get("INPUT_MODEL_PRIMARY", "gpt-5.2-codex"),
|
||||
provider=os.environ.get("INPUT_PROVIDER", "openai"),
|
||||
),
|
||||
agent=AgentConfig(
|
||||
main_action="github_action",
|
||||
sub_action="run",
|
||||
),
|
||||
session=SessionConfig(),
|
||||
tools=ToolsConfig(exec_enabled=True),
|
||||
credentials=CredentialsConfig(
|
||||
openai_api_key=os.environ.get("OPENAI_API_KEY", ""),
|
||||
),
|
||||
logging=LoggingConfig(level="INFO"),
|
||||
system_prompt=os.environ.get("INPUT_SYSTEM_PROMPT", "You are an advanced research agent."),
|
||||
env={},
|
||||
)
|
||||
|
||||
agent = Chack(config)
|
||||
result = agent.run(session_id="github-action", text=user_prompt)
|
||||
print(result.output)
|
||||
PY
|
||||
|
||||
{
|
||||
echo "final-message<<EOF"
|
||||
cat chack_output.txt
|
||||
echo "EOF"
|
||||
} >> "$GITHUB_OUTPUT"
|
||||
id: run_chack
|
||||
uses: carlospolop/chack-agent@master
|
||||
with:
|
||||
provider: openrouter
|
||||
model_primary: CHEAP_BUT_QUALITY
|
||||
main_action: peass-ng
|
||||
sub_action: PR Failure Chack-Agent Dispatch
|
||||
system_prompt: |
|
||||
You are Chack Agent, an elite CI-fix engineer.
|
||||
Diagnose the failing workflow, propose the minimal safe fix, and implement it.
|
||||
Run only fast, local checks (no network). Leave the repo ready to commit.
|
||||
prompt_file: chack_prompt.txt
|
||||
tools_config_json: "{\"exec_enabled\": true}"
|
||||
session_config_json: "{\"long_term_memory_enabled\": false}"
|
||||
agent_config_json: "{\"self_critique_enabled\": false, \"require_task_list_init_first\": true}"
|
||||
openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
|
||||
|
||||
- name: Commit and push if changed
|
||||
env:
|
||||
@@ -225,18 +183,33 @@ jobs:
|
||||
echo "No changes to commit."
|
||||
exit 0
|
||||
fi
|
||||
rm -f codex_failure_summary.txt codex_prompt.txt chack_output.txt
|
||||
rm -f chack_failure_summary.txt chack_prompt.txt
|
||||
git add -A
|
||||
git reset -- codex_failure_summary.txt codex_prompt.txt chack_output.txt
|
||||
# Avoid workflow-file pushes with token scopes that cannot write workflows.
|
||||
git reset -- .github/workflows || true
|
||||
git checkout -- .github/workflows || true
|
||||
git clean -fdx -- .github/workflows || true
|
||||
git reset -- chack_failure_summary.txt chack_prompt.txt
|
||||
if git diff --cached --name-only | grep -q '^.github/workflows/'; then
|
||||
echo "Workflow-file changes are still staged; skipping push without workflows permission."
|
||||
exit 0
|
||||
fi
|
||||
if git diff --cached --quiet; then
|
||||
echo "No committable changes left after filtering."
|
||||
exit 0
|
||||
fi
|
||||
git commit -m "Fix CI failures for PR #${PR_NUMBER}"
|
||||
git push origin HEAD:${TARGET_BRANCH}
|
||||
if ! git push origin HEAD:${TARGET_BRANCH}; then
|
||||
echo "Push failed (likely token workflow permission limits); leaving run successful without push."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
- name: Comment with Codex result
|
||||
if: ${{ steps.run_codex.outputs.final-message != '' }}
|
||||
- name: Comment with Chack Agent result
|
||||
if: ${{ steps.run_chack.outputs.final-message != '' }}
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
|
||||
CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
|
||||
CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
|
||||
with:
|
||||
github-token: ${{ github.token }}
|
||||
script: |
|
||||
@@ -244,5 +217,5 @@ jobs:
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
issue_number: Number(process.env.PR_NUMBER),
|
||||
body: process.env.CODEX_MESSAGE,
|
||||
body: process.env.CHACK_MESSAGE,
|
||||
});
|
||||
@@ -813,6 +813,12 @@ search:
|
||||
bad_regex: "auth|accessfile=|secret=|user"
|
||||
remove_regex: "^#|^@"
|
||||
type: f
|
||||
- name: "*"
|
||||
value:
|
||||
bad_regex: "nullok|nullok_secure|pam_permit\\.so|pam_rootok\\.so|pam_exec\\.so|pam_unix\\.so.*(nullok|remember=0)|sufficient\\s+pam_unix\\.so"
|
||||
only_bad_lines: True
|
||||
remove_regex: "^#|^@"
|
||||
type: f
|
||||
type: d
|
||||
search_in:
|
||||
- ${ROOT_FOLDER}etc
|
||||
@@ -1235,12 +1241,20 @@ search:
|
||||
auto_check: False
|
||||
|
||||
files:
|
||||
- name: "agent*"
|
||||
- name: "agent.*"
|
||||
value:
|
||||
type: f
|
||||
remove_path: ".dll"
|
||||
search_in:
|
||||
- ${ROOT_FOLDER}tmp
|
||||
- ${ROOT_FOLDER}run
|
||||
|
||||
- name: "ssh-agent.sock"
|
||||
value:
|
||||
type: f
|
||||
search_in:
|
||||
- ${ROOT_FOLDER}tmp
|
||||
- ${ROOT_FOLDER}run
|
||||
|
||||
- name: SSH_CONFIG
|
||||
value:
|
||||
@@ -2067,6 +2081,45 @@ search:
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "*.asc"
|
||||
value:
|
||||
type: f
|
||||
remove_path: "/usr/share/|/usr/lib/|/lib/|/man/"
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "secring.gpg"
|
||||
value:
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "pubring.kbx"
|
||||
value:
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "trustdb.gpg"
|
||||
value:
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "gpg-agent.conf"
|
||||
value:
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "secret.asc"
|
||||
value:
|
||||
type: f
|
||||
just_list_file: True
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "private-keys-v1.d/*.key"
|
||||
value:
|
||||
type: f
|
||||
@@ -2844,6 +2897,85 @@ search:
|
||||
remove_path: "example"
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: Proxy_Config
|
||||
value:
|
||||
config:
|
||||
auto_check: True
|
||||
|
||||
files:
|
||||
- name: "environment"
|
||||
value:
|
||||
bad_regex: "(http|https|ftp|all)_proxy|no_proxy"
|
||||
only_bad_lines: True
|
||||
remove_empty_lines: True
|
||||
remove_regex: '^#'
|
||||
type: f
|
||||
check_extra_path: "^/etc/environment$"
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "apt.conf"
|
||||
value:
|
||||
bad_regex: "Acquire::http::Proxy|Acquire::https::Proxy|proxy"
|
||||
only_bad_lines: True
|
||||
remove_empty_lines: True
|
||||
remove_regex: '^#'
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "apt.conf.d"
|
||||
value:
|
||||
type: d
|
||||
files:
|
||||
- name: "*"
|
||||
value:
|
||||
bad_regex: "Acquire::http::Proxy|Acquire::https::Proxy|proxy"
|
||||
only_bad_lines: True
|
||||
remove_empty_lines: True
|
||||
remove_regex: '^#'
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: Sniffing_Artifacts
|
||||
value:
|
||||
config:
|
||||
auto_check: True
|
||||
|
||||
files:
|
||||
- name: "*.pcap"
|
||||
value:
|
||||
just_list_file: True
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "*.pcapng"
|
||||
value:
|
||||
just_list_file: True
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "keys.log"
|
||||
value:
|
||||
bad_regex: "CLIENT_RANDOM|SERVER_HANDSHAKE_TRAFFIC_SECRET|CLIENT_HANDSHAKE_TRAFFIC_SECRET|EXPORTER_SECRET|RESUMPTION_MASTER_SECRET"
|
||||
only_bad_lines: True
|
||||
remove_empty_lines: True
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "sslkeylog.log"
|
||||
value:
|
||||
bad_regex: "CLIENT_RANDOM|SERVER_HANDSHAKE_TRAFFIC_SECRET|CLIENT_HANDSHAKE_TRAFFIC_SECRET|EXPORTER_SECRET|RESUMPTION_MASTER_SECRET"
|
||||
only_bad_lines: True
|
||||
remove_empty_lines: True
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: Msmtprc
|
||||
value:
|
||||
@@ -3948,6 +4080,13 @@ search:
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "*.maintenance*"
|
||||
value:
|
||||
just_list_file: True
|
||||
type: f
|
||||
search_in:
|
||||
- common
|
||||
|
||||
- name: "*.key"
|
||||
value:
|
||||
just_list_file: True
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
# Functions Used: print_2title, print_list, echo_not_found
|
||||
# Global Variables: $SEARCH_IN_FOLDER, $Wfolders, $SED_RED, $SED_RED_YELLOW, $NC
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $exec_value, $cmd, $cmd_path
|
||||
# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $exec_value, $cmd, $cmd_path, $svc_path_entry, $svc_writable_path
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
@@ -113,6 +113,19 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
service=$(echo "$line" | awk '{print $1}')
|
||||
service_file=$(get_service_file "$service")
|
||||
if [ -n "$service_file" ]; then
|
||||
# Check service-specific PATH entries (Environment=PATH=...)
|
||||
svc_writable_path=$(grep -E '^Environment=.*PATH=' "$service_file" 2>/dev/null | sed -E 's/^Environment=//; s/^"//; s/"$//; s/^PATH=//' | tr ':' '\n' | while read -r svc_path_entry; do
|
||||
[ -z "$svc_path_entry" ] && continue
|
||||
if [ -d "$svc_path_entry" ] && [ -w "$svc_path_entry" ]; then
|
||||
echo "$svc_path_entry"
|
||||
fi
|
||||
done)
|
||||
if [ "$svc_writable_path" ]; then
|
||||
for svc_path_entry in $svc_writable_path; do
|
||||
echo "$service: Writable service PATH entry '$svc_path_entry'" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
|
||||
done
|
||||
fi
|
||||
|
||||
# Check ExecStart paths
|
||||
grep -E "ExecStart|ExecStartPre|ExecStartPost" "$service_file" 2>/dev/null |
|
||||
while read -r exec_line; do
|
||||
@@ -130,6 +143,9 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
# Check for relative paths only in the command, not arguments
|
||||
if [ -n "$cmd_path" ] && [ "${cmd_path#/}" = "$cmd_path" ] && [ "${cmd_path#\$}" = "$cmd_path" ]; then
|
||||
echo "$service: Uses relative path '$cmd_path' (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
|
||||
if [ "$svc_writable_path" ]; then
|
||||
echo "$service: Relative Exec path + writable service PATH can allow path hijacking" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.1
|
||||
# Functions Used: print_2title, print_info
|
||||
# Global Variables: $EXTRA_CHECKS, $groupsB, $groupsVB, $IAMROOT, $idB, $knw_grps, $knw_usrs, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $SED_RED, $SED_GREEN, $NC, $RED
|
||||
# Global Variables: $EXTRA_CHECKS, $groupsB, $groupsVB, $IAMROOT, $idB, $knw_grps, $knw_usrs, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $SED_RED, $SED_GREEN, $SED_RED_YELLOW, $NC, $RED
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $unix_scks_list, $unix_scks_list2, $perms, $owner, $owner_info, $response, $socket, $cmd, $mode, $group
|
||||
# Fat linpeas: 0
|
||||
@@ -142,10 +142,13 @@ if ! [ "$IAMROOT" ]; then
|
||||
# Highlight dangerous ownership
|
||||
if echo "$owner_info" | grep -q "root"; then
|
||||
echo " └─(${RED}Owned by root${NC})"
|
||||
if echo "$perms" | grep -q "Write"; then
|
||||
echo " └─High risk: root-owned and writable Unix socket" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
# Description: Check for internet access
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: check_dns, check_icmp, check_tcp_443, check_tcp_443_bin, check_tcp_80, print_2title, check_external_hostname
|
||||
# Global Variables:
|
||||
# Functions Used: check_dns, check_icmp, check_tcp_443, check_tcp_443_bin, check_tcp_80, print_2title, print_3title, print_info, check_external_hostname
|
||||
# Global Variables: $E
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $$tcp443_bin_status, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
|
||||
# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $tcp443_bin_status, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 0
|
||||
|
||||
@@ -29,8 +29,8 @@ check_tcp_443 "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid2=$!
|
||||
check_icmp "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid3=$!
|
||||
check_dns "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid4=$!
|
||||
|
||||
# Kill all after 10 seconds
|
||||
(sleep $(( $TIMEOUT_INTERNET_SECONDS + 1 )) && kill -9 $pid1 $pid2 $pid3 $pid4 2>/dev/null) &
|
||||
# Kill all check workers after timeout + 1s without relying on integer arithmetic
|
||||
(sleep "$TIMEOUT_INTERNET_SECONDS"; sleep 1; kill -9 $pid1 $pid2 $pid3 $pid4 2>/dev/null) &
|
||||
|
||||
check_tcp_443_bin $TIMEOUT_INTERNET_SECONDS 2>/dev/null
|
||||
tcp443_bin_status=$?
|
||||
@@ -50,3 +50,9 @@ if [ "$tcp443_bin_status" -eq 0 ] && \
|
||||
fi
|
||||
|
||||
echo ""
|
||||
print_3title "Proxy discovery"
|
||||
print_info "Checking common proxy env vars and apt proxy config"
|
||||
(env | grep -iE '^(http|https|ftp|all)_proxy=|^no_proxy=') 2>/dev/null | sed -${E} "s,_proxy|no_proxy,${SED_RED_YELLOW},g"
|
||||
grep -RinE 'Acquire::(http|https)::Proxy|proxy' /etc/apt/apt.conf /etc/apt/apt.conf.d 2>/dev/null | sed -${E} "s,proxy|Acquire::http::Proxy|Acquire::https::Proxy,${SED_RED_YELLOW},g"
|
||||
|
||||
echo ""
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
# Description: Check network interfaces
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title
|
||||
# Global Variables:
|
||||
# Functions Used: print_2title, print_3title
|
||||
# Global Variables: $E, $SED_RED_YELLOW
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $iface, $state, $mac, $ip_file, $line
|
||||
# Fat linpeas: 0
|
||||
@@ -73,4 +73,22 @@ else
|
||||
parse_network_interfaces
|
||||
fi
|
||||
|
||||
echo ""
|
||||
if command -v ip >/dev/null 2>&1; then
|
||||
print_3title "Routing & policy quick view"
|
||||
ip route 2>/dev/null
|
||||
ip -6 route 2>/dev/null | head -n 30
|
||||
echo ""
|
||||
ip rule 2>/dev/null
|
||||
|
||||
print_3title "Virtual/overlay interfaces quick view"
|
||||
ip -d link 2>/dev/null | grep -E "^[0-9]+:|veth|docker|cni|flannel|br-|bridge|vlan|bond|tun|tap|wg|tailscale" | sed -${E} "s,veth|docker|cni|flannel|br-|bridge|vlan|bond|tun|tap|wg|tailscale,${SED_RED_YELLOW},g"
|
||||
|
||||
print_3title "Network namespaces quick view"
|
||||
ip netns list 2>/dev/null
|
||||
ls -la /var/run/netns/ 2>/dev/null
|
||||
fi
|
||||
|
||||
print_3title "Forwarding status"
|
||||
sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding 2>/dev/null | sed -${E} "s,=[[:space:]]*1,${SED_RED_YELLOW},g"
|
||||
|
||||
echo ""
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title, print_3title, print_info
|
||||
# Global Variables: $E, $SED_RED
|
||||
# Global Variables: $E, $SED_RED, $SED_RED_YELLOW
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $pid_dir, $tx_queue, $pid, $rem_port, $proc_file, $rem_ip, $local_ip, $rx_queue, $proto, $rem_addr, $program, $state, $header_sep, $proc_info, $inode, $header, $line, $local_addr, $local_port
|
||||
# Fat linpeas: 0
|
||||
@@ -122,6 +122,45 @@ get_open_ports() {
|
||||
parse_proc_net_ports "udp"
|
||||
fi
|
||||
|
||||
# Focused local service exposure view
|
||||
print_3title "Local-only listeners (loopback)"
|
||||
if command -v ss >/dev/null 2>&1; then
|
||||
ss -nltpu 2>/dev/null | grep -E "127\.0\.0\.1:|::1:" | sed -${E} "s,127\.0\.0\.1:|::1:,${SED_RED},g"
|
||||
elif command -v netstat >/dev/null 2>&1; then
|
||||
netstat -punta 2>/dev/null | grep -i listen | grep -E "127\.0\.0\.1:|::1:" | sed -${E} "s,127\.0\.0\.1:|::1:,${SED_RED},g"
|
||||
fi
|
||||
|
||||
print_3title "Unique listener bind addresses"
|
||||
if command -v ss >/dev/null 2>&1; then
|
||||
ss -nltpuH 2>/dev/null | awk '{
|
||||
a=$5
|
||||
if (a ~ /^\[/) {
|
||||
sub(/^\[/, "", a)
|
||||
sub(/\]:[0-9]+$/, "", a)
|
||||
} else if (a ~ /:[0-9]+$/) {
|
||||
sub(/:[0-9]+$/, "", a)
|
||||
}
|
||||
sub(/^::ffff:/, "", a)
|
||||
if (a != "") print a
|
||||
}' | sort -u | sed -${E} "s,127\.0\.0\.1|::1,${SED_RED},g"
|
||||
elif command -v netstat >/dev/null 2>&1; then
|
||||
netstat -punta 2>/dev/null | grep -i listen | awk '{
|
||||
a=$4
|
||||
if (a ~ /^\[/) {
|
||||
sub(/^\[/, "", a)
|
||||
sub(/\]:[0-9]+$/, "", a)
|
||||
} else if (a ~ /:[0-9]+$/) {
|
||||
sub(/:[0-9]+$/, "", a)
|
||||
}
|
||||
if (a == ":::" ) a="::"
|
||||
sub(/^::ffff:/, "", a)
|
||||
if (a != "") print a
|
||||
}' | sort -u | sed -${E} "s,127\.0\.0\.1|::1,${SED_RED},g"
|
||||
fi
|
||||
|
||||
print_3title "Potential local forwarders/relays"
|
||||
ps aux 2>/dev/null | grep -E "[s]ocat|[s]sh .*(-L|-R|-D)|[n]cat|[n]c .*-l" | sed -${E} "s,socat|ssh|-L|-R|-D|ncat|nc,${SED_RED_YELLOW},g"
|
||||
|
||||
# Additional port information
|
||||
if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
|
||||
print_3title "Additional Port Information"
|
||||
|
||||
@@ -6,9 +6,9 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title, print_3title, print_info, warn_exec
|
||||
# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN
|
||||
# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_RED_YELLOW
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $tools_found, $tool, $interfaces, $interfaces_found, $iface, $cmd, $pattern, $patterns
|
||||
# Generated Global Variables: $tools_found, $tool, $interfaces, $interfaces_found, $iface, $cmd, $pattern, $patterns, $dumpcap_test_file
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
@@ -26,8 +26,17 @@ check_command() {
|
||||
# Function to check if we can sniff on an interface
|
||||
check_interface_sniffable() {
|
||||
local iface=$1
|
||||
if timeout 1 tcpdump -i "$iface" -c 1 >/dev/null 2>&1; then
|
||||
return 0
|
||||
if check_command tcpdump; then
|
||||
if timeout 1 tcpdump -i "$iface" -c 1 >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
elif check_command dumpcap; then
|
||||
dumpcap_test_file="/tmp/.linpeas_dumpcap_test_$$.pcap"
|
||||
if timeout 2 dumpcap -i "$iface" -c 1 -q -w "$dumpcap_test_file" >/dev/null 2>&1; then
|
||||
rm -f "$dumpcap_test_file" 2>/dev/null
|
||||
return 0
|
||||
fi
|
||||
rm -f "$dumpcap_test_file" 2>/dev/null
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
@@ -55,6 +64,20 @@ check_network_traffic_analysis() {
|
||||
tools_found=1
|
||||
# Check tcpdump version and capabilities
|
||||
warn_exec tcpdump --version 2>/dev/null | head -n 1
|
||||
getcap "$(command -v tcpdump)" 2>/dev/null
|
||||
fi
|
||||
|
||||
if check_command dumpcap; then
|
||||
echo "dumpcap is available" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
tools_found=1
|
||||
warn_exec dumpcap --version 2>/dev/null | head -n 1
|
||||
getcap "$(command -v dumpcap)" 2>/dev/null
|
||||
|
||||
if id -nG 2>/dev/null | grep -qw wireshark; then
|
||||
echo "Current user is in wireshark group" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
elif getent group wireshark >/dev/null 2>&1; then
|
||||
echo "wireshark group exists but current user is not in it" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
|
||||
fi
|
||||
fi
|
||||
|
||||
if check_command tshark; then
|
||||
@@ -68,10 +91,28 @@ check_network_traffic_analysis() {
|
||||
echo "wireshark is available" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
tools_found=1
|
||||
fi
|
||||
|
||||
if check_command ngrep; then
|
||||
echo "ngrep is available" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
tools_found=1
|
||||
fi
|
||||
|
||||
if check_command tcpflow; then
|
||||
echo "tcpflow is available" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
tools_found=1
|
||||
fi
|
||||
|
||||
if [ $tools_found -eq 0 ]; then
|
||||
echo "No sniffing tools found" | sed -${E} "s,.*,${SED_RED},g"
|
||||
fi
|
||||
|
||||
if check_command tcpdump; then
|
||||
echo "Sniffable interfaces according to tcpdump -D:"
|
||||
timeout 2 tcpdump -D 2>/dev/null
|
||||
elif check_command dumpcap; then
|
||||
echo "Sniffable interfaces according to dumpcap -D:"
|
||||
timeout 2 dumpcap -D 2>/dev/null
|
||||
fi
|
||||
|
||||
# Check network interfaces
|
||||
echo ""
|
||||
@@ -88,25 +129,28 @@ check_network_traffic_analysis() {
|
||||
fi
|
||||
|
||||
for iface in $interfaces; do
|
||||
if [ "$iface" != "lo" ]; then # Skip loopback
|
||||
if [ "$iface" = "lo" ]; then
|
||||
echo -n "Interface $iface (loopback): "
|
||||
else
|
||||
echo -n "Interface $iface: "
|
||||
if check_interface_sniffable "$iface"; then
|
||||
echo "Sniffable" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
interfaces_found=1
|
||||
|
||||
# Check promiscuous mode
|
||||
if check_promiscuous_mode "$iface"; then
|
||||
echo " - Promiscuous mode enabled" | sed -${E} "s,.*,${SED_RED},g"
|
||||
fi
|
||||
|
||||
# Get interface details
|
||||
if [ "$EXTRA_CHECKS" ]; then
|
||||
echo " - Interface details:"
|
||||
warn_exec ip addr show "$iface" 2>/dev/null || ifconfig "$iface" 2>/dev/null
|
||||
fi
|
||||
else
|
||||
echo "Not sniffable" | sed -${E} "s,.*,${SED_RED},g"
|
||||
fi
|
||||
|
||||
if check_interface_sniffable "$iface"; then
|
||||
echo "Sniffable" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
interfaces_found=1
|
||||
|
||||
# Check promiscuous mode
|
||||
if [ "$iface" != "lo" ] && check_promiscuous_mode "$iface"; then
|
||||
echo " - Promiscuous mode enabled" | sed -${E} "s,.*,${SED_RED},g"
|
||||
fi
|
||||
|
||||
# Get interface details
|
||||
if [ "$EXTRA_CHECKS" ]; then
|
||||
echo " - Interface details:"
|
||||
warn_exec ip addr show "$iface" 2>/dev/null || ifconfig "$iface" 2>/dev/null
|
||||
fi
|
||||
else
|
||||
echo "Not sniffable" | sed -${E} "s,.*,${SED_RED},g"
|
||||
fi
|
||||
done
|
||||
|
||||
@@ -145,7 +189,12 @@ check_network_traffic_analysis() {
|
||||
print_info "To capture sensitive traffic, you can use:"
|
||||
echo "tcpdump -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
echo "tshark -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
echo "dumpcap -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
print_3title "Running sniffing/traffic reconstruction processes"
|
||||
ps aux 2>/dev/null | grep -E "[t]cpdump|[d]umpcap|[t]shark|[w]ireshark|[n]grep|[t]cpflow" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
|
||||
|
||||
# Additional information
|
||||
if [ "$EXTRA_CHECKS" ]; then
|
||||
|
||||
@@ -6,9 +6,9 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title, print_3title, warn_exec, echo_not_found
|
||||
# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_YELLOW
|
||||
# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_YELLOW, $SED_RED_YELLOW
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $rules_file, $cmd, $tool, $config_file
|
||||
# Generated Global Variables: $rules_file, $cmd, $tool, $config_file, $sysctl_var
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
@@ -90,6 +90,9 @@ analyze_nftables() {
|
||||
# List all rules
|
||||
echo -e "\nNftables Ruleset:"
|
||||
warn_exec nft list ruleset 2>/dev/null
|
||||
|
||||
echo -e "\nNftables Ruleset with handles (-a):"
|
||||
warn_exec nft -a list ruleset 2>/dev/null | sed -${E} "s,\\bdrop\\b|\\breject\\b|handle [0-9]+,${SED_RED_YELLOW},g"
|
||||
|
||||
# Check for saved rules
|
||||
echo -e "\nSaved Rules:"
|
||||
@@ -180,6 +183,17 @@ analyze_firewall_rules() {
|
||||
analyze_nftables
|
||||
analyze_firewalld
|
||||
analyze_ufw
|
||||
|
||||
echo ""
|
||||
print_3title "Forwarding and rp_filter"
|
||||
for sysctl_var in net.ipv4.ip_forward net.ipv6.conf.all.forwarding net.ipv4.conf.all.rp_filter; do
|
||||
sysctl "$sysctl_var" 2>/dev/null | sed -${E} "s,=[[:space:]]*1,${SED_RED_YELLOW},g"
|
||||
done
|
||||
|
||||
if check_command conntrack; then
|
||||
echo -e "\nConntrack state (first 20):"
|
||||
warn_exec conntrack -L 2>/dev/null | head -n 20
|
||||
fi
|
||||
|
||||
# Additional checks if EXTRA_CHECKS is enabled
|
||||
if [ "$EXTRA_CHECKS" ]; then
|
||||
@@ -207,4 +221,4 @@ analyze_firewall_rules() {
|
||||
}
|
||||
|
||||
# Run the main function
|
||||
analyze_firewall_rules
|
||||
analyze_firewall_rules
|
||||
|
||||
@@ -34,6 +34,9 @@ if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
|
||||
echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
|
||||
fi
|
||||
for f in /etc/sudoers.d/*; do
|
||||
if [ -w "$f" ]; then
|
||||
echo "Sudoers file: $f is writable and may allow privilege escalation" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
|
||||
fi
|
||||
if [ -r "$f" ]; then
|
||||
echo "Sudoers file: $f is readable" | sed -${E} "s,.*,${SED_RED},g"
|
||||
grep -Iv "^$" "$f" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g"
|
||||
|
||||
@@ -8,12 +8,12 @@
|
||||
# Functions Used: print_2title, print_info
|
||||
# Global Variables:$DEBUG, $SEARCH_IN_FOLDER, $USER, $wgroups
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $screensess, $screensess2
|
||||
# Generated Global Variables: $screensess, $screensess2, $uscreen
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
if ([ "$screensess" ] || [ "$screensess2" ] || [ "$DEBUG" ]) && ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
if (command -v screen >/dev/null 2>&1 || [ -d "/run/screen" ] || [ "$DEBUG" ]) && ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
print_2title "Searching screen sessions"
|
||||
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#open-shell-sessions"
|
||||
screensess=$(screen -ls 2>/dev/null)
|
||||
@@ -25,5 +25,16 @@ if ([ "$screensess" ] || [ "$screensess2" ] || [ "$DEBUG" ]) && ! [ "$SEARCH_IN_
|
||||
find /run/screen -type s -path "/run/screen/S-*" -not -user $USER '(' '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null | while read f; do
|
||||
echo "Other user screen socket is writable: $f" | sed "s,$f,${SED_RED_YELLOW},"
|
||||
done
|
||||
|
||||
if [ -r "/etc/passwd" ]; then
|
||||
print_3title "Checking other users screen sessions"
|
||||
cut -d: -f1,7 /etc/passwd 2>/dev/null | grep "sh$" | cut -d: -f1 | grep -v "^$USER$" | while read u; do
|
||||
uscreen=$(screen -ls "${u}/" 2>/dev/null | grep -v "No Sockets found" | grep -v "^$")
|
||||
if [ "$uscreen" ]; then
|
||||
echo "User $u screen sessions:"
|
||||
printf "%s\n" "$uscreen" | sed -${E} "s,.*,${SED_RED},"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
# Functions Used: print_2title, print_3title
|
||||
# Global Variables: $HOME, $HOMESEARCH, $ROOT_FOLDER, $SEARCH_IN_FOLDER, $TIMEOUT, $USER, $wgroups
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $certsb4_grep, $hostsallow, $hostsdenied, $sshconfig, $writable_agents, $privatekeyfilesetc, $privatekeyfileshome, $privatekeyfilesroot, $privatekeyfilesmnt,
|
||||
# Generated Global Variables: $certsb4_grep, $hostsallow, $hostsdenied, $sshconfig, $writable_agents, $agent_sockets, $privatekeyfilesetc, $privatekeyfileshome, $privatekeyfilesroot, $privatekeyfilesmnt,
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
@@ -19,12 +19,18 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)"
|
||||
hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)"
|
||||
hostsallow="$(ls /etc/hosts.allow 2>/dev/null)"
|
||||
writable_agents=$(find /tmp /etc /home -type s -name "agent.*" -or -name "*gpg-agent*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)
|
||||
agent_sockets=$(find /run/user /tmp -type s \( -path "/run/user/*/ssh-*/agent.*" -o -name "ssh-agent.sock" -o -path "/tmp/ssh-*" \) 2>/dev/null)
|
||||
writable_agents=$(find /tmp /etc /home /run/user \
|
||||
\( -type s -a \( -name "agent.*" -o -name "ssh-agent.sock" -o -path "*/ssh-*/agent.*" -o -name "*gpg-agent*" \) \
|
||||
-a \( \( -user "$USER" \) -o \( -perm -o=w \) -o \( -perm -g=w -a \( $wgroups \) \) \) \) 2>/dev/null)
|
||||
else
|
||||
sshconfig="$(ls ${ROOT_FOLDER}etc/ssh/ssh_config 2>/dev/null)"
|
||||
hostsdenied="$(ls ${ROOT_FOLDER}etc/hosts.denied 2>/dev/null)"
|
||||
hostsallow="$(ls ${ROOT_FOLDER}etc/hosts.allow 2>/dev/null)"
|
||||
writable_agents=$(find ${ROOT_FOLDER} -type s -name "agent.*" -or -name "*gpg-agent*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)
|
||||
agent_sockets=$(find "${ROOT_FOLDER}"tmp "${ROOT_FOLDER}"run -type s \( -name "agent.*" -o -name "ssh-agent.sock" \) 2>/dev/null)
|
||||
writable_agents=$(find "${ROOT_FOLDER}" \
|
||||
\( -type s -a \( -name "agent.*" -o -name "ssh-agent.sock" -o -path "*/ssh-*/agent.*" -o -name "*gpg-agent*" \) \
|
||||
-a \( \( -user "$USER" \) -o \( -perm -o=w \) -o \( -perm -g=w -a \( $wgroups \) \) \) \) 2>/dev/null)
|
||||
fi
|
||||
|
||||
peass{SSH}
|
||||
@@ -58,7 +64,7 @@ fi
|
||||
if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then
|
||||
print_3title "Some certificates were found (out limited):"
|
||||
printf "$certsb4_grep\n" | head -n 20
|
||||
printf "$$PSTORAGE_CERTSBIN\n" | head -n 20
|
||||
printf "$PSTORAGE_CERTSBIN\n" | head -n 20
|
||||
echo ""
|
||||
fi
|
||||
if [ "$PSTORAGE_CERTSCLIENT" ]; then
|
||||
@@ -71,6 +77,11 @@ if [ "$PSTORAGE_SSH_AGENTS" ]; then
|
||||
printf "$PSTORAGE_SSH_AGENTS\n"
|
||||
echo ""
|
||||
fi
|
||||
if [ "$agent_sockets" ]; then
|
||||
print_3title "Potential SSH agent sockets were found:"
|
||||
printf "%s\n" "$agent_sockets" | sed -${E} "s,.*,${SED_RED},"
|
||||
echo ""
|
||||
fi
|
||||
if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then
|
||||
print_3title "Listing SSH Agents"
|
||||
ssh-add -l
|
||||
|
||||
@@ -23,6 +23,7 @@ if ! [ "$STRACE" ]; then
|
||||
fi
|
||||
suids_files=$(find $ROOT_FOLDER -perm -4000 -type f ! -path "/dev/*" 2>/dev/null)
|
||||
printf "%s\n" "$suids_files" | while read s; do
|
||||
[ -z "$s" ] && continue
|
||||
s=$(ls -lahtr "$s")
|
||||
#If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
|
||||
if echo "$s" | grep -qE "^total"; then break; fi
|
||||
@@ -59,6 +60,8 @@ printf "%s\n" "$suids_files" | while read s; do
|
||||
if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
|
||||
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
|
||||
fi
|
||||
elif echo "$sline_first" | grep -q "/" && [ -d "$(dirname "$sline_first")" ] && [ -w "$(dirname "$sline_first")" ]; then #If path does not exist but can be created
|
||||
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can create it inside writable dir $RED$(dirname "$sline_first")$NC$ITALIC (strings line: $sline) (https://tinyurl.com/suidpath)\n"
|
||||
else #If not a path
|
||||
if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary
|
||||
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
|
||||
|
||||
@@ -17,6 +17,7 @@ print_2title "SGID"
|
||||
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid"
|
||||
sgids_files=$(find $ROOT_FOLDER -perm -2000 -type f ! -path "/dev/*" 2>/dev/null)
|
||||
printf "%s\n" "$sgids_files" | while read s; do
|
||||
[ -z "$s" ] && continue
|
||||
s=$(ls -lahtr "$s")
|
||||
#If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
|
||||
if echo "$s" | grep -qE "^total";then break; fi
|
||||
@@ -53,6 +54,8 @@ printf "%s\n" "$sgids_files" | while read s; do
|
||||
if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
|
||||
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n"
|
||||
fi
|
||||
elif echo "$sline_first" | grep -q "/" && [ -d "$(dirname "$sline_first")" ] && [ -w "$(dirname "$sline_first")" ]; then #If path does not exist but can be created
|
||||
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can create it inside writable dir $RED$(dirname "$sline_first")$NC$ITALIC (strings line: $sline)\n"
|
||||
else #If not a path
|
||||
if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary
|
||||
printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n"
|
||||
@@ -90,4 +93,4 @@ printf "%s\n" "$sgids_files" | while read s; do
|
||||
fi
|
||||
fi
|
||||
done;
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: echo_not_found, print_2title, print_info
|
||||
# Global Variables: $HOMESEARCH, $knw_usrs, $MACPEAS, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER
|
||||
# Global Variables: $HOMESEARCH, $knw_usrs, $MACPEAS, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $writeB, $writeVB
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Fat linpeas: 0
|
||||
@@ -16,12 +16,12 @@
|
||||
print_2title "Files with ACLs (limited to 50)"
|
||||
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#acls"
|
||||
if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
|
||||
( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$writeVB,${SED_RED_YELLOW},g" | sed -${E} "s,$writeB,${SED_RED},g"
|
||||
else
|
||||
( (getfacl -t -s -R -p $SEARCH_IN_FOLDER 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
|
||||
( (getfacl -t -s -R -p $SEARCH_IN_FOLDER 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$writeVB,${SED_RED_YELLOW},g" | sed -${E} "s,$writeB,${SED_RED},g"
|
||||
fi
|
||||
|
||||
if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl || echo -n '')" ]; then #Find ACL files in macos (veeeery slow)
|
||||
ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
|
||||
ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$writeVB,${SED_RED_YELLOW},g" | sed -${E} "s,$writeB,${SED_RED},g"
|
||||
fi
|
||||
echo ""
|
||||
echo ""
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
# Functions Used: echo_not_found, print_2title, print_info, print_3title
|
||||
# Global Variables: $capsB, $capsVB, $IAMROOT, $SEARCH_IN_FOLDER
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln
|
||||
# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln, $proc_status, $proc_pid, $proc_name, $proc_uid, $user_name, $proc_inh, $proc_prm, $proc_eff, $proc_bnd, $proc_amb, $proc_inh_dec, $proc_prm_dec, $proc_eff_dec, $proc_bnd_dec, $proc_amb_dec
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
@@ -69,6 +69,40 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
|
||||
fi
|
||||
done
|
||||
echo ""
|
||||
|
||||
print_3title "Processes with capability sets (non-zero CapEff/CapAmb, limit 40)"
|
||||
find /proc -maxdepth 2 -path "/proc/[0-9]*/status" 2>/dev/null | head -n 400 | while read -r proc_status; do
|
||||
proc_pid=$(echo "$proc_status" | cut -d/ -f3)
|
||||
proc_name=$(awk '/^Name:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
proc_uid=$(awk '/^Uid:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
user_name=$(awk -F: -v uid="$proc_uid" '$3==uid{print $1; exit}' /etc/passwd 2>/dev/null)
|
||||
[ -z "$user_name" ] && user_name="$proc_uid"
|
||||
|
||||
proc_inh=$(awk '/^CapInh:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
proc_prm=$(awk '/^CapPrm:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
proc_eff=$(awk '/^CapEff:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
proc_bnd=$(awk '/^CapBnd:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
proc_amb=$(awk '/^CapAmb:/{print $2}' "$proc_status" 2>/dev/null)
|
||||
|
||||
[ -z "$proc_eff" ] && continue
|
||||
if [ "$proc_eff" != "0000000000000000" ] || [ "$proc_amb" != "0000000000000000" ]; then
|
||||
echo "PID $proc_pid ($proc_name) user=$user_name"
|
||||
|
||||
proc_inh_dec=$(capsh --decode=0x"$proc_inh" 2>/dev/null)
|
||||
proc_prm_dec=$(capsh --decode=0x"$proc_prm" 2>/dev/null)
|
||||
proc_eff_dec=$(capsh --decode=0x"$proc_eff" 2>/dev/null)
|
||||
proc_bnd_dec=$(capsh --decode=0x"$proc_bnd" 2>/dev/null)
|
||||
proc_amb_dec=$(capsh --decode=0x"$proc_amb" 2>/dev/null)
|
||||
|
||||
echo " CapInh: $proc_inh_dec" | sed -${E} "s,$capsB,${SED_RED},g"
|
||||
echo " CapPrm: $proc_prm_dec" | sed -${E} "s,$capsB,${SED_RED},g"
|
||||
echo " CapEff: $proc_eff_dec" | sed -${E} "s,$capsB,${SED_RED_YELLOW},g"
|
||||
echo " CapBnd: $proc_bnd_dec" | sed -${E} "s,$capsB,${SED_RED},g"
|
||||
echo " CapAmb: $proc_amb_dec" | sed -${E} "s,$capsB,${SED_RED_YELLOW},g"
|
||||
echo ""
|
||||
fi
|
||||
done | head -n 240
|
||||
echo ""
|
||||
|
||||
else
|
||||
print_3title "Current shell capabilities"
|
||||
|
||||
@@ -6,19 +6,27 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: echo_not_found, print_2title, print_info
|
||||
# Global Variables: $DEBUG, $knw_usrs, $nosh_usrs, $sh_usrs, $USER
|
||||
# Global Variables: $capsB, $DEBUG, $knw_usrs, $nosh_usrs, $sh_usrs, $USER
|
||||
# Initial Functions:
|
||||
# Generated Global Variables:
|
||||
# Generated Global Variables: $pam_cap_lines
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 0
|
||||
|
||||
|
||||
if [ -f "/etc/security/capability.conf" ] || [ "$DEBUG" ]; then
|
||||
if [ -f "/etc/security/capability.conf" ] || [ "$DEBUG" ] || grep -Rqs "pam_cap\.so" /etc/pam.d /etc/pam.conf 2>/dev/null; then
|
||||
print_2title "Users with capabilities"
|
||||
print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities"
|
||||
if [ -f "/etc/security/capability.conf" ]; then
|
||||
grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
|
||||
grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$capsB,${SED_RED},g"
|
||||
else echo_not_found "/etc/security/capability.conf"
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
print_info "Checking if PAM loads pam_cap.so"
|
||||
pam_cap_lines=$(grep -RIn "pam_cap\.so" /etc/pam.d /etc/pam.conf 2>/dev/null)
|
||||
if [ "$pam_cap_lines" ]; then
|
||||
printf "%s\n" "$pam_cap_lines" | sed -${E} "s,pam_cap\\.so,${SED_RED_YELLOW},g"
|
||||
else
|
||||
echo_not_found "pam_cap.so in /etc/pam.d or /etc/pam.conf"
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
# License: GNU GPL
|
||||
# Version: 1.0
|
||||
# Functions Used: print_2title, print_info
|
||||
# Global Variables: $IAMROOT, $ITALIC, $SEARCH_IN_FOLDER, $USER, $Wfolders, $wgroups
|
||||
# Global Variables: $IAMROOT, $ITALIC, $SEARCH_IN_FOLDER, $USER, $Wfolders, $ldsoconfdG, $wgroups
|
||||
# Initial Functions:
|
||||
# Generated Global Variables: $ini_path, $fpath
|
||||
# Fat linpeas: 0
|
||||
@@ -26,40 +26,53 @@ if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$IAMROOT" ]; then
|
||||
echo "Content of /etc/ld.so.conf:"
|
||||
cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
|
||||
|
||||
# Check each configured folder
|
||||
cat /etc/ld.so.conf 2>/dev/null | while read l; do
|
||||
if echo "$l" | grep -q include; then
|
||||
# Check each configured folder and include directives
|
||||
cat /etc/ld.so.conf 2>/dev/null | while IFS= read -r l; do
|
||||
l=$(echo "$l" | sed 's/#.*$//' | xargs 2>/dev/null)
|
||||
[ -z "$l" ] && continue
|
||||
|
||||
if echo "$l" | grep -qE '^include[[:space:]]+'; then
|
||||
ini_path=$(echo "$l" | cut -d " " -f 2)
|
||||
fpath=$(dirname "$ini_path")
|
||||
|
||||
if [ -d "/etc/ld.so.conf" ] && [ -w "$fpath" ]; then
|
||||
echo "You have write privileges over $fpath" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
if [ -d "$fpath" ] && [ -w "$fpath" ]; then
|
||||
echo "You have write privileges over $fpath" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
printf $RED_YELLOW$ITALIC"$fpath\n"$NC;
|
||||
else
|
||||
printf $GREEN$ITALIC"$fpath\n"$NC;
|
||||
fi
|
||||
|
||||
if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then
|
||||
echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
if [ "$(find "$fpath" -type f '(' '(' -user "$USER" ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then
|
||||
echo "You have write privileges over $(find "$fpath" -type f '(' '(' -user "$USER" ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
fi
|
||||
|
||||
for f in $fpath/*; do
|
||||
if [ -w "$f" ]; then
|
||||
echo "You have write privileges over $f" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
for f in $ini_path; do
|
||||
[ -f "$f" ] || continue
|
||||
|
||||
if [ -w "$f" ]; then
|
||||
echo "You have write privileges over $f" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
printf $RED_YELLOW$ITALIC"$f\n"$NC;
|
||||
else
|
||||
printf $GREEN$ITALIC" $f\n"$NC;
|
||||
fi
|
||||
|
||||
cat "$f" | grep -v "^#" | while read l2; do
|
||||
if [ -f "$l2" ] && [ -w "$l2" ]; then
|
||||
echo "You have write privileges over $l2" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
cat "$f" 2>/dev/null | grep -v "^#" | while IFS= read -r l2; do
|
||||
l2=$(echo "$l2" | xargs 2>/dev/null)
|
||||
[ -z "$l2" ] && continue
|
||||
|
||||
if [ -d "$l2" ] && [ -w "$l2" ]; then
|
||||
echo "You have write privileges over $l2" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
printf $RED_YELLOW$ITALIC" - $l2\n"$NC;
|
||||
else
|
||||
echo $ITALIC" - $l2"$NC | sed -${E} "s,$l2,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
|
||||
elif [ -d "$l2" ]; then
|
||||
echo $ITALIC" - $l2"$NC | sed -${E} "s,$ldsoconfdG,${SED_GREEN},g" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
|
||||
fi
|
||||
done
|
||||
done
|
||||
elif [ -d "$l" ] && [ -w "$l" ]; then
|
||||
echo "You have write privileges over $l" | sed -${E} "s,.*,${SED_RED_YELLOW},";
|
||||
printf $RED_YELLOW$ITALIC"$l\n"$NC;
|
||||
else
|
||||
echo $ITALIC"$l"$NC | sed -${E} "s,$ldsoconfdG,${SED_GREEN},g" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
|
||||
fi
|
||||
done
|
||||
echo ""
|
||||
@@ -75,4 +88,4 @@ if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$IAMROOT" ]; then
|
||||
if [ -f "$l" ] && [ -w "$l" ]; then echo "You have write privileges over $l" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
|
||||
done
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -217,7 +217,7 @@ print_title(){
|
||||
max_title_len=80
|
||||
rest_len=$((($max_title_len - $title_len) / 2))
|
||||
|
||||
printf ${BLUE}
|
||||
printf "%s" "${BLUE}"
|
||||
for i in $(seq 1 $rest_len); do printf " "; done
|
||||
printf "╔"
|
||||
for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
|
||||
@@ -231,13 +231,13 @@ print_title(){
|
||||
|
||||
echo ""
|
||||
|
||||
printf ${BLUE}
|
||||
printf "%s" "${BLUE}"
|
||||
for i in $(seq 1 $rest_len); do printf " "; done
|
||||
printf "╚"
|
||||
for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
|
||||
printf "╝"
|
||||
|
||||
printf $NC
|
||||
printf "%s" "${NC}"
|
||||
echo ""
|
||||
}
|
||||
|
||||
|
||||
@@ -13,4 +13,4 @@
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
capsB="=ep|cap_chown|cap_former|cap_setfcap|cap_dac_override|cap_dac_read_search|cap_setuid|cap_setgid|cap_kill|cap_net_bind_service|cap_net_raw|cap_net_admin|cap_sys_admin|cap_sys_ptrace|cap_sys_module"
|
||||
capsB="=ep|cap_chown|cap_fowner|cap_fsetid|cap_setpcap|cap_setfcap|cap_dac_override|cap_dac_read_search|cap_setuid|cap_setgid|cap_kill|cap_net_bind_service|cap_net_raw|cap_net_admin|cap_sys_admin|cap_sys_ptrace|cap_sys_module|cap_sys_rawio|cap_bpf|cap_perfmon"
|
||||
|
||||
@@ -18,7 +18,9 @@ cap_sys_ptrace:python \
|
||||
cap_sys_module:kmod|python \
|
||||
cap_dac_override:python|vim \
|
||||
cap_chown:chown|python \
|
||||
cap_former:chown|python \
|
||||
cap_fowner:chown|python \
|
||||
cap_setfcap:python|perl|ruby|php|node|lua|bash \
|
||||
cap_setpcap:python|perl|ruby|php|node|lua|bash \
|
||||
cap_setuid:peass{CAP_SETUID_HERE} \
|
||||
cap_setgid:peass{CAP_SETGID_HERE} \
|
||||
cap_net_raw:python|tcpdump"
|
||||
cap_net_raw:python|tcpdump|dumpcap|tcpflow"
|
||||
|
||||
@@ -24,4 +24,4 @@ pwd_in_variables7="MAILGUN_APIKEY|MAILGUN_API_KEY|MAILGUN_DOMAIN|MAILGUN_PRIV_KE
|
||||
pwd_in_variables8="OKTA_OAUTH2_ISSUER|OMISE_KEY|OMISE_PKEY|OMISE_PUBKEY|OMISE_SKEY|ONESIGNAL_API_KEY|ONESIGNAL_USER_AUTH_KEY|OPENWHISK_KEY|OPEN_WHISK_KEY|OSSRH_PASS|OSSRH_SECRET|OSSRH_USER|OS_AUTH_URL|OS_PROJECT_NAME|OS_TENANT_ID|OS_TENANT_NAME|PAGERDUTY_APIKEY|PAGERDUTY_ESCALATION_POLICY_ID|PAGERDUTY_FROM_USER|PAGERDUTY_PRIORITY_ID|PAGERDUTY_SERVICE_ID|PANTHEON_SITE|PARSE_APP_ID|PARSE_JS_KEY|PAYPAL_CLIENT_ID|PAYPAL_CLIENT_SECRET|PERCY_TOKEN|PERSONAL_KEY|PERSONAL_SECRET|PG_DATABASE|PG_HOST|PLACES_APIKEY|PLACES_API_KEY|PLACES_APPID|PLACES_APPLICATION_ID|PLOTLY_APIKEY|POSTGRESQL_DB|POSTGRESQL_PASS|POSTGRES_ENV_POSTGRES_DB|POSTGRES_ENV_POSTGRES_USER|POSTGRES_PORT|PREBUILD_AUTH|PROD.ACCESS.KEY.ID|PROD.SECRET.KEY|PROD_BASE_URL_RUNSCOPE|PROJECT_CONFIG|PUBLISH_KEY|PUBLISH_SECRET|PUSHOVER_TOKEN|PUSHOVER_USER|PYPI_PASSOWRD|QUIP_TOKEN|RABBITMQ_SERVER_ADDR|REDISCLOUD_URL|REDIS_STUNNEL_URLS|REFRESH_TOKEN|RELEASE_GH_TOKEN|RELEASE_TOKEN|remoteUserToShareTravis|REPORTING_WEBDAV_URL|REPORTING_WEBDAV_USER|repoToken|REST_API_KEY|RINKEBY_PRIVATE_KEY|ROPSTEN_PRIVATE_KEY|route53_access_key_id|RTD_KEY_PASS|RTD_STORE_PASS|RUBYGEMS_AUTH_TOKEN|s3_access_key|S3_ACCESS_KEY_ID|S3_BUCKET_NAME_APP_LOGS|S3_BUCKET_NAME_ASSETS|S3_KEY"
|
||||
pwd_in_variables9="S3_KEY_APP_LOGS|S3_KEY_ASSETS|S3_PHOTO_BUCKET|S3_SECRET_APP_LOGS|S3_SECRET_ASSETS|S3_SECRET_KEY|S3_USER_ID|S3_USER_SECRET|SACLOUD_ACCESS_TOKEN|SACLOUD_ACCESS_TOKEN_SECRET|SACLOUD_API|SALESFORCE_BULK_TEST_SECURITY_TOKEN|SANDBOX_ACCESS_TOKEN|SANDBOX_AWS_ACCESS_KEY_ID|SANDBOX_AWS_SECRET_ACCESS_KEY|SANDBOX_LOCATION_ID|SAUCE_ACCESS_KEY|SECRETACCESSKEY|SECRETKEY|SECRET_0|SECRET_10|SECRET_11|SECRET_1|SECRET_2|SECRET_3|SECRET_4|SECRET_5|SECRET_6|SECRET_7|SECRET_8|SECRET_9|SECRET_KEY_BASE|SEGMENT_API_KEY|SELION_SELENIUM_SAUCELAB_GRID_CONFIG_FILE|SELION_SELENIUM_USE_SAUCELAB_GRID|SENDGRID|SENDGRID_API_KEY|SENDGRID_FROM_ADDRESS|SENDGRID_KEY|SENDGRID_USER|SENDWITHUS_KEY|SENTRY_AUTH_TOKEN|SERVICE_ACCOUNT_SECRET|SES_ACCESS_KEY|SES_SECRET_KEY|setDstAccessKey|setDstSecretKey|setSecretKey|SIGNING_KEY|SIGNING_KEY_SECRET|SIGNING_KEY_SID|SNOOWRAP_CLIENT_SECRET|SNOOWRAP_REDIRECT_URI|SNOOWRAP_REFRESH_TOKEN|SNOOWRAP_USER_AGENT|SNYK_API_TOKEN|SNYK_ORG_ID|SNYK_TOKEN|SOCRATA_APP_TOKEN|SOCRATA_USER|SONAR_ORGANIZATION_KEY|SONAR_PROJECT_KEY|SONAR_TOKEN|SONATYPE_GPG_KEY_NAME|SONATYPE_GPG_PASSPHRASE|SONATYPE_PASSSONATYPE_TOKEN_USER|SONATYPE_USER|SOUNDCLOUD_CLIENT_ID|SOUNDCLOUD_CLIENT_SECRET|SPACES_ACCESS_KEY_ID|SPACES_SECRET_ACCESS_KEY"
|
||||
pwd_in_variables10="SPA_CLIENT_ID|SPOTIFY_API_ACCESS_TOKEN|SPOTIFY_API_CLIENT_ID|SPOTIFY_API_CLIENT_SECRET|sqsAccessKey|sqsSecretKey|SRCCLR_API_TOKEN|SSHPASS|SSMTP_CONFIG|STARSHIP_ACCOUNT_SID|STARSHIP_AUTH_TOKEN|STAR_TEST_AWS_ACCESS_KEY_ID|STAR_TEST_BUCKET|STAR_TEST_LOCATION|STAR_TEST_SECRET_ACCESS_KEY|STORMPATH_API_KEY_ID|STORMPATH_API_KEY_SECRET|STRIPE_PRIVATE|STRIPE_PUBLIC|STRIP_PUBLISHABLE_KEY|STRIP_SECRET_KEY|SURGE_LOGIN|SURGE_TOKEN|SVN_PASS|SVN_USER|TESCO_API_KEY|THERA_OSS_ACCESS_ID|THERA_OSS_ACCESS_KEY|TRAVIS_ACCESS_TOKEN|TRAVIS_API_TOKEN|TRAVIS_COM_TOKEN|TRAVIS_E2E_TOKEN|TRAVIS_GH_TOKEN|TRAVIS_PULL_REQUEST|TRAVIS_SECURE_ENV_VARS|TRAVIS_TOKEN|TREX_CLIENT_ORGURL|TREX_CLIENT_TOKEN|TREX_OKTA_CLIENT_ORGURL|TREX_OKTA_CLIENT_TOKEN|TWILIO_ACCOUNT_ID|TWILIO_ACCOUNT_SID|TWILIO_API_KEY|TWILIO_API_SECRET|TWILIO_CHAT_ACCOUNT_API_SERVICE|TWILIO_CONFIGURATION_SID|TWILIO_SID|TWILIO_TOKEN|TWITTEROAUTHACCESSSECRET|TWITTEROAUTHACCESSTOKEN|TWITTER_CONSUMER_KEY|TWITTER_CONSUMER_SECRET|UNITY_SERIAL|URBAN_KEY|URBAN_MASTER_SECRET|URBAN_SECRET|userTravis|USER_ASSETS_ACCESS_KEY_ID|USER_ASSETS_SECRET_ACCESS_KEY|VAULT_APPROLE_SECRET_ID|VAULT_PATH|VIP_GITHUB_BUILD_REPO_DEPLOY_KEY|VIP_GITHUB_DEPLOY_KEY|VIP_GITHUB_DEPLOY_KEY_PASS"
|
||||
pwd_in_variables11="VIRUSTOTAL_APIKEY|VISUAL_RECOGNITION_API_KEY|V_SFDC_CLIENT_ID|V_SFDC_CLIENT_SECRET|WAKATIME_API_KEY|WAKATIME_PROJECT|WATSON_CLIENT|WATSON_CONVERSATION_WORKSPACE|WATSON_DEVICE|WATSON_DEVICE_TOPIC|WATSON_TEAM_ID|WATSON_TOPIC|WIDGET_BASIC_USER_2|WIDGET_BASIC_USER_3|WIDGET_BASIC_USER_4|WIDGET_BASIC_USER_5|WIDGET_FB_USER|WIDGET_FB_USER_2|WIDGET_FB_USER_3|WIDGET_TEST_SERVERWORDPRESS_DB_USER|WORKSPACE_ID|WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY|WPT_DB_HOST|WPT_DB_NAME|WPT_DB_USER|WPT_PREPARE_DIR|WPT_REPORT_API_KEY|WPT_SSH_CONNECT|WPT_SSH_PRIVATE_KEY_BASE64|YANGSHUN_GH_TOKEN|YT_ACCOUNT_CHANNEL_ID|YT_ACCOUNT_CLIENT_ID|YT_ACCOUNT_CLIENT_SECRET|YT_ACCOUNT_REFRESH_TOKEN|YT_API_KEY|YT_CLIENT_ID|YT_CLIENT_SECRET|YT_PARTNER_CHANNEL_ID|YT_PARTNER_CLIENT_ID|YT_PARTNER_CLIENT_SECRET|YT_PARTNER_ID|YT_PARTNER_REFRESH_TOKEN|YT_SERVER_API_KEY|ZHULIANG_GH_TOKEN|ZOPIM_ACCOUNT_KEY"
|
||||
pwd_in_variables11="VIRUSTOTAL_APIKEY|VISUAL_RECOGNITION_API_KEY|V_SFDC_CLIENT_ID|V_SFDC_CLIENT_SECRET|WAKATIME_API_KEY|WAKATIME_PROJECT|WATSON_CLIENT|WATSON_CONVERSATION_WORKSPACE|WATSON_DEVICE|WATSON_DEVICE_TOPIC|WATSON_TEAM_ID|WATSON_TOPIC|WIDGET_BASIC_USER_2|WIDGET_BASIC_USER_3|WIDGET_BASIC_USER_4|WIDGET_BASIC_USER_5|WIDGET_FB_USER|WIDGET_FB_USER_2|WIDGET_FB_USER_3|WIDGET_TEST_SERVERWORDPRESS_DB_USER|WORKSPACE_ID|WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY|WPT_DB_HOST|WPT_DB_NAME|WPT_DB_USER|WPT_PREPARE_DIR|WPT_REPORT_API_KEY|WPT_SSH_CONNECT|WPT_SSH_PRIVATE_KEY_BASE64|YANGSHUN_GH_TOKEN|YT_ACCOUNT_CHANNEL_ID|YT_ACCOUNT_CLIENT_ID|YT_ACCOUNT_CLIENT_SECRET|YT_ACCOUNT_REFRESH_TOKEN|YT_API_KEY|YT_CLIENT_ID|YT_CLIENT_SECRET|YT_PARTNER_CHANNEL_ID|YT_PARTNER_CLIENT_ID|YT_PARTNER_CLIENT_SECRET|YT_PARTNER_ID|YT_PARTNER_REFRESH_TOKEN|YT_SERVER_API_KEY|ZHULIANG_GH_TOKEN|ZOPIM_ACCOUNT_KEY|USERNAME|PASSWORD|PASSWD|CREDENTIALS?"
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# Fat linpeas: 0
|
||||
# Small linpeas: 1
|
||||
|
||||
sudoB="$(whoami)|ALL:ALL|ALL : ALL|ALL|env_keep|NOPASSWD|SETENV|/apache2|/cryptsetup|/mount|/restic|--password-command|--password-file|-o ProxyCommand|-o PreferredAuthentications"
|
||||
sudoB="$(whoami)|ALL:ALL|ALL : ALL|ALL|env_keep|NOPASSWD|SETENV|/apache2|/cryptsetup|/mount|/restic|/usermod|/sbin/ldconfig|/usr/sbin/ldconfig|ldconfig -f|--password-command|--password-file|-o ProxyCommand|-o PreferredAuthentications"
|
||||
|
||||
@@ -13,4 +13,4 @@
|
||||
# Small linpeas: 1
|
||||
|
||||
|
||||
writeVB="/etc/anacrontab|/etc/apt/apt.conf.d|/etc/bash.bashrc|/etc/bash_completion|/etc/bash_completion.d/|/etc/cron|/etc/environment|/etc/environment.d/|/etc/group|/etc/incron.d/|/etc/init|/etc/ld.so.conf.d/|/etc/master.passwd|/etc/passwd|/etc/profile.d/|/etc/profile|/etc/rc.d|/etc/shadow|/etc/skey/|/etc/sudoers|/etc/sudoers.d/|/etc/supervisor/conf.d/|/etc/supervisor/supervisord.conf|/etc/systemd|/etc/sys|/lib/systemd|/etc/update-motd.d/|/root/.ssh/|/run/systemd|/usr/lib/cron/tabs/|/usr/lib/systemd|/systemd/system|/var/db/yubikey/|/var/spool/anacron|/var/spool/cron/crontabs|"$(echo $PATH 2>/dev/null | sed 's/:\.:/:/g' | sed 's/:\.$//g' | sed 's/^\.://g' | sed 's/:/$|^/g') #Add Path but remove simple dot in PATH
|
||||
writeVB="/etc/anacrontab|/etc/apt/apt.conf.d|/etc/bash.bashrc|/etc/bash_completion|/etc/bash_completion.d/|/etc/cron|/etc/environment|/etc/environment.d/|/etc/group|/etc/incron.d/|/etc/init|/etc/ld.so.conf.d/|/etc/ld.so.preload|/etc/master.passwd|/etc/passwd|/etc/profile.d/|/etc/profile|/etc/rc.d|/etc/shadow|/etc/skey/|/etc/sudoers|/etc/sudoers.d/|/etc/supervisor/conf.d/|/etc/supervisor/supervisord.conf|/etc/systemd|/etc/sys|/lib/systemd|/etc/update-motd.d/|/root/.ssh/|/run/systemd|/usr/lib/cron/tabs/|/usr/lib/systemd|/systemd/system|/var/db/yubikey/|/var/spool/anacron|/var/spool/cron/crontabs|"$(echo $PATH 2>/dev/null | sed 's/:\.:/:/g' | sed 's/:\.$//g' | sed 's/^\.://g' | sed 's/:/$|^/g') #Add Path but remove simple dot in PATH
|
||||
|
||||
Reference in New Issue
Block a user