Update sensitive_files.yaml

Update CI-master_tests.yml

.github/workflows/CI-master_tests.yml

@@ -1,7 +1,7 @@
 name: CI-master_test
 
 on:
-  pull_request:
+  push:
     branches:
       - master
   
@@ -26,6 +26,10 @@ jobs:
         uses: actions/checkout@master
         with:
           ref: ${{ github.head_ref }}
+      
+      - name: Download regexes
+        run: |
+          powershell.exe -ExecutionPolicy Bypass -File build_lists/download_regexes.ps1
             
       # Add  MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
       - name: Setup MSBuild.exe
@@ -408,6 +412,10 @@ jobs:
       id: date
       run: echo "::set-output name=date::$(date +'%Y%m%d')"
     
+    - name: Generate random
+      id: random_n
+      run: echo "::set-output name=some_rand::$(openssl rand -hex 4)"
+    
     # Create the release
     - name: Create Release
       id: create_release
@@ -415,8 +423,8 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        tag_name: ${{steps.date.outputs.date}}
-        release_name: Release ${{ github.ref }}2 ${{steps.date.outputs.date}}
+        tag_name: ${{steps.date.outputs.date}}-${{steps.random_n.outputs.some_rand}}
+        release_name: Release ${{ github.ref }} ${{steps.date.outputs.date}}-${{steps.random_n.outputs.some_rand}}
         draft: false
         prerelease: false
         

.gitignore

@@ -27,4 +27,6 @@ linPEAS/linpeas.sh
 sh2bin
 sh2bin/*
 .dccache
-./*/.dccache
+./*/.dccache
+regexes.yaml
+build_lists/regexes.yaml

build_lists/download_regexes.ps1

@@ -0,0 +1,5 @@
+$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
+$filePath = Join-Path $scriptDir "regexes.yaml"
+$url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
+
+Invoke-WebRequest $url -OutFile $filePath

build_lists/download_regexes.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import os
+import requests
+from pathlib import Path
+
+
+def download_regexes():
+    print("[+] Downloading regexes...")
+    url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
+    response = requests.get(url)
+    if response.status_code == 200:
+        # Save the content of the response to a file
+        script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
+        target_file = script_folder / 'regexes.yaml'
+
+        with open(target_file, "w") as file:
+            file.write(response.text)
+        print(f"Downloaded and saved in '{target_file}' successfully!")
+    else:
+        print("Error: Unable to download the regexes file.")
+        exit(1)
+
+download_regexes()

build_lists/regexes.yaml

@@ -1,204 +1,2 @@
-paths:
-  - $HOMESEARCH 
-  - /etc 
-  - /opt 
-  - /tmp 
-  - /private
-  - /Applications
-  - /var/www
-  - /var/log
-  - /private/var/log
-  - /usr/local/www/ 
-  - $backup_folders_row
-
-
-regular_expresions:
-  # Hashes passwords
-  - name: Hashed Passwords
-    regexes:
-    - name: Apr1 MD5
-      regex: '\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
-    
-    - name: Apache SHA
-      regex: '\{SHA\}[0-9a-zA-Z/_=]{10,}'
-
-    - name: Blowfish
-      regex: '\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*'
-
-    - name: Drupal
-      regex: '\$S\$[a-zA-Z0-9_/\.]{52}'
-    
-    - name: Joomlavbulletin
-      regex: '[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}'
-
-    - name: Linux MD5
-      regex: '\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
-    
-    - name: phpbb3
-      regex: '\$H\$[a-zA-Z0-9_/\.]{31}'
-
-    - name: sha512crypt
-      regex: '\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}'
-    
-    - name: Wordpress
-      regex: '\$P\$[a-zA-Z0-9_/\.]{31}'
-  
-
-  # Raw Hashes
-  - name: Raw Hashes
-    regexes:
-    #- name: md5 #Too many false positives
-    #  regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)'
-    
-    #- name: sha1 #Too many false positives
-    #  regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)'
-
-    #- name: sha256 #Too many false positives
-    #  regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)'
-    
-    - name: sha512
-      regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)'
-
-  # APIs
-  # https://github.com/l4yton/RegHex/blob/master/README.md
-  - name: APIs
-    regexes:
-    #- name: Artifactory API Token # False +
-    #  regex: 'AKC[a-zA-Z0-9]{10,}' # False +
-    
-    #- name: Artifactory Password
-    #  regex: 'AP[\dABCDEF][a-zA-Z0-9]{8,}'
-    
-    #- name: Authorization Basic # Too many false positives
-    #  regex: 'basic [a-zA-Z0-9_:\.=\-]+'
-    
-    #- name: Authorization Bearer # Too many false positives
-    #  regex: 'bearer [a-zA-Z0-9_\.=\-]+'
-    
-    - name: AWS Client ID
-      regex: '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
-      extra_grep: '-Ev ":#|:<\!\-\-"'
-    
-    - name: AWS MWS Key
-      regex: 'amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
-
-    - name: AWS Secret Key
-      regex: aws(.{0,20})?['"][0-9a-zA-Z\/+]{40}['"]
-    
-    #- name: Base32 #Too many false positives
-    #  regex: '(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?'
-    
-    #- name: Base64 #Too many false positives
-    #  regex: '(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[a-zA-Z0-9+/]+={0,2}'
-    
-    - name: Basic Auth Credentials
-      regex: '://[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z]+'
-    
-    - name: Cloudinary Basic Auth
-      regex: 'cloudinary://[0-9]{15}:[0-9A-Za-z]+@[a-z]+'
-
-    - name: Facebook Access Token
-      regex: 'EAACEdEose0cBA[0-9A-Za-z]+'
-
-    - name: Facebook Client ID
-      regex: ([fF][aA][cC][eE][bB][oO][oO][kK]|[fF][bB])(.{0,20})?['"][0-9]{13,17}
-    
-    - name: Facebook Oauth
-      regex: >
-        [fF][aA][cC][eE][bB][oO][oO][kK].*['|"][0-9a-f]{32}['|"]
-    
-    - name: Facebook Secret Key
-      regex: > 
-        ([fF][aA][cC][eE][bB][oO][oO][kK]|[fF][bB])(.{0,20})?['"][0-9a-f]{32}
-
-    - name: Github
-      regex: >
-        github(.{0,20})?['"][0-9a-zA-Z]{35,40}
-
-    - name: Google API Key
-      regex: 'AIza[0-9A-Za-z_\-]{35}'
-    
-    - name: Google Cloud Platform API Key
-      regex: >
-        (google|gcp|youtube|drive|yt)(.{0,20})?['"][AIza[0-9a-z_\-]{35}]['"]
-    
-    - name: Google Drive Oauth
-      regex: '[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com'
-    
-    - name: Google Oauth Access Token
-      regex: 'ya29\.[0-9A-Za-z_\-]+'
-    
-    - name: Heroku API Key
-      regex: '[hH][eE][rR][oO][kK][uU].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}'
-
-    - name: LinkedIn Client ID
-      regex: >
-        linkedin(.{0,20})?['"][0-9a-z]{12}['"]
-
-    - name: LinkedIn Secret Key
-      regex: >
-        linkedin(.{0,20})?['"][0-9a-z]{16}['"]
-    
-    - name: Mailchamp API Key
-      regex: '[0-9a-f]{32}-us[0-9]{1,2}'
-    
-    - name: Mailgun API Key
-      regex: 'key-[0-9a-zA-Z]{32}'
-
-    - name: Picatic API Key
-      regex: 'sk_live_[0-9a-z]{32}'
-
-    - name: Slack Token
-      regex: 'xox[baprs]-([0-9a-zA-Z]{10,48})?'
-
-    #- name: Slack Webhook #Not interesting
-    #  regex: 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{10}/B[a-zA-Z0-9_]{10}/[a-zA-Z0-9_]{24}'
-
-    - name: Stripe API Key
-      regex: 'k_live_[0-9a-zA-Z]{24}'
-
-    - name: Square Access Token
-      regex: 'sqOatp-[0-9A-Za-z_\-]{22}'
-
-    - name: Square Oauth Secret
-      regex: 'sq0csp-[ 0-9A-Za-z_\-]{43}'
-
-    - name: Twilio API Key
-      regex: 'SK[0-9a-fA-F]{32}'
-
-    - name: Twitter Client ID
-      regex: >
-        [tT][wW][iI][tT][tT][eE][rR](.{0,20})?['"][0-9a-z]{18,25}
-
-    - name: Twitter Oauth
-      regex: >
-        [tT][wW][iI][tT][tT][eE][rR].{0,30}['"\\s][0-9a-zA-Z]{35,44}['"\\s]
-
-    - name: Twitter Secret Key
-      regex: >
-        [tT][wW][iI][tT][tT][eE][rR](.{0,20})?['"][0-9a-z]{35,44}
-
-    #- name: Vault Token #False +
-    #  regex: '[sb]\.[a-zA-Z0-9]{24}'
-
-  
-  # Misc
-  - name: Misc
-    regexes:
-    - name: Basic Auth
-      regex: '//(.+):(.+)@'
-
-    - name: Passwords1
-      regex: (pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)
-    
-    #- name: Passwords2
-    #  regex: 'passwd|creden|pwd'
-    
-    - name: Usernames
-      regex: 'username.*[=:].+'
-
-    #- name: IPs
-    #  regex: '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
-    
-    #- name: Emails # Too many false positives
-    #  regex: '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}'
+This is a placeholder.
+To fill this yaml execute one of the scripts download_regexes.py or download_regexes.ps1

build_lists/sensitive_files.yaml

@@ -1691,6 +1691,19 @@ search:
                 type: f
                 search_in: 
                   - common
+  - name: SIP
+    value:
+        config:
+          auto_check: True
+    
+        files:
+          - name: "sip.conf"
+            value: 
+                bad_regex: "secret.*"
+                remove_empty_lines: True
+                type: f
+                search_in: 
+                  - common
   
   - name: GMV Auth
     value:

linPEAS/builder/linpeas_parts/10_api_keys_regex.sh

@@ -37,6 +37,7 @@ search_for_regex(){
         timeout 120 find /tmp /srv /Applications -type f -not -path "*/node_modules/*" -exec grep -HnRIE$i "$regex" '{}' \; 2>/dev/null  | sed '/^.\{150\}./d' | sort | uniq | head -n 50 &
     fi
     wait
+    printf "\033[2K\r"
 }
 
 

linPEAS/builder/linpeas_parts/1_system_information.sh

@@ -161,6 +161,10 @@ else
     echo_not_found "AppArmor"
 fi
 
+#-- SY) AppArmor2
+print_list "AppArmor profile? .............. "$NC
+(cat /proc/self/attr/current 2>/dev/null || echo "unconfined") | sed "s,unconfined,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
+
 #-- SY) LinuxONE
 print_list "is linuxONE? ................... "$NC
 ( (uname -a | grep "s390x" >/dev/null 2>&1) && echo "Yes" || echo_not_found "s390x")
@@ -185,10 +189,6 @@ print_list "SELinux enabled? ............... "$NC
 print_list "Seccomp enabled? ............... "$NC
 ([ "$(grep Seccomp /proc/self/status 2>/dev/null | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
 
-#-- SY) AppArmor
-print_list "AppArmor profile? .............. "$NC
-(cat /proc/self/attr/current 2>/dev/null || echo "unconfined") | sed "s,unconfined,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
-
 #-- SY) AppArmor
 print_list "User namespace? ................ "$NC
 if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then echo "enabled" | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi

linPEAS/builder/linpeas_parts/2_container.sh

@@ -149,6 +149,16 @@ checkCreateReleaseAgent(){
 }
 
 checkProcSysBreakouts(){
+  dev_mounted="No"
+  if [ $(ls -l /dev | grep -E "^c" | wc -l) -gt 50 ]; then
+    dev_mounted="Yes";
+  fi
+
+  proc_mounted="No"
+  if [ $(ls /proc | grep -E "^[0-9]" | wc -l) -gt 50 ]; then
+    proc_mounted="Yes";
+  fi
+
   run_unshare=$(unshare -UrmC bash -c 'echo -n Yes' 2>/dev/null)
   if ! [ "$run_unshare" = "Yes" ]; then
     run_unshare="No"
@@ -208,7 +218,7 @@ checkProcSysBreakouts(){
 ##############################################
 containerCheck
 
-print_2title "Container related tools present"
+print_2title "Container related tools present (if any):"
 command -v docker 
 command -v lxc 
 command -v rkt 
@@ -216,8 +226,10 @@ command -v kubectl
 command -v podman
 command -v runc
 
-print_2title "Am I Containered?"
-execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
+  print_2title "Am I Containered?"
+  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+fi
 
 print_2title "Container details"
 print_list "Is this a container? ...........$NC $containerType"
@@ -250,7 +262,7 @@ if echo "$containerType" | grep -qi "docker"; then
     print_2title "Docker Container details"
     inDockerGroup
     print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "Looking and enumerating Docker Sockets\n"$NC
+    print_list "Looking and enumerating Docker Sockets (if any):\n"$NC
     enumerateDockerSockets
     print_list "Docker version .................$NC$dockerVersion"
     checkDockerVersionExploits
@@ -258,7 +270,7 @@ if echo "$containerType" | grep -qi "docker"; then
     print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     if [ "$inContainer" ]; then
         checkDockerRootless
-        print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
+        print_list "Rootless Docker? ............... $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
         echo ""
     fi
     if df -h | grep docker; then
@@ -310,34 +322,35 @@ if [ "$inContainer" ]; then
     print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/sensitive-mounts"
     
     checkProcSysBreakouts
+    print_list "/proc mounted? ................. $proc_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "/dev mounted? .................. $dev_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "Run ushare ..................... $run_unshare\n" | sed -${E} "s,Yes,${SED_RED},"
     print_list "release_agent breakout 1........ $release_agent_breakout1\n" | sed -${E} "s,Yes,${SED_RED},"
     print_list "release_agent breakout 2........ $release_agent_breakout2\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "binfmt_misc breakout ........... $binfmt_misc_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "uevent_helper breakout ......... $uevent_helper_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
     print_list "is modprobe present ............ $modprobe_present\n" | sed -${E} "s,/.*,${SED_RED},"
-    print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "DoS via sysreq_trigger_dos ..... $sysreq_trigger_dos\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/proc/config.gz readable ....... $proc_configgz_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/proc/sched_debug readable ..... $sched_debug_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/proc/*/mountinfo readable ..... $mountinfo_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/sys/kernel/security present ... $security_present\n" | sed -${E} "s,/Yes,${SED_RED},"
-    print_list "/sys/kernel/security writable .. $security_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
+    print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "DoS via sysreq_trigger_dos ..... $sysreq_trigger_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/config.gz readable ....... $proc_configgz_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/sched_debug readable ..... $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/*/mountinfo readable ..... $mountinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/sys/kernel/security present ... $security_present\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/sys/kernel/security writable .. $security_writable\n" | sed -${E} "s,Yes,${SED_RED},"
     if [ "$EXTRA_CHECKS" ]; then
-      print_list "/proc/kmsg readable ............ $kmsg_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kallsyms readable ........ $kallsyms_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/self/mem readable ........ $sched_debug_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kcore readable ........... $kcore_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kmem readable ............ $kmem_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/kmem writable ............ $kmem_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/mem readable ............. $mem_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/proc/mem writable ............. $mem_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/sys/kernel/vmcoreinfo readable  $vmcoreinfo_readable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/sys/firmware/efi/vars writable  $efi_vars_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
-      print_list "/sys/firmware/efi/efivars writable $efi_efivars_writable\n" | sed -${E} "s,/Yes,${SED_RED},"
+      print_list "/proc/kmsg readable ............ $kmsg_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kallsyms readable ........ $kallsyms_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/self/mem readable ........ $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kcore readable ........... $kcore_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kmem readable ............ $kmem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kmem writable ............ $kmem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/mem readable ............. $mem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/mem writable ............. $mem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/kernel/vmcoreinfo readable  $vmcoreinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/firmware/efi/vars writable  $efi_vars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/firmware/efi/efivars writable $efi_efivars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
     fi
     
     echo ""
@@ -377,7 +390,8 @@ if [ "$inContainer" ]; then
     if [ "$(command -v capsh)" ]; then 
       capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g"
     else
-      cat /proc/self/status | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
+      defautl_docker_caps="00000000a80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap"
+      cat /proc/self/status | tr '\t' ' ' | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s/00000000a80425fb/$defautl_docker_caps/g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
       echo $ITALIC"Run capsh --decode=<hex> to decode the capabilities"$NC
     fi
     echo ""

linPEAS/builder/linpeas_parts/6_users_information.sh

@@ -95,9 +95,9 @@ if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then
     echo "Current user has .sudo_as_admin_successful file, so he can execute with sudo" | sed -${E} "s,.*,${SED_RED},";
   fi
 
-  if ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -qE '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'; then
-    echo "Current user has other interactive shells running" | sed -${E} "s,.*,${SED_RED},g";
-    ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
+  if ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -qE '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'; then
+    echo "Current user has other interactive shells running: " | sed -${E} "s,.*,${SED_RED},g";
+    ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
   fi
 
 else 

linPEAS/builder/linpeas_parts/linpeas_base.sh

@@ -527,7 +527,7 @@ STRINGS="$(command -v strings 2>/dev/null)"
 LDD="$(command -v ldd 2>/dev/null)"
 READELF="$(command -v readelf 2>/dev/null)"
 
-shscripsG="/0trace.sh|/alsa-info.sh|amuFormat.sh|/blueranger.sh|/crosh.sh|/dnsmap-bulk.sh|/dockerd-rootless.sh|/dockerd-rootless-setuptool.sh|/get_bluetooth_device_class.sh|/gettext.sh|/go-rhn.sh|/gvmap.sh|/kernel_log_collector.sh|/lesspipe.sh|/lprsetup.sh|/mksmbpasswd.sh|/pm-utils-bugreport-info.sh|/power_report.sh|/setuporamysql.sh|/setup-nsssysinit.sh|/readlink_f.sh|/rescan-scsi-bus.sh|/start_bluetoothd.sh|/start_bluetoothlog.sh|/testacg.sh|/testlahf.sh|/unix-lpr.sh|/url_handler.sh|/write_gpt.sh"
+shscripsG="/0trace.sh|/alsa-info.sh|amuFormat.sh|/blueranger.sh|/crosh.sh|/dnsmap-bulk.sh|/dockerd-rootless.sh|/dockerd-rootless-setuptool.sh|/get_bluetooth_device_class.sh|/gettext.sh|/go-rhn.sh|/gvmap.sh|/kernel_log_collector.sh|/lesspipe.sh|/lprsetup.sh|/mksmbpasswd.sh|/pm-utils-bugreport-info.sh|/power_report.sh|/prl-opengl-switcher.sh|/setuporamysql.sh|/setup-nsssysinit.sh|/readlink_f.sh|/rescan-scsi-bus.sh|/start_bluetoothd.sh|/start_bluetoothlog.sh|/testacg.sh|/testlahf.sh|/unix-lpr.sh|/url_handler.sh|/write_gpt.sh"
 
 notBackup="/tdbbackup$|/db_hotbackup$"
 
@@ -542,7 +542,7 @@ mail_apps="Postfix|Dovecot|Exim|SquirrelMail|Cyrus|Sendmail|Courier"
 
 profiledG="01-locale-fix.sh|256term.csh|256term.sh|abrt-console-notification.sh|appmenu-qt5.sh|apps-bin-path.sh|bash_completion.sh|cedilla-portuguese.sh|colorgrep.csh|colorgrep.sh|colorls.csh|colorls.sh|colorxzgrep.csh|colorxzgrep.sh|colorzgrep.csh|colorzgrep.sh|csh.local|cursor.sh|gawk.csh|gawk.sh|im-config_wayland.sh|kali.sh|lang.csh|lang.sh|less.csh|less.sh|flatpak.sh|sh.local|vim.csh|vim.sh|vte.csh|vte-2.91.sh|which2.csh|which2.sh|xauthority.sh|Z97-byobu.sh|xdg_dirs_desktop_session.sh|Z99-cloudinit-warnings.sh|Z99-cloud-locale-test.sh"
 
-knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|rogershimizu@gmail.com|thmarques@gmail.com"
+knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|mmyangfl@gmail.com|rogershimizu@gmail.com|thmarques@gmail.com"
 
 timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|dpkg-db-backup.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|plocate-updatedb.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ua-license-check.timer|ua-messaging.timer|ua-timer.timer|ureadahead-stop.timer"
 
@@ -697,8 +697,8 @@ print_3title(){
 }
 
 print_3title_no_nl(){
-  echo -ne "\033[2K\r"
-  printf ${BLUE}"\r══╣ $GREEN${1}..."$NC #There are 2 "═"
+  printf "\033[2K\r"
+  printf ${BLUE}"══╣ $GREEN${1}..."$NC #There are 2 "═"
 }
 
 print_list(){

linPEAS/builder/src/linpeasBuilder.py

@@ -377,7 +377,7 @@ class LinpeasBuilder:
 
         for values in regexes:
             section_name = values["name"]
-            regexes_search_section += f'print_2title "Searching {section_name}"\n'
+            regexes_search_section += f'    print_2title "Searching {section_name}"\n'
 
             for entry in values["regexes"]:
                 name = entry["name"]

linPEAS/builder/src/yamlGlobals.py

@@ -1,26 +1,11 @@
 import os
 import yaml
-import requests
 from pathlib import Path
 
 
-def download_regexes():
-    print("[+] Downloading regexes...")
-    url = "https://raw.githubusercontent.com/JaimePolop/RExpository/main/regex.yaml"
-    response = requests.get(url)
-    if response.status_code == 200:
-        # Save the content of the response to a file
-        script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
-        target_file = script_folder / '..' / '..' / '..' / 'build_lists' / 'regexes.yaml'
-
-        with open(target_file, "w") as file:
-            file.write(response.text)
-        print(f"Downloaded and saved in '{target_file}' successfully!")
-    else:
-        print("Error: Unable to download the regexes file.")
-        exit(1)
-
-download_regexes()
+script_folder = Path(os.path.dirname(os.path.abspath(__file__)))
+target_file = script_folder / '..' / '..' / '..' / 'build_lists' / 'download_regexes.py'
+os.system(target_file)
 
 CURRENT_DIR = os.path.dirname(os.path.realpath(__file__))
 

winPEAS/winPEASexe/README.md

@@ -53,6 +53,7 @@ $wp.EntryPoint #Get the name of the ReflectedType, in obfuscated versions someti
 ## Parameters Examples
 
 ```bash
+winpeas.exe -h # Get Help
 winpeas.exe #run all checks (except for additional slower checks - LOLBAS and linpeas.sh in WSL) (noisy - CTFs)
 winpeas.exe systeminfo userinfo #Only systeminfo and userinfo checks executed
 winpeas.exe notcolor #Do not color the output
@@ -64,35 +65,6 @@ winpeas.exe -linpeas=http://127.0.0.1/linpeas.sh #Execute also additional linpea
 winpeas.exe -lolbas  #Execute also additional LOLBAS search check
 ```
 
-## Help
-```
-domain               Enumerate domain information
-systeminfo           Search system information
-userinfo             Search user information
-processinfo          Search processes information
-servicesinfo         Search services information
-applicationsinfo     Search installed applications information
-networkinfo          Search network information
-windowscreds         Search windows credentials
-browserinfo          Search browser information
-filesinfo            Search generic files that can contains credentials
-fileanalysis         Search specific files that can contains credentials and for regexes inside files
-eventsinfo           Display interesting events information
-
-quiet                Do not print banner
-notcolor             Don't use ansi colors (all white)
-searchpf             Search credentials via regex also in Program Files folders
-wait                 Wait for user input between checks
-debug                Display debugging information - memory usage, method execution time
-log[=logfile]        Log all output to file defined as logfile, or to "out.txt" if not specified
-MaxRegexFileSize=1000000        Max file size (in Bytes) to search regex in. Default: 1000000B
-
-Additional checks (slower):
--lolbas              Run additional LOLBAS check
--linpeas=[url]       Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL
-                     (default: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh)
-```
-
 ## Basic information
 
 The goal of this project is to search for possible **Privilege Escalation Paths** in Windows environments.

winPEAS/winPEASexe/winPEAS/Info/FilesInfo/WSL/WSL.cs

@@ -8,7 +8,7 @@ namespace winPEAS.Info.FilesInfo.WSL
     {
         public static void RunLinpeas(string linpeasUrl)
         {
-            string linpeasCmd = $"curl {linpeasUrl} --silent | sh";
+            string linpeasCmd = $"curl -L {linpeasUrl} --silent | sh";
             string command = Environment.Is64BitProcess ?
                                 $@"bash -c ""{linpeasCmd}""" :
                                 Environment.GetEnvironmentVariable("WinDir") + $"\\SysNative\\bash.exe -c \"{linpeasCmd}\"";