Fix CI failures for PR #579

.github/workflows/PR-tests.yml

@@ -161,11 +161,9 @@ jobs:
         run: linPEAS/linpeas_fat.sh -o software_information -a
       
       - name: Run linpeas interesting_perms_files
-        if: ${{ false }}
         run: linPEAS/linpeas_fat.sh -o interesting_perms_files -a
       
       - name: Run linpeas interesting_files
-        if: ${{ false }}
         run: linPEAS/linpeas_fat.sh -o interesting_files -a
 
   Build_and_test_macpeas_pr:
@@ -209,5 +207,4 @@ jobs:
         run: linPEAS/linpeas_fat.sh -o users_information -a
       
       - name: Run macpeas software_information
-        if: ${{ false }}
         run: linPEAS/linpeas_fat.sh -o software_information -a

.github/workflows/ci-master-failure-chack-agent-pr.yml

@@ -1,195 +0,0 @@
-name: CI-master Failure Chack-Agent PR
-
-on:
-  workflow_run:
-    workflows: ["CI-master_test"]
-    types: [completed]
-
-jobs:
-  chack_agent_fix_master_failure:
-    if: >
-      ${{ github.event.workflow_run.conclusion == 'failure' &&
-          github.event.workflow_run.head_branch == 'master' &&
-          !startsWith(github.event.workflow_run.head_commit.message, 'Fix CI-master failures for run #') }}
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      actions: read
-    env:
-      TARGET_BRANCH: master
-      FIX_BRANCH: chack-agent/ci-master-fix-${{ github.event.workflow_run.id }}
-      CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
-    steps:
-      - name: Checkout failing commit
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.workflow_run.head_sha }}
-          fetch-depth: 0
-          persist-credentials: true
-          token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
-
-      - name: Configure git author
-        run: |
-          git config user.name "chack-agent"
-          git config user.email "chack-agent@users.noreply.github.com"
-
-      - name: Create fix branch
-        run: git checkout -b "$FIX_BRANCH"
-
-      - name: Fetch failure summary and failed-step logs
-        env:
-          GH_TOKEN: ${{ github.token }}
-          RUN_ID: ${{ github.event.workflow_run.id }}
-        run: |
-          failed_logs_file="$(pwd)/chack_failed_steps_logs.txt"
-          if gh run view "$RUN_ID" --repo "${{ github.repository }}" --log-failed > "$failed_logs_file"; then
-            if [ ! -s "$failed_logs_file" ]; then
-              echo "No failed step logs were returned by gh run view --log-failed." > "$failed_logs_file"
-            fi
-          else
-            echo "Failed to download failed step logs with gh run view --log-failed." > "$failed_logs_file"
-          fi
-          echo "FAILED_LOGS_PATH=$failed_logs_file" >> "$GITHUB_ENV"
-
-          gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/actions/runs/$RUN_ID/jobs \
-            --paginate > /tmp/jobs.json
-          python3 - <<'PY'
-          import json
-
-          data = json.load(open('/tmp/jobs.json'))
-          lines = []
-          for job in data.get('jobs', []):
-            if job.get('conclusion') == 'failure':
-              lines.append(f"Job: {job.get('name')} (id {job.get('id')})")
-              lines.append(f"URL: {job.get('html_url')}")
-              for step in job.get('steps', []):
-                if step.get('conclusion') == 'failure':
-                  lines.append(f"  Step: {step.get('name')}")
-              lines.append("")
-
-          summary = "\n".join(lines).strip() or "No failing job details found."
-          with open('chack_failure_summary.txt', 'w') as handle:
-            handle.write(summary)
-          PY
-
-      - name: Create Chack Agent prompt
-        env:
-          RUN_URL: ${{ github.event.workflow_run.html_url }}
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
-        run: |
-          {
-            echo "You are fixing a failing CI-master_test run in ${{ github.repository }}."
-            echo "The failing workflow run is: ${RUN_URL}"
-            echo "The failing commit SHA is: ${HEAD_SHA}"
-            echo "The target branch for the final PR is: ${TARGET_BRANCH}"
-            echo ""
-            echo "Failure summary:"
-            cat chack_failure_summary.txt
-            echo ""
-            echo "Failed-step logs file absolute path (local runner): ${FAILED_LOGS_PATH}"
-            echo "Read that file to inspect the exact failing logs."
-            echo ""
-            echo "Please identify the cause, apply an easy, simple and minimal fix, and update files accordingly."
-            echo "Run any fast checks you can locally (no network)."
-            echo "Leave the repo in a state ready to commit; changes will be committed and pushed automatically."
-          } > chack_prompt.txt
-
-      - name: Set up Node.js for Codex
-        uses: actions/setup-node@v5
-        with:
-          node-version: "20"
-
-      - name: Install Codex CLI
-        run: |
-          npm install -g @openai/codex
-          codex --version
-
-      - name: Run Chack Agent
-        id: run_chack
-        uses: carlospolop/chack-agent@master
-        with:
-          provider: codex
-          model_primary: CHEAP_BUT_QUALITY
-          main_action: peass-ng
-          sub_action: CI-master Failure Chack-Agent PR
-          system_prompt: |
-            Diagnose the failing gh actions workflow, propose the minimal and effective safe fix, and implement it.
-            Run only fast, local checks (no network). Leave the repo ready to commit.
-          prompt_file: chack_prompt.txt
-          tools_config_json: "{\"exec_enabled\": true}"
-          session_config_json: "{\"long_term_memory_enabled\": false}"
-          agent_config_json: "{\"self_critique_enabled\": false, \"require_task_steps_manager_init_first\": true}"
-          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
-
-      - name: Commit and push fix branch if changed
-        id: push_fix
-        run: |
-          if git diff --quiet; then
-            echo "No changes to commit."
-            echo "pushed=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
-          git add -A
-          # Avoid workflow-file pushes with token scopes that cannot write workflows.
-          git reset -- .github/workflows || true
-          git checkout -- .github/workflows || true
-          git clean -fdx -- .github/workflows || true
-          git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
-          if git diff --cached --name-only | grep -q '^.github/workflows/'; then
-            echo "Workflow-file changes are still staged; skipping push without workflows permission."
-            echo "pushed=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          if git diff --cached --quiet; then
-            echo "No committable changes left after filtering."
-            echo "pushed=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
-          if ! git push origin HEAD:"$FIX_BRANCH"; then
-            echo "Push failed (likely token workflow permission limits); skipping PR creation."
-            echo "pushed=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          echo "pushed=true" >> "$GITHUB_OUTPUT"
-
-      - name: Create PR to master
-        if: ${{ steps.push_fix.outputs.pushed == 'true' }}
-        id: create_pr
-        env:
-          GH_TOKEN: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
-          RUN_URL: ${{ github.event.workflow_run.html_url }}
-        run: |
-          pr_url=$(gh pr create \
-            --title "Fix CI-master_test failure (run #${{ github.event.workflow_run.id }})" \
-            --body "Automated Chack Agent fix for failing CI-master_test run: ${RUN_URL}" \
-            --base "$TARGET_BRANCH" \
-            --head "$FIX_BRANCH")
-          echo "url=$pr_url" >> "$GITHUB_OUTPUT"
-
-      - name: Comment on created PR with Chack Agent result
-        if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_chack.outputs.final-message != '' }}
-        uses: actions/github-script@v7
-        env:
-          PR_URL: ${{ steps.create_pr.outputs.url }}
-          CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            const prUrl = process.env.PR_URL;
-            const match = prUrl.match(/\/pull\/(\d+)$/);
-            if (!match) {
-              core.info(`Could not parse PR number from URL: ${prUrl}`);
-              return;
-            }
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: Number(match[1]),
-              body: process.env.CHACK_MESSAGE,
-            });

.github/workflows/codex-pr-triage.yml

@@ -1,4 +1,4 @@
-name: Chack-Agent PR Triage
+name: Codex PR Triage
 
 on:
   workflow_run:
@@ -6,14 +6,12 @@ on:
     types: [completed]
 
 jobs:
-  chack_agent_triage:
+  codex_triage:
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
     permissions:
       contents: write
       pull-requests: write
-    env:
-      CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
     outputs:
       should_run: ${{ steps.gate.outputs.should_run }}
       pr_number: ${{ steps.gate.outputs.pr_number }}
@@ -30,15 +28,9 @@ jobs:
       - name: Resolve PR context
         id: gate
         env:
-          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
-          HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
-          GH_REPO: ${{ github.repository }}
           GH_TOKEN: ${{ github.token }}
         run: |
-          pr_number="${PR_NUMBER}"
-          if [ -z "$pr_number" ] && [ -n "$HEAD_BRANCH" ]; then
-            pr_number="$(gh pr list --state open --head "$HEAD_BRANCH" --json number --jq '.[0].number')"
-          fi
+          pr_number="${{ github.event.workflow_run.pull_requests[0].number }}"
           if [ -z "$pr_number" ]; then
             echo "No pull request found for this workflow_run; skipping."
             echo "should_run=false" >> "$GITHUB_OUTPUT"
@@ -87,37 +79,15 @@ jobs:
             ${{ steps.gate.outputs.base_ref }} \
             +refs/pull/${{ steps.gate.outputs.pr_number }}/head
 
-      - name: Set up Node.js for Codex
+      - name: Run Codex
+        id: run_codex
         if: ${{ steps.gate.outputs.should_run == 'true' }}
-        uses: actions/setup-node@v5
+        uses: openai/codex-action@v1
         with:
-          node-version: "20"
-
-      - name: Install Codex CLI
-        if: ${{ steps.gate.outputs.should_run == 'true' }}
-        run: |
-          npm install -g @openai/codex
-          codex --version
-
-      - name: Run Chack Agent
-        id: run_chack
-        if: ${{ steps.gate.outputs.should_run == 'true' }}
-        uses: carlospolop/chack-agent@master
-        with:
-          provider: codex
-          model_primary: CHEAP_BUT_QUALITY
-          main_action: peass-ng
-          sub_action: Chack-Agent PR Triage
-          system_prompt: |
-            You are Chack Agent, an elite PR reviewer for PEASS-ng.
-            Be conservative: merge only if changes are simple, safe, and valuable accoding to the uers give guidelines.
-            If in doubt, comment with clear questions or concerns.
-            Remember taht you are an autonomouts agent, use the exec tool to run the needed commands to list, read, analyze, modify, test...
-          tools_config_json: "{\"exec_enabled\": true}"
-          session_config_json: "{\"long_term_memory_enabled\": false}"
-          agent_config_json: "{\"self_critique_enabled\": false, \"require_task_steps_manager_init_first\": true}"
-          output_schema_file: .github/chack-agent/pr-merge-schema.json
-          user_prompt: |
+          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
+          output-schema-file: .github/codex/pr-merge-schema.json
+          model: gpt-5.2-codex
+          prompt: |
             You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
 
             Decide whether to merge or comment. Merge only if all of the following are true:
@@ -137,32 +107,21 @@ jobs:
             Review ONLY the changes introduced by the PR:
               git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
 
-            Output JSON only, following the provided schema:
-            .github/chack-agent/pr-merge-schema.json
-          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+            Output JSON only, following the provided schema.
 
-      - name: Parse Chack Agent decision
+      - name: Parse Codex decision
         id: parse
         if: ${{ steps.gate.outputs.should_run == 'true' }}
         env:
-          CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
+          CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
         run: |
           python3 - <<'PY'
           import json
           import os
 
-          raw = (os.environ.get('CHACK_MESSAGE', '') or '').strip()
-          decision = 'comment'
-          message = 'Chack Agent did not provide details.'
-          try:
-            data = json.loads(raw or '{}')
-            if isinstance(data, dict):
-              decision = data.get('decision', 'comment')
-              message = data.get('message', '').strip() or message
-            else:
-              message = raw or message
-          except Exception:
-            message = raw or message
+          data = json.loads(os.environ.get('CODEX_MESSAGE', '') or '{}')
+          decision = data.get('decision', 'comment')
+          message = data.get('message', '').strip() or 'Codex did not provide details.'
           with open(os.environ['GITHUB_OUTPUT'], 'a') as handle:
             handle.write(f"decision={decision}\n")
             handle.write("message<<EOF\n")
@@ -172,31 +131,31 @@ jobs:
 
   merge_or_comment:
     runs-on: ubuntu-latest
-    needs: chack_agent_triage
-    if: ${{ github.event.workflow_run.conclusion == 'success' && needs.chack_agent_triage.outputs.should_run == 'true' && needs.chack_agent_triage.outputs.decision != '' }}
+    needs: codex_triage
+    if: ${{ github.event.workflow_run.conclusion == 'success' && needs.codex_triage.outputs.should_run == 'true' && needs.codex_triage.outputs.decision != '' }}
     permissions:
       contents: write
       pull-requests: write
     steps:
       - name: Merge PR when approved
-        if: ${{ needs.chack_agent_triage.outputs.decision == 'merge' }}
+        if: ${{ needs.codex_triage.outputs.decision == 'merge' }}
         env:
           GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
+          PR_NUMBER: ${{ needs.codex_triage.outputs.pr_number }}
         run: |
           gh api \
             -X PUT \
             -H "Accept: application/vnd.github+json" \
             /repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge \
             -f merge_method=squash \
-            -f commit_title="Auto-merge PR #${PR_NUMBER} (Chack Agent)"
+            -f commit_title="Auto-merge PR #${PR_NUMBER} (Codex)"
 
       - name: Comment with doubts
-        if: ${{ needs.chack_agent_triage.outputs.decision == 'comment' }}
+        if: ${{ needs.codex_triage.outputs.decision == 'comment' }}
         uses: actions/github-script@v7
         env:
-          PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
-          CHACK_MESSAGE: ${{ needs.chack_agent_triage.outputs.message }}
+          PR_NUMBER: ${{ needs.codex_triage.outputs.pr_number }}
+          CODEX_MESSAGE: ${{ needs.codex_triage.outputs.message }}
         with:
           github-token: ${{ github.token }}
           script: |
@@ -204,5 +163,5 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: Number(process.env.PR_NUMBER),
-              body: process.env.CHACK_MESSAGE,
+              body: process.env.CODEX_MESSAGE,
             });

.github/workflows/pr-failure-codex-dispatch.yml

@@ -1,4 +1,4 @@
-name: PR Failure Chack-Agent Dispatch
+name: PR Failure Codex Dispatch
 
 on:
   workflow_run:
@@ -9,7 +9,9 @@ jobs:
   resolve_pr_context:
     if: >
       ${{ github.event.workflow_run.conclusion == 'failure' &&
-          !startsWith(github.event.workflow_run.head_commit.message || '', 'Fix CI failures for PR #') }}
+          github.event.workflow_run.pull_requests &&
+          github.event.workflow_run.pull_requests[0] &&
+          !startsWith(github.event.workflow_run.head_commit.message, 'Fix CI failures for PR #') }}
     runs-on: ubuntu-latest
     permissions:
       pull-requests: read
@@ -25,23 +27,8 @@ jobs:
         id: pr_context
         env:
           PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
-          HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
           GH_TOKEN: ${{ github.token }}
         run: |
-          if [ -z "$PR_NUMBER" ] && [ -n "$HEAD_BRANCH" ]; then
-            PR_NUMBER="$(gh pr list --state open --head "$HEAD_BRANCH" --json number --jq '.[0].number')"
-          fi
-          if [ -z "$PR_NUMBER" ]; then
-            echo "No pull request found for workflow_run; skipping."
-            {
-              echo "number="
-              echo "author="
-              echo "head_repo="
-              echo "head_branch=${HEAD_BRANCH}"
-              echo "should_run=false"
-            } >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
           pr_author=$(gh api -H "Accept: application/vnd.github+json" \
             /repos/${{ github.repository }}/pulls/${PR_NUMBER} \
             --jq '.user.login')
@@ -54,8 +41,8 @@ jobs:
           pr_labels=$(gh api -H "Accept: application/vnd.github+json" \
             /repos/${{ github.repository }}/issues/${PR_NUMBER} \
             --jq '.labels[].name')
-          if echo "$pr_labels" | grep -q "^chack-agent-fix-attempted$"; then
-            echo "chack-agent fix already attempted for PR #${PR_NUMBER}; skipping."
+          if echo "$pr_labels" | grep -q "^codex-fix-attempted$"; then
+            echo "codex fix already attempted for PR #${PR_NUMBER}; skipping."
             should_run=false
           else
             should_run=true
@@ -68,7 +55,7 @@ jobs:
             echo "should_run=${should_run}"
           } >> "$GITHUB_OUTPUT"
 
-  chack_agent_on_failure:
+  codex_on_failure:
     needs: resolve_pr_context
     if: ${{ needs.resolve_pr_context.outputs.author == 'carlospolop' && needs.resolve_pr_context.outputs.should_run == 'true' }}
     runs-on: ubuntu-latest
@@ -76,9 +63,7 @@ jobs:
       contents: write
       pull-requests: write
       issues: write
-      actions: write
-    env:
-      CHACK_LOGS_HTTP_URL: ${{ secrets.CHACK_LOGS_HTTP_URL }}
+      actions: read
     steps:
       - name: Comment on PR with failure info
         uses: actions/github-script@v7
@@ -90,7 +75,7 @@ jobs:
           github-token: ${{ github.token }}
           script: |
             const prNumber = Number(process.env.PR_NUMBER);
-            const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Chack Agent to attempt a fix.`;
+            const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Codex to attempt a fix.`;
             await github.rest.issues.createComment({
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -105,7 +90,7 @@ jobs:
         run: |
           gh api -X POST -H "Accept: application/vnd.github+json" \
             /repos/${{ github.repository }}/issues/${PR_NUMBER}/labels \
-            -f labels[]=chack-agent-fix-attempted
+            -f labels='["codex-fix-attempted"]'
 
       - name: Checkout PR head
         uses: actions/checkout@v5
@@ -114,12 +99,12 @@ jobs:
           ref: ${{ github.event.workflow_run.head_sha }}
           fetch-depth: 0
           persist-credentials: true
-          token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
+          token: ${{ secrets.CODEX_FIXER_TOKEN }}
 
       - name: Configure git author
         run: |
-          git config user.name "chack-agent"
-          git config user.email "chack-agent@users.noreply.github.com"
+          git config user.name "codex-action"
+          git config user.email "codex-action@users.noreply.github.com"
 
       - name: Fetch failure summary
         env:
@@ -144,11 +129,11 @@ jobs:
               lines.append("")
 
           summary = "\n".join(lines).strip() or "No failing job details found."
-          with open('chack_failure_summary.txt', 'w') as handle:
+          with open('codex_failure_summary.txt', 'w') as handle:
             handle.write(summary)
           PY
 
-      - name: Create Chack Agent prompt
+      - name: Create Codex prompt
         env:
           PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
           RUN_URL: ${{ github.event.workflow_run.html_url }}
@@ -160,79 +145,43 @@ jobs:
             echo "The PR branch is: ${HEAD_BRANCH}"
             echo ""
             echo "Failure summary:"
-            cat chack_failure_summary.txt
+            cat codex_failure_summary.txt
             echo ""
             echo "Please identify the cause, apply a easy, simple and minimal fix, and update files accordingly."
             echo "Run any fast checks you can locally (no network)."
             echo "Leave the repo in a state ready to commit as when you finish, it'll be automatically committed and pushed."
-          } > chack_prompt.txt
+          } > codex_prompt.txt
 
-      - name: Set up Node.js for Codex
-        uses: actions/setup-node@v5
+      - name: Run Codex
+        id: run_codex
+        uses: openai/codex-action@v1
         with:
-          node-version: "20"
-
-      - name: Install Codex CLI
-        run: |
-          npm install -g @openai/codex
-          codex --version
-
-      - name: Run Chack Agent
-        id: run_chack
-        uses: carlospolop/chack-agent@master
-        with:
-          provider: codex
-          model_primary: CHEAP_BUT_QUALITY
-          main_action: peass-ng
-          sub_action: PR Failure Chack-Agent Dispatch
-          system_prompt: |
-            You are Chack Agent, an elite CI-fix engineer.
-            Diagnose the failing workflow, propose the minimal safe fix, and implement it.
-            Run only fast, local checks (no network). Leave the repo ready to commit.
-          prompt_file: chack_prompt.txt
-          tools_config_json: "{\"exec_enabled\": true}"
-          session_config_json: "{\"long_term_memory_enabled\": false}"
-          agent_config_json: "{\"self_critique_enabled\": false, \"require_task_steps_manager_init_first\": true}"
-          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
+          prompt-file: codex_prompt.txt
+          sandbox: workspace-write
+          model: gpt-5.2-codex
 
       - name: Commit and push if changed
         env:
           TARGET_BRANCH: ${{ needs.resolve_pr_context.outputs.head_branch }}
           PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-          GH_TOKEN: ${{ github.token }}
         run: |
           if git diff --quiet; then
             echo "No changes to commit."
             exit 0
           fi
-          rm -f chack_failure_summary.txt chack_prompt.txt
+          rm -f codex_failure_summary.txt codex_prompt.txt
           git add -A
-          # Avoid workflow-file pushes with token scopes that cannot write workflows.
-          git reset -- .github/workflows || true
-          git checkout -- .github/workflows || true
-          git clean -fdx -- .github/workflows || true
-          git reset -- chack_failure_summary.txt chack_prompt.txt
-          if git diff --cached --name-only | grep -q '^.github/workflows/'; then
-            echo "Workflow-file changes are still staged; skipping push without workflows permission."
-            exit 0
-          fi
-          if git diff --cached --quiet; then
-            echo "No committable changes left after filtering."
-            exit 0
-          fi
+          git reset -- codex_failure_summary.txt codex_prompt.txt
           git commit -m "Fix CI failures for PR #${PR_NUMBER}"
-          if ! git push origin HEAD:${TARGET_BRANCH}; then
-            echo "Push failed (likely token workflow permission limits); leaving run successful without push."
-            exit 0
-          fi
-          gh workflow run PR-tests.yml --ref "${TARGET_BRANCH}"
+          git push origin HEAD:${TARGET_BRANCH}
 
-      - name: Comment with Chack Agent result
-        if: ${{ steps.run_chack.outputs.final-message != '' }}
+      - name: Comment with Codex result
+        if: ${{ steps.run_codex.outputs.final-message != '' }}
         uses: actions/github-script@v7
         env:
           PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-          CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
+          CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
         with:
           github-token: ${{ github.token }}
           script: |
@@ -240,5 +189,5 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: Number(process.env.PR_NUMBER),
-              body: process.env.CHACK_MESSAGE,
+              body: process.env.CODEX_MESSAGE,
             });

build_lists/sensitive_files.yaml

@@ -813,12 +813,6 @@ search:
                       bad_regex: "auth|accessfile=|secret=|user"
                       remove_regex:  "^#|^@"
                       type: f
-                - name: "*"
-                  value:
-                      bad_regex: "nullok|nullok_secure|pam_permit\\.so|pam_rootok\\.so|pam_exec\\.so|pam_unix\\.so.*(nullok|remember=0)|sufficient\\s+pam_unix\\.so"
-                      only_bad_lines: True
-                      remove_regex: "^#|^@"
-                      type: f
               type: d
               search_in: 
                 - ${ROOT_FOLDER}etc
@@ -1241,20 +1235,12 @@ search:
           auto_check: False
     
         files:
-          - name: "agent.*"
+          - name: "agent*"
             value: 
                 type: f
                 remove_path: ".dll"
                 search_in: 
                   - ${ROOT_FOLDER}tmp
-                  - ${ROOT_FOLDER}run
-
-          - name: "ssh-agent.sock"
-            value:
-                type: f
-                search_in:
-                  - ${ROOT_FOLDER}tmp
-                  - ${ROOT_FOLDER}run
       
   - name: SSH_CONFIG
     value:
@@ -2081,45 +2067,6 @@ search:
                 type: f
                 search_in: 
                   - common
-
-          - name: "*.asc"
-            value:
-                type: f
-                remove_path: "/usr/share/|/usr/lib/|/lib/|/man/"
-                search_in:
-                  - common
-
-          - name: "secring.gpg"
-            value:
-                type: f
-                search_in:
-                  - common
-
-          - name: "pubring.kbx"
-            value:
-                type: f
-                search_in:
-                  - common
-
-          - name: "trustdb.gpg"
-            value:
-                type: f
-                search_in:
-                  - common
-
-          - name: "gpg-agent.conf"
-            value:
-                type: f
-                search_in:
-                  - common
-
-          - name: "secret.asc"
-            value:
-                type: f
-                just_list_file: True
-                search_in:
-                  - common
-
           - name: "private-keys-v1.d/*.key"
             value: 
                 type: f
@@ -2897,85 +2844,6 @@ search:
                 remove_path: "example"
                 search_in: 
                   - common
-
-  - name: Proxy_Config
-    value:
-        config:
-          auto_check: True
-
-        files:
-          - name: "environment"
-            value:
-                bad_regex: "(http|https|ftp|all)_proxy|no_proxy"
-                only_bad_lines: True
-                remove_empty_lines: True
-                remove_regex: '^#'
-                type: f
-                check_extra_path: "^/etc/environment$"
-                search_in:
-                  - common
-
-          - name: "apt.conf"
-            value:
-                bad_regex: "Acquire::http::Proxy|Acquire::https::Proxy|proxy"
-                only_bad_lines: True
-                remove_empty_lines: True
-                remove_regex: '^#'
-                type: f
-                search_in:
-                  - common
-
-          - name: "apt.conf.d"
-            value:
-                type: d
-                files:
-                  - name: "*"
-                    value:
-                        bad_regex: "Acquire::http::Proxy|Acquire::https::Proxy|proxy"
-                        only_bad_lines: True
-                        remove_empty_lines: True
-                        remove_regex: '^#'
-                        type: f
-                search_in:
-                  - common
-    
-  - name: Sniffing_Artifacts
-    value:
-        config:
-          auto_check: True
-
-        files:
-          - name: "*.pcap"
-            value:
-                just_list_file: True
-                type: f
-                search_in:
-                  - common
-
-          - name: "*.pcapng"
-            value:
-                just_list_file: True
-                type: f
-                search_in:
-                  - common
-
-          - name: "keys.log"
-            value:
-                bad_regex: "CLIENT_RANDOM|SERVER_HANDSHAKE_TRAFFIC_SECRET|CLIENT_HANDSHAKE_TRAFFIC_SECRET|EXPORTER_SECRET|RESUMPTION_MASTER_SECRET"
-                only_bad_lines: True
-                remove_empty_lines: True
-                type: f
-                search_in:
-                  - common
-
-          - name: "sslkeylog.log"
-            value:
-                bad_regex: "CLIENT_RANDOM|SERVER_HANDSHAKE_TRAFFIC_SECRET|CLIENT_HANDSHAKE_TRAFFIC_SECRET|EXPORTER_SECRET|RESUMPTION_MASTER_SECRET"
-                only_bad_lines: True
-                remove_empty_lines: True
-                type: f
-                search_in:
-                  - common
     
   - name: Msmtprc
     value:
@@ -4080,13 +3948,6 @@ search:
                 search_in: 
                   - common
 
-          - name: "*.maintenance*"
-            value:
-                just_list_file: True
-                type: f
-                search_in:
-                  - common
-
           - name: "*.key"
             value: 
                 just_list_file: True

linPEAS/builder/linpeas_builder.py

@@ -51,5 +51,5 @@ if __name__ == "__main__":
         print("You must specify one of the following options: --all, --all-no-fat, --small or --include")
         parser.print_help()
         exit(1)
-
+    
     main(all_modules, all_no_fat_modules, no_network_scanning, small, include_modules, exclude_modules, output)

linPEAS/builder/linpeas_parts/1_system_information/13_Linux_exploit_suggester.sh

@@ -0,0 +1,39 @@
+# Title: System Information - Linux Exploit Suggester
+# ID: SY_Linux_exploit_suggester
+# Author: Carlos Polop
+# Last Update: 07-03-2024
+# Description: Execute Linux Exploit Suggester to identify potential kernel exploits:
+#   - Automated kernel vulnerability detection
+#   - Common vulnerable scenarios:
+#     * Known kernel vulnerabilities
+#     * Unpatched kernel versions
+#     * Missing security patches
+#   - Exploitation methods:
+#     * Kernel exploit execution: Use suggested exploits
+#     * Common attack vectors:
+#       - Kernel memory corruption
+#       - Race conditions
+#       - Use-after-free
+#       - Integer overflow
+#     * Exploit techniques:
+#       - Kernel memory manipulation
+#       - Privilege escalation
+#       - Root access acquisition
+#       - System compromise
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: print_2title, print_info
+# Global Variables: $MACPEAS
+# Initial Functions:
+# Generated Global Variables: $les_b64
+# Fat linpeas: 0
+# Small linpeas: 1
+
+
+if [ "$(command -v bash 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
+    print_2title "Executing Linux Exploit Suggester"
+    print_info "https://github.com/mzet-/linux-exploit-suggester"
+    les_b64="peass{https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh}"
+    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
+    echo ""
+fi

linPEAS/builder/linpeas_parts/1_system_information/14_Linux_exploit_suggester_2.sh

@@ -0,0 +1,41 @@
+# Title: System Information - Linux Exploit Suggester 2
+# ID: SY_Linux_exploit_suggester_2
+# Author: Carlos Polop
+# Last Update: 07-03-2024
+# Description: Execute Linux Exploit Suggester 2 (Perl version) to identify potential kernel exploits:
+#   - Alternative kernel vulnerability detection
+#   - Perl-based exploit suggestions
+#   - Common vulnerable scenarios:
+#     * Known kernel vulnerabilities
+#     * Unpatched kernel versions
+#     * Missing security patches
+#     * Alternative exploit paths
+#   - Exploitation methods:
+#     * Kernel exploit execution: Use suggested exploits
+#     * Common attack vectors:
+#       - Kernel memory corruption
+#       - Race conditions
+#       - Use-after-free
+#       - Integer overflow
+#     * Exploit techniques:
+#       - Kernel memory manipulation
+#       - Privilege escalation
+#       - Root access acquisition
+#       - System compromise
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: print_2title, print_info
+# Global Variables:
+# Initial Functions:
+# Generated Global Variables: $les2_b64
+# Fat linpeas: 1
+# Small linpeas: 0
+
+
+if [ "$(command -v perl 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
+    print_2title "Executing Linux Exploit Suggester 2"
+    print_info "https://github.com/jondonas/linux-exploit-suggester-2"
+    les2_b64="peass{https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl}"
+    echo $les2_b64 | base64 -d | perl 2>/dev/null | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -iE "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
+    echo ""
+fi

linPEAS/builder/linpeas_parts/2_container/3_Container_details.sh

@@ -36,14 +36,6 @@ print_2title "Container details"
 
 print_list "Is this a container? ...........$NC $containerType"
 
-if [ -e "/proc/vz" ] && ! [ -e "/proc/bc" ]; then
-    print_list "Container Runtime ..............$NC OpenVZ"
-fi
-
-if [ -f "/run/systemd/container" ]; then
-     print_list "Systemd Container ..............$NC $(cat /run/systemd/container)"
-fi
-
 # Get container runtime info
 if [ "$(command -v docker || echo -n '')" ]; then
     print_list "Docker version ...............$NC "

linPEAS/builder/linpeas_parts/2_container/5_Container_breakout.sh

@@ -37,10 +37,10 @@
 #       - Container escape tool execution
 # License: GNU GPL
 # Version: 1.0
-# Functions Used: checkContainerExploits, checkProcSysBreakouts, containerCheck, enumerateDockerSockets, print_2title, print_3title, print_info, print_list, warn_exec
+# Functions Used: checkContainerExploits, checkProcSysBreakouts, containerCheck, print_2title, print_3title, print_info, print_list, warn_exec
 # Global Variables: $binfmt_misc_breakout, $containercapsB, $containerType, $core_pattern_breakout, $dev_mounted, $efi_efivars_writable, $efi_vars_writable, $GREP_IGNORE_MOUNTS, $inContainer, $kallsyms_readable, $kcore_readable, $kmem_readable, $kmem_writable, $kmsg_readable, $mem_readable, $mem_writable, $modprobe_present, $mountinfo_readable, $panic_on_oom_dos, $panic_sys_fs_dos, $proc_configgz_readable, $proc_mounted, $run_unshare, $release_agent_breakout1, $release_agent_breakout2, $release_agent_breakout3, $sched_debug_readable, $security_present, $security_writable, $sysreq_trigger_dos, $uevent_helper_breakout, $vmcoreinfo_readable, $VULN_CVE_2019_5021, $self_mem_readable
 # Initial Functions: containerCheck
-# Generated Global Variables: $defautl_docker_caps, $containerd_version, $runc_version, $seccomp_mode_num, $seccomp_mode_desc
+# Generated Global Variables: $defautl_docker_caps, $containerd_version, $runc_version, $containerd_version
 # Fat linpeas: 0
 # Small linpeas: 0
 
@@ -57,34 +57,14 @@ if [ "$inContainer" ]; then
     
     # Security mechanisms
     print_3title "Security Mechanisms"
-    seccomp_mode_num="$(awk '/^Seccomp:/{print $2}' /proc/self/status 2>/dev/null)"
-    seccomp_mode_desc="unknown"
-    case "$seccomp_mode_num" in
-      0) seccomp_mode_desc="disabled" ;;
-      1) seccomp_mode_desc="strict" ;;
-      2) seccomp_mode_desc="filtering" ;;
-    esac
-
-    print_list "Seccomp mode ................... "$NC
-    (printf "%s (%s)\n" "$seccomp_mode_desc" "${seccomp_mode_num:-?}") | sed "s,disabled,${SED_RED}," | sed "s,strict,${SED_RED_YELLOW}," | sed "s,filtering,${SED_GREEN},"
-
-    if grep -q "^Seccomp_filters:" /proc/self/status 2>/dev/null; then
-      print_list "Seccomp filters ............... "$NC
-      awk '/^Seccomp_filters:/{print $2}' /proc/self/status 2>/dev/null | sed -${E} "s,^[0-9]+$,${SED_GREEN}&,"
-    fi
+    print_list "Seccomp enabled? ............... "$NC
+    ([ "$(grep Seccomp /proc/self/status | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
 
     print_list "AppArmor profile? .............. "$NC
     (cat /proc/self/attr/current 2>/dev/null || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
 
     print_list "User proc namespace? ........... "$NC
-    if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then 
-        (printf "enabled"; cat /proc/self/uid_map) | sed "s,enabled,${SED_GREEN},"; 
-        echo ""
-        echo "  Mappings (Container -> Host -> Range):"
-        cat /proc/self/uid_map | awk '{print "  " $1 " -> " $2 " -> " $3}'
-    else 
-        echo "disabled" | sed "s,disabled,${SED_RED},"; 
-    fi
+    if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then (printf "enabled"; cat /proc/self/uid_map) | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi
 
     # Known vulnerabilities
     print_3title "Known Vulnerabilities"
@@ -175,9 +155,6 @@ if [ "$inContainer" ]; then
         cat /proc/self/status | tr '\t' ' ' | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s/00000000a80425fb/$defautl_docker_caps/g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
         echo $ITALIC"Run capsh --decode=<hex> to decode the capabilities"$NC
     fi
-
-    print_list "Ambient capabilities ........... "$NC
-    (grep "CapAmb:" /proc/self/status 2>/dev/null | grep -v "0000000000000000" | sed "s,CapAmb:.,," || echo "No") | sed -${E} "s,No,${SED_GREEN}," | sed -${E} "s,[0-9a-fA-F]\+,${SED_RED}&,"
     
     # Additional capability checks
     print_list "Dangerous syscalls allowed ... "$NC
@@ -223,10 +200,6 @@ if [ "$inContainer" ]; then
         echo "No"
     fi
     
-    
-    print_list "Looking and enumerating Docker Sockets (if any):\n"$NC
-    enumerateDockerSockets
-    
     # Additional breakout vectors
     print_3title "Additional Breakout Vectors"
     

linPEAS/builder/linpeas_parts/2_container/6_Am_I_contained.sh

@@ -0,0 +1,20 @@
+# Title: Container - Am I Containered 
+# ID: CT_Am_I_contained
+# Author: Carlos Polop
+# Last Update: 22-08-2023
+# Description: Am I Containered tool
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: print_2title, execBin
+# Global Variables:
+# Initial Functions:
+# Generated Global Variables: $FAT_LINPEAS_AMICONTAINED
+# Fat linpeas: 1
+# Small linpeas: 0
+
+
+if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
+  print_2title "Am I Containered?"
+  FAT_LINPEAS_AMICONTAINED="peass{https://github.com/genuinetools/amicontained/releases/latest/download/amicontained-linux-amd64}"
+  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+fi

linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/11_Systemd.sh

@@ -17,7 +17,7 @@
 # Functions Used: print_2title, print_list, echo_not_found
 # Global Variables: $SEARCH_IN_FOLDER, $Wfolders, $SED_RED, $SED_RED_YELLOW, $NC
 # Initial Functions:
-# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $exec_value, $cmd, $cmd_path, $svc_path_entry, $svc_writable_path
+# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $cmd
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -113,39 +113,21 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
             service=$(echo "$line" | awk '{print $1}')
             service_file=$(get_service_file "$service")
             if [ -n "$service_file" ]; then
-                # Check service-specific PATH entries (Environment=PATH=...)
-                svc_writable_path=$(grep -E '^Environment=.*PATH=' "$service_file" 2>/dev/null | sed -E 's/^Environment=//; s/^"//; s/"$//; s/^PATH=//' | tr ':' '\n' | while read -r svc_path_entry; do
-                    [ -z "$svc_path_entry" ] && continue
-                    if [ -d "$svc_path_entry" ] && [ -w "$svc_path_entry" ]; then
-                        echo "$svc_path_entry"
-                    fi
-                done)
-                if [ "$svc_writable_path" ]; then
-                    for svc_path_entry in $svc_writable_path; do
-                        echo "$service: Writable service PATH entry '$svc_path_entry'" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-                    done
-                fi
-
                 # Check ExecStart paths
                 grep -E "ExecStart|ExecStartPre|ExecStartPost" "$service_file" 2>/dev/null | 
                 while read -r exec_line; do
-                    # Extract command from the right side of Exec*=, not from argv
-                    exec_value="${exec_line#*=}"
-                    exec_value=$(echo "$exec_value" | sed 's/^[[:space:]]*//')
-                    cmd=$(echo "$exec_value" | awk '{print $1}' | tr -d '"')
-                    # Strip systemd command prefixes (-, @, :, +, !) before path checks
-                    cmd_path=$(echo "$cmd" | sed -E 's/^[-@:+!]+//')
+                    # Extract the first word after ExecStart* as the command
+                    cmd=$(echo "$exec_line" | awk '{print $2}' | tr -d '"')
+                    # Extract the rest as arguments
+                    args=$(echo "$exec_line" | awk '{$1=$2=""; print $0}' | tr -d '"')
                     
                     # Only check the command path, not arguments
-                    if [ -n "$cmd_path" ] && [ -w "$cmd_path" ]; then
-                        echo "$service: $cmd_path (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
+                    if [ -n "$cmd" ] && [ -w "$cmd" ]; then
+                        echo "$service: $cmd (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
                     fi
                     # Check for relative paths only in the command, not arguments
-                    if [ -n "$cmd_path" ] && [ "${cmd_path#/}" = "$cmd_path" ] && [ "${cmd_path#\$}" = "$cmd_path" ]; then
-                        echo "$service: Uses relative path '$cmd_path' (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
-                        if [ "$svc_writable_path" ]; then
-                            echo "$service: Relative Exec path + writable service PATH can allow path hijacking" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-                        fi
+                    if [ -n "$cmd" ] && [ "${cmd#/}" = "$cmd" ] && ! echo "$cmd" | grep -qE '^-|^--'; then
+                        echo "$service: Uses relative path '$cmd' (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
                     fi
                 done
             fi
@@ -171,4 +153,4 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
     fi
 
     echo ""
-fi
+fi

linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/13_Unix_sockets_listening.sh

@@ -11,7 +11,7 @@
 # License: GNU GPL
 # Version: 1.1
 # Functions Used: print_2title, print_info
-# Global Variables: $EXTRA_CHECKS, $groupsB, $groupsVB, $IAMROOT, $idB, $knw_grps, $knw_usrs, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $SED_RED, $SED_GREEN, $SED_RED_YELLOW, $NC, $RED
+# Global Variables: $EXTRA_CHECKS, $groupsB, $groupsVB, $IAMROOT, $idB, $knw_grps, $knw_usrs, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $SED_RED, $SED_GREEN, $NC, $RED
 # Initial Functions:
 # Generated Global Variables: $unix_scks_list, $unix_scks_list2, $perms, $owner, $owner_info, $response, $socket, $cmd, $mode, $group
 # Fat linpeas: 0
@@ -142,13 +142,10 @@ if ! [ "$IAMROOT" ]; then
                     # Highlight dangerous ownership
                     if echo "$owner_info" | grep -q "root"; then
                         echo "  └─(${RED}Owned by root${NC})"
-                        if echo "$perms" | grep -q "Write"; then
-                            echo "  └─High risk: root-owned and writable Unix socket" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-                        fi
                     fi
                 fi
             fi
         done
     fi
     echo ""
-fi
+fi

linPEAS/builder/linpeas_parts/5_network_information/11_Internet_access.sh

@@ -5,10 +5,10 @@
 # Description: Check for internet access
 # License: GNU GPL
 # Version: 1.0
-# Functions Used: check_dns, check_icmp, check_tcp_443, check_tcp_443_bin, check_tcp_80, print_2title, print_3title, print_info, check_external_hostname
-# Global Variables: $E
+# Functions Used: check_dns, check_icmp, check_tcp_443, check_tcp_443_bin, check_tcp_80, print_2title, check_external_hostname
+# Global Variables:
 # Initial Functions:
-# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $tcp443_bin_status, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
+# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $$tcp443_bin_status, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
 # Fat linpeas: 0
 # Small linpeas: 0
 
@@ -29,8 +29,8 @@ check_tcp_443 "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid2=$!
 check_icmp "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid3=$!
 check_dns "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid4=$!
 
-# Kill all check workers after timeout + 1s without relying on integer arithmetic
-(sleep "$TIMEOUT_INTERNET_SECONDS"; sleep 1; kill -9 $pid1 $pid2 $pid3 $pid4 2>/dev/null) &
+# Kill all after 10 seconds
+(sleep $(( $TIMEOUT_INTERNET_SECONDS + 1 )) && kill -9 $pid1 $pid2 $pid3 $pid4 2>/dev/null) &
 
 check_tcp_443_bin $TIMEOUT_INTERNET_SECONDS 2>/dev/null
 tcp443_bin_status=$?
@@ -50,9 +50,3 @@ if [ "$tcp443_bin_status" -eq 0 ] && \
 fi
 
 echo ""
-print_3title "Proxy discovery"
-print_info "Checking common proxy env vars and apt proxy config"
-(env | grep -iE '^(http|https|ftp|all)_proxy=|^no_proxy=') 2>/dev/null | sed -${E} "s,_proxy|no_proxy,${SED_RED_YELLOW},g"
-grep -RinE 'Acquire::(http|https)::Proxy|proxy' /etc/apt/apt.conf /etc/apt/apt.conf.d 2>/dev/null | sed -${E} "s,proxy|Acquire::http::Proxy|Acquire::https::Proxy,${SED_RED_YELLOW},g"
-
-echo ""

linPEAS/builder/linpeas_parts/5_network_information/1_Network_interfaces.sh

@@ -5,8 +5,8 @@
 # Description: Check network interfaces
 # License: GNU GPL
 # Version: 1.0
-# Functions Used: print_2title, print_3title
-# Global Variables: $E, $SED_RED_YELLOW
+# Functions Used: print_2title
+# Global Variables:
 # Initial Functions:
 # Generated Global Variables: $iface, $state, $mac, $ip_file, $line
 # Fat linpeas: 0
@@ -73,22 +73,4 @@ else
     parse_network_interfaces
 fi
 
-if command -v ip >/dev/null 2>&1; then
-    print_3title "Routing & policy quick view"
-    ip route 2>/dev/null
-    ip -6 route 2>/dev/null | head -n 30
-    echo ""
-    ip rule 2>/dev/null
-
-    print_3title "Virtual/overlay interfaces quick view"
-    ip -d link 2>/dev/null | grep -E "^[0-9]+:|veth|docker|cni|flannel|br-|bridge|vlan|bond|tun|tap|wg|tailscale" | sed -${E} "s,veth|docker|cni|flannel|br-|bridge|vlan|bond|tun|tap|wg|tailscale,${SED_RED_YELLOW},g"
-
-    print_3title "Network namespaces quick view"
-    ip netns list 2>/dev/null
-    ls -la /var/run/netns/ 2>/dev/null
-fi
-
-print_3title "Forwarding status"
-sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding 2>/dev/null | sed -${E} "s,=[[:space:]]*1,${SED_RED_YELLOW},g"
-
-echo ""
+echo ""

linPEAS/builder/linpeas_parts/5_network_information/4_Open_ports.sh

@@ -6,7 +6,7 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: print_2title, print_3title, print_info
-# Global Variables: $E, $SED_RED, $SED_RED_YELLOW
+# Global Variables: $E, $SED_RED
 # Initial Functions:
 # Generated Global Variables: $pid_dir, $tx_queue, $pid, $rem_port, $proc_file, $rem_ip, $local_ip, $rx_queue, $proto, $rem_addr, $program, $state, $header_sep, $proc_info, $inode, $header, $line, $local_addr, $local_port
 # Fat linpeas: 0
@@ -122,45 +122,6 @@ get_open_ports() {
         parse_proc_net_ports "udp"
     fi
 
-    # Focused local service exposure view
-    print_3title "Local-only listeners (loopback)"
-    if command -v ss >/dev/null 2>&1; then
-        ss -nltpu 2>/dev/null | grep -E "127\.0\.0\.1:|::1:" | sed -${E} "s,127\.0\.0\.1:|::1:,${SED_RED},g"
-    elif command -v netstat >/dev/null 2>&1; then
-        netstat -punta 2>/dev/null | grep -i listen | grep -E "127\.0\.0\.1:|::1:" | sed -${E} "s,127\.0\.0\.1:|::1:,${SED_RED},g"
-    fi
-
-    print_3title "Unique listener bind addresses"
-    if command -v ss >/dev/null 2>&1; then
-        ss -nltpuH 2>/dev/null | awk '{
-            a=$5
-            if (a ~ /^\[/) {
-                sub(/^\[/, "", a)
-                sub(/\]:[0-9]+$/, "", a)
-            } else if (a ~ /:[0-9]+$/) {
-                sub(/:[0-9]+$/, "", a)
-            }
-            sub(/^::ffff:/, "", a)
-            if (a != "") print a
-        }' | sort -u | sed -${E} "s,127\.0\.0\.1|::1,${SED_RED},g"
-    elif command -v netstat >/dev/null 2>&1; then
-        netstat -punta 2>/dev/null | grep -i listen | awk '{
-            a=$4
-            if (a ~ /^\[/) {
-                sub(/^\[/, "", a)
-                sub(/\]:[0-9]+$/, "", a)
-            } else if (a ~ /:[0-9]+$/) {
-                sub(/:[0-9]+$/, "", a)
-            }
-            if (a == ":::" ) a="::"
-            sub(/^::ffff:/, "", a)
-            if (a != "") print a
-        }' | sort -u | sed -${E} "s,127\.0\.0\.1|::1,${SED_RED},g"
-    fi
-
-    print_3title "Potential local forwarders/relays"
-    ps aux 2>/dev/null | grep -E "[s]ocat|[s]sh .*(-L|-R|-D)|[n]cat|[n]c .*-l" | sed -${E} "s,socat|ssh|-L|-R|-D|ncat|nc,${SED_RED_YELLOW},g"
-
     # Additional port information
     if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
         print_3title "Additional Port Information"

linPEAS/builder/linpeas_parts/5_network_information/7_Tcpdump.sh

@@ -6,9 +6,9 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: print_2title, print_3title, print_info, warn_exec
-# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_RED_YELLOW
+# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN
 # Initial Functions:
-# Generated Global Variables: $tools_found, $tool, $interfaces, $interfaces_found, $iface, $cmd, $pattern, $patterns, $dumpcap_test_file
+# Generated Global Variables: $tools_found, $tool, $interfaces, $interfaces_found, $iface, $cmd, $pattern, $patterns
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -26,17 +26,8 @@ check_command() {
 # Function to check if we can sniff on an interface
 check_interface_sniffable() {
     local iface=$1
-    if check_command tcpdump; then
-        if timeout 1 tcpdump -i "$iface" -c 1 >/dev/null 2>&1; then
-            return 0
-        fi
-    elif check_command dumpcap; then
-        dumpcap_test_file="/tmp/.linpeas_dumpcap_test_$$.pcap"
-        if timeout 2 dumpcap -i "$iface" -c 1 -q -w "$dumpcap_test_file" >/dev/null 2>&1; then
-            rm -f "$dumpcap_test_file" 2>/dev/null
-            return 0
-        fi
-        rm -f "$dumpcap_test_file" 2>/dev/null
+    if timeout 1 tcpdump -i "$iface" -c 1 >/dev/null 2>&1; then
+        return 0
     fi
     return 1
 }
@@ -64,20 +55,6 @@ check_network_traffic_analysis() {
         tools_found=1
         # Check tcpdump version and capabilities
         warn_exec tcpdump --version 2>/dev/null | head -n 1
-        getcap "$(command -v tcpdump)" 2>/dev/null
-    fi
-
-    if check_command dumpcap; then
-        echo "dumpcap is available" | sed -${E} "s,.*,${SED_GREEN},g"
-        tools_found=1
-        warn_exec dumpcap --version 2>/dev/null | head -n 1
-        getcap "$(command -v dumpcap)" 2>/dev/null
-
-        if id -nG 2>/dev/null | grep -qw wireshark; then
-            echo "Current user is in wireshark group" | sed -${E} "s,.*,${SED_GREEN},g"
-        elif getent group wireshark >/dev/null 2>&1; then
-            echo "wireshark group exists but current user is not in it" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-        fi
     fi
     
     if check_command tshark; then
@@ -91,28 +68,10 @@ check_network_traffic_analysis() {
         echo "wireshark is available" | sed -${E} "s,.*,${SED_GREEN},g"
         tools_found=1
     fi
-
-    if check_command ngrep; then
-        echo "ngrep is available" | sed -${E} "s,.*,${SED_GREEN},g"
-        tools_found=1
-    fi
-
-    if check_command tcpflow; then
-        echo "tcpflow is available" | sed -${E} "s,.*,${SED_GREEN},g"
-        tools_found=1
-    fi
     
     if [ $tools_found -eq 0 ]; then
         echo "No sniffing tools found" | sed -${E} "s,.*,${SED_RED},g"
     fi
-
-    if check_command tcpdump; then
-        echo "Sniffable interfaces according to tcpdump -D:"
-        timeout 2 tcpdump -D 2>/dev/null
-    elif check_command dumpcap; then
-        echo "Sniffable interfaces according to dumpcap -D:"
-        timeout 2 dumpcap -D 2>/dev/null
-    fi
     
     # Check network interfaces
     echo ""
@@ -129,28 +88,25 @@ check_network_traffic_analysis() {
     fi
     
     for iface in $interfaces; do
-        if [ "$iface" = "lo" ]; then
-            echo -n "Interface $iface (loopback): "
-        else
+        if [ "$iface" != "lo" ]; then  # Skip loopback
             echo -n "Interface $iface: "
-        fi
-
-        if check_interface_sniffable "$iface"; then
-            echo "Sniffable" | sed -${E} "s,.*,${SED_GREEN},g"
-            interfaces_found=1
-
-            # Check promiscuous mode
-            if [ "$iface" != "lo" ] && check_promiscuous_mode "$iface"; then
-                echo "  - Promiscuous mode enabled" | sed -${E} "s,.*,${SED_RED},g"
+            if check_interface_sniffable "$iface"; then
+                echo "Sniffable" | sed -${E} "s,.*,${SED_GREEN},g"
+                interfaces_found=1
+                
+                # Check promiscuous mode
+                if check_promiscuous_mode "$iface"; then
+                    echo "  - Promiscuous mode enabled" | sed -${E} "s,.*,${SED_RED},g"
+                fi
+                
+                # Get interface details
+                if [ "$EXTRA_CHECKS" ]; then
+                    echo "  - Interface details:"
+                    warn_exec ip addr show "$iface" 2>/dev/null || ifconfig "$iface" 2>/dev/null
+                fi
+            else
+                echo "Not sniffable" | sed -${E} "s,.*,${SED_RED},g"
             fi
-
-            # Get interface details
-            if [ "$EXTRA_CHECKS" ]; then
-                echo "  - Interface details:"
-                warn_exec ip addr show "$iface" 2>/dev/null || ifconfig "$iface" 2>/dev/null
-            fi
-        else
-            echo "Not sniffable" | sed -${E} "s,.*,${SED_RED},g"
         fi
     done
     
@@ -189,12 +145,7 @@ check_network_traffic_analysis() {
         print_info "To capture sensitive traffic, you can use:"
         echo "tcpdump -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
         echo "tshark -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
-        echo "dumpcap -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
     fi
-
-    echo ""
-    print_3title "Running sniffing/traffic reconstruction processes"
-    ps aux 2>/dev/null | grep -E "[t]cpdump|[d]umpcap|[t]shark|[w]ireshark|[n]grep|[t]cpflow" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
     
     # Additional information
     if [ "$EXTRA_CHECKS" ]; then

linPEAS/builder/linpeas_parts/5_network_information/8_Iptables.sh

@@ -6,9 +6,9 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: print_2title, print_3title, warn_exec, echo_not_found
-# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_YELLOW, $SED_RED_YELLOW
+# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_YELLOW
 # Initial Functions:
-# Generated Global Variables: $rules_file, $cmd, $tool, $config_file, $sysctl_var
+# Generated Global Variables: $rules_file, $cmd, $tool, $config_file
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -90,9 +90,6 @@ analyze_nftables() {
     # List all rules
     echo -e "\nNftables Ruleset:"
     warn_exec nft list ruleset 2>/dev/null
-
-    echo -e "\nNftables Ruleset with handles (-a):"
-    warn_exec nft -a list ruleset 2>/dev/null | sed -${E} "s,\\bdrop\\b|\\breject\\b|handle [0-9]+,${SED_RED_YELLOW},g"
     
     # Check for saved rules
     echo -e "\nSaved Rules:"
@@ -183,17 +180,6 @@ analyze_firewall_rules() {
     analyze_nftables
     analyze_firewalld
     analyze_ufw
-
-    echo ""
-    print_3title "Forwarding and rp_filter"
-    for sysctl_var in net.ipv4.ip_forward net.ipv6.conf.all.forwarding net.ipv4.conf.all.rp_filter; do
-        sysctl "$sysctl_var" 2>/dev/null | sed -${E} "s,=[[:space:]]*1,${SED_RED_YELLOW},g"
-    done
-
-    if check_command conntrack; then
-        echo -e "\nConntrack state (first 20):"
-        warn_exec conntrack -L 2>/dev/null | head -n 20
-    fi
     
     # Additional checks if EXTRA_CHECKS is enabled
     if [ "$EXTRA_CHECKS" ]; then
@@ -221,4 +207,4 @@ analyze_firewall_rules() {
 }
 
 # Run the main function
-analyze_firewall_rules
+analyze_firewall_rules

linPEAS/builder/linpeas_parts/6_users_information/16_Subuid_subgid_mappings.sh

@@ -1,36 +0,0 @@
-# Title: Users Information - subuid/subgid mappings
-# ID: UG_Subuid_subgid_mappings
-# Author: Carlos Polop
-# Last Update: 13-02-2026
-# Description: Show delegated user namespace ID ranges from /etc/subuid and /etc/subgid.
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $MACPEAS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "User namespace mappings (subuid/subgid)"
-if [ "$MACPEAS" ]; then
-  echo "Not applicable on macOS"
-else
-  if [ -r /etc/subuid ]; then
-    echo "subuid:"
-    grep -v -E '^\s*#|^\s*$' /etc/subuid 2>/dev/null
-  else
-    echo "/etc/subuid not readable or not present"
-  fi
-
-  if [ -r /etc/subgid ]; then
-    echo ""
-    echo "subgid:"
-    grep -v -E '^\s*#|^\s*$' /etc/subgid 2>/dev/null
-  else
-    echo "/etc/subgid not readable or not present"
-  fi
-fi
-echo ""
-

linPEAS/builder/linpeas_parts/6_users_information/7_Sudo_l.sh

@@ -34,9 +34,6 @@ if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
   echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
 fi
 for f in /etc/sudoers.d/*; do
-  if [ -w "$f" ]; then
-    echo "Sudoers file: $f is writable and may allow privilege escalation" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-  fi
   if [ -r "$f" ]; then
     echo "Sudoers file: $f is readable" | sed -${E} "s,.*,${SED_RED},g"
     grep -Iv "^$" "$f" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g"

linPEAS/builder/linpeas_parts/7_software_information/Leaks_git_repo.sh

@@ -0,0 +1,30 @@
+# Title: Software Information - Checking leaks in git repositories
+# ID: SI_Leaks_git_repo
+# Author: Carlos Polop
+# Last Update: 22-08-2023
+# Description: Checking leaks in git repositories
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: execBin, print_2title
+# Global Variables: $MACPEAS, $TIMEOUT
+# Initial Functions:
+# Generated Global Variables: $git_dirname, $FAT_LINPEAS_GITLEAKS
+# Fat linpeas: 1
+# Small linpeas: 0
+
+
+if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
+  print_2title "Checking leaks in git repositories"
+  printf "%s\n" "$PSTORAGE_GITHUB" | while read f; do
+    if echo "$f" | grep -Eq ".git$"; then
+      git_dirname=$(dirname "$f")
+      if [ "$MACPEAS" ]; then
+        FAT_LINPEAS_GITLEAKS="peass{https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_darwin_arm64.tar.gz}"
+      else
+        FAT_LINPEAS_GITLEAKS="peass{https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_linux_x64.tar.gz}"
+      fi
+      execBin "GitLeaks (checking $git_dirname)" "https://github.com/zricethezav/gitleaks" "$FAT_LINPEAS_GITLEAKS" "detect -s '$git_dirname' -v | grep -E 'Description|Match|Secret|Message|Date'"
+    fi
+  done
+  echo ""
+fi

linPEAS/builder/linpeas_parts/7_software_information/Screen_sessions.sh

@@ -8,12 +8,12 @@
 # Functions Used: print_2title, print_info
 # Global Variables:$DEBUG, $SEARCH_IN_FOLDER, $USER, $wgroups
 # Initial Functions:
-# Generated Global Variables: $screensess, $screensess2, $uscreen
+# Generated Global Variables: $screensess, $screensess2
 # Fat linpeas: 0
 # Small linpeas: 1
 
 
-if (command -v screen >/dev/null 2>&1 || [ -d "/run/screen" ] || [ "$DEBUG" ]) && ! [ "$SEARCH_IN_FOLDER" ]; then
+if ([ "$screensess" ] || [ "$screensess2" ] || [ "$DEBUG" ]) && ! [ "$SEARCH_IN_FOLDER" ]; then
   print_2title "Searching screen sessions"
   print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#open-shell-sessions"
   screensess=$(screen -ls 2>/dev/null)
@@ -25,16 +25,5 @@ if (command -v screen >/dev/null 2>&1 || [ -d "/run/screen" ] || [ "$DEBUG" ]) &
   find /run/screen -type s -path "/run/screen/S-*" -not -user $USER '(' '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null | while read f; do
     echo "Other user screen socket is writable: $f" | sed "s,$f,${SED_RED_YELLOW},"
   done
-
-  if [ -r "/etc/passwd" ]; then
-    print_3title "Checking other users screen sessions"
-    cut -d: -f1,7 /etc/passwd 2>/dev/null | grep "sh$" | cut -d: -f1 | grep -v "^$USER$" | while read u; do
-      uscreen=$(screen -ls "${u}/" 2>/dev/null | grep -v "No Sockets found" | grep -v "^$")
-      if [ "$uscreen" ]; then
-        echo "User $u screen sessions:"
-        printf "%s\n" "$uscreen" | sed -${E} "s,.*,${SED_RED},"
-      fi
-    done
-  fi
   echo ""
-fi
+fi

linPEAS/builder/linpeas_parts/7_software_information/Ssh.sh

@@ -8,7 +8,7 @@
 # Functions Used: print_2title, print_3title
 # Global Variables: $HOME, $HOMESEARCH, $ROOT_FOLDER, $SEARCH_IN_FOLDER, $TIMEOUT, $USER, $wgroups
 # Initial Functions:
-# Generated Global Variables: $certsb4_grep, $hostsallow, $hostsdenied, $sshconfig, $writable_agents, $agent_sockets, $privatekeyfilesetc, $privatekeyfileshome, $privatekeyfilesroot, $privatekeyfilesmnt,
+# Generated Global Variables: $certsb4_grep, $hostsallow, $hostsdenied, $sshconfig, $writable_agents, $privatekeyfilesetc, $privatekeyfileshome, $privatekeyfilesroot, $privatekeyfilesmnt,
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -19,18 +19,12 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
   sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)"
   hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)"
   hostsallow="$(ls /etc/hosts.allow 2>/dev/null)"
-  agent_sockets=$(find /run/user /tmp -type s \( -path "/run/user/*/ssh-*/agent.*" -o -name "ssh-agent.sock" -o -path "/tmp/ssh-*" \) 2>/dev/null)
-  writable_agents=$(find /tmp /etc /home /run/user \
-    \( -type s -a \( -name "agent.*" -o -name "ssh-agent.sock" -o -path "*/ssh-*/agent.*" -o -name "*gpg-agent*" \) \
-    -a \( \( -user "$USER" \) -o \( -perm -o=w \) -o \( -perm -g=w -a \( $wgroups \) \) \) \) 2>/dev/null)
+  writable_agents=$(find /tmp /etc /home -type s -name "agent.*" -or -name "*gpg-agent*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)
 else
   sshconfig="$(ls ${ROOT_FOLDER}etc/ssh/ssh_config 2>/dev/null)"
   hostsdenied="$(ls ${ROOT_FOLDER}etc/hosts.denied 2>/dev/null)"
   hostsallow="$(ls ${ROOT_FOLDER}etc/hosts.allow 2>/dev/null)"
-  agent_sockets=$(find "${ROOT_FOLDER}"tmp "${ROOT_FOLDER}"run -type s \( -name "agent.*" -o -name "ssh-agent.sock" \) 2>/dev/null)
-  writable_agents=$(find "${ROOT_FOLDER}" \
-    \( -type s -a \( -name "agent.*" -o -name "ssh-agent.sock" -o -path "*/ssh-*/agent.*" -o -name "*gpg-agent*" \) \
-    -a \( \( -user "$USER" \) -o \( -perm -o=w \) -o \( -perm -g=w -a \( $wgroups \) \) \) \) 2>/dev/null)
+  writable_agents=$(find  ${ROOT_FOLDER} -type s -name "agent.*" -or -name "*gpg-agent*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)
 fi
 
 peass{SSH}
@@ -64,7 +58,7 @@ fi
 if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then
   print_3title "Some certificates were found (out limited):"
   printf "$certsb4_grep\n" | head -n 20
-  printf "$PSTORAGE_CERTSBIN\n" | head -n 20
+  printf "$$PSTORAGE_CERTSBIN\n" | head -n 20
     echo ""
 fi
 if [ "$PSTORAGE_CERTSCLIENT" ]; then
@@ -77,11 +71,6 @@ if [ "$PSTORAGE_SSH_AGENTS" ]; then
   printf "$PSTORAGE_SSH_AGENTS\n"
   echo ""
 fi
-if [ "$agent_sockets" ]; then
-  print_3title "Potential SSH agent sockets were found:"
-  printf "%s\n" "$agent_sockets" | sed -${E} "s,.*,${SED_RED},"
-  echo ""
-fi
 if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then
   print_3title "Listing SSH Agents"
   ssh-add -l

linPEAS/builder/linpeas_parts/8_interesting_perms_files/1_SUID.sh

@@ -23,7 +23,6 @@ if ! [ "$STRACE" ]; then
 fi
 suids_files=$(find $ROOT_FOLDER -perm -4000 -type f ! -path "/dev/*" 2>/dev/null)
 printf "%s\n" "$suids_files" | while read s; do
-  [ -z "$s" ] && continue
   s=$(ls -lahtr "$s")
   #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
   if echo "$s" | grep -qE "^total"; then break; fi
@@ -60,8 +59,6 @@ printf "%s\n" "$suids_files" | while read s; do
                   if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
                   fi
-                elif echo "$sline_first" | grep -q "/" && [ -d "$(dirname "$sline_first")" ] && [ -w "$(dirname "$sline_first")" ]; then #If path does not exist but can be created
-                  printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can create it inside writable dir $RED$(dirname "$sline_first")$NC$ITALIC (strings line: $sline) (https://tinyurl.com/suidpath)\n"
                 else #If not a path
                   if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n"

linPEAS/builder/linpeas_parts/8_interesting_perms_files/2_SGID.sh

@@ -17,7 +17,6 @@ print_2title "SGID"
 print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid"
 sgids_files=$(find $ROOT_FOLDER -perm -2000 -type f ! -path "/dev/*" 2>/dev/null)
 printf "%s\n" "$sgids_files" | while read s; do
-  [ -z "$s" ] && continue
   s=$(ls -lahtr "$s")
   #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
   if echo "$s" | grep -qE "^total";then break; fi
@@ -54,8 +53,6 @@ printf "%s\n" "$sgids_files" | while read s; do
                   if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n"
                   fi
-                elif echo "$sline_first" | grep -q "/" && [ -d "$(dirname "$sline_first")" ] && [ -w "$(dirname "$sline_first")" ]; then #If path does not exist but can be created
-                  printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can create it inside writable dir $RED$(dirname "$sline_first")$NC$ITALIC (strings line: $sline)\n"
                 else #If not a path
                   if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n"
@@ -93,4 +90,4 @@ printf "%s\n" "$sgids_files" | while read s; do
     fi
   fi
 done;
-echo ""
+echo ""

linPEAS/builder/linpeas_parts/8_interesting_perms_files/3_Files_ACLs.sh

@@ -6,7 +6,7 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $HOMESEARCH, $knw_usrs, $MACPEAS, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $writeB, $writeVB
+# Global Variables: $HOMESEARCH, $knw_usrs, $MACPEAS, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER
 # Initial Functions:
 # Generated Global Variables:
 # Fat linpeas: 0
@@ -16,12 +16,12 @@
 print_2title "Files with ACLs (limited to 50)"
 print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#acls"
 if ! [ "$SEARCH_IN_FOLDER" ]; then
-  ( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$writeVB,${SED_RED_YELLOW},g" | sed -${E} "s,$writeB,${SED_RED},g"
+  ( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
 else
-  ( (getfacl -t -s -R -p $SEARCH_IN_FOLDER 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$writeVB,${SED_RED_YELLOW},g" | sed -${E} "s,$writeB,${SED_RED},g"
+  ( (getfacl -t -s -R -p $SEARCH_IN_FOLDER 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
 fi
 
 if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl || echo -n '')" ]; then  #Find ACL files in macos (veeeery slow)
-  ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$writeVB,${SED_RED_YELLOW},g" | sed -${E} "s,$writeB,${SED_RED},g"
+  ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
 fi
-echo ""
+echo ""

linPEAS/builder/linpeas_parts/8_interesting_perms_files/4_Capabilities.sh

@@ -8,7 +8,7 @@
 # Functions Used: echo_not_found, print_2title, print_info, print_3title
 # Global Variables: $capsB, $capsVB, $IAMROOT, $SEARCH_IN_FOLDER
 # Initial Functions:
-# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln, $proc_status, $proc_pid, $proc_name, $proc_uid, $user_name, $proc_inh, $proc_prm, $proc_eff, $proc_bnd, $proc_amb, $proc_inh_dec, $proc_prm_dec, $proc_eff_dec, $proc_bnd_dec, $proc_amb_dec
+# Generated Global Variables: $cap_name, $cap_value, $cap_line, $capVB, $capname, $capbins, $capsVB_vuln
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -69,40 +69,6 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
       fi
     done
     echo ""
-
-    print_3title "Processes with capability sets (non-zero CapEff/CapAmb, limit 40)"
-    find /proc -maxdepth 2 -path "/proc/[0-9]*/status" 2>/dev/null | head -n 400 | while read -r proc_status; do
-      proc_pid=$(echo "$proc_status" | cut -d/ -f3)
-      proc_name=$(awk '/^Name:/{print $2}' "$proc_status" 2>/dev/null)
-      proc_uid=$(awk '/^Uid:/{print $2}' "$proc_status" 2>/dev/null)
-      user_name=$(awk -F: -v uid="$proc_uid" '$3==uid{print $1; exit}' /etc/passwd 2>/dev/null)
-      [ -z "$user_name" ] && user_name="$proc_uid"
-
-      proc_inh=$(awk '/^CapInh:/{print $2}' "$proc_status" 2>/dev/null)
-      proc_prm=$(awk '/^CapPrm:/{print $2}' "$proc_status" 2>/dev/null)
-      proc_eff=$(awk '/^CapEff:/{print $2}' "$proc_status" 2>/dev/null)
-      proc_bnd=$(awk '/^CapBnd:/{print $2}' "$proc_status" 2>/dev/null)
-      proc_amb=$(awk '/^CapAmb:/{print $2}' "$proc_status" 2>/dev/null)
-
-      [ -z "$proc_eff" ] && continue
-      if [ "$proc_eff" != "0000000000000000" ] || [ "$proc_amb" != "0000000000000000" ]; then
-        echo "PID $proc_pid ($proc_name) user=$user_name"
-
-        proc_inh_dec=$(capsh --decode=0x"$proc_inh" 2>/dev/null)
-        proc_prm_dec=$(capsh --decode=0x"$proc_prm" 2>/dev/null)
-        proc_eff_dec=$(capsh --decode=0x"$proc_eff" 2>/dev/null)
-        proc_bnd_dec=$(capsh --decode=0x"$proc_bnd" 2>/dev/null)
-        proc_amb_dec=$(capsh --decode=0x"$proc_amb" 2>/dev/null)
-
-        echo "  CapInh: $proc_inh_dec" | sed -${E} "s,$capsB,${SED_RED},g"
-        echo "  CapPrm: $proc_prm_dec" | sed -${E} "s,$capsB,${SED_RED},g"
-        echo "  CapEff: $proc_eff_dec" | sed -${E} "s,$capsB,${SED_RED_YELLOW},g"
-        echo "  CapBnd: $proc_bnd_dec" | sed -${E} "s,$capsB,${SED_RED},g"
-        echo "  CapAmb: $proc_amb_dec" | sed -${E} "s,$capsB,${SED_RED_YELLOW},g"
-        echo ""
-      fi
-    done | head -n 240
-    echo ""
   
   else
     print_3title "Current shell capabilities"

linPEAS/builder/linpeas_parts/8_interesting_perms_files/5_Users_with_capabilities.sh

@@ -6,27 +6,19 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $capsB, $DEBUG, $knw_usrs, $nosh_usrs, $sh_usrs, $USER
+# Global Variables: $DEBUG, $knw_usrs, $nosh_usrs, $sh_usrs, $USER
 # Initial Functions:
-# Generated Global Variables: $pam_cap_lines
+# Generated Global Variables:
 # Fat linpeas: 0
 # Small linpeas: 0
 
 
-if [ -f "/etc/security/capability.conf" ] || [ "$DEBUG" ] || grep -Rqs "pam_cap\.so" /etc/pam.d /etc/pam.conf 2>/dev/null; then
+if [ -f "/etc/security/capability.conf" ] || [ "$DEBUG" ]; then
   print_2title "Users with capabilities"
   print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities"
   if [ -f "/etc/security/capability.conf" ]; then
-    grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed -${E} "s,$capsB,${SED_RED},g"
+    grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
   else echo_not_found "/etc/security/capability.conf"
   fi
   echo ""
-  print_info "Checking if PAM loads pam_cap.so"
-  pam_cap_lines=$(grep -RIn "pam_cap\.so" /etc/pam.d /etc/pam.conf 2>/dev/null)
-  if [ "$pam_cap_lines" ]; then
-    printf "%s\n" "$pam_cap_lines" | sed -${E} "s,pam_cap\\.so,${SED_RED_YELLOW},g"
-  else
-    echo_not_found "pam_cap.so in /etc/pam.d or /etc/pam.conf"
-  fi
-  echo ""
-fi
+fi

linPEAS/builder/linpeas_parts/8_interesting_perms_files/6_Misconfigured_ldso.sh

@@ -6,7 +6,7 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: print_2title, print_info
-# Global Variables: $IAMROOT, $ITALIC, $SEARCH_IN_FOLDER, $USER, $Wfolders, $ldsoconfdG, $wgroups
+# Global Variables: $IAMROOT, $ITALIC, $SEARCH_IN_FOLDER, $USER, $Wfolders, $wgroups
 # Initial Functions:
 # Generated Global Variables: $ini_path, $fpath
 # Fat linpeas: 0
@@ -26,53 +26,40 @@ if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$IAMROOT" ]; then
   echo "Content of /etc/ld.so.conf:"
   cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
 
-  # Check each configured folder and include directives
-  cat /etc/ld.so.conf 2>/dev/null | while IFS= read -r l; do
-    l=$(echo "$l" | sed 's/#.*$//' | xargs 2>/dev/null)
-    [ -z "$l" ] && continue
-
-    if echo "$l" | grep -qE '^include[[:space:]]+'; then
+  # Check each configured folder
+  cat /etc/ld.so.conf 2>/dev/null | while read l; do
+    if echo "$l" | grep -q include; then
       ini_path=$(echo "$l" | cut -d " " -f 2)
       fpath=$(dirname "$ini_path")
 
-      if [ -d "$fpath" ] && [ -w "$fpath" ]; then
-        echo "You have write privileges over $fpath" | sed -${E} "s,.*,${SED_RED_YELLOW},";
+      if [ -d "/etc/ld.so.conf" ] && [ -w "$fpath" ]; then 
+        echo "You have write privileges over $fpath" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
         printf $RED_YELLOW$ITALIC"$fpath\n"$NC;
       else
         printf $GREEN$ITALIC"$fpath\n"$NC;
       fi
 
-      if [ "$(find "$fpath" -type f '(' '(' -user "$USER" ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then
-        echo "You have write privileges over $(find "$fpath" -type f '(' '(' -user "$USER" ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},";
+      if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then
+        echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or  '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
       fi
 
-      for f in $ini_path; do
-        [ -f "$f" ] || continue
-
-        if [ -w "$f" ]; then
-          echo "You have write privileges over $f" | sed -${E} "s,.*,${SED_RED_YELLOW},";
+      for f in $fpath/*; do
+        if [ -w "$f" ]; then 
+          echo "You have write privileges over $f" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
           printf $RED_YELLOW$ITALIC"$f\n"$NC;
         else
           printf $GREEN$ITALIC"  $f\n"$NC;
         fi
 
-        cat "$f" 2>/dev/null | grep -v "^#" | while IFS= read -r l2; do
-          l2=$(echo "$l2" | xargs 2>/dev/null)
-          [ -z "$l2" ] && continue
-
-          if [ -d "$l2" ] && [ -w "$l2" ]; then
-            echo "You have write privileges over $l2" | sed -${E} "s,.*,${SED_RED_YELLOW},";
+        cat "$f" | grep -v "^#" | while read l2; do
+          if [ -f "$l2" ] && [ -w "$l2" ]; then 
+            echo "You have write privileges over $l2" | sed -${E} "s,.*,${SED_RED_YELLOW},"; 
             printf $RED_YELLOW$ITALIC"  - $l2\n"$NC;
-          elif [ -d "$l2" ]; then
-            echo $ITALIC"  - $l2"$NC | sed -${E} "s,$ldsoconfdG,${SED_GREEN},g" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
+          else
+            echo $ITALIC"  - $l2"$NC | sed -${E} "s,$l2,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
           fi
         done
       done
-    elif [ -d "$l" ] && [ -w "$l" ]; then
-      echo "You have write privileges over $l" | sed -${E} "s,.*,${SED_RED_YELLOW},";
-      printf $RED_YELLOW$ITALIC"$l\n"$NC;
-    else
-      echo $ITALIC"$l"$NC | sed -${E} "s,$ldsoconfdG,${SED_GREEN},g" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g";
     fi
   done
   echo ""
@@ -88,4 +75,4 @@ if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$IAMROOT" ]; then
     if [ -f "$l" ] && [ -w "$l" ]; then echo "You have write privileges over $l" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi
   done
 
-fi
+fi

linPEAS/builder/linpeas_parts/functions/enumerateDockerSockets.sh

@@ -6,9 +6,9 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: echo_not_found
-# Global Variables: $GREP_DOCKER_SOCK_INFOS, $GREP_DOCKER_SOCK_INFOS_IGNORE
+# Global Variables: $GREP_DOCKER_SOCK_INFOS, $GREP_DOCKER_SOCK_INFOS_IGNORE, $IAMROOT
 # Initial Functions:
-# Generated Global Variables: $SEARCHED_DOCKER_SOCKETS, $docker_enumerated, $dockerVersion, $int_sock, $sockInfoResponse
+# Generated Global Variables: $SEARCHED_DOCKER_SOCKETS, $dock_sock, $docker_enumerated, $dockerVersion, $int_sock, $sockInfoResponse
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -17,55 +17,34 @@ enumerateDockerSockets() {
   dockerVersion="$(echo_not_found)"
   if ! [ "$SEARCHED_DOCKER_SOCKETS" ]; then
     SEARCHED_DOCKER_SOCKETS="1"
-    # NOTE: This is intentionally "lightweight" (checks common runtime socket names) and avoids
-    # pseudo filesystems (/sys, /proc) to reduce noise and latency.
-    for int_sock in $(find / \
-      -path "/sys" -prune -o \
-      -path "/proc" -prune -o \
-      -type s \( \
-        -name "docker.sock" -o \
-        -name "docker.socket" -o \
-        -name "dockershim.sock" -o \
-        -name "containerd.sock" -o \
-        -name "crio.sock" -o \
-        -name "frakti.sock" -o \
-        -name "rktlet.sock" \
-      \) -print 2>/dev/null); do
-
-      # Basic permissions hint (you generally need write perms to connect to a unix socket).
-      if [ -w "$int_sock" ]; then
+    for int_sock in $(find / ! -path "/sys/*" -type s -name "docker.sock" -o -name "docker.socket" -o -name "dockershim.sock" -o -name "containerd.sock" -o -name "crio.sock" -o -name "frakti.sock" -o -name "rktlet.sock" 2>/dev/null); do
+      if ! [ "$IAMROOT" ] && [ -w "$int_sock" ]; then
         if echo "$int_sock" | grep -Eq "docker"; then
-          echo "You have write permissions over Docker socket $int_sock" | sed -${E} "s,$int_sock,${SED_RED_YELLOW},g"
+          dock_sock="$int_sock"
+          echo "You have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${SED_RED_YELLOW},g"
+          echo "Docker enummeration:"
+          docker_enumerated=""
+
+          if [ "$(command -v curl || echo -n '')" ]; then
+            sockInfoResponse="$(curl -s --unix-socket $dock_sock http://localhost/info)"
+            dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'ServerVersion' | cut -d'"' -f 4)
+            echo $sockInfoResponse | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"'
+            if [ "$sockInfoResponse" ]; then docker_enumerated="1"; fi
+          fi
+
+          if [ "$(command -v docker || echo -n '')" ] && ! [ "$docker_enumerated" ]; then
+            sockInfoResponse="$(docker info)"
+            dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'Server Version' | cut -d' ' -f 4)
+            printf "$sockInfoResponse" | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"'
+          fi
+        
         else
           echo "You have write permissions over interesting socket $int_sock" | sed -${E} "s,$int_sock,${SED_RED},g"
         fi
+
       else
         echo "You don't have write permissions over interesting socket $int_sock" | sed -${E} "s,$int_sock,${SED_GREEN},g"
       fi
-
-      # Validate whether this looks like a Docker Engine API socket (amicontained-style) when curl exists.
-      docker_enumerated=""
-      if [ "$(command -v curl 2>/dev/null || echo -n '')" ]; then
-        sockInfoResponse="$(curl -s --max-time 2 --unix-socket "$int_sock" http://localhost/info 2>/dev/null)"
-        if echo "$sockInfoResponse" | grep -q "ServerVersion"; then
-          echo "Valid Docker API socket: $int_sock" | sed -${E} "s,$int_sock,${SED_RED_YELLOW},g"
-          dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'ServerVersion' | cut -d'"' -f 4)
-          echo "$sockInfoResponse" | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"'
-          docker_enumerated="1"
-        fi
-      fi
-
-      # Fallback to docker CLI if curl is missing or the /info request didn't work.
-      # Use DOCKER_HOST so we can target non-default socket paths when possible.
-      if [ "$(command -v docker 2>/dev/null || echo -n '')" ] && ! [ "$docker_enumerated" ]; then
-        if [ -w "$int_sock" ] && echo "$int_sock" | grep -Eq "docker"; then
-          sockInfoResponse="$(DOCKER_HOST="unix://$int_sock" docker info 2>/dev/null)"
-          if [ "$sockInfoResponse" ]; then
-            dockerVersion=$(echo "$sockInfoResponse" | grep -i "^ Server Version:" | awk '{print $4}' | head -n 1)
-            printf "%s\n" "$sockInfoResponse" | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"'
-          fi
-        fi
-      fi
     done
   fi
 }

linPEAS/builder/linpeas_parts/linpeas_base/0_variables_base.sh

@@ -217,7 +217,7 @@ print_title(){
   max_title_len=80
   rest_len=$((($max_title_len - $title_len) / 2))
 
-  printf "%s" "${BLUE}"
+  printf ${BLUE}
   for i in $(seq 1 $rest_len); do printf " "; done
   printf "╔"
   for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
@@ -231,13 +231,13 @@ print_title(){
 
   echo ""
 
-  printf "%s" "${BLUE}"
+  printf ${BLUE}
   for i in $(seq 1 $rest_len); do printf " "; done
   printf "╚"
   for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
   printf "╝"
 
-  printf "%s" "${NC}"
+  printf $NC
   echo ""
 }
 

linPEAS/builder/linpeas_parts/variables/capsB.sh

@@ -13,4 +13,4 @@
 # Small linpeas: 1
 
 
-capsB="=ep|cap_chown|cap_fowner|cap_fsetid|cap_setpcap|cap_setfcap|cap_dac_override|cap_dac_read_search|cap_setuid|cap_setgid|cap_kill|cap_net_bind_service|cap_net_raw|cap_net_admin|cap_sys_admin|cap_sys_ptrace|cap_sys_module|cap_sys_rawio|cap_bpf|cap_perfmon"
+capsB="=ep|cap_chown|cap_former|cap_setfcap|cap_dac_override|cap_dac_read_search|cap_setuid|cap_setgid|cap_kill|cap_net_bind_service|cap_net_raw|cap_net_admin|cap_sys_admin|cap_sys_ptrace|cap_sys_module"

linPEAS/builder/linpeas_parts/variables/capsVB.sh

@@ -18,9 +18,7 @@ cap_sys_ptrace:python \
 cap_sys_module:kmod|python \
 cap_dac_override:python|vim \
 cap_chown:chown|python \
-cap_fowner:chown|python \
-cap_setfcap:python|perl|ruby|php|node|lua|bash \
-cap_setpcap:python|perl|ruby|php|node|lua|bash \
+cap_former:chown|python \
 cap_setuid:peass{CAP_SETUID_HERE} \
 cap_setgid:peass{CAP_SETGID_HERE} \
-cap_net_raw:python|tcpdump|dumpcap|tcpflow"
+cap_net_raw:python|tcpdump"

linPEAS/builder/linpeas_parts/variables/pwd_in_variables.sh

@@ -24,4 +24,4 @@ pwd_in_variables7="MAILGUN_APIKEY|MAILGUN_API_KEY|MAILGUN_DOMAIN|MAILGUN_PRIV_KE
 pwd_in_variables8="OKTA_OAUTH2_ISSUER|OMISE_KEY|OMISE_PKEY|OMISE_PUBKEY|OMISE_SKEY|ONESIGNAL_API_KEY|ONESIGNAL_USER_AUTH_KEY|OPENWHISK_KEY|OPEN_WHISK_KEY|OSSRH_PASS|OSSRH_SECRET|OSSRH_USER|OS_AUTH_URL|OS_PROJECT_NAME|OS_TENANT_ID|OS_TENANT_NAME|PAGERDUTY_APIKEY|PAGERDUTY_ESCALATION_POLICY_ID|PAGERDUTY_FROM_USER|PAGERDUTY_PRIORITY_ID|PAGERDUTY_SERVICE_ID|PANTHEON_SITE|PARSE_APP_ID|PARSE_JS_KEY|PAYPAL_CLIENT_ID|PAYPAL_CLIENT_SECRET|PERCY_TOKEN|PERSONAL_KEY|PERSONAL_SECRET|PG_DATABASE|PG_HOST|PLACES_APIKEY|PLACES_API_KEY|PLACES_APPID|PLACES_APPLICATION_ID|PLOTLY_APIKEY|POSTGRESQL_DB|POSTGRESQL_PASS|POSTGRES_ENV_POSTGRES_DB|POSTGRES_ENV_POSTGRES_USER|POSTGRES_PORT|PREBUILD_AUTH|PROD.ACCESS.KEY.ID|PROD.SECRET.KEY|PROD_BASE_URL_RUNSCOPE|PROJECT_CONFIG|PUBLISH_KEY|PUBLISH_SECRET|PUSHOVER_TOKEN|PUSHOVER_USER|PYPI_PASSOWRD|QUIP_TOKEN|RABBITMQ_SERVER_ADDR|REDISCLOUD_URL|REDIS_STUNNEL_URLS|REFRESH_TOKEN|RELEASE_GH_TOKEN|RELEASE_TOKEN|remoteUserToShareTravis|REPORTING_WEBDAV_URL|REPORTING_WEBDAV_USER|repoToken|REST_API_KEY|RINKEBY_PRIVATE_KEY|ROPSTEN_PRIVATE_KEY|route53_access_key_id|RTD_KEY_PASS|RTD_STORE_PASS|RUBYGEMS_AUTH_TOKEN|s3_access_key|S3_ACCESS_KEY_ID|S3_BUCKET_NAME_APP_LOGS|S3_BUCKET_NAME_ASSETS|S3_KEY"
 pwd_in_variables9="S3_KEY_APP_LOGS|S3_KEY_ASSETS|S3_PHOTO_BUCKET|S3_SECRET_APP_LOGS|S3_SECRET_ASSETS|S3_SECRET_KEY|S3_USER_ID|S3_USER_SECRET|SACLOUD_ACCESS_TOKEN|SACLOUD_ACCESS_TOKEN_SECRET|SACLOUD_API|SALESFORCE_BULK_TEST_SECURITY_TOKEN|SANDBOX_ACCESS_TOKEN|SANDBOX_AWS_ACCESS_KEY_ID|SANDBOX_AWS_SECRET_ACCESS_KEY|SANDBOX_LOCATION_ID|SAUCE_ACCESS_KEY|SECRETACCESSKEY|SECRETKEY|SECRET_0|SECRET_10|SECRET_11|SECRET_1|SECRET_2|SECRET_3|SECRET_4|SECRET_5|SECRET_6|SECRET_7|SECRET_8|SECRET_9|SECRET_KEY_BASE|SEGMENT_API_KEY|SELION_SELENIUM_SAUCELAB_GRID_CONFIG_FILE|SELION_SELENIUM_USE_SAUCELAB_GRID|SENDGRID|SENDGRID_API_KEY|SENDGRID_FROM_ADDRESS|SENDGRID_KEY|SENDGRID_USER|SENDWITHUS_KEY|SENTRY_AUTH_TOKEN|SERVICE_ACCOUNT_SECRET|SES_ACCESS_KEY|SES_SECRET_KEY|setDstAccessKey|setDstSecretKey|setSecretKey|SIGNING_KEY|SIGNING_KEY_SECRET|SIGNING_KEY_SID|SNOOWRAP_CLIENT_SECRET|SNOOWRAP_REDIRECT_URI|SNOOWRAP_REFRESH_TOKEN|SNOOWRAP_USER_AGENT|SNYK_API_TOKEN|SNYK_ORG_ID|SNYK_TOKEN|SOCRATA_APP_TOKEN|SOCRATA_USER|SONAR_ORGANIZATION_KEY|SONAR_PROJECT_KEY|SONAR_TOKEN|SONATYPE_GPG_KEY_NAME|SONATYPE_GPG_PASSPHRASE|SONATYPE_PASSSONATYPE_TOKEN_USER|SONATYPE_USER|SOUNDCLOUD_CLIENT_ID|SOUNDCLOUD_CLIENT_SECRET|SPACES_ACCESS_KEY_ID|SPACES_SECRET_ACCESS_KEY"
 pwd_in_variables10="SPA_CLIENT_ID|SPOTIFY_API_ACCESS_TOKEN|SPOTIFY_API_CLIENT_ID|SPOTIFY_API_CLIENT_SECRET|sqsAccessKey|sqsSecretKey|SRCCLR_API_TOKEN|SSHPASS|SSMTP_CONFIG|STARSHIP_ACCOUNT_SID|STARSHIP_AUTH_TOKEN|STAR_TEST_AWS_ACCESS_KEY_ID|STAR_TEST_BUCKET|STAR_TEST_LOCATION|STAR_TEST_SECRET_ACCESS_KEY|STORMPATH_API_KEY_ID|STORMPATH_API_KEY_SECRET|STRIPE_PRIVATE|STRIPE_PUBLIC|STRIP_PUBLISHABLE_KEY|STRIP_SECRET_KEY|SURGE_LOGIN|SURGE_TOKEN|SVN_PASS|SVN_USER|TESCO_API_KEY|THERA_OSS_ACCESS_ID|THERA_OSS_ACCESS_KEY|TRAVIS_ACCESS_TOKEN|TRAVIS_API_TOKEN|TRAVIS_COM_TOKEN|TRAVIS_E2E_TOKEN|TRAVIS_GH_TOKEN|TRAVIS_PULL_REQUEST|TRAVIS_SECURE_ENV_VARS|TRAVIS_TOKEN|TREX_CLIENT_ORGURL|TREX_CLIENT_TOKEN|TREX_OKTA_CLIENT_ORGURL|TREX_OKTA_CLIENT_TOKEN|TWILIO_ACCOUNT_ID|TWILIO_ACCOUNT_SID|TWILIO_API_KEY|TWILIO_API_SECRET|TWILIO_CHAT_ACCOUNT_API_SERVICE|TWILIO_CONFIGURATION_SID|TWILIO_SID|TWILIO_TOKEN|TWITTEROAUTHACCESSSECRET|TWITTEROAUTHACCESSTOKEN|TWITTER_CONSUMER_KEY|TWITTER_CONSUMER_SECRET|UNITY_SERIAL|URBAN_KEY|URBAN_MASTER_SECRET|URBAN_SECRET|userTravis|USER_ASSETS_ACCESS_KEY_ID|USER_ASSETS_SECRET_ACCESS_KEY|VAULT_APPROLE_SECRET_ID|VAULT_PATH|VIP_GITHUB_BUILD_REPO_DEPLOY_KEY|VIP_GITHUB_DEPLOY_KEY|VIP_GITHUB_DEPLOY_KEY_PASS"
-pwd_in_variables11="VIRUSTOTAL_APIKEY|VISUAL_RECOGNITION_API_KEY|V_SFDC_CLIENT_ID|V_SFDC_CLIENT_SECRET|WAKATIME_API_KEY|WAKATIME_PROJECT|WATSON_CLIENT|WATSON_CONVERSATION_WORKSPACE|WATSON_DEVICE|WATSON_DEVICE_TOPIC|WATSON_TEAM_ID|WATSON_TOPIC|WIDGET_BASIC_USER_2|WIDGET_BASIC_USER_3|WIDGET_BASIC_USER_4|WIDGET_BASIC_USER_5|WIDGET_FB_USER|WIDGET_FB_USER_2|WIDGET_FB_USER_3|WIDGET_TEST_SERVERWORDPRESS_DB_USER|WORKSPACE_ID|WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY|WPT_DB_HOST|WPT_DB_NAME|WPT_DB_USER|WPT_PREPARE_DIR|WPT_REPORT_API_KEY|WPT_SSH_CONNECT|WPT_SSH_PRIVATE_KEY_BASE64|YANGSHUN_GH_TOKEN|YT_ACCOUNT_CHANNEL_ID|YT_ACCOUNT_CLIENT_ID|YT_ACCOUNT_CLIENT_SECRET|YT_ACCOUNT_REFRESH_TOKEN|YT_API_KEY|YT_CLIENT_ID|YT_CLIENT_SECRET|YT_PARTNER_CHANNEL_ID|YT_PARTNER_CLIENT_ID|YT_PARTNER_CLIENT_SECRET|YT_PARTNER_ID|YT_PARTNER_REFRESH_TOKEN|YT_SERVER_API_KEY|ZHULIANG_GH_TOKEN|ZOPIM_ACCOUNT_KEY|USERNAME|PASSWORD|PASSWD|CREDENTIALS?"
+pwd_in_variables11="VIRUSTOTAL_APIKEY|VISUAL_RECOGNITION_API_KEY|V_SFDC_CLIENT_ID|V_SFDC_CLIENT_SECRET|WAKATIME_API_KEY|WAKATIME_PROJECT|WATSON_CLIENT|WATSON_CONVERSATION_WORKSPACE|WATSON_DEVICE|WATSON_DEVICE_TOPIC|WATSON_TEAM_ID|WATSON_TOPIC|WIDGET_BASIC_USER_2|WIDGET_BASIC_USER_3|WIDGET_BASIC_USER_4|WIDGET_BASIC_USER_5|WIDGET_FB_USER|WIDGET_FB_USER_2|WIDGET_FB_USER_3|WIDGET_TEST_SERVERWORDPRESS_DB_USER|WORKSPACE_ID|WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY|WPT_DB_HOST|WPT_DB_NAME|WPT_DB_USER|WPT_PREPARE_DIR|WPT_REPORT_API_KEY|WPT_SSH_CONNECT|WPT_SSH_PRIVATE_KEY_BASE64|YANGSHUN_GH_TOKEN|YT_ACCOUNT_CHANNEL_ID|YT_ACCOUNT_CLIENT_ID|YT_ACCOUNT_CLIENT_SECRET|YT_ACCOUNT_REFRESH_TOKEN|YT_API_KEY|YT_CLIENT_ID|YT_CLIENT_SECRET|YT_PARTNER_CHANNEL_ID|YT_PARTNER_CLIENT_ID|YT_PARTNER_CLIENT_SECRET|YT_PARTNER_ID|YT_PARTNER_REFRESH_TOKEN|YT_SERVER_API_KEY|ZHULIANG_GH_TOKEN|ZOPIM_ACCOUNT_KEY"

linPEAS/builder/linpeas_parts/variables/sudoB.sh

@@ -12,4 +12,4 @@
 # Fat linpeas: 0
 # Small linpeas: 1
 
-sudoB="$(whoami)|ALL:ALL|ALL : ALL|ALL|env_keep|NOPASSWD|SETENV|/apache2|/cryptsetup|/mount|/restic|/usermod|/sbin/ldconfig|/usr/sbin/ldconfig|ldconfig -f|--password-command|--password-file|-o ProxyCommand|-o PreferredAuthentications"
+sudoB="$(whoami)|ALL:ALL|ALL : ALL|ALL|env_keep|NOPASSWD|SETENV|/apache2|/cryptsetup|/mount|/restic|--password-command|--password-file|-o ProxyCommand|-o PreferredAuthentications"

linPEAS/builder/linpeas_parts/variables/writeVB.sh

@@ -13,4 +13,4 @@
 # Small linpeas: 1
 
 
-writeVB="/etc/anacrontab|/etc/apt/apt.conf.d|/etc/bash.bashrc|/etc/bash_completion|/etc/bash_completion.d/|/etc/cron|/etc/environment|/etc/environment.d/|/etc/group|/etc/incron.d/|/etc/init|/etc/ld.so.conf.d/|/etc/ld.so.preload|/etc/master.passwd|/etc/passwd|/etc/profile.d/|/etc/profile|/etc/rc.d|/etc/shadow|/etc/skey/|/etc/sudoers|/etc/sudoers.d/|/etc/supervisor/conf.d/|/etc/supervisor/supervisord.conf|/etc/systemd|/etc/sys|/lib/systemd|/etc/update-motd.d/|/root/.ssh/|/run/systemd|/usr/lib/cron/tabs/|/usr/lib/systemd|/systemd/system|/var/db/yubikey/|/var/spool/anacron|/var/spool/cron/crontabs|"$(echo $PATH 2>/dev/null | sed 's/:\.:/:/g' | sed 's/:\.$//g' | sed 's/^\.://g' | sed 's/:/$|^/g') #Add Path but remove simple dot in PATH
+writeVB="/etc/anacrontab|/etc/apt/apt.conf.d|/etc/bash.bashrc|/etc/bash_completion|/etc/bash_completion.d/|/etc/cron|/etc/environment|/etc/environment.d/|/etc/group|/etc/incron.d/|/etc/init|/etc/ld.so.conf.d/|/etc/master.passwd|/etc/passwd|/etc/profile.d/|/etc/profile|/etc/rc.d|/etc/shadow|/etc/skey/|/etc/sudoers|/etc/sudoers.d/|/etc/supervisor/conf.d/|/etc/supervisor/supervisord.conf|/etc/systemd|/etc/sys|/lib/systemd|/etc/update-motd.d/|/root/.ssh/|/run/systemd|/usr/lib/cron/tabs/|/usr/lib/systemd|/systemd/system|/var/db/yubikey/|/var/spool/anacron|/var/spool/cron/crontabs|"$(echo $PATH 2>/dev/null | sed 's/:\.:/:/g' | sed 's/:\.$//g' | sed 's/^\.://g' | sed 's/:/$|^/g') #Add Path but remove simple dot in PATH

winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs

@@ -524,7 +524,7 @@ namespace winPEAS.Checks
             {
                 Beaprint.MainPrint("Looking for documents --limit 100--");
                 List<string> docFiles = InterestingFiles.InterestingFiles.ListUsersDocs();
-                Beaprint.ListPrint(MyUtils.GetLimitedRange(docFiles, 100));
+                Beaprint.ListPrint(docFiles.GetRange(0, docFiles.Count <= 100 ? docFiles.Count : 100));
             }
             catch (Exception ex)
             {
@@ -546,7 +546,7 @@ namespace winPEAS.Checks
 
                 if (recFiles.Count != 0)
                 {
-                    foreach (Dictionary<string, string> recF in MyUtils.GetLimitedRange(recFiles, 70))
+                    foreach (Dictionary<string, string> recF in recFiles.GetRange(0, recFiles.Count <= 70 ? recFiles.Count : 70))
                     {
                         Beaprint.AnsiPrint("    " + recF["Target"] + "(" + recF["Accessed"] + ")", colorF);
                     }

winPEAS/winPEASexe/winPEAS/Checks/NetworkInfo.cs

@@ -348,7 +348,8 @@ namespace winPEAS.Checks
                 Beaprint.MainPrint("DNS cached --limit 70--");
                 Beaprint.GrayPrint(string.Format("    {0,-38}{1,-38}{2}", "Entry", "Name", "Data"));
                 List<Dictionary<string, string>> DNScache = NetworkInfoHelper.GetDNSCache();
-                foreach (Dictionary<string, string> entry in MyUtils.GetLimitedRange(DNScache, 70))
+                foreach (Dictionary<string, string> entry in DNScache.GetRange(0,
+                    DNScache.Count <= 70 ? DNScache.Count : 70))
                 {
                     Console.WriteLine($"    {entry["Entry"],-38}{entry["Name"],-38}{entry["Data"]}");
                 }

winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs

@@ -21,11 +21,6 @@ namespace winPEAS.Helpers
                 ""); //To get the default object you need to use an empty string
         }
 
-        public static List<T> GetLimitedRange<T>(List<T> items, int limit)
-        {
-            return items.GetRange(0, Math.Min(items.Count, limit));
-        }
-
         ////////////////////////////////////
         /////// MISC - Files & Paths ///////
         ////////////////////////////////////