Doc tweak for Codex merge test

new actions
f
2026-02-12 15:46:37 +00:00 · 2026-01-18 23:58:37 +01:00 · 2026-01-18 23:54:04 +01:00 · 2026-01-17 17:46:36 +01:00
60 changed files with 511 additions and 1663 deletions
--- a/.github/chack-agent/pr-merge-schema.json
+++ b/.github/chack-agent/pr-merge-schema.json
--- a/.github/workflows/CI-master_tests.yml
+++ b/.github/workflows/CI-master_tests.yml
@@ -26,7 +26,7 @@ jobs:
    steps:
      # checkout
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@master
        with:
          ref: ${{ github.head_ref }}
      
@@ -36,11 +36,11 @@ jobs:
            
      # Add  MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
      - name: Setup MSBuild.exe
-        uses: microsoft/setup-msbuild@v2
+        uses: microsoft/setup-msbuild@v1.0.2
       
      # Setup NuGet
      - name: Setup NuGet.exe
-        uses: nuget/setup-nuget@v2
+        uses: nuget/setup-nuget@v1  
        
      # Restore the packages for testing
      - name: Restore the application       
@@ -48,23 +48,23 @@ jobs:
        
      # build
      - name: run MSBuild
-        run: msbuild $env:Solution_Path /p:Configuration=$env:Configuration /p:UseSharedCompilation=false
+        run: msbuild $env:Solution_Path
        
      # Execute all unit tests in the solution
-      - name: Execute unit tests
-        run: dotnet test $env:Solution_Path --configuration $env:Configuration
+      #- name: Execute unit tests
+      #  run: dotnet test $env:Solution_Path
        
      # Build & update all versions
      - name: Build all versions
        run: |
            echo "build x64"
-            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x64" /p:UseSharedCompilation=false
+            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x64"
            
            echo "build x86"
-            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x86" /p:UseSharedCompilation=false
+            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x86"
            
            echo "build Any CPU"
-            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU" /p:UseSharedCompilation=false
+            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU"
      
      - name: Execute winPEAS -h
        shell: pwsh
@@ -220,7 +220,6 @@ jobs:
      - uses: actions/setup-go@v6
        with:
          go-version: '1.23'
-          cache: false
      - run: go version
      
      # Build linpeas
@@ -231,9 +230,6 @@ jobs:
          python3 -m builder.linpeas_builder --all --output linpeas_fat.sh
          python3 -m builder.linpeas_builder --all-no-fat --output linpeas.sh
          python3 -m builder.linpeas_builder --small --output linpeas_small.sh
-
-      - name: Run linPEAS builder tests
-        run: python3 -m unittest discover -s linPEAS/tests -p "test_*.py"
      
      # Build linpeas binaries
      - name: Build linpeas binaries 
@@ -366,7 +362,7 @@ jobs:

    steps:
      # Download repo
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
      
      # Build linpeas
      - name: Build macpeas
@@ -473,11 +469,11 @@ jobs:
    
    - name: Get current date
      id: date
-      run: echo "date=$(date +'%Y%m%d')" >> "$GITHUB_OUTPUT"
+      run: echo "::set-output name=date::$(date +'%Y%m%d')"
    
    - name: Generate random
      id: random_n
-      run: echo "some_rand=$(openssl rand -hex 4)" >> "$GITHUB_OUTPUT"
+      run: echo "::set-output name=some_rand::$(openssl rand -hex 4)"
    
    # Create the release
    - name: Create Release
--- a/.github/workflows/PR-tests.yml
+++ b/.github/workflows/PR-tests.yml
@@ -8,8 +8,6 @@ on:
    paths-ignore:
      - '.github/**'

-  workflow_dispatch:
-
 jobs:
  Build_and_test_winpeas_pr:
    runs-on: windows-latest
@@ -22,7 +20,7 @@ jobs:
    steps:
      # checkout
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@master
        with:
          ref: ${{ github.head_ref }}
      
@@ -32,11 +30,11 @@ jobs:
            
      # Add MSBuild to the PATH
      - name: Setup MSBuild.exe
-        uses: microsoft/setup-msbuild@v2
+        uses: microsoft/setup-msbuild@v1.0.2
       
      # Setup NuGet
      - name: Setup NuGet.exe
-        uses: nuget/setup-nuget@v2
+        uses: nuget/setup-nuget@v1  
        
      # Restore the packages for testing
      - name: Restore the application       
@@ -44,23 +42,19 @@ jobs:
        
      # build
      - name: run MSBuild
-        run: msbuild $env:Solution_Path /p:Configuration=$env:Configuration /p:UseSharedCompilation=false
-
-      # Execute unit tests in the solution
-      - name: Execute unit tests
-        run: dotnet test $env:Solution_Path --configuration $env:Configuration
+        run: msbuild $env:Solution_Path
        
      # Build all versions
      - name: Build all versions
        run: |
            echo "build x64"
-            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x64" /p:UseSharedCompilation=false
+            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x64"
            
            echo "build x86"
-            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x86" /p:UseSharedCompilation=false
+            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x86"
            
            echo "build Any CPU"
-            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU" /p:UseSharedCompilation=false
+            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU"
      
      - name: Execute winPEAS -h
        shell: pwsh
@@ -111,7 +105,7 @@ jobs:

    steps:
      # Download repo
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
        with:
          ref: ${{ github.head_ref }}
      
@@ -119,7 +113,6 @@ jobs:
      - uses: actions/setup-go@v6
        with:
          go-version: '1.23'
-          cache: false
      - run: go version
      
      # Build linpeas
@@ -130,9 +123,6 @@ jobs:
          python3 -m builder.linpeas_builder --all --output linpeas_fat.sh
          python3 -m builder.linpeas_builder --all-no-fat --output linpeas.sh
          python3 -m builder.linpeas_builder --small --output linpeas_small.sh
-
-      - name: Run linPEAS builder tests
-        run: python3 -m unittest discover -s linPEAS/tests -p "test_*.py"
      
      # Run linpeas help as quick test
      - name: Run linpeas help
@@ -171,7 +161,7 @@ jobs:

    steps:
      # Download repo
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v2
        with:
          ref: ${{ github.head_ref }}
      
--- a/.github/workflows/chack-agent-pr-triage.yml
+++ b/.github/workflows/chack-agent-pr-triage.yml
@@ -1,179 +0,0 @@
-name: Chack-Agent PR Triage
-
-on:
-  workflow_run:
-    workflows: ["PR-tests"]
-    types: [completed]
-
-jobs:
-  chack_agent_triage:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    outputs:
-      should_run: ${{ steps.gate.outputs.should_run }}
-      pr_number: ${{ steps.gate.outputs.pr_number }}
-      pr_title: ${{ steps.gate.outputs.pr_title }}
-      pr_body: ${{ steps.gate.outputs.pr_body }}
-      base_ref: ${{ steps.gate.outputs.base_ref }}
-      head_ref: ${{ steps.gate.outputs.head_ref }}
-      base_sha: ${{ steps.gate.outputs.base_sha }}
-      head_sha: ${{ steps.gate.outputs.head_sha }}
-      decision: ${{ steps.parse.outputs.decision }}
-      message: ${{ steps.parse.outputs.message }}
-
-    steps:
-      - name: Resolve PR context
-        id: gate
-        env:
-          GH_REPO: ${{ github.repository }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          pr_number="${{ github.event.workflow_run.pull_requests[0].number }}"
-          if [ -z "$pr_number" ]; then
-            echo "No pull request found for this workflow_run; skipping."
-            echo "should_run=false" >> "$GITHUB_OUTPUT"
-            echo "pr_number=" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          author="$(gh pr view "$pr_number" --json author --jq .author.login)"
-          if [ "$author" != "carlospolop" ]; then
-            echo "PR author is $author; skipping."
-            echo "should_run=false" >> "$GITHUB_OUTPUT"
-            echo "pr_number=$pr_number" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          pr_title="$(gh pr view "$pr_number" --json title --jq .title)"
-          pr_body="$(gh pr view "$pr_number" --json body --jq .body)"
-          base_ref="$(gh pr view "$pr_number" --json baseRefName --jq .baseRefName)"
-          head_ref="$(gh pr view "$pr_number" --json headRefName --jq .headRefName)"
-          base_sha="$(gh pr view "$pr_number" --json baseRefOid --jq .baseRefOid)"
-          head_sha="$(gh pr view "$pr_number" --json headRefOid --jq .headRefOid)"
-
-          echo "should_run=true" >> "$GITHUB_OUTPUT"
-          echo "pr_number=$pr_number" >> "$GITHUB_OUTPUT"
-          echo "pr_title<<EOF" >> "$GITHUB_OUTPUT"
-          echo "$pr_title" >> "$GITHUB_OUTPUT"
-          echo "EOF" >> "$GITHUB_OUTPUT"
-          echo "pr_body<<EOF" >> "$GITHUB_OUTPUT"
-          echo "$pr_body" >> "$GITHUB_OUTPUT"
-          echo "EOF" >> "$GITHUB_OUTPUT"
-          echo "base_ref=$base_ref" >> "$GITHUB_OUTPUT"
-          echo "head_ref=$head_ref" >> "$GITHUB_OUTPUT"
-          echo "base_sha=$base_sha" >> "$GITHUB_OUTPUT"
-          echo "head_sha=$head_sha" >> "$GITHUB_OUTPUT"
-
-      - name: Checkout PR merge ref
-        uses: actions/checkout@v5
-        with:
-          ref: refs/pull/${{ steps.gate.outputs.pr_number }}/merge
-        if: ${{ steps.gate.outputs.should_run == 'true' }}
-
-      - name: Pre-fetch base and head refs
-        if: ${{ steps.gate.outputs.should_run == 'true' }}
-        run: |
-          git fetch --no-tags origin \
-            ${{ steps.gate.outputs.base_ref }} \
-            +refs/pull/${{ steps.gate.outputs.pr_number }}/head
-
-      - name: Run Chack Agent
-        id: run_chack
-        if: ${{ steps.gate.outputs.should_run == 'true' }}
-        uses: carlospolop/chack-agent@master
-        with:
-          provider: openrouter
-          model_primary: BEST_QUALITY
-          main_action: peass-ng
-          sub_action: Chack-Agent PR Triage
-          system_prompt: |
-            You are Chack Agent, an elite PR reviewer for PEASS-ng.
-            Be conservative: merge only if changes are simple, safe, and valuable accoding to the uers give guidelines.
-            If in doubt, comment with clear questions or concerns.
-            Remember taht you are an autonomouts agent, use the exec tool to run the needed commands to list, read, analyze, modify, test...
-          tools_config_json: "{\"exec_enabled\": true}"
-          session_config_json: "{\"long_term_memory_enabled\": false}"
-          output_schema_file: .github/chack-agent/pr-merge-schema.json
-          user_prompt: |
-            You are reviewing PR #${{ steps.gate.outputs.pr_number }} for ${{ github.repository }}.
-
-            Decide whether to merge or comment. Merge only if all of the following are true:
-            - Changes are simple and safe (no DoS, no long operations, no backdoors).
-            - Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
-            - Changes simplify code or add new useful checks without breaking anything.
-
-            If you don't have any doubts, and all the previous conditions are met, decide to merge.
-            If you have serious doubts, choose "comment" and include your doubts or questions.
-            If you decide to merge, include a short rationale.
-
-            Pull request title and body:
-            ----
-            ${{ steps.gate.outputs.pr_title }}
-            ${{ steps.gate.outputs.pr_body }}
-
-            Review ONLY the changes introduced by the PR:
-              git log --oneline ${{ steps.gate.outputs.base_sha }}...${{ steps.gate.outputs.head_sha }}
-
-            Output JSON only, following the provided schema:
-            .github/chack-agent/pr-merge-schema.json
-          openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
-
-      - name: Parse Chack Agent decision
-        id: parse
-        if: ${{ steps.gate.outputs.should_run == 'true' }}
-        env:
-          CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
-        run: |
-          python3 - <<'PY'
-          import json
-          import os
-
-          data = json.loads(os.environ.get('CHACK_MESSAGE', '') or '{}')
-          decision = data.get('decision', 'comment')
-          message = data.get('message', '').strip() or 'Chack Agent did not provide details.'
-          with open(os.environ['GITHUB_OUTPUT'], 'a') as handle:
-            handle.write(f"decision={decision}\n")
-            handle.write("message<<EOF\n")
-            handle.write(message + "\n")
-            handle.write("EOF\n")
-          PY
-
-  merge_or_comment:
-    runs-on: ubuntu-latest
-    needs: chack_agent_triage
-    if: ${{ github.event.workflow_run.conclusion == 'success' && needs.chack_agent_triage.outputs.should_run == 'true' && needs.chack_agent_triage.outputs.decision != '' }}
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - name: Merge PR when approved
-        if: ${{ needs.chack_agent_triage.outputs.decision == 'merge' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
-        run: |
-          gh api \
-            -X PUT \
-            -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge \
-            -f merge_method=squash \
-            -f commit_title="Auto-merge PR #${PR_NUMBER} (Chack Agent)"
-
-      - name: Comment with doubts
-        if: ${{ needs.chack_agent_triage.outputs.decision == 'comment' }}
-        uses: actions/github-script@v7
-        env:
-          PR_NUMBER: ${{ needs.chack_agent_triage.outputs.pr_number }}
-          CHACK_MESSAGE: ${{ needs.chack_agent_triage.outputs.message }}
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: Number(process.env.PR_NUMBER),
-              body: process.env.CHACK_MESSAGE,
-            });
--- a/.github/workflows/ci-master-failure-chack-agent-pr.yml
+++ b/.github/workflows/ci-master-failure-chack-agent-pr.yml
@@ -1,165 +0,0 @@
-name: CI-master Failure Chack-Agent PR
-
-on:
-  workflow_run:
-    workflows: ["CI-master_test"]
-    types: [completed]
-
-jobs:
-  chack_agent_fix_master_failure:
-    if: >
-      ${{ github.event.workflow_run.conclusion == 'failure' &&
-          github.event.workflow_run.head_branch == 'master' &&
-          !startsWith(github.event.workflow_run.head_commit.message, 'Fix CI-master failures for run #') }}
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      actions: read
-    env:
-      TARGET_BRANCH: master
-      FIX_BRANCH: chack-agent/ci-master-fix-${{ github.event.workflow_run.id }}
-    steps:
-      - name: Checkout failing commit
-        uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.workflow_run.head_sha }}
-          fetch-depth: 0
-          persist-credentials: true
-          token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
-
-      - name: Configure git author
-        run: |
-          git config user.name "chack-agent"
-          git config user.email "chack-agent@users.noreply.github.com"
-
-      - name: Create fix branch
-        run: git checkout -b "$FIX_BRANCH"
-
-      - name: Fetch failure summary and failed-step logs
-        env:
-          GH_TOKEN: ${{ github.token }}
-          RUN_ID: ${{ github.event.workflow_run.id }}
-        run: |
-          failed_logs_file="$(pwd)/chack_failed_steps_logs.txt"
-          if gh run view "$RUN_ID" --repo "${{ github.repository }}" --log-failed > "$failed_logs_file"; then
-            if [ ! -s "$failed_logs_file" ]; then
-              echo "No failed step logs were returned by gh run view --log-failed." > "$failed_logs_file"
-            fi
-          else
-            echo "Failed to download failed step logs with gh run view --log-failed." > "$failed_logs_file"
-          fi
-          echo "FAILED_LOGS_PATH=$failed_logs_file" >> "$GITHUB_ENV"
-
-          gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/actions/runs/$RUN_ID/jobs \
-            --paginate > /tmp/jobs.json
-          python3 - <<'PY'
-          import json
-
-          data = json.load(open('/tmp/jobs.json'))
-          lines = []
-          for job in data.get('jobs', []):
-            if job.get('conclusion') == 'failure':
-              lines.append(f"Job: {job.get('name')} (id {job.get('id')})")
-              lines.append(f"URL: {job.get('html_url')}")
-              for step in job.get('steps', []):
-                if step.get('conclusion') == 'failure':
-                  lines.append(f"  Step: {step.get('name')}")
-              lines.append("")
-
-          summary = "\n".join(lines).strip() or "No failing job details found."
-          with open('chack_failure_summary.txt', 'w') as handle:
-            handle.write(summary)
-          PY
-
-      - name: Create Chack Agent prompt
-        env:
-          RUN_URL: ${{ github.event.workflow_run.html_url }}
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
-        run: |
-          {
-            echo "You are fixing a failing CI-master_test run in ${{ github.repository }}."
-            echo "The failing workflow run is: ${RUN_URL}"
-            echo "The failing commit SHA is: ${HEAD_SHA}"
-            echo "The target branch for the final PR is: ${TARGET_BRANCH}"
-            echo ""
-            echo "Failure summary:"
-            cat chack_failure_summary.txt
-            echo ""
-            echo "Failed-step logs file absolute path (local runner): ${FAILED_LOGS_PATH}"
-            echo "Read that file to inspect the exact failing logs."
-            echo ""
-            echo "Please identify the cause, apply an easy, simple and minimal fix, and update files accordingly."
-            echo "Run any fast checks you can locally (no network)."
-            echo "Leave the repo in a state ready to commit; changes will be committed and pushed automatically."
-          } > chack_prompt.txt
-
-      - name: Run Chack Agent
-        id: run_chack
-        uses: carlospolop/chack-agent@master
-        with:
-          provider: openrouter
-          model_primary: BEST_QUALITY
-          main_action: peass-ng
-          sub_action: CI-master Failure Chack-Agent PR
-          system_prompt: |
-            Diagnose the failing gh actions workflow, propose the minimal and effective safe fix, and implement it.
-            Run only fast, local checks (no network). Leave the repo ready to commit.
-          prompt_file: chack_prompt.txt
-          tools_config_json: "{\"exec_enabled\": true}"
-          session_config_json: "{\"long_term_memory_enabled\": false}"
-          openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
-
-      - name: Commit and push fix branch if changed
-        id: push_fix
-        run: |
-          if git diff --quiet; then
-            echo "No changes to commit."
-            echo "pushed=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          rm -f chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
-          git add -A
-          git reset -- chack_failure_summary.txt chack_prompt.txt chack_failed_steps_logs.txt
-          git commit -m "Fix CI-master failures for run #${{ github.event.workflow_run.id }}"
-          git push origin HEAD:"$FIX_BRANCH"
-          echo "pushed=true" >> "$GITHUB_OUTPUT"
-
-      - name: Create PR to master
-        if: ${{ steps.push_fix.outputs.pushed == 'true' }}
-        id: create_pr
-        env:
-          GH_TOKEN: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
-          RUN_URL: ${{ github.event.workflow_run.html_url }}
-        run: |
-          pr_url=$(gh pr create \
-            --title "Fix CI-master_test failure (run #${{ github.event.workflow_run.id }})" \
-            --body "Automated Chack Agent fix for failing CI-master_test run: ${RUN_URL}" \
-            --base "$TARGET_BRANCH" \
-            --head "$FIX_BRANCH")
-          echo "url=$pr_url" >> "$GITHUB_OUTPUT"
-
-      - name: Comment on created PR with Chack Agent result
-        if: ${{ steps.push_fix.outputs.pushed == 'true' && steps.run_chack.outputs.final-message != '' }}
-        uses: actions/github-script@v7
-        env:
-          PR_URL: ${{ steps.create_pr.outputs.url }}
-          CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            const prUrl = process.env.PR_URL;
-            const match = prUrl.match(/\/pull\/(\d+)$/);
-            if (!match) {
-              core.info(`Could not parse PR number from URL: ${prUrl}`);
-              return;
-            }
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: Number(match[1]),
-              body: process.env.CHACK_MESSAGE,
-            });
--- a/.github/workflows/codex-pr-triage.yml
+++ b/.github/workflows/codex-pr-triage.yml
@@ -0,0 +1,113 @@
+name: Codex PR Triage
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  codex_triage:
+    if: ${{ github.event.pull_request.user.login == 'carlospolop' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      decision: ${{ steps.parse.outputs.decision }}
+      message: ${{ steps.parse.outputs.message }}
+
+    steps:
+      - name: Checkout PR merge ref
+        uses: actions/checkout@v5
+        with:
+          ref: refs/pull/${{ github.event.pull_request.number }}/merge
+
+      - name: Pre-fetch base and head refs
+        run: |
+          git fetch --no-tags origin \
+            ${{ github.event.pull_request.base.ref }} \
+            +refs/pull/${{ github.event.pull_request.number }}/head
+
+      - name: Run Codex
+        id: run_codex
+        uses: openai/codex-action@v1
+        with:
+          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
+          output-schema-file: .github/codex/pr-merge-schema.json
+          model: gpt-5.2-codex
+          prompt: |
+            You are reviewing PR #${{ github.event.pull_request.number }} for ${{ github.repository }}.
+
+            Decide whether to merge or comment. Merge only if all of the following are true:
+            - Changes are simple and safe (no DoS, no long operations, no backdoors).
+            - Changes follow common PEASS syntax and style without breaking anything and add useful checks or value.
+            - Changes simplify code or add new useful checks without breaking anything.
+
+            If you don't have any doubts, and all the previous conditions are met, decide to merge.
+            If you have serious doubts, choose "comment" and include your doubts or questions.
+            If you decide to merge, include a short rationale.
+
+            Pull request title and body:
+            ----
+            ${{ github.event.pull_request.title }}
+            ${{ github.event.pull_request.body }}
+
+            Review ONLY the changes introduced by the PR:
+              git log --oneline ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }}
+
+            Output JSON only, following the provided schema.
+
+      - name: Parse Codex decision
+        id: parse
+        env:
+          CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
+        run: |
+          python3 - <<'PY'
+          import json
+          import os
+
+          data = json.loads(os.environ.get('CODEX_MESSAGE', '') or '{}')
+          decision = data.get('decision', 'comment')
+          message = data.get('message', '').strip() or 'Codex did not provide details.'
+          with open(os.environ['GITHUB_OUTPUT'], 'a') as handle:
+            handle.write(f"decision={decision}\n")
+            handle.write("message<<EOF\n")
+            handle.write(message + "\n")
+            handle.write("EOF\n")
+          PY
+
+  merge_or_comment:
+    runs-on: ubuntu-latest
+    needs: codex_triage
+    if: ${{ needs.codex_triage.outputs.decision != '' }}
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Merge PR when approved
+        if: ${{ needs.codex_triage.outputs.decision == 'merge' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          gh api \
+            -X PUT \
+            -H "Accept: application/vnd.github+json" \
+            /repos/${{ github.repository }}/pulls/${PR_NUMBER}/merge \
+            -f merge_method=squash \
+            -f commit_title="Auto-merge PR #${PR_NUMBER} (Codex)"
+
+      - name: Comment with doubts
+        if: ${{ needs.codex_triage.outputs.decision == 'comment' }}
+        uses: actions/github-script@v7
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          CODEX_MESSAGE: ${{ needs.codex_triage.outputs.message }}
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: Number(process.env.PR_NUMBER),
+              body: process.env.CODEX_MESSAGE,
+            });
--- a/.github/workflows/pr-failure-chack-agent-dispatch.yml
+++ b/.github/workflows/pr-failure-chack-agent-dispatch.yml
@@ -1,201 +0,0 @@
-name: PR Failure Chack-Agent Dispatch
-
-on:
-  workflow_run:
-    workflows: ["PR-tests"]
-    types: [completed]
-
-jobs:
-  resolve_pr_context:
-    if: >
-      ${{ github.event.workflow_run.conclusion == 'failure' &&
-          github.event.workflow_run.pull_requests &&
-          github.event.workflow_run.pull_requests[0] &&
-          !startsWith(github.event.workflow_run.head_commit.message, 'Fix CI failures for PR #') }}
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: read
-      issues: read
-    outputs:
-      number: ${{ steps.pr_context.outputs.number }}
-      author: ${{ steps.pr_context.outputs.author }}
-      head_repo: ${{ steps.pr_context.outputs.head_repo }}
-      head_branch: ${{ steps.pr_context.outputs.head_branch }}
-      should_run: ${{ steps.pr_context.outputs.should_run }}
-    steps:
-      - name: Resolve PR context
-        id: pr_context
-        env:
-          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          pr_author=$(gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/pulls/${PR_NUMBER} \
-            --jq '.user.login')
-          pr_head_repo=$(gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/pulls/${PR_NUMBER} \
-            --jq '.head.repo.full_name')
-          pr_head_branch=$(gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/pulls/${PR_NUMBER} \
-            --jq '.head.ref')
-          pr_labels=$(gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/issues/${PR_NUMBER} \
-            --jq '.labels[].name')
-          if echo "$pr_labels" | grep -q "^chack-agent-fix-attempted$"; then
-            echo "chack-agent fix already attempted for PR #${PR_NUMBER}; skipping."
-            should_run=false
-          else
-            should_run=true
-          fi
-          {
-            echo "number=${PR_NUMBER}"
-            echo "author=${pr_author}"
-            echo "head_repo=${pr_head_repo}"
-            echo "head_branch=${pr_head_branch}"
-            echo "should_run=${should_run}"
-          } >> "$GITHUB_OUTPUT"
-
-  chack_agent_on_failure:
-    needs: resolve_pr_context
-    if: ${{ needs.resolve_pr_context.outputs.author == 'carlospolop' && needs.resolve_pr_context.outputs.should_run == 'true' }}
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-      actions: read
-    steps:
-      - name: Comment on PR with failure info
-        uses: actions/github-script@v7
-        env:
-          PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-          RUN_URL: ${{ github.event.workflow_run.html_url }}
-          WORKFLOW_NAME: ${{ github.event.workflow_run.name }}
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            const prNumber = Number(process.env.PR_NUMBER);
-            const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Chack Agent to attempt a fix.`;
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: prNumber,
-              body,
-            });
-
-      - name: Mark fix attempt
-        env:
-          PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          gh api -X POST -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/issues/${PR_NUMBER}/labels \
-            -f labels[]=chack-agent-fix-attempted
-
-      - name: Checkout PR head
-        uses: actions/checkout@v5
-        with:
-          repository: ${{ needs.resolve_pr_context.outputs.head_repo }}
-          ref: ${{ github.event.workflow_run.head_sha }}
-          fetch-depth: 0
-          persist-credentials: true
-          token: ${{ secrets.CHACK_AGENT_FIXER_TOKEN || github.token }}
-
-      - name: Configure git author
-        run: |
-          git config user.name "chack-agent"
-          git config user.email "chack-agent@users.noreply.github.com"
-
-      - name: Fetch failure summary
-        env:
-          GH_TOKEN: ${{ github.token }}
-          RUN_ID: ${{ github.event.workflow_run.id }}
-        run: |
-          gh api -H "Accept: application/vnd.github+json" \
-            /repos/${{ github.repository }}/actions/runs/$RUN_ID/jobs \
-            --paginate > /tmp/jobs.json
-          python3 - <<'PY'
-          import json
-
-          data = json.load(open('/tmp/jobs.json'))
-          lines = []
-          for job in data.get('jobs', []):
-            if job.get('conclusion') == 'failure':
-              lines.append(f"Job: {job.get('name')} (id {job.get('id')})")
-              lines.append(f"URL: {job.get('html_url')}")
-              for step in job.get('steps', []):
-                if step.get('conclusion') == 'failure':
-                  lines.append(f"  Step: {step.get('name')}")
-              lines.append("")
-
-          summary = "\n".join(lines).strip() or "No failing job details found."
-          with open('chack_failure_summary.txt', 'w') as handle:
-            handle.write(summary)
-          PY
-
-      - name: Create Chack Agent prompt
-        env:
-          PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-          RUN_URL: ${{ github.event.workflow_run.html_url }}
-          HEAD_BRANCH: ${{ needs.resolve_pr_context.outputs.head_branch }}
-        run: |
-          {
-            echo "You are fixing CI failures for PR #${PR_NUMBER} in ${{ github.repository }}."
-            echo "The failing workflow run is: ${RUN_URL}"
-            echo "The PR branch is: ${HEAD_BRANCH}"
-            echo ""
-            echo "Failure summary:"
-            cat chack_failure_summary.txt
-            echo ""
-            echo "Please identify the cause, apply a easy, simple and minimal fix, and update files accordingly."
-            echo "Run any fast checks you can locally (no network)."
-            echo "Leave the repo in a state ready to commit as when you finish, it'll be automatically committed and pushed."
-          } > chack_prompt.txt
-
-      - name: Run Chack Agent
-        id: run_chack
-        uses: carlospolop/chack-agent@master
-        with:
-          provider: openrouter
-          model_primary: BEST_QUALITY
-          main_action: peass-ng
-          sub_action: PR Failure Chack-Agent Dispatch
-          system_prompt: |
-            You are Chack Agent, an elite CI-fix engineer.
-            Diagnose the failing workflow, propose the minimal safe fix, and implement it.
-            Run only fast, local checks (no network). Leave the repo ready to commit.
-          prompt_file: chack_prompt.txt
-          tools_config_json: "{\"exec_enabled\": true}"
-          session_config_json: "{\"long_term_memory_enabled\": false}"
-          openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
-
-      - name: Commit and push if changed
-        env:
-          TARGET_BRANCH: ${{ needs.resolve_pr_context.outputs.head_branch }}
-          PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-        run: |
-          if git diff --quiet; then
-            echo "No changes to commit."
-            exit 0
-          fi
-          rm -f chack_failure_summary.txt chack_prompt.txt
-          git add -A
-          git reset -- chack_failure_summary.txt chack_prompt.txt
-          git commit -m "Fix CI failures for PR #${PR_NUMBER}"
-          git push origin HEAD:${TARGET_BRANCH}
-
-      - name: Comment with Chack Agent result
-        if: ${{ steps.run_chack.outputs.final-message != '' }}
-        uses: actions/github-script@v7
-        env:
-          PR_NUMBER: ${{ needs.resolve_pr_context.outputs.number }}
-          CHACK_MESSAGE: ${{ steps.run_chack.outputs.final-message }}
-        with:
-          github-token: ${{ github.token }}
-          script: |
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: Number(process.env.PR_NUMBER),
-              body: process.env.CHACK_MESSAGE,
-            });
--- a/.github/workflows/pr-failure-codex-dispatch.yml
+++ b/.github/workflows/pr-failure-codex-dispatch.yml
@@ -0,0 +1,136 @@
+name: PR Failure Codex Dispatch
+
+on:
+  workflow_run:
+    workflows: ["PR-tests"]
+    types: [completed]
+
+jobs:
+  codex_on_failure:
+    if: >
+      ${{ github.event.workflow_run.conclusion == 'failure' &&
+          github.event.workflow_run.pull_requests &&
+          github.event.workflow_run.pull_requests[0].user.login == 'carlospolop' &&
+          !startsWith(github.event.workflow_run.head_commit.message, 'Fix CI failures for PR #') }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      actions: read
+
+    steps:
+      - name: Comment on PR with failure info
+        uses: actions/github-script@v7
+        env:
+          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
+          RUN_URL: ${{ github.event.workflow_run.html_url }}
+          WORKFLOW_NAME: ${{ github.event.workflow_run.name }}
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            const prNumber = Number(process.env.PR_NUMBER);
+            const body = `PR #${prNumber} had a failing workflow "${process.env.WORKFLOW_NAME}".\n\nRun: ${process.env.RUN_URL}\n\nLaunching Codex to attempt a fix.`;
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+              body,
+            });
+
+      - name: Checkout PR head
+        uses: actions/checkout@v5
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_sha }}
+          fetch-depth: 0
+          persist-credentials: true
+
+      - name: Configure git author
+        run: |
+          git config user.name "codex-action"
+          git config user.email "codex-action@users.noreply.github.com"
+
+      - name: Fetch failure summary
+        env:
+          GH_TOKEN: ${{ github.token }}
+          RUN_ID: ${{ github.event.workflow_run.id }}
+        run: |
+          gh api -H "Accept: application/vnd.github+json" \
+            /repos/${{ github.repository }}/actions/runs/$RUN_ID/jobs \
+            --paginate > /tmp/jobs.json
+          python3 - <<'PY'
+          import json
+
+          data = json.load(open('/tmp/jobs.json'))
+          lines = []
+          for job in data.get('jobs', []):
+            if job.get('conclusion') == 'failure':
+              lines.append(f"Job: {job.get('name')} (id {job.get('id')})")
+              lines.append(f"URL: {job.get('html_url')}")
+              for step in job.get('steps', []):
+                if step.get('conclusion') == 'failure':
+                  lines.append(f"  Step: {step.get('name')}")
+              lines.append("")
+
+          summary = "\n".join(lines).strip() or "No failing job details found."
+          with open('codex_failure_summary.txt', 'w') as handle:
+            handle.write(summary)
+          PY
+
+      - name: Create Codex prompt
+        env:
+          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
+          RUN_URL: ${{ github.event.workflow_run.html_url }}
+          HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
+        run: |
+          {
+            echo "You are fixing CI failures for PR #${PR_NUMBER} in ${{ github.repository }}."
+            echo "The failing workflow run is: ${RUN_URL}"
+            echo "The PR branch is: ${HEAD_BRANCH}"
+            echo ""
+            echo "Failure summary:"
+            cat codex_failure_summary.txt
+            echo ""
+            echo "Please identify the cause, apply a easy, simple and minimal fix, and update files accordingly."
+            echo "Run any fast checks you can locally (no network)."
+            echo "Leave the repo in a state ready to commit as when you finish, it'll be automatically committed and pushed."
+          } > codex_prompt.txt
+
+      - name: Run Codex
+        id: run_codex
+        uses: openai/codex-action@v1
+        with:
+          openai-api-key: ${{ secrets.OPENAI_API_KEY }}
+          prompt-file: codex_prompt.txt
+          sandbox: workspace-write
+          model: gpt-5.2-codex
+
+      - name: Commit and push if changed
+        env:
+          TARGET_BRANCH: ${{ github.event.workflow_run.head_branch }}
+          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
+        run: |
+          if git diff --quiet; then
+            echo "No changes to commit."
+            exit 0
+          fi
+          git add -A
+          git commit -m "Fix CI failures for PR #${PR_NUMBER}"
+          git push origin HEAD:${TARGET_BRANCH}
+
+      - name: Comment with Codex result
+        if: steps.run_codex.outputs.final-message != ''
+        uses: actions/github-script@v7
+        env:
+          PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }}
+          CODEX_MESSAGE: ${{ steps.run_codex.outputs.final-message }}
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: Number(process.env.PR_NUMBER),
+              body: process.env.CODEX_MESSAGE,
+            });
--- a/0
+++ b/0
--- a/README.md
+++ b/README.md
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@@ -1705,7 +1705,7 @@ search:
          auto_check: True
          exec:
            - '( redis-server --version || echo_not_found "redis-server") 2>/dev/null'
-            - redis_info="$(if [ "$TIMEOUT" ]; then $TIMEOUT 2 redis-cli INFO 2>/dev/null; else redis-cli INFO 2>/dev/null; fi)"; if [ "$redis_info" ] && ! echo "$redis_info" | grep -i NOAUTH; then echo "Redis isn't password protected" | sed -${E} "s,.*,${SED_RED},"; fi
+            - if [ "`redis-cli INFO 2>/dev/null`" ] && ! [ "`redis-cli INFO 2>/dev/null | grep -i NOAUTH`" ]; then echo "Redis isn't password protected" | sed -${E} "s,.*,${SED_RED},"; fi

        files:
          - name: "redis.conf"
--- a/linPEAS/builder/linpeas_builder.py
+++ b/linPEAS/builder/linpeas_builder.py
@@ -53,4 +53,3 @@ if __name__ == "__main__":
        exit(1)
    
    main(all_modules, all_no_fat_modules, no_network_scanning, small, include_modules, exclude_modules, output)
-
--- a/linPEAS/builder/linpeas_parts/1_system_information/13_Linux_exploit_suggester.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/13_Linux_exploit_suggester.sh
@@ -0,0 +1,39 @@
+# Title: System Information - Linux Exploit Suggester
+# ID: SY_Linux_exploit_suggester
+# Author: Carlos Polop
+# Last Update: 07-03-2024
+# Description: Execute Linux Exploit Suggester to identify potential kernel exploits:
+#   - Automated kernel vulnerability detection
+#   - Common vulnerable scenarios:
+#     * Known kernel vulnerabilities
+#     * Unpatched kernel versions
+#     * Missing security patches
+#   - Exploitation methods:
+#     * Kernel exploit execution: Use suggested exploits
+#     * Common attack vectors:
+#       - Kernel memory corruption
+#       - Race conditions
+#       - Use-after-free
+#       - Integer overflow
+#     * Exploit techniques:
+#       - Kernel memory manipulation
+#       - Privilege escalation
+#       - Root access acquisition
+#       - System compromise
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: print_2title, print_info
+# Global Variables: $MACPEAS
+# Initial Functions:
+# Generated Global Variables: $les_b64
+# Fat linpeas: 0
+# Small linpeas: 1
+
+
+if [ "$(command -v bash 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
+    print_2title "Executing Linux Exploit Suggester"
+    print_info "https://github.com/mzet-/linux-exploit-suggester"
+    les_b64="peass{https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh}"
+    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
+    echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/14_Linux_exploit_suggester_2.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/14_Linux_exploit_suggester_2.sh
@@ -0,0 +1,41 @@
+# Title: System Information - Linux Exploit Suggester 2
+# ID: SY_Linux_exploit_suggester_2
+# Author: Carlos Polop
+# Last Update: 07-03-2024
+# Description: Execute Linux Exploit Suggester 2 (Perl version) to identify potential kernel exploits:
+#   - Alternative kernel vulnerability detection
+#   - Perl-based exploit suggestions
+#   - Common vulnerable scenarios:
+#     * Known kernel vulnerabilities
+#     * Unpatched kernel versions
+#     * Missing security patches
+#     * Alternative exploit paths
+#   - Exploitation methods:
+#     * Kernel exploit execution: Use suggested exploits
+#     * Common attack vectors:
+#       - Kernel memory corruption
+#       - Race conditions
+#       - Use-after-free
+#       - Integer overflow
+#     * Exploit techniques:
+#       - Kernel memory manipulation
+#       - Privilege escalation
+#       - Root access acquisition
+#       - System compromise
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: print_2title, print_info
+# Global Variables:
+# Initial Functions:
+# Generated Global Variables: $les2_b64
+# Fat linpeas: 1
+# Small linpeas: 0
+
+
+if [ "$(command -v perl 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
+    print_2title "Executing Linux Exploit Suggester 2"
+    print_info "https://github.com/jondonas/linux-exploit-suggester-2"
+    les2_b64="peass{https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl}"
+    echo $les2_b64 | base64 -d | perl 2>/dev/null | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -iE "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
+    echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/15_CVE_2021_3560.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/15_CVE_2021_3560.sh
@@ -30,9 +30,10 @@
 # Fat linpeas: 0
 # Small linpeas: 0

-if apt list --installed 2>/dev/null | grep -E 'polkit.*0\.105-26' | grep -qEv 'ubuntu1\.[1-9]' || \
-   yum list installed 2>/dev/null | grep -qE 'polkit.*\(0\.117-2\|0\.115-6\|0\.11[3-9]\)' || \
-   rpm -qa 2>/dev/null | grep -qE 'polkit.*\(0\.117-2\|0\.115-6\|0\.11[3-9]\)'; then
+if apt list --installed 2>/dev/null | grep -q 'polkit.*0\.105-26' || \
+   yum list installed 2>/dev/null | grep -q 'polkit.*\(0\.117-2\|0\.115-6\)' || \
+   rpm -qa 2>/dev/null | grep -q 'polkit.*\(0\.117-2\|0\.115-6\)'; then
    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
    echo ""
 fi
+
--- a/linPEAS/builder/linpeas_parts/1_system_information/16_Protections.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/16_Protections.sh
@@ -30,33 +30,11 @@
 # Functions Used: echo_not_found, print_2title, print_list, warn_exec
 # Global Variables:
 # Initial Functions:
-# Generated Global Variables: $ASLR, $hypervisorflag, $detectedvirt, $unpriv_userns_clone, $perf_event_paranoid, $mmap_min_addr, $ptrace_scope, $dmesg_restrict, $kptr_restrict, $unpriv_bpf_disabled, $protected_symlinks, $protected_hardlinks, $label, $sysctl_path, $sysctl_var, $zero_color, $nonzero_color, $sysctl_value
+# Generated Global Variables: $ASLR, $hypervisorflag, $detectedvirt, $unpriv_userns_clone, $perf_event_paranoid, $mmap_min_addr, $ptrace_scope, $dmesg_restrict, $kptr_restrict, $unpriv_bpf_disabled
 # Fat linpeas: 0
 # Small linpeas: 0


-print_sysctl_eq_zero() {
-    local label="$1"
-    local sysctl_path="$2"
-    local sysctl_var="$3"
-    local zero_color="$4"
-    local nonzero_color="$5"
-    local sysctl_value
-
-    print_list "$label" "$NC"
-    sysctl_value=$(cat "$sysctl_path" 2>/dev/null)
-    eval "$sysctl_var=\$sysctl_value"
-    if [ -z "$sysctl_value" ]; then
-        echo_not_found "$sysctl_path"
-    else
-        if [ "$sysctl_value" -eq 0 ]; then
-            echo "0" | sed -${E} "s,0,${zero_color},"
-        else
-            echo "$sysctl_value" | sed -${E} "s,.*,${nonzero_color},g"
-        fi
-    fi
-}
-
 #-- SY) AppArmor
 print_2title "Protections"
 print_list "AppArmor enabled? .............. "$NC
@@ -103,25 +81,51 @@ print_list "User namespace? ................ "$NC
 if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then echo "enabled" | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi

 #-- SY) Unprivileged user namespaces
-print_sysctl_eq_zero "unpriv_userns_clone? ........... " "/proc/sys/kernel/unprivileged_userns_clone" "unpriv_userns_clone" "$SED_GREEN" "$SED_RED"
+print_list "unpriv_userns_clone? ........... "$NC
+unpriv_userns_clone=$(cat /proc/sys/kernel/unprivileged_userns_clone 2>/dev/null)
+if [ -z "$unpriv_userns_clone" ]; then
+    echo_not_found "/proc/sys/kernel/unprivileged_userns_clone"
+else
+    if [ "$unpriv_userns_clone" -eq 0 ]; then echo "0" | sed -${E} "s,0,${SED_GREEN},"; else echo "$unpriv_userns_clone" | sed -${E} "s,.*,${SED_RED},g"; fi
+fi

 #-- SY) Unprivileged eBPF
-print_sysctl_eq_zero "unpriv_bpf_disabled? ........... " "/proc/sys/kernel/unprivileged_bpf_disabled" "unpriv_bpf_disabled" "$SED_RED" "$SED_GREEN"
+print_list "unpriv_bpf_disabled? ........... "$NC
+unpriv_bpf_disabled=$(cat /proc/sys/kernel/unprivileged_bpf_disabled 2>/dev/null)
+if [ -z "$unpriv_bpf_disabled" ]; then
+    echo_not_found "/proc/sys/kernel/unprivileged_bpf_disabled"
+else
+    if [ "$unpriv_bpf_disabled" -eq 0 ]; then echo "0" | sed -${E} "s,0,${SED_RED},"; else echo "$unpriv_bpf_disabled" | sed -${E} "s,.*,${SED_GREEN},g"; fi
+fi

 #-- SY) cgroup2
 print_list "Cgroup2 enabled? ............... "$NC
 ([ "$(grep cgroup2 /proc/filesystems 2>/dev/null)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"

 #-- SY) Kernel hardening sysctls
-print_sysctl_eq_zero "kptr_restrict? ................. " "/proc/sys/kernel/kptr_restrict" "kptr_restrict" "$SED_RED" "$SED_GREEN"
+print_list "kptr_restrict? ................. "$NC
+kptr_restrict=$(cat /proc/sys/kernel/kptr_restrict 2>/dev/null)
+if [ -z "$kptr_restrict" ]; then
+    echo_not_found "/proc/sys/kernel/kptr_restrict"
+else
+    if [ "$kptr_restrict" -eq 0 ]; then echo "0" | sed -${E} "s,0,${SED_RED},"; else echo "$kptr_restrict" | sed -${E} "s,.*,${SED_GREEN},g"; fi
+fi

-print_sysctl_eq_zero "dmesg_restrict? ................ " "/proc/sys/kernel/dmesg_restrict" "dmesg_restrict" "$SED_RED" "$SED_GREEN"
+print_list "dmesg_restrict? ................ "$NC
+dmesg_restrict=$(cat /proc/sys/kernel/dmesg_restrict 2>/dev/null)
+if [ -z "$dmesg_restrict" ]; then
+    echo_not_found "/proc/sys/kernel/dmesg_restrict"
+else
+    if [ "$dmesg_restrict" -eq 0 ]; then echo "0" | sed -${E} "s,0,${SED_RED},"; else echo "$dmesg_restrict" | sed -${E} "s,.*,${SED_GREEN},g"; fi
+fi

-print_sysctl_eq_zero "ptrace_scope? .................. " "/proc/sys/kernel/yama/ptrace_scope" "ptrace_scope" "$SED_RED" "$SED_GREEN"
-
-print_sysctl_eq_zero "protected_symlinks? ............ " "/proc/sys/fs/protected_symlinks" "protected_symlinks" "$SED_RED" "$SED_GREEN"
-
-print_sysctl_eq_zero "protected_hardlinks? ........... " "/proc/sys/fs/protected_hardlinks" "protected_hardlinks" "$SED_RED" "$SED_GREEN"
+print_list "ptrace_scope? .................. "$NC
+ptrace_scope=$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)
+if [ -z "$ptrace_scope" ]; then
+    echo_not_found "/proc/sys/kernel/yama/ptrace_scope"
+else
+    if [ "$ptrace_scope" -eq 0 ]; then echo "0" | sed -${E} "s,0,${SED_RED},"; else echo "$ptrace_scope" | sed -${E} "s,.*,${SED_GREEN},g"; fi
+fi

 print_list "perf_event_paranoid? ........... "$NC
 perf_event_paranoid=$(cat /proc/sys/kernel/perf_event_paranoid 2>/dev/null)
@@ -131,7 +135,13 @@ else
    if [ "$perf_event_paranoid" -le 1 ]; then echo "$perf_event_paranoid" | sed -${E} "s,.*,${SED_RED},g"; else echo "$perf_event_paranoid" | sed -${E} "s,.*,${SED_GREEN},g"; fi
 fi

-print_sysctl_eq_zero "mmap_min_addr? ................. " "/proc/sys/vm/mmap_min_addr" "mmap_min_addr" "$SED_RED" "$SED_GREEN"
+print_list "mmap_min_addr? ................. "$NC
+mmap_min_addr=$(cat /proc/sys/vm/mmap_min_addr 2>/dev/null)
+if [ -z "$mmap_min_addr" ]; then
+    echo_not_found "/proc/sys/vm/mmap_min_addr"
+else
+    if [ "$mmap_min_addr" -eq 0 ]; then echo "0" | sed -${E} "s,0,${SED_RED},"; else echo "$mmap_min_addr" | sed -${E} "s,.*,${SED_GREEN},g"; fi
+fi

 print_list "lockdown mode? ................. "$NC
 if [ -f "/sys/kernel/security/lockdown" ]; then
--- a/linPEAS/builder/linpeas_parts/1_system_information/9_Disks_extra.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/9_Disks_extra.sh
@@ -4,7 +4,6 @@
 # Last Update: 07-03-2024
 # Description: Check for additional disk information and system resources relevant to privilege escalation:
 #   - Disk utilization
-#   - Inode usage
 #   - System resources
 #   - Storage statistics
 #   - Common vulnerable scenarios:
@@ -45,8 +44,4 @@ if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
    (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk"
    warn_exec free 2>/dev/null
    echo ""
-
-    print_2title "Inode usage"
-    warn_exec df -i 2>/dev/null
-    echo ""
-fi
+fi
--- a/linPEAS/builder/linpeas_parts/2_container/6_Am_I_contained.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/6_Am_I_contained.sh
@@ -0,0 +1,20 @@
+# Title: Container - Am I Containered 
+# ID: CT_Am_I_contained
+# Author: Carlos Polop
+# Last Update: 22-08-2023
+# Description: Am I Containered tool
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: print_2title, execBin
+# Global Variables:
+# Initial Functions:
+# Generated Global Variables: $FAT_LINPEAS_AMICONTAINED
+# Fat linpeas: 1
+# Small linpeas: 0
+
+
+if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
+  print_2title "Am I Containered?"
+  FAT_LINPEAS_AMICONTAINED="peass{https://github.com/genuinetools/amicontained/releases/latest/download/amicontained-linux-amd64}"
+  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/3_AWS_ECS.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/3_AWS_ECS.sh
@@ -1,14 +1,14 @@
 # Title: Cloud - AWS ECS
 # ID: CL_AWS_ECS
 # Author: Carlos Polop
-# Last Update: 17-01-2026
+# Last Update: 22-08-2023
 # Description: AWS ECS Enumeration
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: check_aws_ecs, exec_with_jq, print_2title, print_3title
 # Global Variables: $aws_ecs_metadata_uri, $aws_ecs_service_account_uri, $is_aws_ecs
 # Initial Functions: check_aws_ecs
-# Generated Global Variables: $aws_ecs_req, $aws_exec_env, $ecs_task_metadata, $launch_type, $network_modes, $imds_tool, $imds_token, $imds_roles, $imds_http_code, $ecs_block_line, $ecs_host_line, $iptables_cmd, $docker_rules, $first_role
+# Generated Global Variables: $aws_ecs_req
 # Fat linpeas: 0
 # Small linpeas: 1

@@ -44,146 +44,5 @@ if [ "$is_aws_ecs" = "Yes" ]; then
    else
        echo "I couldn't find AWS_CONTAINER_CREDENTIALS_RELATIVE_URI env var to get IAM role info (the task is running without a task role probably)"
    fi
-
-    print_3title "ECS task metadata hints"
-    aws_exec_env=$(printenv AWS_EXECUTION_ENV 2>/dev/null)
-    if [ "$aws_exec_env" ]; then
-        printf "AWS_EXECUTION_ENV=%s\n" "$aws_exec_env"
-    fi
-
-    ecs_task_metadata=""
-    if [ "$aws_ecs_metadata_uri" ]; then
-        ecs_task_metadata=$(eval $aws_ecs_req "$aws_ecs_metadata_uri/task" 2>/dev/null)
-    fi
-
-    if [ "$ecs_task_metadata" ]; then
-        launch_type=$(printf "%s" "$ecs_task_metadata" | grep -oE '"LaunchType":"[^"]+"' | head -n 1 | cut -d '"' -f4)
-        if [ "$launch_type" ]; then
-            printf "ECS LaunchType reported: %s\n" "$launch_type"
-        fi
-        network_modes=$(printf "%s" "$ecs_task_metadata" | grep -oE '"NetworkMode":"[^"]+"' | cut -d '"' -f4 | sort -u | tr '\n' ' ')
-        if [ "$network_modes" ]; then
-            printf "Reported NetworkMode(s): %s\n" "$network_modes"
-        fi
-    else
-        echo "Unable to fetch task metadata (check ECS_CONTAINER_METADATA_URI)."
-    fi
    echo ""
-
-    print_3title "IMDS reachability from this task"
-    imds_token=""
-    imds_roles=""
-    imds_http_code=""
-    imds_tool=""
-
-    if command -v curl >/dev/null 2>&1; then
-        imds_tool="curl"
-    elif command -v wget >/dev/null 2>&1; then
-        imds_tool="wget"
-    fi
-
-    if [ "$imds_tool" = "curl" ]; then
-        imds_token=$(curl -s --connect-timeout 2 --max-time 2 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" 2>/dev/null)
-        if [ "$imds_token" ]; then
-            printf "[!] IMDSv2 token request succeeded (metadata reachable from this task).\n"
-            imds_roles=$(curl -s --connect-timeout 2 --max-time 2 -H "X-aws-ec2-metadata-token: $imds_token" "http://169.254.169.254/latest/meta-data/iam/security-credentials/" 2>/dev/null | tr '\n' ' ')
-            if [ "$imds_roles" ]; then
-                printf "    Instance profile role(s) exposed via IMDS: %s\n" "$imds_roles"
-                first_role=$(printf "%s" "$imds_roles" | awk '{print $1}')
-                if [ "$first_role" ]; then
-                    printf "    Example: curl -H 'X-aws-ec2-metadata-token: <TOKEN>' http://169.254.169.254/latest/meta-data/iam/security-credentials/%s\n" "$first_role"
-                fi
-            else
-                printf "    No IAM role names returned (instance profile might be missing).\n"
-            fi
-        else
-            imds_http_code=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 --max-time 2 "http://169.254.169.254/latest/meta-data/" 2>/dev/null)
-            case "$imds_http_code" in
-                000|"")
-                    printf "[i] IMDS endpoint did not respond (likely blocked via hop-limit or host firewalling).\n"
-                    ;;
-                401)
-                    printf "[i] IMDS requires v2 tokens but token requests are being blocked (bridge-mode tasks rely on this when hop limit = 1).\n"
-                    ;;
-                *)
-                    printf "[i] IMDS GET returned HTTP %s (investigate host configuration).\n" "$imds_http_code"
-                    ;;
-            esac
-        fi
-    elif [ "$imds_tool" = "wget" ]; then
-        imds_token=$(wget -q -O - --timeout=2 --tries=1 --method=PUT --header="X-aws-ec2-metadata-token-ttl-seconds: 21600" "http://169.254.169.254/latest/api/token" 2>/dev/null)
-        if [ "$imds_token" ]; then
-            printf "[!] IMDSv2 token request succeeded (metadata reachable from this task).\n"
-            imds_roles=$(wget -q -O - --timeout=2 --tries=1 --header="X-aws-ec2-metadata-token: $imds_token" "http://169.254.169.254/latest/meta-data/iam/security-credentials/" 2>/dev/null | tr '\n' ' ')
-            if [ "$imds_roles" ]; then
-                printf "    Instance profile role(s) exposed via IMDS: %s\n" "$imds_roles"
-            else
-                printf "    No IAM role names returned (instance profile might be missing).\n"
-            fi
-        else
-            wget --server-response -O /dev/null --timeout=2 --tries=1 "http://169.254.169.254/latest/meta-data/" 2>&1 | awk 'BEGIN{code=""} /^  HTTP/{code=$2} END{ if(code!="") { printf("[i] IMDS GET returned HTTP %s (token could not be retrieved).\n", code); } else { print "[i] IMDS endpoint did not respond (likely blocked)."; } }'
-        fi
-    else
-        echo "Neither curl nor wget were found, I can't test IMDS reachability."
-    fi
-    echo ""
-
-    print_3title "ECS agent IMDS settings"
-    if [ -r "/etc/ecs/ecs.config" ]; then
-        ecs_block_line=$(grep -E "^ECS_AWSVPC_BLOCK_IMDS=" /etc/ecs/ecs.config 2>/dev/null | tail -n 1)
-        ecs_host_line=$(grep -E "^ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST=" /etc/ecs/ecs.config 2>/dev/null | tail -n 1)
-        if [ "$ecs_block_line" ]; then
-            printf "%s\n" "$ecs_block_line"
-            if echo "$ecs_block_line" | grep -qi "=true"; then
-                echo "    -> awsvpc-mode tasks should be blocked from IMDS by the ECS agent."
-            else
-                echo "    -> awsvpc-mode tasks can still reach IMDS (set this to true to block)."
-            fi
-        else
-            echo "ECS_AWSVPC_BLOCK_IMDS not set (awsvpc tasks inherit host IMDS reachability)."
-        fi
-
-        if [ "$ecs_host_line" ]; then
-            printf "%s\n" "$ecs_host_line"
-            if echo "$ecs_host_line" | grep -qi "=false"; then
-                echo "    -> Host-network tasks lose IAM task roles but IMDS is blocked."
-            else
-                echo "    -> Host-network tasks keep IAM task roles and retain IMDS access."
-            fi
-        else
-            echo "ECS_ENABLE_TASK_IAM_ROLE_NETWORK_HOST not set (defaults keep IMDS reachable for host-mode tasks)."
-        fi
-    else
-        echo "Cannot read /etc/ecs/ecs.config (file missing or permissions denied)."
-    fi
-    echo ""
-
-    print_3title "DOCKER-USER IMDS filtering"
-    iptables_cmd=""
-    if command -v iptables >/dev/null 2>&1; then
-        iptables_cmd=$(command -v iptables)
-    elif command -v iptables-nft >/dev/null 2>&1; then
-        iptables_cmd=$(command -v iptables-nft)
-    fi
-
-    if [ "$iptables_cmd" ]; then
-        docker_rules=$($iptables_cmd -S DOCKER-USER 2>/dev/null)
-        if [ $? -eq 0 ]; then
-            if [ "$docker_rules" ]; then
-                echo "$docker_rules"
-            else
-                echo "(DOCKER-USER chain exists but no rules were found)"
-            fi
-            if echo "$docker_rules" | grep -q "169\\.254\\.169\\.254"; then
-                echo "    -> IMDS traffic is explicitly filtered before Docker NAT."
-            else
-                echo "    -> No DOCKER-USER rule drops 169.254.169.254 traffic (bridge tasks rely on hop limit or host firewalling)."
-            fi
-        else
-            echo "Unable to read DOCKER-USER chain (missing chain or insufficient permissions)."
-        fi
-    else
-        echo "iptables binary not found; cannot inspect DOCKER-USER chain."
-    fi
-    echo ""
-fi
+fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/10_Services.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/10_Services.sh
@@ -6,7 +6,7 @@
 # License: GNU GPL
 # Version: 1.2
 # Functions Used: echo_not_found, print_2title, print_info, print_3title
-# Global Variables: $EXTRA_CHECKS, $IAMROOT, $SEARCH_IN_FOLDER, $TIMEOUT, $WRITABLESYSTEMDPATH
+# Global Variables: $EXTRA_CHECKS, $SEARCH_IN_FOLDER, $IAMROOT, $WRITABLESYSTEMDPATH
 # Initial Functions:
 # Generated Global Variables: $service_unit, $service_path, $service_content, $finding, $findings, $service_file, $exec_path, $exec_paths, $service, $line, $target_file, $target_exec, $relpath1, $relpath2
 # Fat linpeas: 0
@@ -178,11 +178,7 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
  if [ "$EXTRA_CHECKS" ]; then
    echo ""
    print_3title "Service versions and status:"
-    if [ "$TIMEOUT" ]; then
-      $TIMEOUT 30 sh -c "(service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null" || echo_not_found "service|chkconfig|rc-status|launchctl"
-    else
-      (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl"
-    fi
+    (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl"
  fi

  # Check systemd path writability
@@ -194,4 +190,4 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
  fi

  echo ""
-fi
+fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/11_Systemd.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/11_Systemd.sh
@@ -17,7 +17,7 @@
 # Functions Used: print_2title, print_list, echo_not_found
 # Global Variables: $SEARCH_IN_FOLDER, $Wfolders, $SED_RED, $SED_RED_YELLOW, $NC
 # Initial Functions:
-# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $exec_value, $cmd, $cmd_path
+# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $cmd
 # Fat linpeas: 0
 # Small linpeas: 1

@@ -116,20 +116,18 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
                # Check ExecStart paths
                grep -E "ExecStart|ExecStartPre|ExecStartPost" "$service_file" 2>/dev/null | 
                while read -r exec_line; do
-                    # Extract command from the right side of Exec*=, not from argv
-                    exec_value="${exec_line#*=}"
-                    exec_value=$(echo "$exec_value" | sed 's/^[[:space:]]*//')
-                    cmd=$(echo "$exec_value" | awk '{print $1}' | tr -d '"')
-                    # Strip systemd command prefixes (-, @, :, +, !) before path checks
-                    cmd_path=$(echo "$cmd" | sed -E 's/^[-@:+!]+//')
+                    # Extract the first word after ExecStart* as the command
+                    cmd=$(echo "$exec_line" | awk '{print $2}' | tr -d '"')
+                    # Extract the rest as arguments
+                    args=$(echo "$exec_line" | awk '{$1=$2=""; print $0}' | tr -d '"')
                    
                    # Only check the command path, not arguments
-                    if [ -n "$cmd_path" ] && [ -w "$cmd_path" ]; then
-                        echo "$service: $cmd_path (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
+                    if [ -n "$cmd" ] && [ -w "$cmd" ]; then
+                        echo "$service: $cmd (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
                    fi
                    # Check for relative paths only in the command, not arguments
-                    if [ -n "$cmd_path" ] && [ "${cmd_path#/}" = "$cmd_path" ] && [ "${cmd_path#\$}" = "$cmd_path" ]; then
-                        echo "$service: Uses relative path '$cmd_path' (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
+                    if [ -n "$cmd" ] && [ "${cmd#/}" = "$cmd" ] && ! echo "$cmd" | grep -qE '^-|^--'; then
+                        echo "$service: Uses relative path '$cmd' (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
                    fi
                done
            fi
@@ -155,4 +153,4 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
    fi

    echo ""
-fi
+fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/17_Deleted_open_files.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/17_Deleted_open_files.sh
@@ -1,25 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Deleted open files
-# ID: PR_Deleted_open_files
-# Author: Carlos Polop
-# Last Update: 2025-01-07
-# Description: Identify deleted files still held open by running processes
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $DEBUG, $EXTRA_CHECKS, $E, $SED_RED
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if [ "$(command -v lsof 2>/dev/null || echo -n '')" ] || [ "$DEBUG" ]; then
-    print_2title "Deleted files still open"
-    print_info "Open deleted files can hide tools and still consume disk space"
-    lsof +L1 2>/dev/null | sed -${E} "s,\\(deleted\\),${SED_RED},g"
-    echo ""
-elif [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
-    print_2title "Deleted files still open"
-    print_info "lsof not found, scanning /proc for deleted file descriptors"
-    ls -l /proc/[0-9]*/fd 2>/dev/null | grep "(deleted)" | sed -${E} "s,\\(deleted\\),${SED_RED},g" | head -n 200
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/7_Cron_jobs.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/7_Cron_jobs.sh
@@ -23,7 +23,6 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
  incrontab -l 2>/dev/null
  ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g"
  cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},"  | sed "s,root,${SED_RED},"
-  grep -Hn '^PATH=' /etc/crontab /etc/cron.d/* 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g"
  crontab -l -u "$USER" 2>/dev/null | tr -d "\r"
  ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths
  atq 2>/dev/null
@@ -248,4 +247,4 @@ else
  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs"
  find "$SEARCH_IN_FOLDER" '(' -type d -or -type f ')' '(' -name "cron*" -or -name "anacron" -or -name "anacrontab" -or -name "incron.d" -or -name "incron" -or -name "at" -or -name "periodic" ')' -exec echo {} \; -exec ls -lR {} \;
 fi
-echo ""
+echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh
@@ -8,7 +8,7 @@
 # Functions Used: print_2title, print_info
 # Global Variables: $Groups, $groupsB, $groupsVB, $nosh_usrs, $sh_usrs, $USER
 # Initial Functions:
-# Generated Global Variables: $pkexec_bin, $pkexec_version, $policy_dir, $policy_file
+# Generated Global Variables: $pkexec_bin, $policy_dir, $policy_file
 # Fat linpeas: 0
 # Small linpeas: 1

@@ -30,10 +30,6 @@ if [ -n "$pkexec_bin" ]; then
  # Check polkit version for known vulnerabilities
  if command -v pkexec >/dev/null 2>&1; then
    pkexec --version 2>/dev/null
-    pkexec_version="$(pkexec --version 2>/dev/null | grep -oE '[0-9]+(\\.[0-9]+)+')"
-    if [ "$pkexec_version" ] && [ "$(printf '%s\n' "$pkexec_version" "0.120" | sort -V | head -n1)" = "$pkexec_version" ] && [ "$pkexec_version" != "0.120" ]; then
-      echo "Potentially vulnerable to CVE-2021-4034 (PwnKit) - check distro patches" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    fi
  fi
 fi

--- a/linPEAS/builder/linpeas_parts/6_users_information/12_Users_with_console.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/12_Users_with_console.sh
@@ -6,7 +6,7 @@
 # License: GNU GPL
 # Version: 1.0
 # Functions Used: print_2title
-# Global Variables: $MACPEAS, $sh_usrs, $TIMEOUT, $USER 
+# Global Variables: $MACPEAS, $sh_usrs, $USER 
 # Initial Functions:
 # Generated Global Variables: $ushell, $no_shells, $unexpected_shells
 # Fat linpeas: 0
@@ -26,16 +26,8 @@ else
  no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq)
  unexpected_shells=""
  printf "%s\n" "$no_shells" | while read f; do
-    if [ -x "$f" ]; then
-      if [ "$TIMEOUT" ]; then
-        if $TIMEOUT 1 "$f" -c 'whoami' 2>/dev/null | grep -q "$USER"; then
-          unexpected_shells="$f\n$unexpected_shells"
-        fi
-      else
-        if "$f" -c 'whoami' 2>/dev/null | grep -q "$USER"; then
-          unexpected_shells="$f\n$unexpected_shells"
-        fi
-      fi
+    if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then
+      unexpected_shells="$f\n$unexpected_shells"
    fi
  done
  grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
@@ -49,4 +41,4 @@ else
    done
  fi
 fi
-echo ""
+echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/7_Sudo_l.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/7_Sudo_l.sh
@@ -8,7 +8,7 @@
 # Functions Used: echo_not_found, print_2title, print_info
 # Global Variables:$IAMROOT, $PASSWORD, $sudoB, $sudoG, $sudoVB1, $sudoVB2 
 # Initial Functions:
-# Generated Global Variables: $secure_path_line
+# Generated Global Variables:
 # Fat linpeas: 0
 # Small linpeas: 1

@@ -19,16 +19,6 @@ print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation
 if [ "$PASSWORD" ]; then
  (echo "$PASSWORD" | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g") 2>/dev/null  || echo_not_found "sudo"
 fi
-(sudo -n -l 2>/dev/null | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,\!root,${SED_RED},") 2>/dev/null || echo "No cached sudo token (sudo -n -l)"
-
-secure_path_line=$(sudo -l 2>/dev/null | grep -o "secure_path=[^,]*" | head -n 1 | cut -d= -f2)
-if [ "$secure_path_line" ]; then
-  for p in $(echo "$secure_path_line" | tr ':' ' '); do
-    if [ -w "$p" ]; then
-      echo "Writable secure_path entry: $p" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-  done
-fi
 ( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" ) 2>/dev/null  || echo_not_found "/etc/sudoers"
 if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
  echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
@@ -39,4 +29,4 @@ for f in /etc/sudoers.d/*; do
    grep -Iv "^$" "$f" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g"
  fi
 done
-echo ""
+echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/8_Sudo_tokens.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/8_Sudo_tokens.sh
@@ -40,18 +40,4 @@ else
  echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g";

 fi
-
-if [ -d "/var/run/sudo/ts" ]; then
-  echo "Sudo token directory perms:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-  ls -ld /var/run/sudo/ts 2>/dev/null
-  if [ -w "/var/run/sudo/ts" ]; then
-    echo "/var/run/sudo/ts is writable" | sed -${E} "s,.*,${SED_RED},g"
-  fi
-  if [ -f "/var/run/sudo/ts/$USER" ]; then
-    ls -l "/var/run/sudo/ts/$USER" 2>/dev/null
-    if [ -w "/var/run/sudo/ts/$USER" ]; then
-      echo "User sudo token file is writable" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-  fi
-fi
 echo ""
--- a/linPEAS/builder/linpeas_parts/7_software_information/Browser_profiles.sh
+++ b/linPEAS/builder/linpeas_parts/7_software_information/Browser_profiles.sh
@@ -1,64 +0,0 @@
-# Title: Software Information - Browser Profiles
-# ID: SW_Browser_profiles
-# Author: Carlos Polop
-# Last Update: 10-03-2025
-# Description: List browser profiles that may store credentials/cookies
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, print_info
-# Global Variables: $HOMESEARCH, $SED_RED
-# Initial Functions:
-# Generated Global Variables: $h, $firefox_ini, $chrome_base, $profiles
-# Fat linpeas: 0
-# Small linpeas: 1
-
-print_2title "Browser Profiles"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#browser-data"
-
-echo ""
-
-for h in $HOMESEARCH; do
-  [ -d "$h" ] || continue
-
-  firefox_ini="$h/.mozilla/firefox/profiles.ini"
-  if [ -f "$firefox_ini" ]; then
-    print_3title "Firefox profiles ($h)"
-    awk -F= '
-      /^\[Profile/ { in_profile=1 }
-      /^Path=/ { path=$2 }
-      /^IsRelative=/ { isrel=$2 }
-      /^$/ {
-        if (path != "") {
-          if (isrel == "1") {
-            print base "/.mozilla/firefox/" path
-          } else {
-            print path
-          }
-        }
-        path=""; isrel=""
-      }
-      END {
-        if (path != "") {
-          if (isrel == "1") {
-            print base "/.mozilla/firefox/" path
-          } else {
-            print path
-          }
-        }
-      }
-    ' base="$h" "$firefox_ini" 2>/dev/null | sed -${E} "s,.*,${SED_RED},"
-    echo ""
-  fi
-
-  for chrome_base in "$h/.config/google-chrome" "$h/.config/chromium" "$h/.config/BraveSoftware/Brave-Browser" "$h/.config/microsoft-edge" "$h/.config/microsoft-edge-beta" "$h/.config/microsoft-edge-dev"; do
-    if [ -d "$chrome_base" ]; then
-      profiles=$(find "$chrome_base" -maxdepth 1 -type d \( -name "Default" -o -name "Profile *" \) 2>/dev/null)
-      if [ "$profiles" ]; then
-        print_3title "Chromium profiles ($chrome_base)"
-        printf "%s\n" "$profiles" | sed -${E} "s,.*,${SED_RED},"
-        echo ""
-      fi
-    fi
-  done
-
-done
--- a/linPEAS/builder/linpeas_parts/7_software_information/Leaks_git_repo.sh
+++ b/linPEAS/builder/linpeas_parts/7_software_information/Leaks_git_repo.sh
@@ -0,0 +1,30 @@
+# Title: Software Information - Checking leaks in git repositories
+# ID: SI_Leaks_git_repo
+# Author: Carlos Polop
+# Last Update: 22-08-2023
+# Description: Checking leaks in git repositories
+# License: GNU GPL
+# Version: 1.0
+# Functions Used: execBin, print_2title
+# Global Variables: $MACPEAS, $TIMEOUT
+# Initial Functions:
+# Generated Global Variables: $git_dirname, $FAT_LINPEAS_GITLEAKS
+# Fat linpeas: 1
+# Small linpeas: 0
+
+
+if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
+  print_2title "Checking leaks in git repositories"
+  printf "%s\n" "$PSTORAGE_GITHUB" | while read f; do
+    if echo "$f" | grep -Eq ".git$"; then
+      git_dirname=$(dirname "$f")
+      if [ "$MACPEAS" ]; then
+        FAT_LINPEAS_GITLEAKS="peass{https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_darwin_arm64.tar.gz}"
+      else
+        FAT_LINPEAS_GITLEAKS="peass{https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_linux_x64.tar.gz}"
+      fi
+      execBin "GitLeaks (checking $git_dirname)" "https://github.com/zricethezav/gitleaks" "$FAT_LINPEAS_GITLEAKS" "detect -s '$git_dirname' -v | grep -E 'Description|Match|Secret|Message|Date'"
+    fi
+  done
+  echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/8_interesting_perms_files/1_SUID.sh
+++ b/linPEAS/builder/linpeas_parts/8_interesting_perms_files/1_SUID.sh
@@ -37,14 +37,14 @@ printf "%s\n" "$suids_files" | while read s; do
  else
    c="a"
    for b in $sidB; do
-      if echo "$sname" | grep -q $(echo $b | cut -d % -f 1); then
+      if echo $s | grep -q $(echo $b | cut -d % -f 1); then
        echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m&  --->  $(echo $b | cut -d % -f 2)${C}[0m,"
        c=""
        break;
      fi
    done;
    if [ "$c" ]; then
-      if echo "$sname" | grep -qE "$sidG1" || echo "$sname" | grep -qE "$sidG2" || echo "$sname" | grep -qE "$sidG3" || echo "$sname" | grep -qE "$sidG4" || echo "$sname" | grep -qE "$sidVB" || echo "$sname" | grep -qE "$sidVB2"; then
+      if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then
        echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW},"
      else
        echo "$s (Unknown SUID binary!)" | sed -${E} "s,/.*,${SED_RED},"
@@ -96,4 +96,4 @@ printf "%s\n" "$suids_files" | while read s; do
    fi
  fi
 done;
-echo ""
+echo ""
--- a/linPEAS/builder/linpeas_parts/functions/check_external_hostname.sh
+++ b/linPEAS/builder/linpeas_parts/functions/check_external_hostname.sh
@@ -17,10 +17,10 @@ check_external_hostname(){
  INTERNET_SEARCH_TIMEOUT=15
  # wget or curl?
  if command -v curl >/dev/null 2>&1; then
-    curl "https://tools.hacktricks.wiki/api/host-checker" -H "User-Agent: linpeas" -d "{\"hostname\":\"$(hostname)\"}" -H "Content-Type: application/json" --max-time "$INTERNET_SEARCH_TIMEOUT"
+    curl "https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/" -H "User-Agent: linpeas" -d "{\"hostname\":\"$(hostname)\"}" -H "Content-Type: application/json" --max-time "$INTERNET_SEARCH_TIMEOUT"
  elif command -v wget >/dev/null 2>&1; then
-    wget -q -O - "https://tools.hacktricks.wiki/api/host-checker" --header "User-Agent: linpeas" --post-data "{\"hostname\":\"$(hostname)\"}" -H "Content-Type: application/json" --timeout "$INTERNET_SEARCH_TIMEOUT"
+    wget -q -O - "https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/" --header "User-Agent: linpeas" --post-data "{\"hostname\":\"$(hostname)\"}" -H "Content-Type: application/json" --timeout "$INTERNET_SEARCH_TIMEOUT"
  else
    echo "wget or curl not found"
  fi
-}
+}
--- a/linPEAS/builder/linpeas_parts/functions/check_tcp_443_bin.sh
+++ b/linPEAS/builder/linpeas_parts/functions/check_tcp_443_bin.sh
@@ -15,12 +15,11 @@

 check_tcp_443_bin () {
  local TIMEOUT_INTERNET_SECONDS_443_BIN=$1
-  local url_lambda="https://tools.hacktricks.wiki/api/host-checker"
+  local url_lambda="https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/"

  if command -v curl >/dev/null 2>&1; then
    if curl -s --connect-timeout $TIMEOUT_INTERNET_SECONDS_443_BIN "$url_lambda" \
-         -H "User-Agent: linpeas" -H "Content-Type: application/json" \
-         -d "{\"hostname\":\"$(hostname)\"}" >/dev/null 2>&1
+         -H "User-Agent: linpeas" -H "Content-Type: application/json" >/dev/null 2>&1
    then
      echo "Port 443 is accessible with curl"
      return 0                      # ✅ success
@@ -31,8 +30,7 @@ check_tcp_443_bin () {

  elif command -v wget >/dev/null 2>&1; then
    if wget -q --timeout=$TIMEOUT_INTERNET_SECONDS_443_BIN -O - "$url_lambda" \
-         --header "User-Agent: linpeas" -H "Content-Type: application/json" \
-         --post-data "{\"hostname\":\"$(hostname)\"}" >/dev/null 2>&1
+         --header "User-Agent: linpeas" -H "Content-Type: application/json" >/dev/null 2>&1
    then
      echo "Port 443 is accessible with wget"
      return 0
--- a/linPEAS/builder/linpeas_parts/variables/sidG.sh
+++ b/linPEAS/builder/linpeas_parts/variables/sidG.sh
@@ -15,5 +15,6 @@

 sidG1="/abuild-sudo$|/accton$|/allocate$|/ARDAgent$|/arping$|/atq$|/atrm$|/authpf$|/authpf-noip$|/authopen$|/batch$|/bbsuid$|/bsd-write$|/btsockstat$|/bwrap$|/cacaocsc$|/camel-lock-helper-1.2$|/ccreds_validate$|/cdrw$|/chage$|/check-foreground-console$|/chrome-sandbox$|/chsh$|/cons.saver$|/crontab$|/ct$|/cu$|/dbus-daemon-launch-helper$|/deallocate$|/desktop-create-kmenu$|/dma$|/dma-mbox-create$|/dmcrypt-get-device$|/doas$|/dotlockfile$|/dotlock.mailutils$|/dtaction$|/dtfile$|/eject$|/execabrt-action-install-debuginfo-to-abrt-cache$|/execdbus-daemon-launch-helper$|/execdma-mbox-create$|/execlockspool$|/execlogin_chpass$|/execlogin_lchpass$|/execlogin_passwd$|/execssh-keysign$|/execulog-helper$|/exim4|/expiry$|/fdformat$|/fstat$|/fusermount$|/fusermount3$"
 sidG2="/gnome-pty-helper$|/glines$|/gnibbles$|/gnobots2$|/gnome-suspend$|/gnometris$|/gnomine$|/gnotski$|/gnotravex$|/gpasswd$|/gpg$|/gpio$|/gtali|/.hal-mtab-lock$|/helper$|/imapd$|/inndstart$|/kismet_cap_nrf_51822$|/kismet_cap_nxp_kw41z$|/kismet_cap_ti_cc_2531$|/kismet_cap_ti_cc_2540$|/kismet_cap_ubertooth_one$|/kismet_capture$|/kismet_cap_linux_bluetooth$|/kismet_cap_linux_wifi$|/kismet_cap_nrf_mousejack$|/ksu$|/list_devices$|/load_osxfuse$|/locate$|/lock$|/lockdev$|/lockfile$|/login_activ$|/login_crypto$|/login_radius$|/login_skey$|/login_snk$|/login_token$|/login_yubikey$|/lpc$|/lpd$|/lpd-port$|/lppasswd$|/lpq$|/lpr$|/lprm$|/lpset$|/lxc-user-nic$|/mahjongg$|/mail-lock$|/mailq$|/mail-touchlock$|/mail-unlock$|/mksnap_ffs$|/mlocate$|/mlock$|/mount$|/mount.cifs$|/mount.ecryptfs_private$|/mount.nfs$|/mount.nfs4$|/mount_osxfuse$|/mtr$|/mutt_dotlock$"
-sidG3="/ncsa_auth$|/netpr$|/netkit-rcp$|/netkit-rlogin$|/netkit-rsh$|/netreport$|/netstat$|/newgidmap$|/newtask$|/newuidmap$|/nvmmctl$|/opieinfo$|/opiepasswd$|/pam_auth$|/pam_extrausers_chkpwd$|/pam_timestamp_check$|/pamverifier$|/pfexec$|/hping3$|/ping$|/ping6$|/pmconfig$|/pmap$|/polkit-agent-helper-1$|/polkit-explicit-grant-helper$|/polkit-grant-helper$|/polkit-grant-helper-pam$|/polkit-read-auth-helper$|/polkit-resolve-exe-helper$|/polkit-revoke-helper$|/polkit-set-default-helper$|/postdrop$|/postqueue$|/poweroff$|/ppp$|/procmail$|/pstat$|/pt_chmod$|/pwdb_chkpwd$|/quota$|/rcmd|/remote.unknown$|/rlogin$|/rmformat$|/rnews$|/run-mailcap$|/sacadm$|/same-gnome$|screen.real$|/security_authtrampoline$|/sendmail.sendmail$|/shutdown$|/skeyaudit$|/skeyinfo$|/skeyinit$|/sliplogin|/slocate$|/smbmnt$|/smbumount$|/smpatch$|/smtpctl$|/sperl5.8.8$|/ssh-agent$|/ssh-keysign$|/staprun$|/startinnfeed$|/stclient$|/su$|/suexec$|/sys-suspend$|/sysstat$|/systat$"
+sidG3="/ncsa_auth$|/netpr$|/netkit-rcp$|/netkit-rlogin$|/netkit-rsh$|/netreport$|/netstat$|/newgidmap$|/newtask$|/newuidmap$|/nvmmctl$|/opieinfo$|/opiepasswd$|/pam_auth$|/pam_extrausers_chkpwd$|/pam_timestamp_check$|/pamverifier$|/pfexec$|/ping$|/ping6$|/pmconfig$|/pmap$|/polkit-agent-helper-1$|/polkit-explicit-grant-helper$|/polkit-grant-helper$|/polkit-grant-helper-pam$|/polkit-read-auth-helper$|/polkit-resolve-exe-helper$|/polkit-revoke-helper$|/polkit-set-default-helper$|/postdrop$|/postqueue$|/poweroff$|/ppp$|/procmail$|/pstat$|/pt_chmod$|/pwdb_chkpwd$|/quota$|/rcmd|/remote.unknown$|/rlogin$|/rmformat$|/rnews$|/run-mailcap$|/sacadm$|/same-gnome$|screen.real$|/security_authtrampoline$|/sendmail.sendmail$|/shutdown$|/skeyaudit$|/skeyinfo$|/skeyinit$|/sliplogin|/slocate$|/smbmnt$|/smbumount$|/smpatch$|/smtpctl$|/sperl5.8.8$|/ssh-agent$|/ssh-keysign$|/staprun$|/startinnfeed$|/stclient$|/su$|/suexec$|/sys-suspend$|/sysstat$|/systat$"
 sidG4="/telnetlogin$|/timedc$|/tip$|/top$|/traceroute6$|/traceroute6.iputils$|/trpt$|/tsoldtlabel$|/tsoljdslabel$|/tsolxagent$|/ufsdump$|/ufsrestore$|/ulog-helper$|/umount.cifs$|/umount.nfs$|/umount.nfs4$|/unix_chkpwd$|/uptime$|/userhelper$|/userisdnctl$|/usernetctl$|/utempter$|/utmp_update$|/uucico$|/uuglist$|/uuidd$|/uuname$|/uusched$|/uustat$|/uux$|/uuxqt$|/VBoxHeadless$|/VBoxNetAdpCtl$|/VBoxNetDHCP$|/VBoxNetNAT$|/VBoxSDL$|/VBoxVolInfo$|/VirtualBoxVM$|/vmstat$|/vmware-authd$|/vmware-user-suid-wrapper$|/vmware-vmx$|/vmware-vmx-debug$|/vmware-vmx-stats$|/vncserver-x11$|/volrmmount$|/w$|/wall$|/whodo$|/write$|/X$|/Xorg.wrap$|/Xsun$|/Xvnc$|/yppasswd$"
+
--- a/linPEAS/builder/linpeas_parts/variables/sudoVB1.sh
+++ b/linPEAS/builder/linpeas_parts/variables/sudoVB1.sh
@@ -13,5 +13,5 @@
 # Small linpeas: 1


-sudoVB1=" \*|env_keep\W*\+=.*LD_PRELOAD|env_keep\W*\+=.*LD_LIBRARY_PATH|env_keep\W*\+=.*BASH_ENV|env_keep\W*\+=.* ENV|env_keep\W*\+=.*PATH|!env_reset|!requiretty|peass{SUDOVB1_HERE}"
+sudoVB1=" \*|env_keep\W*\+=.*LD_PRELOAD|env_keep\W*\+=.*LD_LIBRARY_PATH|env_keep\W*\+=.*BASH_ENV|env_keep\W*\+=.* ENV|peass{SUDOVB1_HERE}"
 sudoVB2="peass{SUDOVB2_HERE}"
--- a/linPEAS/builder/src/linpeasBuilder.py
+++ b/linPEAS/builder/src/linpeasBuilder.py
@@ -405,7 +405,7 @@ class LinpeasBuilder:
                name = entry["name"]
                caseinsensitive = entry.get("caseinsensitive", False)
                regex = entry["regex"]
-                regex = regex.replace("\\", "\\\\").replace('"', '\\"').strip()
+                regex = regex.replace('"', '\\"').strip()
                falsePositives = entry.get("falsePositives", False)

                if falsePositives:
--- a/linPEAS/builder/src/linpeasModule.py
+++ b/linPEAS/builder/src/linpeasModule.py
@@ -8,7 +8,6 @@ from .yamlGlobals import (
 class LinpeasModule:
    def __init__(self, path):
        self.path = path
-        real_path = os.path.realpath(path)
        with open(path, 'r') as file:
            self.module_text = file.read()
        
@@ -30,7 +29,7 @@ class LinpeasModule:
        self.section_info = {}
        if not (self.is_base or self.is_function or self.is_variable):
            for module in LINPEAS_PARTS["modules"]:
-                if os.path.realpath(module["folder_path"]) in real_path:
+                if module["folder_path"] in path:
                    self.section_info = module
                    self.is_check = True
                    break
--- a/linPEAS/tests/test_builder.py
+++ b/linPEAS/tests/test_builder.py
@@ -1,40 +0,0 @@
-import os
-import stat
-import subprocess
-import tempfile
-import unittest
-from pathlib import Path
-
-
-class LinpeasBuilderTests(unittest.TestCase):
-    def setUp(self):
-        self.repo_root = Path(__file__).resolve().parents[2]
-        self.linpeas_dir = self.repo_root / "linPEAS"
-
-    def _run_builder(self, args, output_path):
-        cmd = ["python3", "-m", "builder.linpeas_builder"] + args + ["--output", str(output_path)]
-        result = subprocess.run(cmd, cwd=str(self.linpeas_dir), capture_output=True, text=True)
-        if result.returncode != 0:
-            raise AssertionError(
-                f"linpeas_builder failed:\nstdout:\n{result.stdout}\nstderr:\n{result.stderr}"
-            )
-
-    def test_small_build_creates_executable(self):
-        with tempfile.TemporaryDirectory() as tmpdir:
-            output_path = Path(tmpdir) / "linpeas_small.sh"
-            self._run_builder(["--small"], output_path)
-            self.assertTrue(output_path.exists(), "linpeas_small.sh was not created.")
-            mode = output_path.stat().st_mode
-            self.assertTrue(mode & stat.S_IXUSR, "linpeas_small.sh is not executable.")
-
-    def test_include_exclude_modules(self):
-        with tempfile.TemporaryDirectory() as tmpdir:
-            output_path = Path(tmpdir) / "linpeas_include.sh"
-            self._run_builder(["--include", "system_information,container", "--exclude", "container"], output_path)
-            content = output_path.read_text(encoding="utf-8", errors="ignore")
-            self.assertIn("Operative system", content)
-            self.assertNotIn("Am I Containered?", content)
-
-
-if __name__ == "__main__":
-    unittest.main()
--- a/linPEAS/tests/test_modules_metadata.py
+++ b/linPEAS/tests/test_modules_metadata.py
@@ -1,60 +0,0 @@
-import re
-import sys
-import unittest
-from pathlib import Path
-
-
-class LinpeasModulesMetadataTests(unittest.TestCase):
-    @classmethod
-    def setUpClass(cls):
-        cls.repo_root = Path(__file__).resolve().parents[2]
-        cls.linpeas_dir = cls.repo_root / "linPEAS"
-        cls.parts_dir = cls.linpeas_dir / "builder" / "linpeas_parts"
-
-        # Ensure `import builder.*` works when tests are run from repo root.
-        sys.path.insert(0, str(cls.linpeas_dir))
-
-        from builder.src.linpeasModule import LinpeasModule  # pylint: disable=import-error
-
-        cls.LinpeasModule = LinpeasModule
-
-    def _iter_module_files(self):
-        return sorted(self.parts_dir.rglob("*.sh"))
-
-    def test_all_modules_parse(self):
-        module_files = self._iter_module_files()
-        self.assertGreater(len(module_files), 0, "No linPEAS module files were found.")
-
-        # Parsing a module validates its metadata and dependencies.
-        for path in module_files:
-            _ = self.LinpeasModule(str(path))
-
-    def test_check_module_id_matches_filename(self):
-        for path in self._iter_module_files():
-            module = self.LinpeasModule(str(path))
-            if not getattr(module, "is_check", False):
-                continue
-
-            # For checks, the filename (without numeric prefix) must match the module ID
-            # (either full ID or stripping section prefix like `SI_`).
-            file_base = re.sub(r"^[0-9]+_", "", path.stem)
-            module_id = getattr(module, "id", "")
-            module_id_tail = module_id[3:] if len(module_id) >= 3 else ""
-            self.assertIn(
-                file_base,
-                {module_id, module_id_tail},
-                f"Module ID mismatch in {path}: id={module_id} expected suffix={file_base}",
-            )
-
-    def test_module_ids_are_unique(self):
-        ids = []
-        for path in self._iter_module_files():
-            module = self.LinpeasModule(str(path))
-            ids.append(getattr(module, "id", ""))
-
-        duplicates = {x for x in ids if x and ids.count(x) > 1}
-        self.assertEqual(set(), duplicates, f"Duplicate module IDs found: {sorted(duplicates)}")
-
-
-if __name__ == "__main__":
-    unittest.main()
--- a/parsers/peas2json.py
+++ b/parsers/peas2json.py
@@ -127,9 +127,7 @@ def parse_line(line: str):

    elif is_section(line, INFO_PATTERN):
        title = parse_title(line)
-        if C_SECTION == {}:
-            return
-        C_SECTION.setdefault("infos", []).append(title)
+        C_SECTION["infos"].append(title)
    
    #If here, then it's text
    else:
--- a/winPEAS/winPEASbat/winPEAS.bat
+++ b/winPEAS/winPEASbat/winPEAS.bat
@@ -71,7 +71,7 @@ CALL :T_Progress 2
 :ListHotFixes
 where wmic >nul 2>&1
 if %errorlevel% equ 0 (
-    wmic qfe get Caption,Description,HotFixID,InstalledOn
+    wmic qfe get Caption,Description,HotFixID,InstalledOn | more
 ) else (
    powershell -command "Get-HotFix | Format-Table -AutoSize"
 )
@@ -204,7 +204,7 @@ CALL :T_Progress 1
 CALL :ColorLine " %E%33m[+]%E%97m Registered Anti-Virus(AV)"
 where wmic >nul 2>&1
 if %errorlevel% equ 0 (
-    WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
+    WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List | more
 ) else (
    powershell -command "Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntiVirusProduct | Select-Object -ExpandProperty displayName"
 ) 
@@ -238,7 +238,7 @@ CALL :ColorLine " %E%33m[+]%E%97m MOUNTED DISKS"
 ECHO.   [i] Maybe you find something interesting
 where wmic >nul 2>&1
 if %errorlevel% equ 0 (
-    wmic logicaldisk get caption
+    wmic logicaldisk get caption | more
 ) else (
    fsutil fsinfo drives
 )
@@ -670,7 +670,7 @@ if "%long%" == "true" (
 	ECHO.
 	where wmic >nul 2>&1
 	if !errorlevel! equ 0 (
-		for /f %%x in ('wmic logicaldisk get name') do (
+		for /f %%x in ('wmic logicaldisk get name ^| more') do (
 			set tdrive=%%x
 			if "!tdrive:~1,2!" == ":" (
 				%%x
--- a/winPEAS/winPEASexe/CMakeLists.txt
+++ b/winPEAS/winPEASexe/CMakeLists.txt
@@ -1,26 +0,0 @@
-cmake_minimum_required(VERSION 3.16)
-project(winPEAS_dotnet NONE)
-
-set(PROJECT_FILE "${CMAKE_CURRENT_SOURCE_DIR}/winPEAS.csproj")
-
-find_program(DOTNET_EXECUTABLE dotnet)
-find_program(MSBUILD_EXECUTABLE msbuild)
-find_program(XBUILD_EXECUTABLE xbuild)
-
-if(DOTNET_EXECUTABLE)
-  set(BUILD_TOOL "${DOTNET_EXECUTABLE}")
-  set(BUILD_ARGS build "${PROJECT_FILE}" -c Release)
-elseif(MSBUILD_EXECUTABLE)
-  set(BUILD_TOOL "${MSBUILD_EXECUTABLE}")
-  set(BUILD_ARGS "${PROJECT_FILE}" /p:Configuration=Release)
-elseif(XBUILD_EXECUTABLE)
-  set(BUILD_TOOL "${XBUILD_EXECUTABLE}")
-  set(BUILD_ARGS "${PROJECT_FILE}" /p:Configuration=Release)
-else()
-  message(FATAL_ERROR "dotnet, msbuild, or xbuild is required to build winPEAS")
-endif()
-
-add_custom_target(winpeas ALL
-  COMMAND ${BUILD_TOOL} ${BUILD_ARGS}
-  WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
-)
--- a/winPEAS/winPEASexe/README.md
+++ b/winPEAS/winPEASexe/README.md
@@ -128,7 +128,7 @@ Once you have installed and activated it you need to:

 - **System Information**
  - [x] Basic System info information
-  - [x] Use WES-NG to search for vulnerabilities
+  - [x] Use Watson to search for vulnerabilities
  - [x] Enumerate Microsoft updates
  - [x] PS, Audit, WEF and LAPS Settings
  - [x] LSA protection
@@ -262,7 +262,7 @@ Once you have installed and activated it you need to:

 ## TODO
 - Add more checks
- Maintain updated WES-NG
+- Mantain updated Watson (last JAN 2021)

 If you want to help with any of this, you can do it using **[github issues](https://github.com/peass-ng/PEASS-ng/issues)** or you can submit a pull request.

--- a/winPEAS/winPEASexe/Tests/ArgumentParsingTests.cs
+++ b/winPEAS/winPEASexe/Tests/ArgumentParsingTests.cs
@@ -1,36 +0,0 @@
-using System;
-using System.Reflection;
-using Microsoft.VisualStudio.TestTools.UnitTesting;
-
-namespace winPEAS.Tests
-{
-    [TestClass]
-    public class ArgumentParsingTests
-    {
-        private static bool InvokeIsNetworkTypeValid(string arg)
-        {
-            var method = typeof(winPEAS.Checks.Checks).GetMethod("IsNetworkTypeValid", BindingFlags.NonPublic | BindingFlags.Static);
-            Assert.IsNotNull(method, "IsNetworkTypeValid method not found.");
-            return (bool)method.Invoke(null, new object[] { arg });
-        }
-
-        [TestMethod]
-        public void ShouldAcceptValidNetworkTypes()
-        {
-            Assert.IsTrue(InvokeIsNetworkTypeValid("-network=auto"));
-            Assert.IsTrue(InvokeIsNetworkTypeValid("-network=10.10.10.10"));
-            Assert.IsTrue(InvokeIsNetworkTypeValid("-network=10.10.10.10/24"));
-            Assert.IsTrue(InvokeIsNetworkTypeValid("-network=10.10.10.10,10.10.10.20"));
-        }
-
-        [TestMethod]
-        public void ShouldRejectInvalidNetworkTypes()
-        {
-            Assert.IsFalse(InvokeIsNetworkTypeValid("-network="));
-            Assert.IsFalse(InvokeIsNetworkTypeValid("-network=10.10.10.999"));
-            Assert.IsFalse(InvokeIsNetworkTypeValid("-network=10.10.10.10/64"));
-            Assert.IsFalse(InvokeIsNetworkTypeValid("-network=999.999.999.999/24"));
-            Assert.IsFalse(InvokeIsNetworkTypeValid("-network=not-an-ip"));
-        }
-    }
-}
--- a/winPEAS/winPEASexe/Tests/ChecksArgumentEdgeCasesTests.cs
+++ b/winPEAS/winPEASexe/Tests/ChecksArgumentEdgeCasesTests.cs
@@ -1,37 +0,0 @@
-using System;
-using Microsoft.VisualStudio.TestTools.UnitTesting;
-
-namespace winPEAS.Tests
-{
-    [TestClass]
-    public class ChecksArgumentEdgeCasesTests
-    {
-        [TestMethod]
-        public void ShouldNotThrowOnEmptyLogFileArg()
-        {
-            // Should return early with a user-friendly error, not crash.
-            Program.Main(new[] { "log=" });
-        }
-
-        [TestMethod]
-        public void ShouldNotThrowOnPortsWithoutNetwork()
-        {
-            // Should warn and return early because -network was not provided.
-            Program.Main(new[] { "-ports=80,443" });
-        }
-
-        [TestMethod]
-        public void ShouldNotThrowOnInvalidNetworkArgument()
-        {
-            // Should warn and return early because the IP is invalid.
-            Program.Main(new[] { "-network=10.10.10.999" });
-        }
-
-        [TestMethod]
-        public void ShouldNotThrowOnEmptyNetworkArgument()
-        {
-            // Should warn and return early because the value is empty.
-            Program.Main(new[] { "-network=" });
-        }
-    }
-}
--- a/winPEAS/winPEASexe/Tests/winPEAS.Tests.csproj
+++ b/winPEAS/winPEASexe/Tests/winPEAS.Tests.csproj
@@ -61,11 +61,9 @@
    </Reference>
    <Reference Include="Microsoft.VisualStudio.TestPlatform.TestFramework, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
      <HintPath>..\packages\MSTest.TestFramework.2.2.5\lib\net45\Microsoft.VisualStudio.TestPlatform.TestFramework.dll</HintPath>
-      <Private>True</Private>
    </Reference>
    <Reference Include="Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
      <HintPath>..\packages\MSTest.TestFramework.2.2.5\lib\net45\Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll</HintPath>
-      <Private>True</Private>
    </Reference>
    <Reference Include="System" />
    <Reference Include="System.ComponentModel.Composition" />
@@ -97,7 +95,6 @@
    <Reference Include="System.Xml" />
  </ItemGroup>
  <ItemGroup>
-    <Compile Include="ArgumentParsingTests.cs" />
    <Compile Include="Properties\AssemblyInfo.cs" />
    <Compile Include="SmokeTests.cs" />
  </ItemGroup>
@@ -111,40 +108,6 @@
      <Name>winPEAS</Name>
    </ProjectReference>
  </ItemGroup>
-
-  <Target Name="CopyVSTestFrameworkToMSTestAdapter" AfterTargets="Build">
-    <PropertyGroup>
-      <_PackagesDir>$(MSBuildThisFileDirectory)..\packages\</_PackagesDir>
-      <_MSTestFrameworkDir>$(_PackagesDir)MSTest.TestFramework.2.2.5\lib\net45\</_MSTestFrameworkDir>
-    </PropertyGroup>
-
-    <ItemGroup Condition="Exists('$(_MSTestFrameworkDir)')">
-      <_VSTestFrameworkDlls Include="$(_MSTestFrameworkDir)Microsoft.VisualStudio.TestPlatform.TestFramework*.dll" />
-    </ItemGroup>
-
-    <ItemGroup>
-      <_VSTestCopyDirs Include="$(TargetDir)" Condition="'$(TargetDir)' != '' AND Exists('$(TargetDir)')" />
-      <_MSTestAdapterDirs Include="$(_PackagesDir)MSTest.TestAdapter.2.2.5\build\net45\" Condition="Exists('$(_PackagesDir)MSTest.TestAdapter.2.2.5\build\net45\')" />
-      <_MSTestAdapterDirs Include="$(_PackagesDir)MSTest.TestAdapter.2.2.5\build\_common\" Condition="Exists('$(_PackagesDir)MSTest.TestAdapter.2.2.5\build\_common\')" />
-    </ItemGroup>
-
-    <Message
-      Condition="@(_VSTestFrameworkDlls) != ''"
-      Importance="high"
-      Text="CopyVSTestFrameworkToMSTestAdapter: copying @( _VSTestFrameworkDlls )" />
-
-    <Copy
-      Condition="@(_VSTestFrameworkDlls) != '' AND @(_VSTestCopyDirs) != ''"
-      SourceFiles="@(_VSTestFrameworkDlls)"
-      DestinationFolder="%(_VSTestCopyDirs.Identity)"
-      SkipUnchangedFiles="true" />
-
-    <Copy
-      Condition="@(_VSTestFrameworkDlls) != '' AND @(_MSTestAdapterDirs) != ''"
-      SourceFiles="@(_VSTestFrameworkDlls)"
-      DestinationFolder="%(_MSTestAdapterDirs.Identity)"
-      SkipUnchangedFiles="true" />
-  </Target>
  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
    <PropertyGroup>
@@ -170,4 +133,4 @@
  <Import Project="..\packages\Stub.System.Data.SQLite.Core.NetFramework.1.0.119.0\build\net451\Stub.System.Data.SQLite.Core.NetFramework.targets" Condition="Exists('..\packages\Stub.System.Data.SQLite.Core.NetFramework.1.0.119.0\build\net451\Stub.System.Data.SQLite.Core.NetFramework.targets')" />
  <Import Project="..\packages\Fody.6.5.5\build\Fody.targets" Condition="Exists('..\packages\Fody.6.5.5\build\Fody.targets')" />
  <Import Project="..\packages\Costura.Fody.5.7.0\build\Costura.Fody.targets" Condition="Exists('..\packages\Costura.Fody.5.7.0\build\Costura.Fody.targets')" />
-</Project>
+</Project>
--- a/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
@@ -94,7 +94,6 @@ namespace winPEAS.Checks
                new SystemCheck("activedirectoryinfo", new ActiveDirectoryInfo()),
                new SystemCheck("cloudinfo", new CloudInfo()),
                new SystemCheck("windowscreds", new WindowsCreds()),
-                new SystemCheck("registryinfo", new RegistryInfo()),
                new SystemCheck("browserinfo", new BrowserInfo()),
                new SystemCheck("filesinfo", new FilesInfo()),
                new SystemCheck("fileanalysis", new FileAnalysis()),
@@ -356,7 +355,7 @@ namespace winPEAS.Checks
                {
                    var rangeParts = networkType.Split('/');

-                    if (rangeParts.Length == 2 && IPAddress.TryParse(rangeParts[0], out _) && int.TryParse(rangeParts[1], out int res) && res <= 32 && res >= 0)
+                    if (rangeParts.Length == 2 && int.TryParse(rangeParts[1], out int res) && res <= 32 && res >= 0)
                    {
                        return true;
                    }
--- a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
@@ -392,7 +392,7 @@ namespace winPEAS.Checks

                foreach (string regHkcu in passRegHkcu)
                {
-                    Beaprint.DictPrint(RegistryHelper.GetRegValues("HKCU", regHkcu), false);
+                    Beaprint.DictPrint(RegistryHelper.GetRegValues("HKLM", regHkcu), false);
                }

                foreach (string regHklm in passRegHklm)
@@ -524,7 +524,7 @@ namespace winPEAS.Checks
            {
                Beaprint.MainPrint("Looking for documents --limit 100--");
                List<string> docFiles = InterestingFiles.InterestingFiles.ListUsersDocs();
-                Beaprint.ListPrint(MyUtils.GetLimitedRange(docFiles, 100));
+                Beaprint.ListPrint(docFiles.GetRange(0, docFiles.Count <= 100 ? docFiles.Count : 100));
            }
            catch (Exception ex)
            {
@@ -546,7 +546,7 @@ namespace winPEAS.Checks

                if (recFiles.Count != 0)
                {
-                    foreach (Dictionary<string, string> recF in MyUtils.GetLimitedRange(recFiles, 70))
+                    foreach (Dictionary<string, string> recF in recFiles.GetRange(0, recFiles.Count <= 70 ? recFiles.Count : 70))
                    {
                        Beaprint.AnsiPrint("    " + recF["Target"] + "(" + recF["Accessed"] + ")", colorF);
                    }
--- a/winPEAS/winPEASexe/winPEAS/Checks/NetworkInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/NetworkInfo.cs
@@ -348,7 +348,8 @@ namespace winPEAS.Checks
                Beaprint.MainPrint("DNS cached --limit 70--");
                Beaprint.GrayPrint(string.Format("    {0,-38}{1,-38}{2}", "Entry", "Name", "Data"));
                List<Dictionary<string, string>> DNScache = NetworkInfoHelper.GetDNSCache();
-                foreach (Dictionary<string, string> entry in MyUtils.GetLimitedRange(DNScache, 70))
+                foreach (Dictionary<string, string> entry in DNScache.GetRange(0,
+                    DNScache.Count <= 70 ? DNScache.Count : 70))
                {
                    Console.WriteLine($"    {entry["Entry"],-38}{entry["Name"],-38}{entry["Data"]}");
                }
--- a/winPEAS/winPEASexe/winPEAS/Checks/RegistryInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/RegistryInfo.cs
@@ -1,141 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using winPEAS.Helpers;
-using winPEAS.Helpers.Registry;
-
-namespace winPEAS.Checks
-{
-    internal class RegistryInfo : ISystemCheck
-    {
-        private const string TypingInsightsRelativePath = @"Software\Microsoft\Input\TypingInsights";
-
-        private static readonly string[] KnownWritableSystemKeyCandidates = new[]
-        {
-            @"SOFTWARE\Microsoft\CoreShell",
-            @"SOFTWARE\Microsoft\DRM",
-            @"SOFTWARE\Microsoft\Input\Locales",
-            @"SOFTWARE\Microsoft\Input\Settings",
-            @"SOFTWARE\Microsoft\Shell\Oobe",
-            @"SOFTWARE\Microsoft\Shell\Session",
-            @"SOFTWARE\Microsoft\Tracing",
-            @"SOFTWARE\Microsoft\Windows\UpdateApi",
-            @"SOFTWARE\Microsoft\WindowsUpdate\UX",
-            @"SOFTWARE\WOW6432Node\Microsoft\DRM",
-            @"SOFTWARE\WOW6432Node\Microsoft\Tracing",
-            @"SYSTEM\Software\Microsoft\TIP",
-            @"SYSTEM\ControlSet001\Control\Cryptography\WebSignIn\Navigation",
-            @"SYSTEM\ControlSet001\Control\MUI\StringCacheSettings",
-            @"SYSTEM\ControlSet001\Control\USB\AutomaticSurpriseRemoval",
-            @"SYSTEM\ControlSet001\Services\BTAGService\Parameters\Settings",
-        };
-
-        private static readonly string[] ScanBasePaths = new[]
-        {
-            @"SOFTWARE\Microsoft",
-            @"SOFTWARE\WOW6432Node\Microsoft",
-            @"SYSTEM\CurrentControlSet\Services",
-            @"SYSTEM\CurrentControlSet\Control",
-            @"SYSTEM\ControlSet001\Control",
-        };
-
-        public void PrintInfo(bool isDebug)
-        {
-            Beaprint.GreatPrint("Registry permissions for hive exploitation");
-
-            new List<Action>
-            {
-                PrintTypingInsightsPermissions,
-                PrintKnownSystemWritableKeys,
-                PrintHeuristicWritableKeys,
-            }.ForEach(action => CheckRunner.Run(action, isDebug));
-        }
-
-        private void PrintTypingInsightsPermissions()
-        {
-            Beaprint.MainPrint("Cross-user TypingInsights key (HKCU/HKU)");
-
-            var matches = new List<RegistryWritableKeyInfo>();
-            var seen = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-
-            if (RegistryAclScanner.TryGetWritableKey("HKCU", TypingInsightsRelativePath, out var currentUserKey))
-            {
-                if (seen.Add(currentUserKey.FullPath))
-                {
-                    matches.Add(currentUserKey);
-                }
-            }
-
-            foreach (var sid in RegistryHelper.GetUserSIDs())
-            {
-                if (string.IsNullOrEmpty(sid) || sid.Equals(".DEFAULT", StringComparison.OrdinalIgnoreCase) || sid.EndsWith("_Classes", StringComparison.OrdinalIgnoreCase))
-                {
-                    continue;
-                }
-
-                string relativePath = $"{sid}\\{TypingInsightsRelativePath}";
-                if (RegistryAclScanner.TryGetWritableKey("HKU", relativePath, out var info) && seen.Add(info.FullPath))
-                {
-                    matches.Add(info);
-                }
-            }
-
-            if (matches.Count == 0)
-            {
-                Beaprint.GrayPrint("  [-] TypingInsights key does not grant write access to low-privileged groups.");
-                return;
-            }
-
-            PrintEntries(matches);
-            Beaprint.LinkPrint("https://projectzero.google/2025/05/the-windows-registry-adventure-8-exploitation.html", "Writable TypingInsights enables cross-user hive tampering and DoS.");
-        }
-
-        private void PrintKnownSystemWritableKeys()
-        {
-            Beaprint.MainPrint("Known HKLM descendants writable by standard users");
-
-            var matches = new List<RegistryWritableKeyInfo>();
-            foreach (var path in KnownWritableSystemKeyCandidates)
-            {
-                if (RegistryAclScanner.TryGetWritableKey("HKLM", path, out var info))
-                {
-                    matches.Add(info);
-                }
-            }
-
-            if (matches.Count == 0)
-            {
-                Beaprint.GrayPrint("  [-] None of the tracked HKLM keys are writable by low-privileged groups.");
-                return;
-            }
-
-            PrintEntries(matches);
-        }
-
-        private void PrintHeuristicWritableKeys()
-        {
-            Beaprint.MainPrint("Sample of additional writable HKLM keys (depth-limited scan)");
-
-            var matches = RegistryAclScanner.ScanWritableKeys("HKLM", ScanBasePaths, maxDepth: 3, maxResults: 25);
-            if (matches.Count == 0)
-            {
-                Beaprint.GrayPrint("  [-] No additional writable HKLM keys were found within the sampled paths.");
-                return;
-            }
-
-            PrintEntries(matches);
-            Beaprint.GrayPrint("  [*] Showing up to 25 entries from the sampled paths to avoid noisy output.");
-        }
-
-        private static void PrintEntries(IEnumerable<RegistryWritableKeyInfo> entries)
-        {
-            foreach (var entry in entries)
-            {
-                var principals = string.Join(", ", entry.Principals);
-                var rights = entry.Rights.Count > 0 ? string.Join(", ", entry.Rights.Distinct(StringComparer.OrdinalIgnoreCase)) : "Write access";
-                var displayPath = string.IsNullOrEmpty(entry.FullPath) ? $"{entry.Hive}\\{entry.RelativePath}" : entry.FullPath;
-                Beaprint.BadPrint($"  [!] {displayPath} -> {principals} ({rights})");
-            }
-        }
-    }
-}
--- a/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/SystemInfo.cs
@@ -88,7 +88,6 @@ namespace winPEAS.Checks
                PrintLocalGroupPolicy,
                PrintPotentialGPOAbuse,
                AppLockerHelper.PrintAppLockerPolicy,
-                PrintPrintNightmarePointAndPrint,
                PrintPrintersWMIInfo,
                PrintNamedPipes,
                PrintNamedPipeAbuseCandidates,
@@ -837,39 +836,6 @@ namespace winPEAS.Checks
            }
        }

-        private static void PrintPrintNightmarePointAndPrint()
-        {
-            Beaprint.MainPrint("PrintNightmare PointAndPrint Policies");
-            Beaprint.LinkPrint("https://itm4n.github.io/printnightmare-exploitation/", "Check PointAndPrint policy hardening");
-
-            try
-            {
-                string key = @"Software\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint";
-                var restrict = RegistryHelper.GetDwordValue("HKLM", key, "RestrictDriverInstallationToAdministrators");
-                var noWarn = RegistryHelper.GetDwordValue("HKLM", key, "NoWarningNoElevationOnInstall");
-                var updatePrompt = RegistryHelper.GetDwordValue("HKLM", key, "UpdatePromptSettings");
-
-                if (restrict == null && noWarn == null && updatePrompt == null)
-                {
-                    Beaprint.NotFoundPrint();
-                    return;
-                }
-
-                Beaprint.NoColorPrint($"      RestrictDriverInstallationToAdministrators: {restrict}\n" +
-                                      $"      NoWarningNoElevationOnInstall: {noWarn}\n" +
-                                      $"      UpdatePromptSettings: {updatePrompt}");
-
-                if (restrict == 0 && noWarn == 1 && updatePrompt == 2)
-                {
-                    Beaprint.BadPrint("      [!] Potentially vulnerable to PrintNightmare misconfiguration");
-                }
-            }
-            catch (Exception ex)
-            {
-                Beaprint.PrintException(ex.Message);
-            }
-        }
-
        private static void PrintPrintersWMIInfo()
        {
            Beaprint.MainPrint("Enumerating Printers (WMI)");
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
@@ -132,7 +132,6 @@ namespace winPEAS.Helpers
            Console.WriteLine(LCYAN + "        activedirectoryinfo" + GRAY + "   Quick AD checks (gMSA readable passwords, AD CS template rights)" + NOCOLOR);
            Console.WriteLine(LCYAN + "        cloudinfo" + GRAY + "            Enumerate cloud information" + NOCOLOR);
            Console.WriteLine(LCYAN + "        windowscreds" + GRAY + "         Search windows credentials" + NOCOLOR);
-            Console.WriteLine(LCYAN + "        registryinfo" + GRAY + "         Flag writable HKLM/HKU keys that enable hive tampering" + NOCOLOR);
            Console.WriteLine(LCYAN + "        browserinfo" + GRAY + "          Search browser information" + NOCOLOR);
            Console.WriteLine(LCYAN + "        filesinfo" + GRAY + "            Search generic files that can contains credentials" + NOCOLOR);
            Console.WriteLine(LCYAN + "        fileanalysis" + GRAY + "         [NOT RUN BY DEFAULT] Search specific files that can contains credentials and for regexes inside files. Might take several minutes." + NOCOLOR);
--- a/winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/MyUtils.cs
@@ -21,11 +21,6 @@ namespace winPEAS.Helpers
                ""); //To get the default object you need to use an empty string
        }

-        public static List<T> GetLimitedRange<T>(List<T> items, int limit)
-        {
-            return items.GetRange(0, Math.Min(items.Count, limit));
-        }
-
        ////////////////////////////////////
        /////// MISC - Files & Paths ///////
        ////////////////////////////////////
--- a/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryAclScanner.cs
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryAclScanner.cs
@@ -1,221 +0,0 @@
-using Microsoft.Win32;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.AccessControl;
-using System.Security.Principal;
-using winPEAS.Helpers;
-
-namespace winPEAS.Helpers.Registry
-{
-    internal class RegistryWritableKeyInfo
-    {
-        public string Hive { get; set; }
-        public string RelativePath { get; set; }
-        public string FullPath { get; set; }
-        public List<string> Principals { get; set; } = new List<string>();
-        public List<string> Rights { get; set; } = new List<string>();
-    }
-
-    internal static class RegistryAclScanner
-    {
-        private static readonly Dictionary<string, string> LowPrivSidMap = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
-        {
-            { new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).Value, "BUILTIN\\Users" },
-            { new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null).Value, "Authenticated Users" },
-            { new SecurityIdentifier(WellKnownSidType.WorldSid, null).Value, "Everyone" },
-            { new SecurityIdentifier(WellKnownSidType.InteractiveSid, null).Value, "Interactive" },
-            { new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null).Value, "BUILTIN\\Guests" },
-        };
-
-        public static bool TryGetWritableKey(string hive, string relativePath, out RegistryWritableKeyInfo info)
-        {
-            info = null;
-            using (var key = OpenKey(hive, relativePath))
-            {
-                if (key == null)
-                {
-                    return false;
-                }
-
-                return TryCollectWritableInfo(hive, relativePath, key, out info);
-            }
-        }
-
-        public static List<RegistryWritableKeyInfo> ScanWritableKeys(string hive, IEnumerable<string> basePaths, int maxDepth, int maxResults)
-        {
-            var results = new List<RegistryWritableKeyInfo>();
-            var seenPaths = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-
-            foreach (var basePath in basePaths ?? Enumerable.Empty<string>())
-            {
-                if (results.Count >= maxResults)
-                {
-                    break;
-                }
-
-                using (var key = OpenKey(hive, basePath))
-                {
-                    if (key == null)
-                    {
-                        continue;
-                    }
-
-                    Traverse(hive, key, basePath, 0, maxDepth, maxResults, seenPaths, results);
-                }
-            }
-
-            return results;
-        }
-
-        private static void Traverse(string hive, RegistryKey currentKey, string currentPath, int depth, int maxDepth, int maxResults, HashSet<string> seenPaths, List<RegistryWritableKeyInfo> results)
-        {
-            if (currentKey == null || results.Count >= maxResults)
-            {
-                return;
-            }
-
-            if (TryCollectWritableInfo(hive, currentPath, currentKey, out var info))
-            {
-                if (seenPaths.Add(info.FullPath))
-                {
-                    results.Add(info);
-                }
-
-                if (results.Count >= maxResults)
-                {
-                    return;
-                }
-            }
-
-            if (depth >= maxDepth)
-            {
-                return;
-            }
-
-            string[] subKeys;
-            try
-            {
-                subKeys = currentKey.GetSubKeyNames();
-            }
-            catch
-            {
-                return;
-            }
-
-            foreach (var subKeyName in subKeys)
-            {
-                if (results.Count >= maxResults)
-                {
-                    break;
-                }
-
-                try
-                {
-                    using (var childKey = currentKey.OpenSubKey(subKeyName))
-                    {
-                        if (childKey == null)
-                        {
-                            continue;
-                        }
-
-                        string childPath = string.IsNullOrEmpty(currentPath) ? subKeyName : $"{currentPath}\\{subKeyName}";
-                        Traverse(hive, childKey, childPath, depth + 1, maxDepth, maxResults, seenPaths, results);
-                    }
-                }
-                catch
-                {
-                    // Ignore keys we cannot open
-                }
-            }
-        }
-
-        private static bool TryCollectWritableInfo(string hive, string relativePath, RegistryKey key, out RegistryWritableKeyInfo info)
-        {
-            info = null;
-
-            try
-            {
-                var acl = key.GetAccessControl(AccessControlSections.Access);
-
-                var principals = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-                var rights = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-
-                foreach (RegistryAccessRule rule in acl.GetAccessRules(true, true, typeof(SecurityIdentifier)))
-                {
-                    if (rule.AccessControlType != AccessControlType.Allow)
-                    {
-                        continue;
-                    }
-
-                    var sid = rule.IdentityReference as SecurityIdentifier ?? rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
-                    if (sid == null)
-                    {
-                        continue;
-                    }
-
-                    if (!LowPrivSidMap.TryGetValue(sid.Value, out var label))
-                    {
-                        continue;
-                    }
-
-                    string interestingRight = PermissionsHelper.PermInt2Str((int)rule.RegistryRights, PermissionType.WRITEABLE_OR_EQUIVALENT_REG);
-                    if (string.IsNullOrEmpty(interestingRight))
-                    {
-                        continue;
-                    }
-
-                    principals.Add($"{label} ({sid.Value})");
-                    rights.Add(interestingRight);
-                }
-
-                if (principals.Count == 0)
-                {
-                    return false;
-                }
-
-                string normalizedRelativePath = relativePath ?? string.Empty;
-                string fullPath = string.IsNullOrEmpty(normalizedRelativePath) ? key.Name : $"{hive}\\{normalizedRelativePath}";
-
-                info = new RegistryWritableKeyInfo
-                {
-                    Hive = hive,
-                    RelativePath = normalizedRelativePath,
-                    FullPath = fullPath,
-                    Principals = principals.ToList(),
-                    Rights = rights.ToList(),
-                };
-                return true;
-            }
-            catch
-            {
-                return false;
-            }
-        }
-
-        private static RegistryKey OpenKey(string hive, string path)
-        {
-            if (string.IsNullOrEmpty(path))
-            {
-                return null;
-            }
-
-            try
-            {
-                RegistryKey baseKey = hive switch
-                {
-                    "HKLM" => Microsoft.Win32.Registry.LocalMachine,
-                    "HKCU" => Microsoft.Win32.Registry.CurrentUser,
-                    "HKU" => Microsoft.Win32.Registry.Users,
-                    _ => null,
-                };
-
-                return baseKey?.OpenSubKey(path);
-            }
-            catch
-            {
-                return null;
-            }
-        }
-    }
-}
--- a/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/HostnameResolution.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/HostnameResolution.cs
@@ -46,7 +46,7 @@ namespace winPEAS.Info.NetworkInfo

                // 4. Call external checker
                var resp = httpClient
-                    .PostAsync("https://tools.hacktricks.wiki/api/host-checker", payload)
+                    .PostAsync("https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/", payload)
                    .GetAwaiter().GetResult();

                if (resp.IsSuccessStatusCode)
--- a/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/InternetConnectivity.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/NetworkInfo/InternetConnectivity.cs
@@ -4,8 +4,6 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Net.NetworkInformation;
 using System.Net.Sockets;
-using System.Text;
-using System.Text.Json;
 using System.Threading;

 namespace winPEAS.Info.NetworkInfo
@@ -50,7 +48,7 @@ namespace winPEAS.Info.NetworkInfo
            { "1.1.1.1", "8.8.8.8" };

        private const string LAMBDA_URL =
-            "https://tools.hacktricks.wiki/api/host-checker";
+            "https://2e6ppt7izvuv66qmx2r3et2ufi0mxwqs.lambda-url.us-east-1.on.aws/";

        // Shared HttpClient (kept for HTTP & Lambda checks)
        private static readonly HttpClient http = new HttpClient
@@ -120,12 +118,7 @@ namespace winPEAS.Info.NetworkInfo
                using var cts =
                    new CancellationTokenSource(TimeSpan.FromMilliseconds(HTTP_TIMEOUT_MS));

-                var payload = new StringContent(
-                    JsonSerializer.Serialize(new { hostname = Environment.MachineName }),
-                    Encoding.UTF8,
-                    "application/json");
-                var req = new HttpRequestMessage(HttpMethod.Post, LAMBDA_URL);
-                req.Content = payload;
+                var req = new HttpRequestMessage(HttpMethod.Get, LAMBDA_URL);
                req.Headers.UserAgent.ParseAdd("winpeas");
                req.Headers.Accept.Add(
                    new MediaTypeWithQualityHeaderValue("application/json"));
--- a/winPEAS/winPEASexe/winPEAS/Info/UserInfo/SAM/Structs.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/UserInfo/SAM/Structs.cs
@@ -16,10 +16,6 @@ namespace winPEAS.Info.UserInfo.SAM
        {
            get
            {
-                if (_maxPasswordAge == long.MinValue)
-                {
-                    return TimeSpan.MinValue;
-                }
                return -new TimeSpan(_maxPasswordAge);
            }
            set
@@ -32,10 +28,6 @@ namespace winPEAS.Info.UserInfo.SAM
        {
            get
            {
-                if (_minPasswordAge == long.MinValue)
-                {
-                    return TimeSpan.MinValue;
-                }
                return -new TimeSpan(_minPasswordAge);
            }
            set
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Putty.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/Putty.cs
@@ -88,10 +88,6 @@ namespace winPEAS.KnownFileCreds
                    if (SID.StartsWith("S-1-5") && !SID.EndsWith("_Classes"))
                    {
                        string[] subKeys = RegistryHelper.GetRegSubkeys("HKU", string.Format("{0}\\Software\\SimonTatham\\PuTTY\\Sessions\\", SID));
-                        if (subKeys.Length == 0)
-                        {
-                            subKeys = RegistryHelper.GetRegSubkeys("HKU", string.Format("{0}\\Software\\SimonTatham\\PuTTY\\Sessions", SID));
-                        }

                        foreach (string sessionName in subKeys)
                        {
@@ -133,10 +129,6 @@ namespace winPEAS.KnownFileCreds
            else
            {
                string[] subKeys = RegistryHelper.GetRegSubkeys("HKCU", "Software\\SimonTatham\\PuTTY\\Sessions\\");
-                if (subKeys.Length == 0)
-                {
-                    subKeys = RegistryHelper.GetRegSubkeys("HKCU", "Software\\SimonTatham\\PuTTY\\Sessions");
-                }
                RegistryKey selfKey = Registry.CurrentUser.OpenSubKey(@"Software\\SimonTatham\\PuTTY\\Sessions"); // extract own Sessions registry keys           

                if (selfKey != null)
@@ -206,10 +198,6 @@ namespace winPEAS.KnownFileCreds
                    if (SID.StartsWith("S-1-5") && !SID.EndsWith("_Classes"))
                    {
                        Dictionary<string, object> hostKeys = RegistryHelper.GetRegValues("HKU", string.Format("{0}\\Software\\SimonTatham\\PuTTY\\SshHostKeys\\", SID));
-                        if ((hostKeys == null) || (hostKeys.Count == 0))
-                        {
-                            hostKeys = RegistryHelper.GetRegValues("HKU", string.Format("{0}\\Software\\SimonTatham\\PuTTY\\SshHostKeys", SID));
-                        }
                        if ((hostKeys != null) && (hostKeys.Count != 0))
                        {
                            Dictionary<string, string> putty_ssh = new Dictionary<string, string>
@@ -228,10 +216,6 @@ namespace winPEAS.KnownFileCreds
            else
            {
                Dictionary<string, object> hostKeys = RegistryHelper.GetRegValues("HKCU", "Software\\SimonTatham\\PuTTY\\SshHostKeys\\");
-                if ((hostKeys == null) || (hostKeys.Count == 0))
-                {
-                    hostKeys = RegistryHelper.GetRegValues("HKCU", "Software\\SimonTatham\\PuTTY\\SshHostKeys");
-                }
                if ((hostKeys != null) && (hostKeys.Count != 0))
                {
                    Dictionary<string, string> putty_ssh = new Dictionary<string, string>();
--- a/winPEAS/winPEASexe/winPEAS/Program.cs
+++ b/winPEAS/winPEASexe/winPEAS/Program.cs
@@ -11,7 +11,6 @@ namespace winPEAS
        [STAThread]
        public static void Main(string[] args)
        {
-            // TODO: keep Main minimal; this line was an intentional break in test PR.
            Checks.Checks.Run(args);
        }
    }
--- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
+++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
@@ -57,7 +57,7 @@
    <Prefer32Bit>false</Prefer32Bit>
    <LangVersion>8.0</LangVersion>
    <RunCodeAnalysis>false</RunCodeAnalysis>
-    <CodeAnalysisRuleSet Condition="Exists('MinimumRecommendedRules.ruleset')">MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
  </PropertyGroup>
  <PropertyGroup>
@@ -71,7 +71,7 @@
    <PlatformTarget>AnyCPU</PlatformTarget>
    <LangVersion>8.0</LangVersion>
    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet Condition="Exists('MinimumRecommendedRules.ruleset')">MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <Prefer32Bit>false</Prefer32Bit>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
    <NoWarn>0168 ; 0169; 0414; 0618; 0649</NoWarn>
@@ -84,7 +84,7 @@
    <PlatformTarget>x64</PlatformTarget>
    <LangVersion>8.0</LangVersion>
    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet Condition="Exists('MinimumRecommendedRules.ruleset')">MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <Prefer32Bit>false</Prefer32Bit>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
  </PropertyGroup>
@@ -96,7 +96,7 @@
    <PlatformTarget>x86</PlatformTarget>
    <LangVersion>8.0</LangVersion>
    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet Condition="Exists('MinimumRecommendedRules.ruleset')">MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <Prefer32Bit>false</Prefer32Bit>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
  </PropertyGroup>
@@ -108,7 +108,7 @@
    <PlatformTarget>x86</PlatformTarget>
    <LangVersion>8.0</LangVersion>
    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet Condition="Exists('MinimumRecommendedRules.ruleset')">MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <Prefer32Bit>false</Prefer32Bit>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
  </PropertyGroup>
@@ -1201,7 +1201,6 @@
    <Compile Include="Checks\SystemInfo.cs" />
    <Compile Include="Checks\UserInfo.cs" />
    <Compile Include="Checks\WindowsCreds.cs" />
-    <Compile Include="Checks\RegistryInfo.cs" />
    <Compile Include="Helpers\AppLocker\AppLockerHelper.cs" />
    <Compile Include="Helpers\AppLocker\AppLockerRules.cs" />
    <Compile Include="Helpers\AppLocker\IAppIdPolicyHandler.cs" />
@@ -1470,7 +1469,6 @@
    <Compile Include="Helpers\CheckRunner.cs" />
    <Compile Include="Helpers\ReflectionHelper.cs" />
    <Compile Include="Helpers\Registry\RegistryHelper.cs" />
-    <Compile Include="Helpers\Registry\RegistryAclScanner.cs" />
    <Compile Include="Helpers\Search\SearchHelper.cs" />
    <Compile Include="Wifi\Wifi.cs" />
    <Compile Include="Wifi\NativeWifiApi\Interop.cs" />
--- a/winPEAS/winPEASps1/winPEAS.ps1
+++ b/winPEAS/winPEASps1/winPEAS.ps1
@@ -815,40 +815,12 @@ systeminfo.exe
 Write-Host ""
 if ($TimeStamp) { TimeElapsed }
 Write-Host -ForegroundColor Blue "=========|| WINDOWS HOTFIXES"
-Write-Host "=| Check missing patches with WES-NG https://github.com/bitsadmin/wesng" -ForegroundColor Yellow
+Write-Host "=| Check if windows is vulnerable with Watson https://github.com/rasta-mouse/Watson" -ForegroundColor Yellow
 Write-Host "Possible exploits (https://github.com/codingo/OSCP-2/blob/master/Windows/WinPrivCheck.bat)" -ForegroundColor Yellow
 $Hotfix = Get-HotFix | Sort-Object -Descending -Property InstalledOn -ErrorAction SilentlyContinue | Select-Object HotfixID, Description, InstalledBy, InstalledOn
 $Hotfix | Format-Table -AutoSize


-# PrintNightmare PointAndPrint policy checks
-Write-Host ""
-if ($TimeStamp) { TimeElapsed }
-Write-Host -ForegroundColor Blue "=========|| PRINTNIGHTMARE POINTANDPRINT POLICY"
-$pnKey = "HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint"
-if (Test-Path $pnKey) {
-  $pn = Get-ItemProperty -Path $pnKey -ErrorAction SilentlyContinue
-  $restrict = $pn.RestrictDriverInstallationToAdministrators
-  $noWarn = $pn.NoWarningNoElevationOnInstall
-  $updatePrompt = $pn.UpdatePromptSettings
-
-  Write-Host "RestrictDriverInstallationToAdministrators: $restrict"
-  Write-Host "NoWarningNoElevationOnInstall: $noWarn"
-  Write-Host "UpdatePromptSettings: $updatePrompt"
-
-  $hasAllValues = ($null -ne $restrict) -and ($null -ne $noWarn) -and ($null -ne $updatePrompt)
-  if (-not $hasAllValues) {
-    Write-Host "PointAndPrint policy values are missing or not configured" -ForegroundColor Gray
-  } elseif (($restrict -eq 0) -and ($noWarn -eq 1) -and ($updatePrompt -eq 2)) {
-    Write-Host "Potentially vulnerable to PrintNightmare misconfiguration" -ForegroundColor Red
-  } else {
-    Write-Host "PointAndPrint policy is not in the known risky configuration" -ForegroundColor Green
-  }
-} else {
-  Write-Host "PointAndPrint policy key not found" -ForegroundColor Gray
-}
-
-
 #Show all unique updates installed
 Write-Host ""
 if ($TimeStamp) { TimeElapsed }
@@ -1677,7 +1649,7 @@ if ($TimeStamp) { TimeElapsed }
 Write-Host -ForegroundColor Blue "=========|| WHOAMI INFO"
 Write-Host ""
 if ($TimeStamp) { TimeElapsed }
-Write-Host -ForegroundColor Blue "=========|| Check Token access here: https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.html#abusing-tokens"
+Write-Host -ForegroundColor Blue "=========|| Check Token access here: https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.html#abusing-tokens" -ForegroundColor yellow
 Write-Host -ForegroundColor Blue "=========|| Check if you are inside the Administrators group or if you have enabled any token that can be use to escalate privileges like SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebugPrivilege"
 Write-Host "https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#users--groups" -ForegroundColor Yellow
 Start-Process whoami.exe -ArgumentList "/all" -Wait -NoNewWindow
Author	SHA1	Message	Date
Carlos Polop	1b449d862a	Doc tweak for Codex merge test	2026-01-18 23:58:37 +01:00
Carlos Polop	44f265f2d3	new actions	2026-01-18 23:54:04 +01:00
Carlos Polop	2561b3c928	f	2026-01-17 17:46:36 +01:00