supervisord, cesi, sh colors, more lists

2019-05-08 23:02:00 +02:00 · 2019-05-08 23:02:00 +02:00 · 1f5aff8c06
commit 1f5aff8c06
parent 82b8eed6ef
2 changed files with 157 additions and 96 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,8 @@ The goal of this script is to search for possible **Privilege Escalatoin vectors
 This script does not have any dependency.
 There is not need even for bash shell, **it runs using /bin/sh**.
 It could take from **2 to 3 minutes** to execute the hole script (less than 1 min to make almost all the checks, almost 1 min to search for possible passwords inside files and 1 min to monitor the process in order to find very frequent cron jobs).
 This script have several lists included inside it to be able to color the results in order to help to discover PE vector.
@ -29,6 +31,7 @@ This script have several lists included inside it to be able to color the result
 - **Users Information**
 - [x] Info about current user (whoami, groups, sudo, PGPkeys)
 - [x] `sudo -l` without password
 - [x] Try to login using `su` as other users (using null pass and the username)
 - [x] List of superusers
 - [x] Login info
 - [x] Available users with console
@ -39,6 +42,11 @@ This script have several lists included inside it to be able to color the result
 - [x] MySQl (Version, loging as "root:")
 - [x] PostgreSQL (Version, try login in "template0" and "template1" as: "postgres:", "psql:")
 - [x] Apache (Version)
 - [x] Wordpress (Database credentials)
 - [x] Tomcat (Credentials)
 - [x] Mongo (Version)
 - [x] Supervisor (Credentials)
 - [x] Cesi (Credentials)
 - **Interesting Files**
--- a/linPE.sh
+++ b/linPE.sh
@ -1,17 +1,18 @@
-#!/bin/sh
+#!/bin/bash
 file="/tmp/linPE"
 RED='\033[1;31m'
 Y='\033[1;33m'
 B='\033[1;34m'
 NC='\033[0m'
 C=$(printf '\033')
 RED="${C}[1;31m"
 GREEN="${C}[1;32m"
 Y="${C}[1;33m"
 B="${C}[1;34m"
 NC="${C}[0m"
-groupsB="\(root\)\|\(shadow\)"
+groupsB="(root)\|(shadow)\|(admin)"
-groupsVB="\(sudo\)\|\(admin\)\|\(docker\)\|\(lxd\)\|\(wheel\)"
+groupsVB="(sudo)\|(docker)\|(lxd)\|(wheel)"
-knw_grps='\(lpadmin\)\|\(adm\)\|\(cdrom\)' #https://www.togaware.com/linux/survivor/Standard_Groups.html
+knw_grps='(lpadmin)\|(adm)\|(cdrom)' #https://www.togaware.com/linux/survivor/Standard_Groups.html
-sidG="/accton$\|/allocate$\|/arping$\|/at$\|/atq$\|/atrm$\|/authpf$\|/authpf-noip$\|/batch$\|/bsd-write$\|/btsockstat$\|/bwrap$\|/cacaocsc$\|/camel-lock-helper-1.2$\|/ccreds_validate$\|/cdrw$\|/chage$\|/chfn$\|/chkey$\|/chkperm$\|/chpass$\|/chrome-sandbox$\|/chsh$\|/cons.saver$\|/crontab$\|/ct$\|/cu$\|/dbus-daemon-launch-helper$\|/deallocate$\|/dma$\|/dmcrypt-get-device$\|/doas$\|/dotlockfile$\|/dotlock.mailutils$\|/dtaction$\|/dtappgather$\|/dtfile$\|/dtprintinfo$\|/dtsession$\|/eject$\|/execabrt-action-install-debuginfo-to-abrt-cache$\|/execdbus-daemon-launch-helper$\|/execdma-mbox-create$\|/execlockspool$\|/execlogin_chpass$\|/execlogin_lchpass$\|/execlogin_passwd$\|/execssh-keysign$\|/execulog-helper$\|/exim4$\|/expiry$\|/fdformat$\|/fusermount$\|/gnome-pty-helper$\|/gnome-suspend$\|/gpasswd$\|/gpg$\|/gpio$\|/inndstart$\|/ksu$\|/list_devices$\|/lock$\|/lockdev$\|/lockfile$\|/login$\|/login_activ$\|/login_crypto$\|/login_radius$\|/login_skey$\|/login_snk$\|/login_token$\|/login_yubikey$\|/lpc$\|/lpd$\|/lpd-port$\|/lppasswd$\|/lpq$\|/lpr$\|/lprm$\|/lpset$\|/lxc-user-nic$\|/mahjongg$\|/mail-lock$\|/mailq$\|/mail-touchlock$\|/mail-unlock$\|/mksnap_ffs$\|/mlocate$\|/mount$\|/mount.cifs$\|/mount.nfs$\|/mount.nfs4$\|/movemail$\|/mtr$\|/mutt_dotlock$\|/ncsa_auth$\|/netpr$\|/netreport$\|/netstat$\|/newgidmap$\|/newgrp$\|/newtask$\|/newuidmap$\|/ntfs-3g$\|/opieinfo$\|/opiepasswd$\|/pam_auth$\|/pam_extrausers_chkpwd$\|/pam_timestamp_check$\|/pamverifier$\|/passwd$\|/pfexec$\|/ping$\|/ping6$\|/pmconfig$\|/polkit-agent-helper-1$\|/postdrop$\|/postqueue$\|/poweroff$\|/ppp$\|/pppd$\|/procmail$\|/pt_chmod$\|/pt_chown$\|/quota$\|/rcp$\|/rdist$\|/remote.unknown$\|/rlogin$\|/rmformat$\|/rnews$\|/rsh$\|/sacadm$\|/screen$\|/sdtcm_convert$\|/sendmail$\|/sendmail.sendmail$\|/shutdown$\|/skeyaudit$\|/skeyinfo$\|/skeyinit$\|/slocate$\|/smpatch$\|/smtpctl$\|/snap-confine$\|/sperl5.8.8$\|/ssh-agent$\|/ssh-keysign$\|/staprun$\|/startinnfeed$\|/stclient$\|/su$\|/sudo$\|/sudoedit$\|/suexec$\|/sys-suspend$\|/systemctl$\|/timedc$\|/tip$\|/traceroute$\|/traceroute6$\|/traceroute6.iputils$\|/trpt$\|/tsoldtlabel$\|/tsoljdslabel$\|/tsolxagent$\|/ufsdump$\|/ufsrestore$\|/umount$\|/umount.nfs$\|/umount.nfs4$\|/unix_chkpwd$\|/uptime$\|/userhelper$\|/usernetctl$\|/utempter$\|/utmp_update$\|/uucico$\|/uucp$\|/uuglist$\|/uuidd$\|/uuname$\|/uusched$\|/uustat$\|/uux$\|/uuxqt$\|/vmware-user-suid-wrapper$\|/vncserver-x11$\|/volrmmount$\|/w$\|/wall$\|/whodo$\|/write$\|/xlock$\|/Xorg$\|/Xorg.wrap$\|/xscreensaver$\|/Xsun$\|/xterm$\|/Xvnc$"
+sidG="/accton$\|/allocate$\|/arping$\|/at$\|/atq$\|/atrm$\|/authpf$\|/authpf-noip$\|/batch$\|/bsd-write$\|/btsockstat$\|/bwrap$\|/cacaocsc$\|/camel-lock-helper-1.2$\|/ccreds_validate$\|/cdrw$\|/chage$\|/chfn$\|/chkey$\|/chkperm$\|/chpass$\|/chrome-sandbox$\|/chsh$\|/cons.saver$\|/crontab$\|/ct$\|/cu$\|/dbus-daemon-launch-helper$\|/deallocate$\|/dma$\|/dmcrypt-get-device$\|/doas$\|/dotlockfile$\|/dotlock.mailutils$\|/dtaction$\|/dtappgather$\|/dtfile$\|/dtprintinfo$\|/dtsession$\|/eject$\|/execabrt-action-install-debuginfo-to-abrt-cache$\|/execdbus-daemon-launch-helper$\|/execdma-mbox-create$\|/execlockspool$\|/execlogin_chpass$\|/execlogin_lchpass$\|/execlogin_passwd$\|/execssh-keysign$\|/execulog-helper$\|/exim4$\|/expiry$\|/fdformat$\|/fusermount$\|/gnome-pty-helper$\|/glines$\|/gnibbles$\|/gnobots2$\|/gnome-suspend$\|/gnometris$\|/gnomine$\|/gnotski$\|/gnotravex$\|/gpasswd$\|/gpg$\|/gpio$\|/gtali\|/inndstart$\|/ksu$\|/list_devices$\|/lock$\|/lockdev$\|/lockfile$\|/login$\|/login_activ$\|/login_crypto$\|/login_radius$\|/login_skey$\|/login_snk$\|/login_token$\|/login_yubikey$\|/lpc$\|/lpd$\|/lpd-port$\|/lppasswd$\|/lpq$\|/lpr$\|/lprm$\|/lpset$\|/lxc-user-nic$\|/mahjongg$\|/mail-lock$\|/mailq$\|/mail-touchlock$\|/mail-unlock$\|/mksnap_ffs$\|/mlocate$\|/mount$\|/mount.cifs$\|/mount.nfs$\|/mount.nfs4$\|/movemail$\|/mtr$\|/mutt_dotlock$\|/ncsa_auth$\|/netpr$\|/netreport$\|/netstat$\|/newgidmap$\|/newgrp$\|/newtask$\|/newuidmap$\|/ntfs-3g$\|/opieinfo$\|/opiepasswd$\|/pam_auth$\|/pam_extrausers_chkpwd$\|/pam_timestamp_check$\|/pamverifier$\|/passwd$\|/pfexec$\|/ping$\|/ping6$\|/pmconfig$\|/polkit-agent-helper-1$\|/polkit-explicit-grant-helper\|/polkit-grant-helper$\|/polkit-grant-helper-pam$\|/polkit-read-auth-helper$\|/polkit-resolve-exe-helper$\|/polkit-revoke-helper$\|/polkit-set-default-helper$\|/postdrop$\|/postqueue$\|/poweroff$\|/ppp$\|/pppd$\|/procmail$\|/pt_chmod$\|/pt_chown$\|/quota$\|/rcp$\|/rdist$\|/remote.unknown$\|/rlogin$\|/rmformat$\|/rnews$\|/rsh$\|/sacadm$\|/same-gnome$\|/screen$\|screen.real$\|/sdtcm_convert$\|/sendmail$\|/sendmail.sendmail$\|/shutdown$\|/skeyaudit$\|/skeyinfo$\|/skeyinit$\|/slocate$\|/smpatch$\|/smtpctl$\|/snap-confine$\|/sperl5.8.8$\|/ssh-agent$\|/ssh-keysign$\|/staprun$\|/startinnfeed$\|/stclient$\|/su$\|/sudo$\|/sudoedit$\|/suexec$\|/sys-suspend$\|/systemctl$\|/timedc$\|/tip$\|/traceroute$\|/traceroute6$\|/traceroute6.iputils$\|/trpt$\|/tsoldtlabel$\|/tsoljdslabel$\|/tsolxagent$\|/ufsdump$\|/ufsrestore$\|/umount$\|/umount.nfs$\|/umount.nfs4$\|/unix_chkpwd$\|/uptime$\|/userhelper$\|/usernetctl$\|/utempter$\|/utmp_update$\|/uucico$\|/uucp$\|/uuglist$\|/uuidd$\|/uuname$\|/uusched$\|/uustat$\|/uux$\|/uuxqt$\|/vmware-user-suid-wrapper$\|/vncserver-x11$\|/volrmmount$\|/w$\|/wall$\|/whodo$\|/write$\|/X$\|/xlock$\|/Xorg$\|/Xorg.wrap$\|/xscreensaver$\|/Xsun$\|/xterm$\|/Xvnc$"
 sidB="pkexec$"
 sidVB='aria2c$\|arp$\|ash$\|awk$\|base64$\|bash$\|busybox$\|cat$\|chmod$\|chown$\|cp$\|csh$\|curl$\|cut$\|dash$\|date$\|dd$\|diff$\|dmsetup$\|docker$\|ed$\|emacs$\|env$\|expand$\|expect$\|file$\|find$\|flock$\|fmt$\|fold$\|gdb$\|gimp$\|git$\|grep$\|head$\|ionice$\|ip$\|jjs$\|jq$\|jrunscript$\|ksh$\|ld.so$\|less$\|logsave$\|lua$\|make$\|more$\|mv$\|mysql$\|nano$\|nc$\|nice$\|nl$\|nmap$\|node$\|od$\|openssl$\|perl$\|pg$\|php$\|pic$\|pico$\|python$\|readelf$\|rlwrap$\|rpm$\|rpmquery$\|rsync$\|rvim$\|scp$\|sed$\|setarch$\|shuf$\|socat$\|sort$\|sqlite3$\|stdbuf$\|strace$\|systemctl$\|tail$\|tar$\|taskset$\|tclsh$\|tee$\|telnet$\|tftp$\|time$\|timeout$\|ul$\|unexpand$\|uniq$\|unshare$\|vim$\|watch$\|wget$\|xargs$\|xxd$\|zip$\|zsh$'
@ -24,7 +25,7 @@ capsB="=ep\|cap_dac_read_search\|cap_dac_override"
 writeB="\.sh$\|\./\|/etc/\|/sys/\|/lib/systemd/\|^/lib\|/root/\|/home/\|/var/log/\|/mnt/\|/usr/local/sbin/\|/usr/sbin/\|/sbin/\|/usr/local/bin/\|/usr/bin/\|/bin/\|/usr/local/games/\|/usr/games/\|/usr/lib/\|/etc/rc.d/\|"
 writeVB="/etc/init\|/etc/sys\|/etc/shadow\|/etc/passwd\|/etc/cron\|"`echo $PATH 2>/dev/null| sed 's/:/\\\|/g'`
-sh_usrs=`cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|/\\\|/g'`"ImPoSSssSiBlEee"
+sh_usrs=`cat /etc/passwd 2>/dev/null | grep -v "^root:" | grep -i "sh$" | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|/\\\|/g'`"ImPoSSssSiBlEee"
 nosh_usrs=`cat /etc/passwd 2>/dev/null | grep -i -v "sh$" | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|/\\\|/g'`"ImPoSSssSiBlEee"
 knw_usrs='daemon\|message+\|syslog\|www\|www-data\|mail\|noboby\|Debian-+\|rtkit\|systemd+'
 USER=`whoami`
@ -34,6 +35,8 @@ Wfolders=`find /home /tmp /var /bin /etc /usr /lib /media /mnt /opt /root -writa
 notExtensions="\.tif$\|\.tiff$\|\.gif$\|\.jpeg$\|\.jpg\|\.jif$\|\.jfif$\|\.jp2$\|\.jpx$\|\.j2k$\|\.j2c$\|\.fpx$\|\.pcd$\|\.png$\|\.pdf$\|\.flv$\|\.mp4$\|\.mp3$\|\.gifv$\|\.avi$\|\.mov$\|\.mpeg$\|\.wav$\|\.doc$\|\.docx$\|\.xls$\|\.xlsx$"
 TIMEOUT=`which timeout`
 if [ "$(/usr/bin/id -u)" -eq "0" ]; then printf $B"[*] "$RED"YOU ARE ALREADY ROOT!!! (nothing is going to be executed)\n"$NC; exit; fi
 rm -rf $file 2>/dev/null
@ -45,106 +48,106 @@ echo "RED/YELLOW: 99% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m,"
 echo "RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m," >> $file
 echo "LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m," >> $file
 echo "Blue: Users without console" | sed "s,Blue,${C}[1;34m&${C}[0m," >> $file
-echo "Green: Common users and known SUID/SGID binaries" | sed "s,Green,${C}[1;32m&${C}[0m," >> $file
+echo "Green: Common users, groups and known SUID/SGID binaries" | sed "s,Green,${C}[1;32m&${C}[0m," >> $file
 echo "LightMangenta: Your username" | sed "s,LightMangenta,${C}[1;95m&${C}[0m," >> $file
 echo "" >> $file
 echo "" >> $file
-echo "[+]Gathering system information..."
+printf $B"[*] "$GREEN"Gathering system info...\n"$NC
-printf $B"[*] "$RED"BASIC SYSTEM INFO\n"$NC >> $file 
+printf $B"[*] "$GREEN"BASIC SYSTEM INFO\n"$NC >> $file 
 echo "" >> $file
-printf $Y"[+] "$RED"Operative system\n"$NC >> $file
+printf $Y"[+] "$GREEN"Operative system\n"$NC >> $file
 (cat /proc/version || uname -a ) 2>/dev/null >> $file
 lsb_release -a 2>/dev/null >> $file #add to one-liner
 echo "" >> $file
-printf $Y"[+] "$RED"PATH\n"$NC >> $file
+printf $Y"[+] "$GREEN"PATH\n"$NC >> $file
 echo $PATH 2>/dev/null | sed "s,$Wfolders\|\.,${C}[1;31;103m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Date\n"$NC >> $file
+printf $Y"[+] "$GREEN"Date\n"$NC >> $file
 date 2>/dev/null >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Sudo version\n"$NC >> $file
+printf $Y"[+] "$GREEN"Sudo version\n"$NC >> $file
 sudo -V 2>/dev/null| grep "Sudo ver" >> $file
 echo "" >> $file
 sestatus=`sestatus 2>/dev/null`
 if [ "$sestatus" ]; then
-  printf $Y"[+] "$RED"selinux enabled?\n"$NC >> $file
+  printf $Y"[+] "$GREEN"selinux enabled?\n"$NC >> $file
  echo $sestatus >> $file
  echo "" >> $file
 fi
-printf $Y"[+] "$RED"Useful software?\n"$NC >> $file
+printf $Y"[+] "$GREEN"Useful software?\n"$NC >> $file
 which nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch 2>/dev/null >> $file
 echo "" >> $file
 #limited search for installed compilers
 compiler=`dpkg --list 2>/dev/null| grep compiler | grep -v "decompiler\|lib" 2>/dev/null && yum list installed 'gcc*' 2>/dev/null| grep gcc 2>/dev/null`
 if [ "$compiler" ]; then
-  printf $Y"[+] "$RED"Installed compilers?\n"$NC >> $file
+  printf $Y"[+] "$GREEN"Installed compilers?\n"$NC >> $file
  echo "$compiler" >> $file
  echo "" >> $file
 fi
-printf $Y"[+] "$RED"Environment\n"$NC >> $file
+printf $Y"[+] "$GREEN"Environment\n"$NC >> $file
-(set || env) 2>/dev/null | grep -v "groupsB\|groupsVB\|sidG\|sidB\|sidVB\|sudoB\|sudoVB\|sudocapsB\|capsB\|\notExtensions\|Wfolders\|writeB\|writeVB\|_usrs\|compiler\|PWD=\|LS_COLORS=" | sed "s,pwd\|passw,${C}[1;31m&${C}[0m,Ig" >> $file
+(env || set) 2>/dev/null | grep -v "^C=\|^RED=\|^GREEN=\|^Y=\|^B=\|^NC=\|TIMEOUT=\|groupsB=\|groupsVB=\|knw_grps=\|sidG=\|sidB=\|sidVB=\|sudoB=\|sudoVB=\|sudocapsB=\|capsB=\|\notExtensions=\|Wfolders=\|writeB=\|writeVB=\|_usrs=\|compiler\|PWD=\|LS_COLORS=" | sed "s,pwd\|passw,${C}[1;31m&${C}[0m,Ig" >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Cleaned proccesses\n"$NC >> $file
+printf $Y"[+] "$GREEN"Cleaned proccesses\n"$NC >> $file
 ps aux 2>/dev/null | grep -v "\[" | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Binary processes permissions\n"$NC >> $file
+printf $Y"[+] "$GREEN"Binary processes permissions\n"$NC >> $file
 ps aux 2>/dev/null | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Services\n"$NC >> $file
+printf $Y"[+] "$GREEN"Services\n"$NC >> $file
 (/usr/sbin/service --status-all || /sbin/chkconfig --list || /bin/rc-status) 2>/dev/null >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Different processes executed during 1 min (interesting is low number of repetitions)\n"$NC >> $file
+printf $Y"[+] "$GREEN"Different processes executed during 1 min (interesting is low number of repetitions)\n"$NC >> $file
 if [ "`ps -e --format cmd`" ]; then for i in $(seq 1 121); do ps -e --format cmd >> $file.tmp1; sleep 0.5; done; sort $file.tmp1 | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort >> $file; rm $file.tmp1; fi
 echo "" >> $file
-printf $Y"[+] "$RED"Scheduled tasks\n"$NC >> $file
+printf $Y"[+] "$GREEN"Scheduled tasks\n"$NC >> $file
 crontab -l 2>/dev/null | sed "s,$Wfolders,${C}[1;31;103m&${C}[0m," >> $file
 ls -al /etc/cron* 2>/dev/null >> $file
 cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root /var/spool/anacron 2>/dev/null | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly" | sed "s,$Wfolders,${C}[1;31;103m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"System stats?\n"$NC >> $file
+printf $Y"[+] "$GREEN"System stats?\n"$NC >> $file
 df -h 2>/dev/null >> $file
 free 2>/dev/null >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Any sd* disk in /dev?\n"$NC >> $file
+printf $Y"[+] "$GREEN"Any sd* disk in /dev?\n"$NC >> $file
 ls /dev 2>/dev/null | grep -i "sd" >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Unmounted file-system?\n"$NC >> $file
+printf $Y"[+] "$GREEN"Unmounted file-system?\n"$NC >> $file
 cat /etc/fstab 2>/dev/null | grep -v "^#" >> $file
 echo "" >> $file
 printer=`lpstat -a 2>/dev/null`
 if [ "$printer" ]; then
-    printf $Y"[+] "$RED"Printer?\n"$NC >> $file
+    printf $Y"[+] "$GREEN"Printer?\n"$NC >> $file
    echo $printer >> $file
    echo "" >> $file
 fi
 echo "" >> $file
-echo "[+]Gathering network information..."
+printf $B"[*] "$GREEN"Gathering Network info...\n"$NC
-printf $B"[*] "$RED"NETWORK INFO\n"$NC >> $file 
+printf $B"[*] "$GREEN"NETWORK INFO\n"$NC >> $file 
 echo "" >> $file
-printf $Y"[+] "$RED"Hostname, hosts and DNS\n"$NC >> $file
+printf $Y"[+] "$GREEN"Hostname, hosts and DNS\n"$NC >> $file
 cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" >> $file
 dnsdomainname 2>/dev/null >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Networks and neightbours\n"$NC >> $file
+printf $Y"[+] "$GREEN"Networks and neightbours\n"$NC >> $file
 cat /etc/networks 2>/dev/null >> $file
 (ifconfig || ip a) 2>/dev/null >> $file
 iptables -L 2>/dev/null >> $file
@ -152,72 +155,92 @@ ip n 2>/dev/null >> $file
 route -n 2>/dev/null >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Ports\n"$NC >> $file
+printf $Y"[+] "$GREEN"Ports\n"$NC >> $file
 (netstat -punta || ss -t; ss -u) 2>/dev/null | sed "s,127.0.0.1,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
 tcpd=`timeout 1 tcpdump 2>/dev/null`
 if [ "$tcpd" ]; then
-    printf $Y"[+] "$RED"Can I sniff with tcpdump?\n"$NC >> $file
+    printf $Y"[+] "$GREEN"Can I sniff with tcpdump?\n"$NC >> $file
    echo "You can sniff with tcpdump!" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
    echo "" >> $file
 fi
 inetdread=`cat /etc/inetd.conf 2>/dev/null`
 if [ "$inetdread" ]; then
-  printf $Y"[+] "$RED"Contents of /etc/inetd.conf:\n"$NC >> $file
+  printf $Y"[+] "$GREEN"Contents of /etc/inetd.conf:\n"$NC >> $file
  cat /etc/inetd.conf 2>/dev/null >> $file
  echo ""
 fi
 echo "" >> $file
-echo "[+]Gathering users information..."
+printf $B"[*] "$GREEN"Gathering users information...\n"$NC
-printf $B"[*] "$RED"USERS INFO\n"$NC >> $file 
+printf $B"[*] "$GREEN"USERS INFO\n"$NC >> $file 
 echo "" >> $file
-printf $Y"[+] "$RED"Me\n"$NC >> $file
+printf $Y"[+] "$GREEN"Me\n"$NC >> $file
-(id || (whoami && groups)) 2>/dev/null | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs\|$knw_grps,${C}[1;32m&${C}[0m," | sed "s,$groupsB,${C}[1;31m&${C}[0m," | sed "s,$groupsVB,${C}[1;31;103m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m,g" >> $file
+(id || (whoami && groups)) 2>/dev/null | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs\|$knw_grps,${C}[1;32m&${C}[0m,g" | sed "s,$groupsB,${C}[1;31m&${C}[0m,g" | sed "s,$groupsVB,${C}[1;31;103m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Sudo -l without password & /etc/sudoers\n"$NC >> $file
+printf $Y"[+] "$GREEN"Testing 'sudo -l' without password & /etc/sudoers\n"$NC >> $file
-echo '' | sudo -S -l -k 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m," | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file
+echo '' | sudo -S -l 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m," | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file
 cat /etc/sudoers 2>/dev/null | sed "s,$sudoB,${C}[1;31m&${C}[0m," | sed "s,$sudoVB,${C}[1;31;103m&${C}[0m," >> $file #Add to one-liner  
 echo "" >> $file
-printf $Y"[+] "$RED"Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC >> $file
+
 if [ "$TIMEOUT" ]; then
  printf $Y"[+] "$GREEN"Testing 'su' as other users with shell without password or with their names as password (only works in modern su binary versions)\n"$NC >> $file
  SHELLUSERS=`cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1`
  for u in $SHELLUSERS; do
    echo "Trying with $u..." >> $file
    trysu=`echo "" | timeout 1 su $u -c whoami 2>/dev/null`
    if [ "$trysu" ]; then
      echo "You can login as $u whithout password!" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
    else
      trysu=`echo $u | timeout 1 su $u -c whoami 2>/dev/null`
      if [ "$trysu" ]; then
        echo "You can login as $u using the username as password!" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
      fi
    fi
  done
 else
  printf $Y"[+] "$GREEN"Don forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC >> $file
 fi
 printf $Y"[+] "$GREEN"Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC >> $file
 echo "" >> $file
 gpgk=`gpg --list-keys 2>/dev/null`
 if [ "$gpgk" ]; then
-    printf $Y"[+] "$RED"Do I have PGP keys?\n"$NC >> $file
+    printf $Y"[+] "$GREEN"Do I have PGP keys?\n"$NC >> $file
    gpg --list-keys 2>/dev/null >> $file
    echo "" >> $file
 fi
-printf $Y"[+] "$RED"Superusers\n"$NC >> $file
+printf $Y"[+] "$GREEN"Superusers\n"$NC >> $file
-awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null >> $file
+awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Login information\n"$NC >> $file
+printf $Y"[+] "$GREEN"Login information\n"$NC >> $file
 w 2>/dev/null | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 last 2>/dev/null | tail | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Users with console\n"$NC >> $file
+printf $Y"[+] "$GREEN"Users with console\n"$NC >> $file
-cat /etc/passwd 2>/dev/null | grep "sh$" | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," >> $file
+cat /etc/passwd 2>/dev/null | grep "sh$" | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"All users\n"$NC >> $file
+printf $Y"[+] "$GREEN"All users\n"$NC >> $file
 cat /etc/passwd 2>/dev/null | cut -d: -f1 | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
 echo "" >> $file
-echo "[+]Gathering software information..." #Mostly from linEnum 
+printf $B"[*] "$GREEN"Gathering software information...\n"$NC
-printf $B"[*] "$RED"Software PE\n"$NC >> $file 
+printf $B"[*] "$GREEN"Software PE\n"$NC >> $file 
 echo "" >> $file
 mysqlver=`mysql --version 2>/dev/null`
 if [ "$mysqlver" ]; then
-  printf $Y"[+] "$RED"MySQL\n"$NC >> $file
+  printf $Y"[+] "$GREEN"MySQL\n"$NC >> $file
  echo "Version: $mysqlver" >> $file
  echo "" >> $file
 fi
@ -239,7 +262,7 @@ fi
 #postgres details - if installed
 postgver=`psql -V 2>/dev/null`
 if [ "$postgver" ]; then
-  printf $Y"[+] "$RED"PostgreSQL\n"$NC >> $file
+  printf $Y"[+] "$GREEN"PostgreSQL\n"$NC >> $file
  echo "Version: $postgver" >> $file
  echo "" >> $file
 fi
@ -272,163 +295,193 @@ fi
 #apache details - if installed
 apachever=`apache2 -v 2>/dev/null; httpd -v 2>/dev/null`
 if [ "$apachever" ]; then
-  printf $Y"[+] "$RED"Apache\n"$NC >> $file
+  printf $Y"[+] "$GREEN"Apache\n"$NC >> $file
  echo "Version: $apachever" >> $file
  sitesenabled=`find /var /etc /home /root /tmp /usr /opt -name sites-enabled -type d 2>/dev/null`
  for d in $sitesenabled; do for f in $d/*; do grep "AuthType\|AuthName\|AuthUserFile" $f | sed "s,.*AuthUserFile.*,${C}[1;31m&${C}[0m," >> $file; done; done
  if [ !"$sitesenabled" ]; then
    default00=`find /var /etc /home /root /tmp /usr /opt -name 000-default 2>/dev/null`
    for f in $default00; do grep "AuthType\|AuthName\|AuthUserFile" $f | sed "s,.*AuthUserFile.*,${C}[1;31m&${C}[0m," >> $file; done
  fi
  echo "" >> $file
 fi
 #Wordpress user, password, databname and host
-wp=`find /var /etc /home /root /tmp -type f -name wp-config.php 2>/dev/null`
+wp=`find /var /etc /home /root /tmp /usr /opt -type f -name wp-config.php 2>/dev/null`
 if [ "$wp" ]; then
-  printf $Y"[+] "$RED"Worpress\n"$NC >> $file
+  printf $Y"[+] "$GREEN"Worpress\n"$NC >> $file
  echo "wp-config.php files found:\n$wp" >> $file
  for f in $wp; do grep "PASSWORD\|USER\|NAME\|HOST" $f 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m," >> $file; done
 fi
 #Tomcat users
-wp=`find /var /etc /home /root /tmp -type f -name tomcat-users.xml 2>/dev/null`
+wp=`find /var /etc /home /root /tmp /usr /opt -type f -name tomcat-users.xml 2>/dev/null`
 if [ "$wp" ]; then
-  printf $Y"[+] "$RED"Tomcat\n"$NC >> $file
+  printf $Y"[+] "$GREEN"Tomcat\n"$NC >> $file
  echo "tomcat-users.xml file found:\n$wp" >> $file
  for f in $wp; do grep "username=" $f 2>/dev/null | grep "password=" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file; done
 fi
 #Mongo
-mongover=`mongod --version 2>/dev/null`
+mongover=`mongo --version 2>/dev/null`
 if [ ! "$mongover" ]; then
  mongover=`mongod --version 2>/dev/null`
 fi
 if [ "$mongover" ]; then
-  printf $Y"[+] "$RED"Mongo\n"$NC >> $file
+  printf $Y"[+] "$GREEN"MongoDB\n"$NC >> $file
  echo "Version: $mongover" >> $file
  #TODO: Check if you can login without password and warn the user
 fi
 #Supervisor
 supervisor=`find /etc -name supervisord.conf 2>/dev/null`
 if [ "$supervisor" ]; then
  printf $Y"[+] "$GREEN"Supervisor conf was found\n"$NC >> $file
  for f in $supervisor; do cat $f 2>/dev/null | grep "port.*=\|username.*=\|password=.*" | sed "s,port\|username\|password,${C}[1;31m&${C}[0m," >> $file; done
  #TODO: Check if you can login without password and warn the user
 fi
 #Cesi
 cesi=`find /etc -name cesi.conf 2>/dev/null`
 if [ "$cesi" ]; then
  printf $Y"[+] "$GREEN"Cesi conf was found\n"$NC >> $file
  for f in $supervisor; do cat $f 2>/dev/null | grep "username.*=\|password.*=\|host.*=\|port.*=" | sed "s,port\|username\|password,${C}[1;31m&${C}[0m," >> $file; done
  #TODO: Check if you can login without password and warn the user
 fi
 echo "" >> $file
-echo "[+]Gathering files information..."
+printf $B"[*] "$GREEN"Gathering files information...\n"$NC
-printf $B"[*] "$RED"INTERESTING FILES\n"$NC >> $file 
+printf $B"[*] "$GREEN"INTERESTING FILES\n"$NC >> $file 
 echo "" >> $file
 pkexecpolocy=`cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null`
 if [ "$pkexecpolocy" ]; then
-  printf $B"[+] "$RED"Pkexec policy\n"$NC >> $file
+  printf $B"[+] "$GREEN"Pkexec policy\n"$NC >> $file
  echo $pkexecpolocy | grep -v "^#" | sed "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$groupsB,${C}[1;31m&${C}[0m," | sed "s,$groupsVB,${C}[1;31m&${C}[0m," | sed "s,$USER,${C}[31;103m&${C}[0m," >> $file
  echo "" >> $file
 fi
-printf $Y"[+] "$RED"SUID\n"$NC >> $file
+printf $Y"[+] "$GREEN"SUID\n"$NC >> $file
 find / -perm -4000 2>/dev/null | sed "s,$sidG,${C}[1;32m&${C}[0m," | sed "s,$sidB,${C}[1;31m&${C}[0m," | sed "s,$sidVB,${C}[1;31;103m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"SGID\n"$NC >> $file
+printf $Y"[+] "$GREEN"SGID\n"$NC >> $file
 find / -perm -g=s -type f 2>/dev/null | sed "s,$sidG,${C}[1;32m&${C}[0m," | sed "s,$sidB,${C}[1;31m&${C}[0m," | sed "s,$sidVB,${C}[1;31;103m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Capabilities\n"$NC >> $file
+printf $Y"[+] "$GREEN"Capabilities\n"$NC >> $file
 getcap -r / 2>/dev/null | sed "s,$sudocapsB,${C}[1;31m&${C}[0m," | sed "s,$capsB,${C}[1;31m&${C}[0m," >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"SSH Files\n"$NC >> $file
+printf $Y"[+] "$GREEN"SSH Files\n"$NC >> $file
 find / \( -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" \) -type f -exec ls -la {} \;  2>/dev/null >> $file
 echo "" >> $file
 sshrootlogin=`grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | awk '{print  $2}'`
 if [ "$sshrootlogin" = "yes" ]; then
  printf $Y"[+] "$RED"SSH conf info\n"$NC >> $file 
  echo "SSH root login is PERMITTED"| sed "s,.*,${C}[1;31m&${C}[0m," >> $file
  echo "" >> $file
 fi
-privatekeyfiles=`grep -L "\"\|'\|(" $(grep -rl "PRIVATE KEY-----" /home /root 2>/dev/null)`
+privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home /root 2>/dev/null`
 if [ "$privatekeyfiles" ]; then
-    echo "Private SSH keys found!:\n$privatekeyfiles" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
+  privatekeyfilesgrep=`grep -L "\"\|'\|(" $privatekeyfiles`
 fi
 if [ "$privatekeyfilesgrep" ]; then
    echo "Private SSH keys found!:\n$privatekeyfilesgrep" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
  	echo "" >> $file
 fi
 awskeyfiles=`grep -rli "aws_secret_access_key" /home /root 2>/dev/null`
 if [ "$awskeyfiles" ]; then
-    printf $Y"[+] "$RED"AWS Keys\n"$NC >> $file
+    printf $Y"[+] "$GREEN"AWS Keys\n"$NC >> $file
  	echo "AWS secret keys found!:\n$awskeyfiles" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file
  	echo "" >> $file
 fi
 exprts=`cat /etc/exports 2>/dev/null`
 if [ "$exprts" ]; then
-    printf $Y"[+] "$RED"NFS exports?\n"$NC >> $file
+    printf $Y"[+] "$GREEN"NFS exports?\n"$NC >> $file
    cat /etc/exports 2>/dev/null | grep -v "^#" | sed "s,no_root_squash,${C}[1;31m&${C}[0m," >> $file
    echo "" >> $file
 fi
-printf $Y"[+] "$RED"Hashes inside passwd file? Readable shadow file, or /root?\n"$NC >> $file
+printf $Y"[+] "$GREEN"Hashes inside passwd file? Readable shadow file, or /root?\n"$NC >> $file
 grep -v '^[^:]*:[x]' /etc/passwd 2>/dev/null >> $file
 cat /etc/shadow /etc/master.passwd 2>/dev/null >> $file
 ls -ahl /root/ 2>/dev/null >> $file #Modify in one-liner  
 echo "" >> $file
-printf $Y"[+] "$RED"Files inside \$HOME (limit 20)\n"$NC >> $file
+printf $Y"[+] "$GREEN"Files inside \$HOME (limit 20)\n"$NC >> $file
 ls -la $HOME 2>/dev/null | head -n 23 >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"20 First files of /home\n"$NC >> $file
+printf $Y"[+] "$GREEN"20 First files of /home\n"$NC >> $file
 find /home -type f 2>/dev/null | column -t | grep -v -i "/"$USER | head -n 20 >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Mails (limited 50)\n"$NC >> $file
+fmails=`find /var/mail/ /var/spool/mail/ -type f 2>/dev/null`
-ls -lh /var/mail/ /var/spool/mail/ 2>/dev/null | head -n 50 >> $file
+if [ "$fmail" ]; then
  printf $Y"[+] "$GREEN"Mails (limited 50)\n"$NC >> $file
  ls -l $fmails | head -n 50 >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Inside docker or lxc?\n"$NC >> $file
+printf $Y"[+] "$GREEN"Inside docker or lxc?\n"$NC >> $file
 dockercontainer=`grep -i docker /proc/self/cgroup  2>/dev/null; find / -name "*dockerenv*" -exec ls -la {} \; 2>/dev/null`
 lxccontainer=`grep -qa container=lxc /proc/1/environ 2>/dev/null`
 if [ "$dockercontainer" ]; then echo "Looks like we're in a Docker container" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file; fi
 if [ "$lxccontainer" ]; then echo "Looks like we're in a LXC container" | sed "s,.*,${C}[1;31m&${C}[0m," >> $file; fi
 echo "" >> $file
-printf $Y"[+] "$RED"*_history, profile, bashrc, httpd.conf, .plan, .htpasswd, .git-credentials, hosts.equiv\n"$NC >> $file
+printf $Y"[+] "$GREEN"*_history, profile, bashrc, httpd.conf, .plan, .htpasswd, .git-credentials, hosts.equiv\n"$NC >> $file
 fils=`find / -type f \( -name "*_history" -o -name ".profile" -o -name "*bashrc" -o -name "httpd.conf" -o -name "*.plan" -o -name ".htpasswd" -o -name ".git-credentials" -o -name "*.rhosts" -o -name "hosts.equiv" -o -name "Dockerfile" -o -name "docker-compose.yml" \) 2>/dev/null`
 for f in $fils; do if [ -r $f ]; then ls -l $f 2>/dev/null | sed "s,bash_history\|\.plan\|\.htpasswd\|\.git-credentials\|\.rhosts,${C}[1;31m&${C}[0m," >> $file; fi; done
 echo "" >> $file
-printf $Y"[+] "$RED"All hidden files (not in /sys/, not: .gitignore, .listing, .ignore, .uuid and listed before) (limit 100)\n"$NC >> $file
+printf $Y"[+] "$GREEN"All hidden files (not in /sys/, not: .gitignore, .listing, .ignore, .uuid and listed before) (limit 100)\n"$NC >> $file
 find / -type f -iname ".*" -ls 2>/dev/null | grep -v "/sys/\|\.gitignore\|_history$\|\.profile\|\.bashrc\|\.listing\|\.ignore\|\.uuid\|\.plan\|\.htpasswd\|\.git-credentials\|.rhosts" | head -n 100 >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"What inside /tmp, /var/tmp, /var/backups (limited 100)\n"$NC >> $file
+printf $Y"[+] "$GREEN"Readable files inside inside /tmp, /var/tmp, /var/backups(limit 100)\n"$NC >> $file
-ls -la /tmp /var/tmp /var/backups 2>/dev/null | head -n 100 >> $file
+filstmpback=`find /tmp /var/tmp /var/backups -type f 2>/dev/null | head -n 100`
 for f in $filstmpback; do if [ -r $f ]; then ls -l $f 2>/dev/null >> $file; fi; done
 echo "" >> $file
-printf $Y"[+] "$RED"Interesting writable Files\n"$NC >> $file
+printf $Y"[+] "$GREEN"Interesting writable Files\n"$NC >> $file
 find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' 2>/dev/null | grep -v '/proc/' | grep -v $HOME | grep -v '/sys/fs' | grep -v $notExtensions | sort | uniq | sed "s,$writeB,${C}[1;31m&${C}[0m," | sed "s,$writeVB,${C}[1;31:93m&${C}[0m," >> $file
 for g in `groups`; do find / \( -type f -or -type d \) -group $g -perm -g=w 2>/dev/null | grep -v '/proc/' | grep -v $HOME | grep -v '/sys/fs' | grep -v $notExtensions | sed "s,$writeB,${C}[1;31m&${C}[0m," | sed "s,$writeVB,${C}[1;31;103m&${C}[0m," >> $file; done
 echo "" >> $file
-printf $Y"[+] "$RED"Backup files?\n"$NC >> $file
+printf $Y"[+] "$GREEN"Backup files?\n"$NC >> $file
-backs=`find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*bck*" \) 2>/dev/null` 
+backs=`find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bck" -o -name "*\.bk" \) 2>/dev/null` 
 for b in $backs; do if [ -r $b ]; then ls -l $b | sed "s,backup\|bck\|\.bak,${C}[1;31m&${C}[0m," >> $file; fi; done
 echo "" >> $file
-printf $Y"[+] "$RED"Searching passwords in config PHP files\n"$NC >> $file
+printf $Y"[+] "$GREEN"Searching passwords in config PHP files\n"$NC >> $file
-configs=`find /var /etc /home /root /tmp -type f -name *config*.php 2>/dev/null`
+configs=`find /var /etc /home /root /tmp /usr /opt -type f -name *config*.php 2>/dev/null`
-for c in $configs; do grep -i "password.* = ['\"]\|define.*passw" $c 2>/dev/null | grep -v "function\|password.* = \"\"\|password.* = ''" | sed '/^.\{150\}./d' | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m," >> $file; done
+for c in $configs; do grep -i "password.* = ['\"]\|define.*passw" $c 2>/dev/null | grep -v "function\|password.* = \"\"\|password.* = ''" | sed '/^.\{150\}./d' | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m,i" >> $file; done
 echo "" >> $file
-printf $Y"[+] "$RED"Web files?(output limited)\n"$NC >> $file
+printf $Y"[+] "$GREEN"Web files?(output limited)\n"$NC >> $file
 ls -alhR /var/www/ 2>/dev/null | head >> $file
 ls -alhR /srv/www/htdocs/ 2>/dev/null | head >> $file
 ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head >> $file
 ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head >> $file
 echo "" >> $file
-printf $Y"[+] "$RED"Finding IPs inside logs\n"$NC >> $file
+printf $Y"[+] "$GREEN"Finding IPs inside logs\n"$NC >> $file
 grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" /var/log/ 2>/dev/null | sort | uniq -c >> $file #Add to one-liner
 echo "" >> $file
-printf $Y"[+] "$RED"Finding passwords inside logs (limited 100)\n"$NC >> $file
+printf $Y"[+] "$GREEN"Finding passwords inside logs (limited 100)\n"$NC >> $file
 grep -a -R -i "pwd\|passw" /var/log/ 2>/dev/null | sed '/^.\{200\}./d' | sort | uniq | head -n 100 | sed "s,pwd\|passw,${C}[1;31m&${C}[0m," >> $file #Add to one-liner
 echo "" >> $file
-printf $Y"[+] "$RED"Finding emails inside logs (limited 100)\n"$NC >> $file
+printf $Y"[+] "$GREEN"Finding emails inside logs (limited 100)\n"$NC >> $file
 grep -R -E -a -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" /var/log/ 2>/dev/null | sort | uniq -c | head -n 100 >> $file #Add to one-liner 
 echo "" >> $file 
-printf $Y"[+] "$RED"Finding 'pwd' or 'passw' string inside /home, /var/www, /etc, /root and list possible web(/var/www) and config(/etc) passwords\n"$NC >> $file
+printf $Y"[+] "$GREEN"Finding 'pwd' or 'passw' string inside /home, /var/www, /etc, /root and list possible web(/var/www) and config(/etc) passwords\n"$NC >> $file
 grep -lRi "pwd\|passw" /home /var/www /root 2>/dev/null | sort | uniq >> $file
 grep -R -i "password.* = ['\"]\|define.*passw" /var/www /root /home 2>/dev/null | grep "\.php" | grep -v "function\|password.* = \"\"\|password.* = ''" | sed '/^.\{150\}./d' | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m," >> $file #Add to one-liner
 grep -R -i "password" /etc 2>/dev/null | grep "conf" | grep -v ":#\|:/\*\|: \*" | sort | uniq | sed "s,password,${C}[1;31m&${C}[0m," >> $file #Add to one-liner