From 480cf17e12cf5d38180b80cb439d40061ae7c49a Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Sat, 30 Jul 2022 16:56:14 +0200 Subject: [PATCH] Update sensitive_files.yaml --- build_lists/sensitive_files.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index c185ada..eb2186c 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -27,6 +27,8 @@ root_folders: - /tmp #common - /usr #common - /var #common + - /concourse-auth + - /concourse-keys common_file_folders: @@ -71,16 +73,15 @@ peas_regexes_markup: "peass{REGEXES}" peas_extrasections_markup: "peass{EXTRA_SECTIONS}" peas_finds_markup: "peass{FINDS_HERE}" +peas_finds_custom_markup: "peass{FINDS_CUSTOM}" find_line_markup: "peass{FIND_PARAMS_HERE}" find_template: > `eval_bckgrd "find peass{FIND_PARAMS_HERE} 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - peas_storages_markup: "peass{STORAGES_HERE}" storage_line_markup: "peass{STORAGE_PARAMS_HERE}" storage_line_extra_markup: "peass{STORAGE_PARAMS_EXTRA_HERE}" storage_template: > $(echo -e "peass{STORAGE_PARAMS_HERE}" peass{STORAGE_PARAMS_EXTRA_HERE} | sort | uniq | head -n 70) - int_hidden_files_markup: "peass{INT_HIDDEN_FILES}" suidVB1_markup: "peass{SUIDVB1_HERE}" @@ -105,7 +106,7 @@ variables_markup: "peass{VARIABLES}" variables: - name: pwd_inside_history - value: "enable_autologin|7z|unzip|useradd|linenum|linpeas|mkpasswd|htpasswd|openssl|PASSW|passw|shadow|root|sudo|^su|pkexec|^ftp|mongo|psql|mysql|rdesktop|xfreerdp|^ssh|steghide|@|KEY=|TOKEN=|BEARER=|Authorization:" + value: "enable_autologin|7z|unzip|useradd|linenum|linpeas|mkpasswd|htpasswd|openssl|PASSW|passw|shadow|root|snyk|sudo|^su|pkexec|^ftp|mongo|psql|mysql|rdesktop|xfreerdp|^ssh|steghide|@|KEY=|TOKEN=|BEARER=|Authorization:" @@ -120,7 +121,7 @@ defaults: check_extra_path: "" #Check if the found files are in a specific path (only linpeas) good_regex: "" #The regex to color green just_list_file: False #Just mention the path to the file, do not cat it - line_grep: "" #The regex to grep lines in a file. IMPORTANT: This is the argument for "grep" command so you need to specify the single and double quotes (see examples). Use double quotes to indicate the interesting things to grep as winpeas greps the things inside th double qoutes. + line_grep: "" #The regex to grep lines in a file. IMPORTANT: This is the argument for "grep" command so you need to specify the single and double quotes (see examples) only_bad_lines: False #Only print lines containing something red (cnotaining bad_regex) remove_empty_lines: False #Remove empty lines, use only for text files (-I param in grep) remove_path: "" #Not interested in files containing this path (only linpeas) @@ -240,6 +241,8 @@ defaults: + + ############################### ## Files & folders to search ## ###############################