darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

finish

Browse Source
This commit is contained in:
Carlos Polop 2021-06-17 23:13:11 +02:00
parent c8b2634d3c
commit 4b40537ea4
5 changed files with 533 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -12,3 +12,6 @@ winPEAS/winPEASexe/winPEAS/bin/Debug/*
obj obj
bin bin
packages packages
*cpython*
*/*cpython*
launch.json

510
build_lists/sensitive_files.yaml
View File

@ -63,7 +63,7 @@ common_directory_folders:
peas_finds_markup: "peass{FINDS_HERE}" peas_finds_markup: "peass{FINDS_HERE}"
find_line_markup: "peass{FIND_PARAMS_HERE}" find_line_markup: "peass{FIND_PARAMS_HERE}"
find_template: > find_template: >
`eval_bckgrd "find peass{FIND_PARAMS_HERE} 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` `eval_bckgrd "find peass{FIND_PARAMS_HERE} 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
peas_storages_markup: "peass{STORAGES_HERE}" peas_storages_markup: "peass{STORAGES_HERE}"
storage_line_markup: "peass{STORAGE_PARAMS_HERE}" storage_line_markup: "peass{STORAGE_PARAMS_HERE}"
@ -434,6 +434,34 @@ search:
search_in: search_in:
- common - common
? "*vnc*.c*nf*"
:
bad_regex: ".*"
type: f
search_in:
- common
? "*vnc*.ini"
:
just_list_file: True
type: f
search_in:
- common
? "*vnc*.txt"
:
bad_regex: ".*"
type: f
search_in:
- common
? "*vnc*.xml"
:
bad_regex: ".*"
type: f
search_in:
- common
Ldap: Ldap:
config: config:
auto_check: True auto_check: True
@ -651,6 +679,30 @@ search:
search_in: search_in:
- common - common
? "TokenCache.dat"
:
bad_regex: ".*"
type: f
search_in:
- common
? "AzureRMContext.json"
:
bad_regex: ".*"
type: f
search_in:
- common
? ".bluemix"
:
files:
? "config.json"
:
bad_regex: ".*"
type: d
search_in:
- common
Kerberos: Kerberos:
config: config:
auto_check: False auto_check: False
@ -937,6 +989,13 @@ search:
search_in: search_in:
- common - common
? "filezilla.xml"
:
just_list_file: True
type: f
search_in:
- common
Backup Manager: Backup Manager:
config: config:
auto_check: True auto_check: True
@ -1406,6 +1465,98 @@ search:
search_in: search_in:
- common - common
Keepass:
config:
auto_check: True
files:
? "*.kdbx"
:
just_list_file: True
type: f
search_in:
- common
? "KeePass.config*"
:
just_list_file: True
type: f
search_in:
- common
? "KeePass.ini"
:
just_list_file: True
type: f
search_in:
- common
? "KeePass.enforced*"
:
just_list_file: True
type: f
search_in:
- common
FTP:
config:
auto_check: True
files:
? "*.ftpconfig"
:
just_list_file: True
type: f
search_in:
- common
? "ffftp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "ftp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "ftp.config"
:
just_list_file: True
type: f
search_in:
- common
? "ws_ftp.ini"
:
just_list_file: True
type: f
search_in:
- common
Interesting logs:
config:
auto_check: True
files:
? "access.log"
:
just_list_file: True
type: f
search_in:
- common
? "error.log"
:
just_list_file: True
type: f
search_in:
- common
Other Interesting Files: Other Interesting Files:
config: config:
auto_check: True auto_check: True
@ -1474,6 +1625,361 @@ search:
search_in: search_in:
- common - common
Windows Files:
config:
auto_check: True
files:
? "unattend.inf"
:
just_list_file: True
type: f
search_in:
- common
? "*.rdg"
:
just_list_file: True
type: f
search_in:
- common
? "AppEvent.Evt"
:
just_list_file: True
type: f
search_in:
- common
? "ConsoleHost_history.txt"
:
just_list_file: True
type: f
search_in:
- common
? "FreeSSHDservice.ini"
:
just_list_file: True
type: f
search_in:
- common
? "NetSetup.log"
:
just_list_file: True
type: f
search_in:
- common
? "Ntds.dit"
:
just_list_file: True
type: f
search_in:
- common
? "RDCMan.settings"
:
just_list_file: True
type: f
search_in:
- common
? "SAM"
:
just_list_file: True
type: f
search_in:
- common
? "SYSTEM"
:
just_list_file: True
type: f
search_in:
- common
? "SecEvent.Evt"
:
just_list_file: True
type: f
search_in:
- common
? "appcmd.exe"
:
just_list_file: True
type: f
search_in:
- common
? "bash.exe"
:
just_list_file: True
type: f
search_in:
- common
? "datasources.xml"
:
just_list_file: True
type: f
search_in:
- common
? "default.sav"
:
just_list_file: True
type: f
search_in:
- common
? "drives.xml"
:
just_list_file: True
type: f
search_in:
- common
? "groups.xml"
:
just_list_file: True
type: f
search_in:
- common
? "https-xampp.conf"
:
just_list_file: True
type: f
search_in:
- common
? "https.conf"
:
just_list_file: True
type: f
search_in:
- common
? "iis6.log"
:
just_list_file: True
type: f
search_in:
- common
? "index.dat"
:
just_list_file: True
type: f
search_in:
- common
? "my.cnf"
:
just_list_file: True
type: f
search_in:
- common
? "my.ini"
:
just_list_file: True
type: f
search_in:
- common
? "ntuser.dat"
:
just_list_file: True
type: f
search_in:
- common
? "pagefile.sys"
:
just_list_file: True
type: f
search_in:
- common
? "php.ini"
:
just_list_file: True
type: f
search_in:
- common
? "printers.xml"
:
just_list_file: True
type: f
search_in:
- common
? "recentservers.xml"
:
just_list_file: True
type: f
search_in:
- common
? "scclient.exe"
:
just_list_file: True
type: f
search_in:
- common
? "scheduledtasks.xml"
:
just_list_file: True
type: f
search_in:
- common
? "security"
:
just_list_file: True
type: f
search_in:
- common
? "security.sav"
:
just_list_file: True
type: f
search_in:
- common
? "server.xml"
:
just_list_file: True
type: f
search_in:
- common
? "services.xml"
:
just_list_file: True
type: f
search_in:
- common
? "setupinfo"
:
just_list_file: True
type: f
search_in:
- common
? "setupinfo.bak"
:
just_list_file: True
type: f
search_in:
- common
? "sitemanager.xml"
:
just_list_file: True
type: f
search_in:
- common
? "sites.ini"
:
just_list_file: True
type: f
search_in:
- common
? "software"
:
just_list_file: True
type: f
search_in:
- common
? "software.sav"
:
just_list_file: True
type: f
search_in:
- common
? "sysprep.inf"
:
just_list_file: True
type: f
search_in:
- common
? "sysprep.xml"
:
just_list_file: True
type: f
search_in:
- common
? "system.sav"
:
just_list_file: True
type: f
search_in:
- common
? "unattend.txt"
:
just_list_file: True
type: f
search_in:
- common
? "unattend.xml"
:
just_list_file: True
type: f
search_in:
- common
? "unattended.xml"
:
just_list_file: True
type: f
search_in:
- common
? "wcx_ftp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "web*.config"
:
just_list_file: True
type: f
search_in:
- common
? "winscp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "wsl.exe"
:
just_list_file: True
type: f
search_in:
- common
# Final section # Final section
Database: Database:
config: config:
@ -1539,4 +2045,4 @@ search:
: :
type: f type: f
search_in: search_in:
- common - common

16
linPEAS/builder/linpeas_base.sh
View File

@ -73,13 +73,12 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user,
${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. ${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list.
${YELLOW}-L${BLUE} Force linpeas execution. ${YELLOW}-L${BLUE} Force linpeas execution.
${YELLOW}-M${BLUE} Force macpeas execution. ${YELLOW}-M${BLUE} Force macpeas execution.
${YELLOW}-t${BLUE} Threads to search files inside the system (by default it's the number of CPU threads).
${YELLOW}-d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 ${YELLOW}-d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
${YELLOW}-p <PORT(s)> -d <IP/NETMASK>${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139 ${YELLOW}-p <PORT(s)> -d <IP/NETMASK>${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139
${YELLOW}-i <IP> [-p <PORT(s)>]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080 ${YELLOW}-i <IP> [-p <PORT(s)>]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
$GREEN Notice${BLUE} that if you select some network action, no PE check will be performed$NC" $GREEN Notice${BLUE} that if you select some network action, no PE check will be performed$NC"
while getopts "h?asnd:p:i:P:qo:LMwt:N" opt; do while getopts "h?asnd:p:i:P:qo:LMwN" opt; do
case "$opt" in case "$opt" in
h|\?) printf "%s\n\n" "$HELP$NC"; exit 0;; h|\?) printf "%s\n\n" "$HELP$NC"; exit 0;;
a) FAST="";; a) FAST="";;
@ -94,7 +93,6 @@ while getopts "h?asnd:p:i:P:qo:LMwt:N" opt; do
L) MACPEAS="";; L) MACPEAS="";;
M) MACPEAS="1";; M) MACPEAS="1";;
w) WAIT=1;; w) WAIT=1;;
t) THREADS=$OPTARG;;
N) NOCOLOR="1";; N) NOCOLOR="1";;
esac esac
done done
@ -1001,7 +999,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ] || [ "`echo $CHECKS | grep
#----------) Caching Finds (--------------# #----------) Caching Finds (--------------#
########################################### ###########################################
printf $GREEN"Caching directories using${YELLOW} $THREADS$GREEN threads "$NC printf $GREEN"Caching directories "$NC
#Get home #Get home
@ -2313,6 +2311,14 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
peass{Msmtprc} peass{Msmtprc}
peass{Keepass}
peass{FTP}
peass{Interesting logs}
peass{Windows Files}
peass{Other Interesting Files} peass{Other Interesting Files}
echo "" echo ""
@ -2615,7 +2621,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
##-- IF) Others files in my dirs ##-- IF) Others files in my dirs
if ! [ "$IAMROOT" ]; then if ! [ "$IAMROOT" ]; then
print_2title "Searching folders owned by me containing others files on it (limit 100)" print_2title "Searching folders owned by me containing others files on it (limit 100)"
(find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" -type f -or -type d -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g" (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g"
echo "" echo ""
fi fi

6
linPEAS/builder/linpeas_builder.py
View File

@ -1,12 +1,18 @@
from .src.peasLoaded import PEASLoaded from .src.peasLoaded import PEASLoaded
from .src.linpeasBuilder import LinpeasBuilder from .src.linpeasBuilder import LinpeasBuilder
from .src.yamlGlobals import FINAL_LINPEAS_PATH
import os
import stat
#python3 -m builder.linpeas_builder #python3 -m builder.linpeas_builder
def main(): def main():
ploaded = PEASLoaded() ploaded = PEASLoaded()
lbuilder = LinpeasBuilder(ploaded) lbuilder = LinpeasBuilder(ploaded)
lbuilder.build() lbuilder.build()
lbuilder.write_linpeas(FINAL_LINPEAS_PATH)
st = os.stat(FINAL_LINPEAS_PATH)
os.chmod(FINAL_LINPEAS_PATH, st.st_mode | stat.S_IEXEC)
if __name__ == "__main__": if __name__ == "__main__":

12
linPEAS/builder/src/linpeasBuilder.py
View File

@ -15,7 +15,6 @@ from .yamlGlobals import (
FIND_LINE_MARKUP, FIND_LINE_MARKUP,
STORAGE_LINE_MARKUP, STORAGE_LINE_MARKUP,
STORAGE_LINE_EXTRA_MARKUP, STORAGE_LINE_EXTRA_MARKUP,
FINAL_LINPEAS_PATH
) )
@ -60,8 +59,6 @@ class LinpeasBuilder:
peass_marks = self.__get_peass_marks() peass_marks = self.__get_peass_marks()
assert len(peass_marks) == 0, f"There are peass marks left: {', '.join(peass_marks)}" assert len(peass_marks) == 0, f"There are peass marks left: {', '.join(peass_marks)}"
self.__write_linpeas()
def __get_peass_marks(self): def __get_peass_marks(self):
return re.findall(r'peass\{[\w\-\._ ]*\}', self.linpeas_sh) return re.findall(r'peass\{[\w\-\._ ]*\}', self.linpeas_sh)
@ -171,12 +168,13 @@ class LinpeasBuilder:
def __construct_file_line(self, precord: PEASRecord, frecord: FileRecord, init: bool = True) -> str: def __construct_file_line(self, precord: PEASRecord, frecord: FileRecord, init: bool = True) -> str:
real_regex = frecord.regex[1:] if frecord.regex.startswith("*") else frecord.regex real_regex = frecord.regex[1:] if frecord.regex.startswith("*") else frecord.regex
real_regex = real_regex.replace("*",".*").replace(".","\\.") real_regex = real_regex.replace(".","\\.").replace("*",".*")
real_regex += "$" real_regex += "$"
analise_line = "" analise_line = ""
if init: if init:
analise_line = 'printf "%s" "$PSTORAGE_'+precord.bash_name+'" | grep -E "'+real_regex+'" | while read f; do ls -ld "$f" | sed -${E} "s,'+real_regex+',${SED_RED},"; ' analise_line = 'if ! [ "`echo \\\"$PSTORAGE_'+precord.bash_name+'\\\" | grep -E \\\"'+real_regex+'\\\"`" ]; then echo_not_found "'+frecord.regex+'"; fi; '
analise_line += 'printf "%s" "$PSTORAGE_'+precord.bash_name+'" | grep -E "'+real_regex+'" | while read f; do ls -ld "$f" | sed -${E} "s,'+real_regex+',${SED_RED},"; '
#If just list, just list the file/directory #If just list, just list the file/directory
if frecord.just_list_file: if frecord.just_list_file:
@ -234,7 +232,7 @@ class LinpeasBuilder:
"""Substitude the markup with the actual code""" """Substitude the markup with the actual code"""
self.linpeas_sh = self.linpeas_sh.replace(mark, join_char.join(find_calls)) #New line char is't needed self.linpeas_sh = self.linpeas_sh.replace(mark, join_char.join(find_calls)) #New line char is't needed
def __write_linpeas(self): def write_linpeas(self, path):
"""Write on disk the final linpeas""" """Write on disk the final linpeas"""
with open(FINAL_LINPEAS_PATH, "w") as f: with open(path, "w") as f:
f.write(self.linpeas_sh) f.write(self.linpeas_sh)