darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

finish

Browse Source
This commit is contained in:
Carlos Polop 2021-06-17 23:13:11 +02:00
parent c8b2634d3c
commit 4b40537ea4
5 changed files with 533 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -12,3 +12,6 @@ winPEAS/winPEASexe/winPEAS/bin/Debug/*
obj
bin
packages
*cpython*
*/*cpython*
launch.json

508
build_lists/sensitive_files.yaml
View File

@ -63,7 +63,7 @@ common_directory_folders:
peas_finds_markup: "peass{FINDS_HERE}"
find_line_markup: "peass{FIND_PARAMS_HERE}"
find_template: >
`eval_bckgrd "find peass{FIND_PARAMS_HERE} 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"`
`eval_bckgrd "find peass{FIND_PARAMS_HERE} 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
peas_storages_markup: "peass{STORAGES_HERE}"
storage_line_markup: "peass{STORAGE_PARAMS_HERE}"
@ -434,6 +434,34 @@ search:
search_in:
- common
? "*vnc*.c*nf*"
:
bad_regex: ".*"
type: f
search_in:
- common
? "*vnc*.ini"
:
just_list_file: True
type: f
search_in:
- common
? "*vnc*.txt"
:
bad_regex: ".*"
type: f
search_in:
- common
? "*vnc*.xml"
:
bad_regex: ".*"
type: f
search_in:
- common
Ldap:
config:
auto_check: True
@ -651,6 +679,30 @@ search:
search_in:
- common
? "TokenCache.dat"
:
bad_regex: ".*"
type: f
search_in:
- common
? "AzureRMContext.json"
:
bad_regex: ".*"
type: f
search_in:
- common
? ".bluemix"
:
files:
? "config.json"
:
bad_regex: ".*"
type: d
search_in:
- common
Kerberos:
config:
auto_check: False
@ -937,6 +989,13 @@ search:
search_in:
- common
? "filezilla.xml"
:
just_list_file: True
type: f
search_in:
- common
Backup Manager:
config:
auto_check: True
@ -1406,6 +1465,98 @@ search:
search_in:
- common
Keepass:
config:
auto_check: True
files:
? "*.kdbx"
:
just_list_file: True
type: f
search_in:
- common
? "KeePass.config*"
:
just_list_file: True
type: f
search_in:
- common
? "KeePass.ini"
:
just_list_file: True
type: f
search_in:
- common
? "KeePass.enforced*"
:
just_list_file: True
type: f
search_in:
- common
FTP:
config:
auto_check: True
files:
? "*.ftpconfig"
:
just_list_file: True
type: f
search_in:
- common
? "ffftp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "ftp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "ftp.config"
:
just_list_file: True
type: f
search_in:
- common
? "ws_ftp.ini"
:
just_list_file: True
type: f
search_in:
- common
Interesting logs:
config:
auto_check: True
files:
? "access.log"
:
just_list_file: True
type: f
search_in:
- common
? "error.log"
:
just_list_file: True
type: f
search_in:
- common
Other Interesting Files:
config:
auto_check: True
@ -1474,6 +1625,361 @@ search:
search_in:
- common
Windows Files:
config:
auto_check: True
files:
? "unattend.inf"
:
just_list_file: True
type: f
search_in:
- common
? "*.rdg"
:
just_list_file: True
type: f
search_in:
- common
? "AppEvent.Evt"
:
just_list_file: True
type: f
search_in:
- common
? "ConsoleHost_history.txt"
:
just_list_file: True
type: f
search_in:
- common
? "FreeSSHDservice.ini"
:
just_list_file: True
type: f
search_in:
- common
? "NetSetup.log"
:
just_list_file: True
type: f
search_in:
- common
? "Ntds.dit"
:
just_list_file: True
type: f
search_in:
- common
? "RDCMan.settings"
:
just_list_file: True
type: f
search_in:
- common
? "SAM"
:
just_list_file: True
type: f
search_in:
- common
? "SYSTEM"
:
just_list_file: True
type: f
search_in:
- common
? "SecEvent.Evt"
:
just_list_file: True
type: f
search_in:
- common
? "appcmd.exe"
:
just_list_file: True
type: f
search_in:
- common
? "bash.exe"
:
just_list_file: True
type: f
search_in:
- common
? "datasources.xml"
:
just_list_file: True
type: f
search_in:
- common
? "default.sav"
:
just_list_file: True
type: f
search_in:
- common
? "drives.xml"
:
just_list_file: True
type: f
search_in:
- common
? "groups.xml"
:
just_list_file: True
type: f
search_in:
- common
? "https-xampp.conf"
:
just_list_file: True
type: f
search_in:
- common
? "https.conf"
:
just_list_file: True
type: f
search_in:
- common
? "iis6.log"
:
just_list_file: True
type: f
search_in:
- common
? "index.dat"
:
just_list_file: True
type: f
search_in:
- common
? "my.cnf"
:
just_list_file: True
type: f
search_in:
- common
? "my.ini"
:
just_list_file: True
type: f
search_in:
- common
? "ntuser.dat"
:
just_list_file: True
type: f
search_in:
- common
? "pagefile.sys"
:
just_list_file: True
type: f
search_in:
- common
? "php.ini"
:
just_list_file: True
type: f
search_in:
- common
? "printers.xml"
:
just_list_file: True
type: f
search_in:
- common
? "recentservers.xml"
:
just_list_file: True
type: f
search_in:
- common
? "scclient.exe"
:
just_list_file: True
type: f
search_in:
- common
? "scheduledtasks.xml"
:
just_list_file: True
type: f
search_in:
- common
? "security"
:
just_list_file: True
type: f
search_in:
- common
? "security.sav"
:
just_list_file: True
type: f
search_in:
- common
? "server.xml"
:
just_list_file: True
type: f
search_in:
- common
? "services.xml"
:
just_list_file: True
type: f
search_in:
- common
? "setupinfo"
:
just_list_file: True
type: f
search_in:
- common
? "setupinfo.bak"
:
just_list_file: True
type: f
search_in:
- common
? "sitemanager.xml"
:
just_list_file: True
type: f
search_in:
- common
? "sites.ini"
:
just_list_file: True
type: f
search_in:
- common
? "software"
:
just_list_file: True
type: f
search_in:
- common
? "software.sav"
:
just_list_file: True
type: f
search_in:
- common
? "sysprep.inf"
:
just_list_file: True
type: f
search_in:
- common
? "sysprep.xml"
:
just_list_file: True
type: f
search_in:
- common
? "system.sav"
:
just_list_file: True
type: f
search_in:
- common
? "unattend.txt"
:
just_list_file: True
type: f
search_in:
- common
? "unattend.xml"
:
just_list_file: True
type: f
search_in:
- common
? "unattended.xml"
:
just_list_file: True
type: f
search_in:
- common
? "wcx_ftp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "web*.config"
:
just_list_file: True
type: f
search_in:
- common
? "winscp.ini"
:
just_list_file: True
type: f
search_in:
- common
? "wsl.exe"
:
just_list_file: True
type: f
search_in:
- common
# Final section
Database:
config:

16
linPEAS/builder/linpeas_base.sh
View File

@ -73,13 +73,12 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user,
${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list.
${YELLOW}-L${BLUE} Force linpeas execution.
${YELLOW}-M${BLUE} Force macpeas execution.
${YELLOW}-t${BLUE} Threads to search files inside the system (by default it's the number of CPU threads).
${YELLOW}-d <IP/NETMASK>${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24
${YELLOW}-p <PORT(s)> -d <IP/NETMASK>${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139
${YELLOW}-i <IP> [-p <PORT(s)>]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
$GREEN Notice${BLUE} that if you select some network action, no PE check will be performed$NC"
while getopts "h?asnd:p:i:P:qo:LMwt:N" opt; do
while getopts "h?asnd:p:i:P:qo:LMwN" opt; do
case "$opt" in
h|\?) printf "%s\n\n" "$HELP$NC"; exit 0;;
a) FAST="";;
@ -94,7 +93,6 @@ while getopts "h?asnd:p:i:P:qo:LMwt:N" opt; do
L) MACPEAS="";;
M) MACPEAS="1";;
w) WAIT=1;;
t) THREADS=$OPTARG;;
N) NOCOLOR="1";;
esac
done
@ -1001,7 +999,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ] || [ "`echo $CHECKS | grep
#----------) Caching Finds (--------------#
###########################################
printf $GREEN"Caching directories using${YELLOW} $THREADS$GREEN threads "$NC
printf $GREEN"Caching directories "$NC
#Get home
@ -2313,6 +2311,14 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
peass{Msmtprc}
peass{Keepass}
peass{FTP}
peass{Interesting logs}
peass{Windows Files}
peass{Other Interesting Files}
echo ""
@ -2615,7 +2621,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
##-- IF) Others files in my dirs
if ! [ "$IAMROOT" ]; then
print_2title "Searching folders owned by me containing others files on it (limit 100)"
(find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" -type f -or -type d -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g"
(find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g"
echo ""
fi

6
linPEAS/builder/linpeas_builder.py
View File

@ -1,12 +1,18 @@
from .src.peasLoaded import PEASLoaded
from .src.linpeasBuilder import LinpeasBuilder
from .src.yamlGlobals import FINAL_LINPEAS_PATH
import os
import stat
#python3 -m builder.linpeas_builder
def main():
ploaded = PEASLoaded()
lbuilder = LinpeasBuilder(ploaded)
lbuilder.build()
lbuilder.write_linpeas(FINAL_LINPEAS_PATH)
st = os.stat(FINAL_LINPEAS_PATH)
os.chmod(FINAL_LINPEAS_PATH, st.st_mode | stat.S_IEXEC)
if __name__ == "__main__":

12
linPEAS/builder/src/linpeasBuilder.py
View File

@ -15,7 +15,6 @@ from .yamlGlobals import (
FIND_LINE_MARKUP,
STORAGE_LINE_MARKUP,
STORAGE_LINE_EXTRA_MARKUP,
FINAL_LINPEAS_PATH
)
@ -60,8 +59,6 @@ class LinpeasBuilder:
peass_marks = self.__get_peass_marks()
assert len(peass_marks) == 0, f"There are peass marks left: {', '.join(peass_marks)}"
self.__write_linpeas()
def __get_peass_marks(self):
return re.findall(r'peass\{[\w\-\._ ]*\}', self.linpeas_sh)
@ -171,12 +168,13 @@ class LinpeasBuilder:
def __construct_file_line(self, precord: PEASRecord, frecord: FileRecord, init: bool = True) -> str:
real_regex = frecord.regex[1:] if frecord.regex.startswith("*") else frecord.regex
real_regex = real_regex.replace("*",".*").replace(".","\\.")
real_regex = real_regex.replace(".","\\.").replace("*",".*")
real_regex += "$"
analise_line = ""
if init:
analise_line = 'printf "%s" "$PSTORAGE_'+precord.bash_name+'" | grep -E "'+real_regex+'" | while read f; do ls -ld "$f" | sed -${E} "s,'+real_regex+',${SED_RED},"; '
analise_line = 'if ! [ "`echo \\\"$PSTORAGE_'+precord.bash_name+'\\\" | grep -E \\\"'+real_regex+'\\\"`" ]; then echo_not_found "'+frecord.regex+'"; fi; '
analise_line += 'printf "%s" "$PSTORAGE_'+precord.bash_name+'" | grep -E "'+real_regex+'" | while read f; do ls -ld "$f" | sed -${E} "s,'+real_regex+',${SED_RED},"; '
#If just list, just list the file/directory
if frecord.just_list_file:
@ -234,7 +232,7 @@ class LinpeasBuilder:
"""Substitude the markup with the actual code"""
self.linpeas_sh = self.linpeas_sh.replace(mark, join_char.join(find_calls)) #New line char is't needed
def __write_linpeas(self):
def write_linpeas(self, path):
"""Write on disk the final linpeas"""
with open(FINAL_LINPEAS_PATH, "w") as f:
with open(path, "w") as f:
f.write(self.linpeas_sh)