darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fileanalysis winpeas not default

Browse Source
This commit is contained in:
Carlos Polop 2024-08-28 19:52:24 +02:00
parent b3cd9417f8
commit bf00500bd1
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
View File

@ -90,14 +90,15 @@ namespace winPEAS.Checks
new SystemCheck("servicesinfo", new ServicesInfo()), new SystemCheck("servicesinfo", new ServicesInfo()),
new SystemCheck("applicationsinfo", new ApplicationsInfo()), new SystemCheck("applicationsinfo", new ApplicationsInfo()),
new SystemCheck("networkinfo", new NetworkInfo()), new SystemCheck("networkinfo", new NetworkInfo()),
new SystemCheck("cloudinfo", new CloudInfo())
new SystemCheck("windowscreds", new WindowsCreds()), new SystemCheck("windowscreds", new WindowsCreds()),
new SystemCheck("browserinfo", new BrowserInfo()), new SystemCheck("browserinfo", new BrowserInfo()),
new SystemCheck("filesinfo", new FilesInfo()), new SystemCheck("filesinfo", new FilesInfo()),
new SystemCheck("fileanalysis", new FileAnalysis()), //new SystemCheck("fileanalysis", new FileAnalysis()),
new SystemCheck("cloudinfo", new CloudInfo())
}; };
var systemCheckAllKeys = new HashSet<string>(_systemChecks.Select(i => i.Key)); var systemCheckAllKeys = new HashSet<string>(_systemChecks.Select(i => i.Key));
var print_fileanalysis_warn = true;
foreach (string arg in args) foreach (string arg in args)
{ {
@ -110,6 +111,17 @@ namespace winPEAS.Checks
return; return;
} }
if (string.Equals(arg, "fileanalysis", StringComparison.CurrentCultureIgnoreCase))
{
print_fileanalysis_warn = false;
}
if (string.Equals(arg, "all", StringComparison.CurrentCultureIgnoreCase))
{
_systemChecks.Add(new SystemCheck("fileanalysis", new FileAnalysis()));
print_fileanalysis_warn = false;
}
if (arg.StartsWith("log", StringComparison.CurrentCultureIgnoreCase)) if (arg.StartsWith("log", StringComparison.CurrentCultureIgnoreCase))
{ {
// get logfile argument if present // get logfile argument if present
@ -265,6 +277,10 @@ namespace winPEAS.Checks
} }
} }
if (print_fileanalysis_warn){
Beaprint.ColorPrint(" [!] If you want to run the file analysis checks (search sensitive information in files), you need to specify the 'fileanalysis' argument. Note that this search might take several minutes. For help, run winpeass.exe --help", Beaprint.YELLOW);
}
if (isAllChecks) if (isAllChecks)
{ {
isFileSearchEnabled = true; isFileSearchEnabled = true;

12
winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
View File

@ -120,20 +120,22 @@ namespace winPEAS.Helpers
public static void PrintUsage() public static void PrintUsage()
{ {
Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally" + NOCOLOR); Console.WriteLine(YELLOW + " [*] " + GREEN + "WinPEAS is a binary to enumerate possible paths to escalate privileges locally. By default it'll run all the following checks unless otherwise specified, but you could also indicate as arguments the names of the checks to run if you only want to run a few of them." + NOCOLOR);
Console.WriteLine(LCYAN + " domain" + GRAY + " Enumerate domain information" + NOCOLOR); Console.WriteLine(LCYAN + " domain" + GRAY + " Enumerate domain information" + NOCOLOR);
Console.WriteLine(LCYAN + " systeminfo" + GRAY + " Search system information" + NOCOLOR); Console.WriteLine(LCYAN + " systeminfo" + GRAY + " Search system information" + NOCOLOR);
Console.WriteLine(LCYAN + " eventsinfo" + GRAY + " Display interesting events information" + NOCOLOR);
Console.WriteLine(LCYAN + " userinfo" + GRAY + " Search user information" + NOCOLOR); Console.WriteLine(LCYAN + " userinfo" + GRAY + " Search user information" + NOCOLOR);
Console.WriteLine(LCYAN + " processinfo" + GRAY + " Search processes information" + NOCOLOR); Console.WriteLine(LCYAN + " processinfo" + GRAY + " Search processes information" + NOCOLOR);
Console.WriteLine(LCYAN + " servicesinfo" + GRAY + " Search services information" + NOCOLOR); Console.WriteLine(LCYAN + " servicesinfo" + GRAY + " Search services information" + NOCOLOR);
Console.WriteLine(LCYAN + " applicationsinfo" + GRAY + " Search installed applications information" + NOCOLOR); Console.WriteLine(LCYAN + " applicationsinfo" + GRAY + " Search installed applications information" + NOCOLOR);
Console.WriteLine(LCYAN + " networkinfo" + GRAY + " Search network information" + NOCOLOR); Console.WriteLine(LCYAN + " networkinfo" + GRAY + " Search network information" + NOCOLOR);
Console.WriteLine(LCYAN + " cloudinfo" + GRAY + " Enumerate cloud information" + NOCOLOR);
Console.WriteLine(LCYAN + " windowscreds" + GRAY + " Search windows credentials" + NOCOLOR); Console.WriteLine(LCYAN + " windowscreds" + GRAY + " Search windows credentials" + NOCOLOR);
Console.WriteLine(LCYAN + " browserinfo" + GRAY + " Search browser information" + NOCOLOR); Console.WriteLine(LCYAN + " browserinfo" + GRAY + " Search browser information" + NOCOLOR);
Console.WriteLine(LCYAN + " filesinfo" + GRAY + " Search generic files that can contains credentials" + NOCOLOR); Console.WriteLine(LCYAN + " filesinfo" + GRAY + " Search generic files that can contains credentials" + NOCOLOR);
Console.WriteLine(LCYAN + " fileanalysis" + GRAY + " Search specific files that can contains credentials and for regexes inside files" + NOCOLOR); Console.WriteLine(LCYAN + " fileanalysis" + GRAY + " [NOT RUN BY DEFAULT] Search specific files that can contains credentials and for regexes inside files. Might take several minutes." + NOCOLOR);
Console.WriteLine(LCYAN + " eventsinfo" + GRAY + " Display interesting events information" + NOCOLOR); Console.WriteLine(LCYAN + " all" + GRAY + " Run all checks the previous check including fileanalysis." + NOCOLOR);
Console.WriteLine(LCYAN + " cloudinfo" + GRAY + " Enumerate cloud information" + NOCOLOR);
Console.WriteLine(); Console.WriteLine();
Console.WriteLine(LCYAN + " quiet" + GRAY + " Do not print banner" + NOCOLOR); Console.WriteLine(LCYAN + " quiet" + GRAY + " Do not print banner" + NOCOLOR);
Console.WriteLine(LCYAN + " notcolor" + GRAY + " Don't use ansi colors (all white)" + NOCOLOR); Console.WriteLine(LCYAN + " notcolor" + GRAY + " Don't use ansi colors (all white)" + NOCOLOR);
@ -148,7 +150,7 @@ namespace winPEAS.Helpers
Console.WriteLine(LCYAN + " -lolbas" + GRAY + $" Run additional LOLBAS check" + NOCOLOR); Console.WriteLine(LCYAN + " -lolbas" + GRAY + $" Run additional LOLBAS check" + NOCOLOR);
Console.WriteLine(LCYAN + " -linpeas=[url]" + GRAY + $" Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL\n" + Console.WriteLine(LCYAN + " -linpeas=[url]" + GRAY + $" Run additional linpeas.sh check for default WSL distribution, optionally provide custom linpeas.sh URL\n" +
$" (default: {Checks.Checks.LinpeasUrl})" + NOCOLOR); $" (default: {Checks.Checks.LinpeasUrl})" + NOCOLOR);
Console.WriteLine(LCYAN + " -network" + GRAY + $" Run additional network scanning - find network interfaces, hosts and scan nmap top 1000 TCP ports for each host found\n" + Console.WriteLine(LCYAN + " -network|-ports" + GRAY + $" Run additional network scanning - find network interfaces, hosts and scan nmap top 1000 TCP ports for each host found\n" +
$" -network=\"auto\" - find interfaces/hosts automatically" + NOCOLOR + "\n" + $" -network=\"auto\" - find interfaces/hosts automatically" + NOCOLOR + "\n" +
$" -network=\"10.10.10.10,10.10.10.20\" - scan only selected ip address(es)" + NOCOLOR + "\n" + $" -network=\"10.10.10.10,10.10.10.20\" - scan only selected ip address(es)" + NOCOLOR + "\n" +
$" -network=\"10.10.10.10/24\" - scan host based on ip address/netmask" + NOCOLOR + "\n" + $" -network=\"10.10.10.10/24\" - scan host based on ip address/netmask" + NOCOLOR + "\n" +