From c150e63b528c6360d9099a444865ef4ca824541e Mon Sep 17 00:00:00 2001 From: Jack Date: Sun, 25 May 2025 12:55:34 -0400 Subject: [PATCH] This module scans /proc/*/environ for potentially sensitive environment variables on Linux systems. It targets common keywords like token, password, secret, AWS, API, etc. Uses 'tr' instead of 'strings' to improve compatibility in minimal environments like containers. The check is skipped entirely on MacPEAS. --- .../29_Interesting_environment_variables.sh | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 linPEAS/builder/linpeas_parts/9_interesting_files/29_Interesting_environment_variables.sh diff --git a/linPEAS/builder/linpeas_parts/9_interesting_files/29_Interesting_environment_variables.sh b/linPEAS/builder/linpeas_parts/9_interesting_files/29_Interesting_environment_variables.sh new file mode 100644 index 0000000..14f4517 --- /dev/null +++ b/linPEAS/builder/linpeas_parts/9_interesting_files/29_Interesting_environment_variables.sh @@ -0,0 +1,26 @@ +# Title: Interesting Files - Interesting Environment Variables +# ID: IF_Interesting_environment_variables +# Author: Jack Vaughn +# Last Update: 25-05-2025 +# Description: Searching possible sensitive environment variables inside of /proc/*/environ +# License: GNU GPL +# Version: 1.0 +# Functions Used: print_2title +# Global Variables: $MACPEAS +# Initial Functions: +# Generated Global Variables: +# Fat linpeas: 0 +# Small linpeas: 1 + +if [ -z "$MACPEAS" ]; then + print_2title "Searching possible sensitive environment variables inside of /proc/*/environ" + for f in /proc/[0-9]*/environ; do + [ -r "$f" ] || continue + tr '\0' '\n' < "$f" | \ + grep -aEi "(token|password|secret|aws|azure|gcp|api|key|jwt|session|cookie|database|sql|mongo|postgres)" | \ + grep -avEi '(XDG_SESSION|DBUS_SESSION|systemd\/sessions)' | \ + while read -r g; do + echo "$f: $g" + done + done +fi