V2.0
This commit is contained in:
Carlos
parent
7adbb66b66
commit
e0dd33337e
212
fels.sh
212
fels.sh
@ -3,70 +3,186 @@
|
||||
file="/tmp/fels"
|
||||
RED='\033[0;31m'
|
||||
Y='\033[0;33m'
|
||||
B='\033[0;34m'
|
||||
NC='\033[0m'
|
||||
|
||||
rm -rf $file
|
||||
|
||||
printf $Y"[+] "$RED"System info\n"$NC >> $file
|
||||
uname -a 2>/dev/null >> $file
|
||||
printf $B"[*] "$RED"BASIC SYSTEM INFO\n"$NC >> $file
|
||||
echo "" >> $file
|
||||
printf $Y"[+] "$RED"Operative system\n"$NC >> $file
|
||||
(cat /proc/version || uname -a ) 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Useful software\n"$NC >> $file
|
||||
which nc ncat netcat wget curl ping fping nmap gcc make gdb base64 socat python python2 python3 2>/dev/null >> $file
|
||||
printf $Y"[+] "$RED"Date\n"$NC >> $file
|
||||
date 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Hostname, hosts and DNS\n"$NC >> $file
|
||||
cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"My username and groups\n"$NC >> $file
|
||||
whoami 2>/dev/null >> $file
|
||||
groups 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Files inside \$HOME (limit 20)\n"$NC >> $file
|
||||
ls -la $HOME 2>/dev/null | head -n 20 >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Do I hace PGP keys?\n"$NC >> $file
|
||||
gpg --list-keys 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Users with console\n"$NC >> $file
|
||||
cat /etc/passwd | grep "sh$" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"20 First files of /home\n"$NC >> $file
|
||||
find /home -type f -printf "%f\t%p\t%u\t%g\t%m\n" 2>/dev/null | column -t | head -n 20 >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Any file inside accesible .ssh directory?\n"$NC >> $file
|
||||
find /home -name .ssh 2>/dev/null -exec ls -laR {} \; >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Any sd* disk in /dev?\n"$NC >> $file
|
||||
ls /dev | grep -i "sd" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Environment\n"$NC >> $file
|
||||
env 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Cleaned proccesses\n"$NC >> $file
|
||||
ps -ef 2>/dev/null | grep -v "\[" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Networks\n"$NC >> $file
|
||||
ifconfig 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Ports\n"$NC >> $file
|
||||
netstat -punta 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"SUID files\n"$NC >> $file
|
||||
find / -perm -4000 2>/dev/null >> $file
|
||||
|
||||
printf $Y"[+] "$RED"GUID files\n"$NC >> $file
|
||||
find / -perm -g=s -type f 2>/dev/null >> $file
|
||||
printf $Y"[+] "$RED"Useful software?\n"$NC >> $file
|
||||
which nc ncat netcat wget curl ping gcc make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Capabilities\n"$NC >> $file
|
||||
getcap -r / 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Environment\n"$NC >> $file
|
||||
(set || env) 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Cleaned proccesses\n"$NC >> $file
|
||||
ps aux 2>/dev/null >> $file
|
||||
top -n 1 2>/dev/null | head -n 13 >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Scheduled tasks\n"$NC >> $file
|
||||
crontab -l 2>/dev/null >> $file
|
||||
ls -al /etc/cron* 2>/dev/null >> $file
|
||||
cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/root 2>/dev/null | grep -v "^#" >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Any sd* disk in /dev?\n"$NC >> $file
|
||||
ls /dev 2>/dev/null | grep -i "sd" >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Storage information\n"$NC >> $file
|
||||
df -h 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Unmounted file-system?\n"$NC >> $file
|
||||
cat /etc/fstab 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Printer?\n"$NC >> $file
|
||||
lpstat -a 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
echo "" >> $file
|
||||
printf $B"[*] "$RED"NETWORK INFO\n"$NC >> $file
|
||||
echo "" >> $file
|
||||
printf $Y"[+] "$RED"Hostname, hosts and DNS\n"$NC >> $file
|
||||
cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null >> $file
|
||||
dnsdomainname 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Networks and neightbours\n"$NC >> $file
|
||||
cat /etc/networks 2>/dev/null >> $file
|
||||
(ifconfig || ip a) 2>/dev/null >> $file
|
||||
iptables -L 2>/dev/null >> $file
|
||||
arp -e 2>/dev/null >> $file
|
||||
route 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Ports\n"$NC >> $file
|
||||
netstat -punta 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Files in use by network services\n"$NC >> $file
|
||||
lsof -i 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Can I sniff with tcpdump?\n"$NC >> $file
|
||||
timeout 1 tcpdump >> $file 2>&1
|
||||
echo "" >> $file
|
||||
|
||||
echo "" >> $file
|
||||
printf $B"[*] "$RED"USERS INFO\n"$NC >> $file
|
||||
echo "" >> $file
|
||||
printf $Y"[+] "$RED"Me\n"$NC >> $file
|
||||
(id || (whoami && groups)) 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Do I have PGP keys?\n"$NC >> $file
|
||||
gpg --list-keys 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Superusers\n"$NC >> $file
|
||||
awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Login\n"$NC >> $file
|
||||
w 2>/dev/null >> $file
|
||||
last 2>/dev/null | tail >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Users with console\n"$NC >> $file
|
||||
cat /etc/passwd 2>/dev/null | grep "sh$" >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"All users\n"$NC >> $file
|
||||
cat /etc/passwd 2>/dev/null | cut -d: -f1 >> $file
|
||||
echo "" >> $file
|
||||
|
||||
echo "" >> $file
|
||||
printf $B"[*] "$RED"INTERESTING FILES\n"$NC >> $file
|
||||
echo "" >> $file
|
||||
printf $Y"[+] "$RED"SUID\n"$NC >> $file
|
||||
find / -perm -4000 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"SGID\n"$NC >> $file
|
||||
find / -perm -g=s -type f 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Files inside \$HOME (limit 20)\n"$NC >> $file
|
||||
ls -la $HOME 2>/dev/null | head -n 20 >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"20 First files of /home\n"$NC >> $file
|
||||
find /home -type f 2>/dev/null | column -t | grep -v -i "/"$USER | head -n 20 >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Files inside .ssh directory?\n"$NC >> $file
|
||||
find /home /root -name .ssh 2>/dev/null -exec ls -laR {} \; >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"*sa_key* files\n"$NC >> $file
|
||||
find / -type f -name "*sa_key*" -ls 2>/dev/null -exec ls -l {} \; >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Mails?\n"$NC >> $file
|
||||
ls -alh /var/mail/ /var/spool/mail/ 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"NFS exports?\n"$NC >> $file
|
||||
cat /etc/exports 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"*_history, profile, bashrc\n"$NC >> $file
|
||||
find / -type f \( -name "*_history" -o -name "profile" -o -name "*bashrc" \) -exec ls -l {} \; 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"All hidden files (not in /sys/)\n"$NC >> $file
|
||||
find / -type f -iname ".*" -ls 2>/dev/null | grep -v "/sys/" >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"What inside /tmp, /var/tmp, /var/backups\n"$NC >> $file
|
||||
ls -a /tmp /var/tmp /var/backups 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Writable Files (not in \$HOME or /proc)\n"$NC >> $file
|
||||
find / '(' -type f -or -type d ')' '(' '(' -user $USER -perm -u=w ')' -or '(' -group $USER -perm -g=w ')' -or '(' -perm -o=w ')' ')' 2>/dev/null | grep -v '/proc' | grep -v $HOME | sort | uniq >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Web files?\n"$NC >> $file
|
||||
ls -alhR /var/www/ 2>/dev/null | head >> $file
|
||||
ls -alhR /srv/www/htdocs/ 2>/dev/null | head >> $file
|
||||
ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head >> $file
|
||||
ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Backup files?\n"$NC >> $file
|
||||
find /var /etc /bin /sbin /home /usr/local/bin /usr/local/sbin /usr/bin /usr/games /usr/sbin /root /tmp -type f \( -name "*back*" -o -name "*bck*" \) 2>/dev/null >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Find IPs inside logs\n"$NC >> $file
|
||||
grep -a -R -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/ 2>/dev/null | sort | uniq >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Find password string inside /home, /var/www, /var/log\n"$NC >> $file
|
||||
grep -lri "password" /home /var/www /var/log 2>/dev/null >> $file
|
||||
printf $Y"[+] "$RED"Find 'password' or 'passw' string inside /home, /var/www, /var/log, /etc\n"$NC >> $file
|
||||
grep -lRi "password\|passw" /home /var/www /var/log 2>/dev/null | sort | uniq >> $file
|
||||
echo "" >> $file
|
||||
|
||||
printf $Y"[+] "$RED"Sudo -l (you need to puts the password and the result appear in console)\n"$NC >> $file
|
||||
sudo -l
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user