From 5b236b35884f631e0ce6bd99971cd852a952e9ed Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Tue, 7 Dec 2021 07:19:53 -0500
Subject: [PATCH] linpeas

---
 build_lists/sensitive_files.yaml | 54 ++++++++++++++++++++++++++------
 linPEAS/builder/linpeas_base.sh  | 26 +++++++--------
 2 files changed, 58 insertions(+), 22 deletions(-)

diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml
index b0192f8..7fd0282 100644
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@@ -1890,15 +1890,15 @@ search:
         files:
           - name: "postfix"
             value: 
-                files:
-                  - name: "master.cf"
-                    value:
-                        bad_regex: "user=|argv="
-                        remove_empty_lines: True
-                        line_grep: '"user="'
-                type: d
-                search_in: 
-                  - common
+              files:
+                - name: "master.cf"
+                  value:
+                      bad_regex: "user=|argv="
+                      remove_empty_lines: True
+                      line_grep: '"user="'
+              type: d
+              search_in: 
+                - common
 
   - name: CloudFlare
     value:
@@ -2018,6 +2018,42 @@ search:
                 search_in: 
                   - common
   
+  - name: Zabbix
+    value:
+        config:
+          auto_check: True
+
+        files:
+          - name: "zabbix_server.conf"
+            value: 
+                bad_regex: "DBName|DBUser|DBPassword"
+                remove_regex: '^#'
+                remove_empty_lines: True
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "zabbix_agentd.conf"
+            value: 
+                bad_regex: "TLSPSKFile|psk"
+                remove_regex: '^#'
+                remove_empty_lines: True
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "zabbix"
+            value: 
+              files:
+                - name: "*.psk"
+                  value:
+                      bad_regex: ".*"
+                      remove_empty_lines: True
+              type: d
+              search_in: 
+                - common
+
+  
   - name: Github
     value:
         config:
diff --git a/linPEAS/builder/linpeas_base.sh b/linPEAS/builder/linpeas_base.sh
index 82ce737..06abb7d 100755
--- a/linPEAS/builder/linpeas_base.sh
+++ b/linPEAS/builder/linpeas_base.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 VERSION="ng"
-ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission."
+ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission."
 
 ###########################################
 #-------) Checks pre-everything (---------#
@@ -215,15 +215,15 @@ print_banner(){
 
 print_support (){
   printf """
-      ${GREEN}/---------------------------------------------------------------------------\\
-      |                             ${BLUE}Do you like PEASS?${GREEN}                            |
-      |---------------------------------------------------------------------------| 
-      |         ${YELLOW}Become a Patreon${GREEN}    :     ${RED}https://www.patreon.com/peass${GREEN}           |
-      |         ${YELLOW}Follow on Twitter${GREEN}   :     ${RED}@carlospolopm${GREEN}                           |
-      |         ${YELLOW}Respect on HTB${GREEN}      :     ${RED}SirBroccoli & makikvues${GREEN}                 |
-      |---------------------------------------------------------------------------|
-      |                                 ${BLUE}Thank you! ${GREEN}                               |
-      \---------------------------------------------------------------------------/
+    ${GREEN}/---------------------------------------------------------------------------\\
+    |                             ${BLUE}Do you like PEASS?${GREEN}                            |
+    |---------------------------------------------------------------------------| 
+    |         ${YELLOW}Become a Patreon${GREEN}    :     ${RED}https://www.patreon.com/peass${GREEN}           |
+    |         ${YELLOW}Follow on Twitter${GREEN}   :     ${RED}@carlospolopm${GREEN}                           |
+    |         ${YELLOW}Respect on HTB${GREEN}      :     ${RED}SirBroccoli & makikvues${GREEN}                 |
+    |---------------------------------------------------------------------------|
+    |                                 ${BLUE}Thank you! ${GREEN}                               |
+    \---------------------------------------------------------------------------/
 """
 }
 
@@ -233,7 +233,7 @@ print_support (){
 
 echo ""
 if [ ! "$QUIET" ]; then print_banner; print_support; fi
-printf ${BLUE}"        $SCRIPTNAME-$VERSION ${YELLOW}by carlospolop\n"$NC;
+printf ${BLUE}"          $SCRIPTNAME-$VERSION ${YELLOW}by carlospolop\n"$NC;
 echo ""
 printf ${YELLOW}"ADVISORY: ${BLUE}$ADVISORY\n$NC"
 echo ""
@@ -510,7 +510,7 @@ profiledG="01-locale-fix.sh|256term.csh|256term.sh|abrt-console-notification.sh|
 
 knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|rogershimizu@gmail.com|thmarques@gmail.com"
 
-timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ua-messaging.timer|ureadahead-stop.timer"
+timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ua-license-check.timer|ua-messaging.timer|ua-timer.timer|ureadahead-stop.timer"
 
 commonrootdirsG="^/$|/bin$|/boot$|/.cache$|/cdrom|/dev$|/etc$|/home$|/lost+found$|/lib$|/lib32$|libx32$|/lib64$|lost\+found|/media$|/mnt$|/opt$|/proc$|/root$|/run$|/sbin$|/snap$|/srv$|/sys$|/tmp$|/usr$|/var$"
 commonrootdirsMacG="^/$|/.DocumentRevisions-V100|/.fseventsd|/.PKInstallSandboxManager-SystemSoftware|/.Spotlight-V100|/.Trashes|/.vol|/Applications|/bin|/cores|/dev|/home|/Library|/macOS Install Data|/net|/Network|/opt|/private|/sbin|/System|/Users|/usr|/Volumes"
@@ -3369,7 +3369,7 @@ if echo $CHECKS | grep -q IntFiles; then
 
     ##-- IF) Find possible conf files with passwords
     print_2title "Finding possible password in config files"
-    ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" 2>/dev/null)
+    ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
     printf "%s\n" "$ppicf" | while read f; do
       if grep -qEiI 'passwd.*|creden.*' \"$f\" 2>/dev/null; then
         echo "$ITALIC $f$NC"