darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

peass-ng

Browse Source
This commit is contained in:
Carlos Polop 2021-07-15 23:01:51 +02:00
parent 83865dddda
commit e67097e123
5 changed files with 157 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_lists/sensitive_files.yaml
View File

@ -2434,4 +2434,4 @@ search:
just_list_file: True just_list_file: True
type: f type: f
search_in: search_in:
- common - common

94
linPEAS/builder/linpeas_base.sh
View File

@ -30,6 +30,10 @@ SED_RED_YELLOW="${C}[1;31;103m&${C}[0m"
BLUE="${C}[1;34m" BLUE="${C}[1;34m"
SED_BLUE="${C}[1;34m&${C}[0m" SED_BLUE="${C}[1;34m&${C}[0m"
ITALIC_BLUE="${C}[1;34m${C}[3m" ITALIC_BLUE="${C}[1;34m${C}[3m"
LIGHT_MAGENTA="${C}[1;95m"
SED_LIGHT_MAGENTA="${C}[1;95m&${C}[0m"
LIGHT_CYAN="${C}[1;96m"
SED_LIGHT_CYAN="${C}[1;96m&${C}[0m"
LG="${C}[1;37m" #LightGray LG="${C}[1;37m" #LightGray
SED_LG="${C}[1;37m&${C}[0m" SED_LG="${C}[1;37m&${C}[0m"
DG="${C}[1;90m" #DarkGray DG="${C}[1;90m" #DarkGray
@ -104,19 +108,23 @@ if [ "$MACPEAS" ]; then SCRIPTNAME="macpeas"; else SCRIPTNAME="linpeas"; fi
if [ "$NOCOLOR" ]; then if [ "$NOCOLOR" ]; then
C="" C=""
RED="" RED=""
SED_RED="" SED_RED="&"
GREEN="" GREEN=""
SED_GREEN="" SED_GREEN="&"
YELLOW="" YELLOW=""
SED_YELLOW="" SED_YELLOW="&"
SED_RED_YELLOW="" SED_RED_YELLOW="&"
BLUE="" BLUE=""
SED_BLUE="" SED_BLUE="&"
ITALIC_BLUE="" ITALIC_BLUE=""
LIGHT_MAGENTA=""
SED_LIGHT_MAGENTA="&"
LIGHT_CYAN=""
SED_LIGHT_CYAN="&"
LG="" LG=""
SED_LG="" SED_LG="&"
DG="" DG=""
SED_DG="" SED_DG="&"
NC="" NC=""
UNDERLINED="" UNDERLINED=""
ITALIC="" ITALIC=""
@ -205,12 +213,26 @@ print_banner(){
} }
print_support (){
printf """
${GREEN}/---------------------------------------------------------------------------\\
| ${BLUE}Do you like PEASS?${GREEN} |
|---------------------------------------------------------------------------|
| ${YELLOW}Become a Patreon${GREEN} : ${RED}https://www.patreon.com/peass${GREEN} |
| ${YELLOW}Follow on Twitter${GREEN} : ${RED}@carlospolopm${GREEN} |
| ${YELLOW}Respect on HTB${GREEN} : ${RED}SirBroccoli & makikvues${GREEN} |
|---------------------------------------------------------------------------|
| ${BLUE}Thank you! ${GREEN} |
\---------------------------------------------------------------------------/
"""
}
########################################### ###########################################
#-----------) Starting Output (-----------# #-----------) Starting Output (-----------#
########################################### ###########################################
echo "" echo ""
if [ !"$QUIET" ]; then print_banner; fi if [ !"$QUIET" ]; then print_banner; print_support; fi
printf ${BLUE}" $SCRIPTNAME-$VERSION ${YELLOW}by carlospolop\n"$NC; printf ${BLUE}" $SCRIPTNAME-$VERSION ${YELLOW}by carlospolop\n"$NC;
echo "" echo ""
printf ${YELLOW}"ADVISORY: "${BLUE}"$ADVISORY\n"$NC printf ${YELLOW}"ADVISORY: "${BLUE}"$ADVISORY\n"$NC
@ -219,10 +241,10 @@ printf ${BLUE}"Linux Privesc Checklist: "${YELLOW}"https://book.hacktricks.xyz/l
echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m," echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m,"
echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${SED_RED_YELLOW}," echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${SED_RED_YELLOW},"
echo " RED: You should take a look to it" | sed "s,RED,${SED_RED}," echo " RED: You should take a look to it" | sed "s,RED,${SED_RED},"
echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m," echo " LightCyan: Users with console" | sed "s,LightCyan,${SED_LIGHT_CYAN},"
echo " Blue: Users without console & mounted devs" | sed "s,Blue,${SED_BLUE}," echo " Blue: Users without console & mounted devs" | sed "s,Blue,${SED_BLUE},"
echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${SED_GREEN}," echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${SED_GREEN},"
echo " LightMagenta: Your username" | sed "s,LightMagenta,${C}[1;95m&${C}[0m," echo " LightMagenta: Your username" | sed "s,LightMagenta,${SED_LIGHT_MAGENTA},"
if [ "$IAMROOT" ]; then if [ "$IAMROOT" ]; then
echo "" echo ""
echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${SED_RED_YELLOW}," echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${SED_RED_YELLOW},"
@ -963,7 +985,7 @@ print_title "Basic information"
printf $LG"OS: "$NC printf $LG"OS: "$NC
(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," (cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED},"
printf $LG"User & Groups: "$NC printf $LG"User & Groups: "$NC
(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$idB,${SED_RED},g" (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$idB,${SED_RED},g"
printf $LG"Hostname: "$NC printf $LG"Hostname: "$NC
hostname 2>/dev/null hostname 2>/dev/null
printf $LG"Writable folder: "$NC; printf $LG"Writable folder: "$NC;
@ -1350,11 +1372,11 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes"
if [ "$NOUSEPS" ]; then if [ "$NOUSEPS" ]; then
print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
pslist=`print_ps` pslist=`print_ps`
else else
(ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do
echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
if [ "`command -v capsh`" ] && ! [ "`echo \"$psline\" | grep root`" ]; then if [ "`command -v capsh`" ] && ! [ "`echo \"$psline\" | grep root`" ]; then
cpid="`echo \"$psline\" | awk '{print $2}'`" cpid="`echo \"$psline\" | awk '{print $2}'`"
caphex=0x"`cat \"/proc/$cpid/status\" 2> /dev/null | grep \"CapEff\" | awk '{print $2}'`" caphex=0x"`cat \"/proc/$cpid/status\" 2> /dev/null | grep \"CapEff\" | awk '{print $2}'`"
@ -1383,7 +1405,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
if ! [ "$IAMROOT" ]; then if ! [ "$IAMROOT" ]; then
print_2title "Files opened by processes belonging to other users" print_2title "Files opened by processes belonging to other users"
print_info "This is usually empty because of the lack of privileges to read other user processes information" print_info "This is usually empty because of the lack of privileges to read other user processes information"
lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
echo "" echo ""
fi fi
@ -1410,11 +1432,11 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
print_2title "Cron jobs" print_2title "Cron jobs"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs"
command -v crontab 2>/dev/null || echo_not_found "crontab" command -v crontab 2>/dev/null || echo_not_found "crontab"
crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
command -v incrontab 2>/dev/null || echo_not_found "incrontab" command -v incrontab 2>/dev/null || echo_not_found "incrontab"
incrontab -l 2>/dev/null incrontab -l 2>/dev/null
ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g"
cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
crontab -l -u "$USER" 2>/dev/null | tr -d "\r" crontab -l -u "$USER" 2>/dev/null | tr -d "\r"
ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ 2>/dev/null #MacOS paths ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ 2>/dev/null #MacOS paths
echo "" echo ""
@ -1523,7 +1545,7 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
socketcurl="`curl --max-time 2 --unix-socket \"$s\" http:/index 2>/dev/null`" socketcurl="`curl --max-time 2 --unix-socket \"$s\" http:/index 2>/dev/null`"
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
owner="`ls -l \"$s\" | cut -d ' ' -f 3`" owner="`ls -l \"$s\" | cut -d ' ' -f 3`"
echo "Socket $s owned by $owner uses HTTP. Response to /index:" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" echo "Socket $s owned by $owner uses HTTP. Response to /index:" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
echo "$socketcurl" echo "$socketcurl"
fi fi
done done
@ -1540,16 +1562,16 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then
fi fi
genpol=`grep "<policy>" "$f" 2>/dev/null` genpol=`grep "<policy>" "$f" 2>/dev/null`
if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
#if [ "`grep \"<policy user=\\\"$USER\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi #if [ "`grep \"<policy user=\\\"$USER\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi
userpol=`grep "<policy user=" "$f" 2>/dev/null | grep -v "root"` userpol=`grep "<policy user=" "$f" 2>/dev/null | grep -v "root"`
if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
#for g in `groups`; do #for g in `groups`; do
# if [ "`grep \"<policy group=\\\"$g\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi # if [ "`grep \"<policy group=\\\"$g\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi
#done #done
grppol=`grep "<policy group=" "$f" 2>/dev/null | grep -v "root"` grppol=`grep "<policy group=" "$f" 2>/dev/null | grep -v "root"`
if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
#TODO: identify allows in context="default" #TODO: identify allows in context="default"
done done
@ -1655,7 +1677,7 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
#-- UI) My user #-- UI) My user
print_2title "My user" print_2title "My user"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users"
(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
echo "" echo ""
#-- UI) PGP keys? #-- UI) PGP keys?
@ -1733,12 +1755,12 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
#-- UI) Pkexec policy #-- UI) Pkexec policy
print_2title "Checking Pkexec policy" print_2title "Checking Pkexec policy"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2"
(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" (cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d"
echo "" echo ""
#-- UI) Superusers #-- UI) Superusers
print_2title "Superusers" print_2title "Superusers"
awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED},"
echo "" echo ""
#-- UI) Users with console #-- UI) Users with console
@ -1747,7 +1769,7 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
dscl . list /Users | while read uname; do dscl . list /Users | while read uname; do
ushell=`dscl . -read "/Users/$uname" UserShell | cut -d " " -f2` ushell=`dscl . -read "/Users/$uname" UserShell | cut -d " " -f2`
if [ "`grep \"$ushell\" /etc/shells`" ]; then #Shell user if [ "`grep \"$ushell\" /etc/shells`" ]; then #Shell user
dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo "" echo ""
fi fi
done done
@ -1759,7 +1781,7 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
unexpected_shells="$f\n$unexpected_shells" unexpected_shells="$f\n$unexpected_shells"
fi fi
done done
cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
if [ "$unexpected_shells" ]; then if [ "$unexpected_shells" ]; then
echo "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" echo "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g"
echo "Unexpected users with shells:" echo "Unexpected users with shells:"
@ -1775,25 +1797,25 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then
#-- UI) All users & groups #-- UI) All users & groups
print_2title "All users & groups" print_2title "All users & groups"
if [ "$MACPEAS" ]; then if [ "$MACPEAS" ]; then
dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
else else
cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
fi fi
echo "" echo ""
#-- UI) Login now #-- UI) Login now
print_2title "Login now" print_2title "Login now"
(w || who || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," (w || who || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo "" echo ""
#-- UI) Last logons #-- UI) Last logons
print_2title "Last logons" print_2title "Last logons"
(last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," (last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo "" echo ""
#-- UI) Login info #-- UI) Login info
print_2title "Last time logon each user" print_2title "Last time logon each user"
lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
echo "" echo ""
#-- UI) Password policy #-- UI) Password policy
@ -1882,7 +1904,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
for f in `grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"`; do for f in `grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"`; do
if [ -r "$f" ]; then if [ -r "$f" ]; then
u=`cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null` u=`cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null`
echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
fi fi
done done
for f in `find $d -name my.cnf 2>/dev/null`; do for f in `find $d -name my.cnf 2>/dev/null`; do
@ -2115,7 +2137,7 @@ if [ "`echo $CHECKS | grep SofI`" ]; then
printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do
if [ -r "$d/startup.options" ]; then if [ -r "$d/startup.options" ]; then
echo "Logstash is running as user:" echo "Logstash is running as user:"
cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,root,${SED_RED}," cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,root,${SED_RED},"
fi fi
cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED},"
cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED},"
@ -2532,7 +2554,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
print_2title "Users with capabilities" print_2title "Users with capabilities"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities"
if [ -f "/etc/security/capability.conf" ]; then if [ -f "/etc/security/capability.conf" ]; then
grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
else echo_not_found "/etc/security/capability.conf" else echo_not_found "/etc/security/capability.conf"
fi fi
echo "" echo ""
@ -2540,7 +2562,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
##-- IF) Files with ACLs ##-- IF) Files with ACLs
print_2title "Files with ACLs (limited to 50)" print_2title "Files with ACLs (limited to 50)"
print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls"
((getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 50 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," ((getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 50 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED},"
echo "" echo ""
##-- IF) .sh files in PATH ##-- IF) .sh files in PATH
@ -2646,13 +2668,13 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then
##-- IF) Root files in home dirs ##-- IF) Root files in home dirs
print_2title "Searching root files in home dirs (limit 30)" print_2title "Searching root files in home dirs (limit 30)"
(find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${SED_RED},") || echo_not_found (find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found
echo "" echo ""
##-- IF) Others files in my dirs ##-- IF) Others files in my dirs
if ! [ "$IAMROOT" ]; then if ! [ "$IAMROOT" ]; then
print_2title "Searching folders owned by me containing others files on it (limit 100)" print_2title "Searching folders owned by me containing others files on it (limit 100)"
(find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g" (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g"
echo "" echo ""
fi fi

75
parser/README.md
View File

@ -1,3 +1,78 @@
# Privilege Escalation Awesome Scripts JSON exporter # Privilege Escalation Awesome Scripts JSON exporter
This script allows you to transform the output of linpeas/macpeas/winpeas to JSON.
```python3
python3 peass-parser.py </path/to/executed_peass> </path/to/output_peass.json>
```
This script is still in beta version and has been tested only with linpeas output.
## Format
Basically, **each section has**:
- Infos (URLs or info about the section)
- Text lines (the real text info found in the section, colors included)
- More sections
There is a **maximun of 3 levels of sections**.
```json
{
"<Main Section Name>": {
"sections": {
"<Secondary Section Name>": {
"sections": {},
"lines": [
{
"raw_text": "\u001b[0m\u001b[1;33m[+] \u001b[1;32mnmap\u001b[1;34m is available for network discover & port scanning, you should use it yourself",
"clean_text": "[+] is available for network discover & port scanning, you should use it yourself",
"colors": {
"GREEN": [
"nmap"
],
"YELLOW": [
"[+]"
]
}
}
],
"infos": [
"https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits"
]
},
"infos": []
```
```json
{
"System Information": {
"sections": {
"Operative system": {
"sections": {},
"lines": [
{
"raw_text": "\u001b[0m\u001b[1;33m[+] \u001b[1;32mnmap\u001b[1;34m is available for network discover & port scanning, you should use it yourself",
"clean_text": "[+] is available for network discover & port scanning, you should use it yourself",
"colors": {
"GREEN": [
"nmap"
],
"YELLOW": [
"[+]"
]
}
}
],
"infos": [
"https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits"
]
},
"infos": []
```
There can also be a `<Third level Section Name>`
# TODO:
I'm looking for **someone that could create HTML and PDF reports** from this JSON.

29
parser/peas-parser.py → parser/peass-parser.py
View File

@ -12,13 +12,18 @@ INFO_PATTERN = r"╚ "
TITLE_CHARS = ['', '', '', ''] TITLE_CHARS = ['', '', '', '']
# Patterns for colors # Patterns for colors
## The order is important, the first string colored with a color will be the one selected (the same string cannot be colored with different colors)
COLORS = { COLORS = {
"REDYELLOW": [r"\x1b\[1;31;103m"],
"RED": [r"\x1b\[1;31m"], "RED": [r"\x1b\[1;31m"],
"GREEN": [r"\x1b\[1;32m"], "GREEN": [r"\x1b\[1;32m"],
"YELLOW": [r"\x1b\[1;33m"], "YELLOW": [r"\x1b\[1;33m"],
"REDYELLOW": [r"\x1b\[1;31;103m"],
"BLUE": [r"\x1b\[1;34m"], "BLUE": [r"\x1b\[1;34m"],
"LIGHTGREY": [r"\x1b\[1;37m"], "LIGHT_MAGENTA": [r"\x1b\[1;95m"],
"MAGENTA": [r"\x1b\[1;35m"],
"CYAN": [r"\x1b\[1;36m"],
"LIGHT_CYAN": [r"\x1b\[1;96m"],
"LIGHT_GREY": [r"\x1b\[1;37m"],
"DARKGREY": [r"\x1b\[1;90m"], "DARKGREY": [r"\x1b\[1;90m"],
} }
@ -49,8 +54,14 @@ def get_colors(line: str) -> dict:
for c,regexs in COLORS.items(): for c,regexs in COLORS.items():
colors[c] = [] colors[c] = []
for reg in regexs: for reg in regexs:
for re_found in re.findall(reg+".*\x1b", line): for re_found in re.findall(reg+"(.+?)\x1b|$", line):
colors[c].append(clean_colors(re_found)) re_found = clean_colors(re_found.strip())
#Avoid having the same color for the same string
if re_found and not any(re_found in values for values in colors.values()):
colors[c].append(re_found)
if not colors[c]:
del colors[c]
return colors return colors
@ -93,14 +104,14 @@ def parse_line(line: str):
elif is_section(line, TITLE2_PATTERN): elif is_section(line, TITLE2_PATTERN):
title = parse_title(line) title = parse_title(line)
FINAL_JSON[C_MAIN_SECTION]["sections"][title] = { "sections": {}, "lines": [], "infos": [] } C_MAIN_SECTION["sections"][title] = { "sections": {}, "lines": [], "infos": [] }
C_2_SECTION = FINAL_JSON[C_MAIN_SECTION]["sections"][title] C_2_SECTION = C_MAIN_SECTION["sections"][title]
C_SECTION = C_2_SECTION C_SECTION = C_2_SECTION
elif is_section(line, TITLE3_PATTERN): elif is_section(line, TITLE3_PATTERN):
title = parse_title(line) title = parse_title(line)
FINAL_JSON[C_MAIN_SECTION]["sections"][C_2_SECTION]["sections"][title] = { "sections": {}, "lines": [], "infos": [] } C_2_SECTION["sections"][title] = { "sections": {}, "lines": [], "infos": [] }
C_3_SECTION = FINAL_JSON[C_MAIN_SECTION]["sections"][title] C_3_SECTION = C_2_SECTION["sections"][title]
C_SECTION = C_3_SECTION C_SECTION = C_3_SECTION
elif is_section(line, INFO_PATTERN): elif is_section(line, INFO_PATTERN):
@ -123,7 +134,7 @@ def parse_line(line: str):
def main(): def main():
for line in open(OUTPUT_PATH, 'r').readlines(): for line in open(OUTPUT_PATH, 'r').readlines():
line = line.strip() line = line.strip()
if not line: if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
continue continue
parse_line(line) parse_line(line)

5
winPEAS/winPEASexe/winPEAS/Helpers/Beaprint.cs
View File

@ -36,7 +36,7 @@ namespace winPEAS.Helpers
"Any misuse of this software will not be the responsibility of the author or of any other collaborator. " + "Any misuse of this software will not be the responsibility of the author or of any other collaborator. " +
"Use it at your own networks and/or with the network owner's permission."; "Use it at your own networks and/or with the network owner's permission.";
private static string Version = "v2.0-beta"; private static string Version = "ng";
///////////////////////////////// /////////////////////////////////
///////// PRINT THINGS ///////// ///////// PRINT THINGS /////////
@ -87,6 +87,7 @@ namespace winPEAS.Helpers
|---------------------------------------------------------------------------| |---------------------------------------------------------------------------|
| {3}Become a Patreon{0} : {2}https://www.patreon.com/peass{0} | | {3}Become a Patreon{0} : {2}https://www.patreon.com/peass{0} |
| {3}Follow on Twitter{0} : {2}@carlospolopm{0} | | {3}Follow on Twitter{0} : {2}@carlospolopm{0} |
| {3}Respect on HTB{0} : {2}SirBroccoli & makikvues{0} |
|---------------------------------------------------------------------------| |---------------------------------------------------------------------------|
| {1}Thank you!{0} | | {1}Thank you!{0} |
\---------------------------------------------------------------------------/ \---------------------------------------------------------------------------/
@ -101,7 +102,7 @@ namespace winPEAS.Helpers
PrintBanner(); PrintBanner();
} }
Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Version + NOCOLOR + YELLOW + " by @carlospolopm, makikvues(makikvues2[at]gmail[dot]com)" + NOCOLOR); Console.WriteLine(YELLOW + " WinPEAS" + GREEN + Version + NOCOLOR + YELLOW + " by @carlospolopm, makikvues(makikvues2[at]gmail[dot]com)" + NOCOLOR);
PrintMarketingBanner(); PrintMarketingBanner();