2049 lines
36 KiB
YAML
2049 lines
36 KiB
YAML
root_folders:
|
|
- /applications #common
|
|
- /bin #common
|
|
- /.cache #common
|
|
- /cdrom #common
|
|
- /etc #common
|
|
- $HOMESEARCH #common, use this instead of "/home"
|
|
- /lib
|
|
- /lib32
|
|
- /lib64
|
|
- /media #common
|
|
- /mnt #common
|
|
- /opt #common
|
|
- /private #common
|
|
- /run
|
|
- /sbin #common
|
|
- /snap #common
|
|
- /srv #common
|
|
- /sys
|
|
- /system
|
|
- /systemd
|
|
- /tmp #common
|
|
- /usr #common
|
|
- /var #common
|
|
|
|
|
|
common_file_folders:
|
|
- /applications
|
|
- /bin
|
|
- /.cache
|
|
- /cdrom
|
|
- /etc
|
|
- $HOMESEARCH
|
|
- /media
|
|
- /mnt
|
|
- /opt
|
|
- /private
|
|
- /sbin
|
|
- /snap
|
|
- /srv
|
|
- /tmp
|
|
- /usr
|
|
- /var
|
|
|
|
common_directory_folders:
|
|
- /applications
|
|
- /bin
|
|
- /.cache
|
|
- /cdrom
|
|
- /etc
|
|
- $HOMESEARCH
|
|
- /media
|
|
- /mnt
|
|
- /opt
|
|
- /private
|
|
- /sbin
|
|
- /snap
|
|
- /srv
|
|
- /tmp
|
|
- /usr
|
|
- /var
|
|
|
|
peas_finds_markup: "peass{FINDS_HERE}"
|
|
find_line_markup: "peass{FIND_PARAMS_HERE}"
|
|
find_template: >
|
|
`eval_bckgrd "find peass{FIND_PARAMS_HERE} 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"`
|
|
|
|
peas_storages_markup: "peass{STORAGES_HERE}"
|
|
storage_line_markup: "peass{STORAGE_PARAMS_HERE}"
|
|
storage_line_extra_markup: "peass{STORAGE_PARAMS_EXTRA_HERE}"
|
|
storage_template: >
|
|
$(echo -e "peass{STORAGE_PARAMS_HERE}" peass{STORAGE_PARAMS_EXTRA_HERE} | sort | uniq | head -n 70)
|
|
|
|
int_hidden_files_markup: "peass{INT_HIDDEN_FILES}"
|
|
|
|
|
|
defaults:
|
|
auto_check: False #The builder will generate a ceck for the file
|
|
bad_regex: "" #The regex used to color red and grep lines (if only_bad_lines and no line_grep)
|
|
check_extra_path: "" #Check if the found files are in a specific path
|
|
good_regex: "" #The regex to color green
|
|
just_list_file: False #Just mention the path to the file, do not cat it
|
|
line_grep: "" #The regex to grep lines in a file (if only_bad_lines), by default bad_regex is used here if empty
|
|
only_bad_lines: False #Only print lines containing something red
|
|
remove_empty_lines: False #Remove empty lines, use only for text files (-I param in grep)
|
|
remove_path: "" #Not interested in files containing this path
|
|
remove_regex: "" #Extra regex to remove some lines
|
|
search_in: #By default search in defined common
|
|
- common
|
|
type: f #File by default
|
|
|
|
exec: []
|
|
|
|
|
|
#Files & folders to search
|
|
search:
|
|
Systemd:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.service"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- all
|
|
|
|
Timer:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.timer"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- all
|
|
|
|
Socket:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.socket"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- all
|
|
|
|
DBus:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "system.d"
|
|
:
|
|
type: d
|
|
search_in:
|
|
- /etc
|
|
|
|
? "system.d"
|
|
:
|
|
type: d
|
|
search_in:
|
|
- /etc
|
|
|
|
MySQL:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
mysql:
|
|
type: d
|
|
check_extra_path: "^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql"
|
|
remove_path: "mysql/mysql"
|
|
search_in:
|
|
- common
|
|
|
|
PostgreSQL:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- 'echo "Version: $(warn_exec psql -V 2>/dev/null)"'
|
|
|
|
files:
|
|
? "pgadmin*.db"
|
|
:
|
|
type: f
|
|
just_list_file: True
|
|
search_in:
|
|
- common
|
|
|
|
? "pg_hba.conf"
|
|
:
|
|
bad_regex: "auth|password|md5|user=|pass=|trust"
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
? "postgresql.conf"
|
|
:
|
|
bad_regex: "auth|password|md5|user=|pass=|trust"
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
? "pgsql.conf"
|
|
:
|
|
bad_regex: "auth|password|md5|user=|pass=|trust"
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
Apache:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- 'echo "Version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)"'
|
|
- "print_3title 'PHP exec extensions'"
|
|
- 'grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null'
|
|
|
|
files:
|
|
? "sites-enabled"
|
|
:
|
|
type: d
|
|
files:
|
|
? "*"
|
|
:
|
|
bad_regex: "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias"
|
|
only_bad_lines: True
|
|
remove_empty_lines: True
|
|
remove_regex: "^#"
|
|
search_in:
|
|
- common
|
|
|
|
? "000-default"
|
|
:
|
|
bad_regex: "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
PHPCookies:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- "ls /var/lib/php/sessions 2>/dev/null || echo_not_found /var/lib/php/sessions"
|
|
|
|
files:
|
|
? "sess_*"
|
|
:
|
|
check_extra_path: '/tmp/.*sess_.*|/var/tmp/.*sess_.*'
|
|
type: f
|
|
search_in:
|
|
- /tmp
|
|
- /var
|
|
- /mnt
|
|
|
|
PHP_files:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*config*.php"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "database.php"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "db.php"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "storage.php"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "settings.php"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Wordpress:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "wp-config.php"
|
|
:
|
|
bad_regex: "PASSWORD|USER|NAME|HOST"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Drupal:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "settings.php"
|
|
:
|
|
bad_regex: "drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix'"
|
|
check_extra_path: "/default/settings.php"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Moodle:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "config.php"
|
|
:
|
|
bad_regex: "dbtype|dbhost|dbuser|dbhost|dbpass|dbport"
|
|
check_extra_path: "moodle/config.php"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Tomcat:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "tomcat-users.xml"
|
|
:
|
|
bad_regex: "dbtype|dbhost|dbuser|dbhost|dbpass|dbport"
|
|
line_grep: '"username=|password="'
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Mongo:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- 'echo "Version: $(warn_exec mongo --version 2>/dev/null; warn_exec mongod --version 2>/dev/null)"'
|
|
|
|
files:
|
|
? "mongod*.conf"
|
|
:
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
Supervisord:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "supervisord.conf"
|
|
:
|
|
bad_regex: "port.*=|username.*=|password.*="
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Cesi:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "cesi.conf"
|
|
:
|
|
bad_regex: "username.*=|password.*=|host.*=|port.*=|database.*="
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Rsync:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "rsyncd.conf"
|
|
:
|
|
bad_regex: "secrets.*|auth.*users.*="
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
? "rsyncd.secrets"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Hostapd:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "hostapd.conf"
|
|
:
|
|
bad_regex: "passphrase.*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Anaconda-ks:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "anaconda-ks.cfg"
|
|
:
|
|
bad_regex: "rootpw.*"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
VNC:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".vnc"
|
|
:
|
|
files:
|
|
? "passwd"
|
|
:
|
|
just_list_file: True
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
? "*vnc*.c*nf*"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*vnc*.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*vnc*.txt"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*vnc*.xml"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Ldap:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- echo "The password hash is from the {SSHA} to 'structural'"
|
|
|
|
files:
|
|
? "ldap"
|
|
:
|
|
|
|
files:
|
|
? "*.bdb"
|
|
:
|
|
bad_regex: "administrator|password|ADMINISTRATOR|PASSWORD|Password|Administrator"
|
|
line_grep: '-i -a -o "description.*" | sort | uniq'
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Open VPN:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "*.ovpn"
|
|
:
|
|
bad_regex: "auth-user-pass.*"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
SSH_FILES:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "id_dsa*"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "id_rsa*"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "known_hosts"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "authorized_hosts"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "authorized_keys"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
CERTSB4:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.pem"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*'
|
|
search_in:
|
|
- common
|
|
|
|
? "*.cer"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*'
|
|
search_in:
|
|
- common
|
|
|
|
? "*.crt"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*'
|
|
search_in:
|
|
- common
|
|
|
|
CERTSBIN:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.csr"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*'
|
|
search_in:
|
|
- common
|
|
|
|
? "*.der"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*'
|
|
search_in:
|
|
- common
|
|
|
|
CERTSCLIENT:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.pfx"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*'
|
|
search_in:
|
|
- common
|
|
|
|
? "*.p12"
|
|
:
|
|
type: f
|
|
remove_path: '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*'
|
|
search_in:
|
|
- common
|
|
|
|
SSH_AGENTS:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "agent*"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- /tmp
|
|
|
|
SSH_CONFIG:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*ssh*config*"
|
|
:
|
|
type: f
|
|
remove_path: '\..{1,4}$' #No interested in filenames with extensions
|
|
search_in:
|
|
- /usr
|
|
- $HOMESEARCH
|
|
|
|
? "*config*ssh*"
|
|
:
|
|
type: f
|
|
remove_path: '\..{1,4}$' #No interested in filenames with extensions
|
|
search_in:
|
|
- /usr
|
|
- $HOMESEARCH
|
|
|
|
Cloud credentials:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "credentials"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "credentials.db"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "legacy_credentials.db"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "access_tokens.db"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "access_tokens.json"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "accessTokens.json"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "azureProfile.json"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "TokenCache.dat"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "AzureRMContext.json"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".bluemix"
|
|
:
|
|
files:
|
|
? "config.json"
|
|
:
|
|
bad_regex: ".*"
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Kerberos:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "krb5.conf"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "krb5.keytab"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".k5login"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "kadm5.acl"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Kibana:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "kibana.y*ml"
|
|
:
|
|
bad_regex: "username|password|host|port|elasticsearch|ssl"
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#|^[[:space:]]*$'
|
|
search_in:
|
|
- common
|
|
|
|
Knockd:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "*knockd*"
|
|
:
|
|
check_extra_path: "/etc/init.d/"
|
|
type: f
|
|
search_in:
|
|
- /etc
|
|
|
|
Logstash:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "logstash"
|
|
:
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Elasticsearch:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- echo "The version is $(curl -X GET '127.0.0.1:9200' 2>/dev/null | grep number | cut -d ':' -f 2)"
|
|
|
|
files:
|
|
? "elasticsearch.y*ml"
|
|
:
|
|
line_grep: '"path.data|path.logs|cluster.name|node.name|network.host|discovery.zen.ping.unicast.hosts"'
|
|
remove_regex: '\W+\#|^#'
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Vault_ssh_helper:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "vault-ssh-helper.hcl"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Vault_ssh_token:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? ".vault-token"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
CouchDB:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "couchdb"
|
|
:
|
|
files:
|
|
? "local.ini"
|
|
:
|
|
bad_regex: "admin.*|password.*|cert_file.*|key_file.*|hashed.*|pbkdf2.*"
|
|
remove_empty_lines: True
|
|
remove_regex: "^;"
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Redis:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "redis.conf"
|
|
:
|
|
bad_regex: "masterauth.*|requirepass.*"
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
Mosquitto:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "mosquitto.conf"
|
|
:
|
|
bad_regex: "password_file.*|psk_file.*|allow_anonymous.*true|auth"
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
Neo4j:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "neo4j"
|
|
:
|
|
files:
|
|
? "auth"
|
|
:
|
|
bad_regex: ".*"
|
|
remove_empty_lines: True
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Cloud-Init:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "cloud.cfg"
|
|
:
|
|
bad_regex: "consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy"
|
|
only_bad_lines: True
|
|
type: f
|
|
remove_empty_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
search_in:
|
|
- common
|
|
|
|
Erlang:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".erlang.cookie"
|
|
:
|
|
bad_regex: ".*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
GMV Auth:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "gvm-tools.conf"
|
|
:
|
|
bad_regex: "username.*|password.*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
IPSec:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "ipsec.secrets"
|
|
:
|
|
bad_regex: ".*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ipsec.conf"
|
|
:
|
|
bad_regex: ".*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
IRSSI:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".irssi"
|
|
:
|
|
files:
|
|
? "config"
|
|
:
|
|
bad_regex: "password.*"
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Keyring:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "keyrings"
|
|
:
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
? "*.keyring"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.keystore"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.jks"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Filezilla:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "filelliza"
|
|
:
|
|
files:
|
|
? "sitemanager.xml"
|
|
:
|
|
bad_regex: "Host.*|Port.*|Protocol.*|User.*|Pass.*"
|
|
remove_empty_lines: True
|
|
remove_regex: "^;"
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
? "filezilla.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Backup Manager:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "storage.php"
|
|
:
|
|
|
|
bad_regex: "password|pass|user|database|host"
|
|
line_grep: >-
|
|
"'pass'|'password'|'user'|'database'|'host'"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "database.php"
|
|
:
|
|
bad_regex: "password|pass|user|database|host"
|
|
line_grep: >-
|
|
"'pass'|'password'|'user'|'database'|'host'"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Splunk:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "passwd"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
GitLab:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "secrets.yml"
|
|
:
|
|
type: f
|
|
remove_path: "/lib"
|
|
search_in:
|
|
- common
|
|
|
|
? "gitlab.yml"
|
|
:
|
|
type: f
|
|
remove_path: "/lib"
|
|
search_in:
|
|
- common
|
|
|
|
? "gitlab.rm"
|
|
:
|
|
type: f
|
|
remove_path: "/lib"
|
|
search_in:
|
|
- common
|
|
|
|
PGP-GPG:
|
|
config:
|
|
auto_check: True
|
|
exec:
|
|
- '((command -v gpg && gpg --list-keys) || echo_not_found "gpg") 2>/dev/null'
|
|
- '((command -v netpgpkeys && netpgpkeys --list-keys) || echo_not_found "netpgpkeys") 2>/dev/null'
|
|
- '(command -v netpgp || echo_not_found "netpgp") 2>/dev/null'
|
|
|
|
files:
|
|
? "*.pgp"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.gpg"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.gnupg"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Cache Vi:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "*.swp"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.viminfo"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Docker:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "docker.socket"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "docker.sock"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "Dockerfile"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "docker-compose.yml"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Firefox:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".mozilla"
|
|
:
|
|
files:
|
|
? "places.sqlite"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "bookmarkbackups"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "formhistory.sqlite"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "handlers.json"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "persdict.dat"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "addons.json"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "cookies.sqlite"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "cache2"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "startupCache"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "favicons.sqlite"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "prefs.js"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "downloads.sqlite"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "thumbnails"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "logins.json"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "key4.db"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "key3.db"
|
|
:
|
|
just_list_file: True
|
|
|
|
type: d
|
|
search_in:
|
|
- $HOMESEARCH
|
|
|
|
Chrome:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "google-chrome"
|
|
:
|
|
files:
|
|
? "Cookies"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Cache"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Bookmarks"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Web Data"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Favicons"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Login Data"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Current Session"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Current Tabs"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Last Session"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Last Tabs"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Extensions"
|
|
:
|
|
just_list_file: True
|
|
|
|
? "Thumbnails"
|
|
:
|
|
just_list_file: True
|
|
|
|
search_in:
|
|
- $HOMESEARCH
|
|
|
|
Autologin:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "autologin"
|
|
:
|
|
bad_regex: "passwd"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "autologin.conf"
|
|
:
|
|
bad_regex: "passwd"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
FastCGI:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "fastcgi_params"
|
|
:
|
|
bad_regex: "DB_NAME|DB_USER|DB_PASS"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
SNMP:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "snmpd.conf"
|
|
:
|
|
bad_regex: "rocommunity|rwcommunity"
|
|
only_bad_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Pypirc:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".pypirc"
|
|
:
|
|
bad_regex: "username|password"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
CloudFlare:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".cloudflared"
|
|
:
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
History:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? ".*_history"
|
|
:
|
|
bad_regex: "$pwd_inside_history"
|
|
line_grep: '-a "$pwd_inside_history"'
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Http_conf:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "httpd.conf"
|
|
:
|
|
bad_regex: "htaccess.*|htpasswd.*"
|
|
only_bad_lines: True
|
|
remove_regex: '\W+\#|^#'
|
|
remove_empty_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Htpasswd:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".htpasswd"
|
|
:
|
|
bad_regex: ".*"
|
|
remove_regex: "^#"
|
|
remove_empty_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Ldaprc:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".ldaprc"
|
|
:
|
|
bad_regex: ".*"
|
|
remove_regex: "^#"
|
|
remove_empty_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Env:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".env"
|
|
:
|
|
bad_regex: "[pP][aA][sS][sS].*"
|
|
remove_regex: "^#"
|
|
remove_empty_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Msmtprc:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".msmtprc"
|
|
:
|
|
bad_regex: "user.*|password.*"
|
|
remove_regex: "^#"
|
|
remove_empty_lines: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Github:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".github"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".gitconfig"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".git-credentials"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".git"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Svn:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".svn"
|
|
:
|
|
just_list_file: True
|
|
type: d
|
|
search_in:
|
|
- common
|
|
|
|
Keepass:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "*.kdbx"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "KeePass.config*"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "KeePass.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "KeePass.enforced*"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
FTP:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "*.ftpconfig"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ffftp.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ftp.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ftp.config"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ws_ftp.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Interesting logs:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "access.log"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "error.log"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Other Interesting Files:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? ".bashrc"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".google_authenticator"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "hosts.equiv"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".lesshst"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".plan"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".profile"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".recently-used.xbel"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".rhosts"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? ".sudo_as_admin_successful"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Windows Files:
|
|
config:
|
|
auto_check: True
|
|
|
|
files:
|
|
? "unattend.inf"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.rdg"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "AppEvent.Evt"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ConsoleHost_history.txt"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "FreeSSHDservice.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "NetSetup.log"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "Ntds.dit"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "RDCMan.settings"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "SAM"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "SYSTEM"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "SecEvent.Evt"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "appcmd.exe"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "bash.exe"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "datasources.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "default.sav"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "drives.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "groups.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "https-xampp.conf"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "https.conf"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "iis6.log"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "index.dat"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "my.cnf"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "my.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "ntuser.dat"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "pagefile.sys"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "php.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "printers.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "recentservers.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "scclient.exe"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "scheduledtasks.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "security"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "security.sav"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "server.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "services.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "setupinfo"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "setupinfo.bak"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "sitemanager.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "sites.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "software"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "software.sav"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "sysprep.inf"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "sysprep.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "system.sav"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "unattend.txt"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "unattend.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "unattended.xml"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "wcx_ftp.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "web*.config"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "winscp.ini"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "wsl.exe"
|
|
:
|
|
just_list_file: True
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
# Final section
|
|
Database:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*.db"
|
|
:
|
|
remove_path: "/man/|/usr/|/var/cache/"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.sqlite"
|
|
:
|
|
remove_path: "/man/|/usr/|/var/cache/"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*.sqlite3"
|
|
:
|
|
remove_path: "/man/|/usr/|/var/cache/"
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Backups:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "backup"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "backups"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
Password_Files:
|
|
config:
|
|
auto_check: False
|
|
|
|
files:
|
|
? "*password*"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "*credential*"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|
|
|
|
? "creds*"
|
|
:
|
|
type: f
|
|
search_in:
|
|
- common
|