gitea-mirror/PEASS-ng
1
0
Fork 0
mirror of https://github.com/peass-ng/PEASS-ng.git synced 2025-12-05 20:40:08 -08:00
Code Issues Packages Projects Releases Wiki Activity
1,788 Commits 40 Branches 304 Tags
master
Commit Graph

723 Commits

Author SHA1 Message Date
carlospolop
c16c5de36f f 2025-10-18 00:59:40 +02:00
SirBroccoli
c83eef9cd8 Merge pull request #502 from peass-ng/update_PEASS-linpeas-HTB_Planning__Grafana_CVE-2024-9264__20250913_182726 
[LINPEAS] Add privilege escalation check: HTB Planning Grafana CVE-2024-9264 to Co...
 2025-10-04 10:38:22 +02:00
SirBroccoli
e15a1f2e12 Update 16_Crontab_UI_misconfig.sh 2025-10-04 10:38:02 +02:00
SirBroccoli
bdb5c61dad Merge pull request #504 from peass-ng/update_PEASS-linpeas-Forgotten_20250917_063428 
[LINPEAS] Add privilege escalation check: Forgotten
 2025-10-04 10:36:09 +02:00
SirBroccoli
ee83c23a74 Update 16_Crontab_UI_misconfig.sh 2025-10-04 10:34:04 +02:00
SirBroccoli
7b36014699 Merge pull request #499 from peass-ng/update_PEASS-linpeas-HTB_Environment__Laravel_env_overrid_20250907_013120 
[LINPEAS] Add privilege escalation check: HTB Environment Laravel env override (CV...
 2025-10-04 10:29:32 +02:00
tropkal
262feb9896 Updated the sudo regex to catch 2 more CVE's. 2025-10-04 08:43:00 +02:00
tropkal
40cf08af85 Update sudovB.sh 
Modified the regex that checks for vulnerable sudo versions to include sudo version 1.9.17 (not including 1.9.17p1), which is vulnerable to CVE-2025-32463 (https://www.exploit-db.com/exploits/52352).
 2025-10-04 09:08:37 +03:00
HackTricks News Bot
31bdb339d7 Add linpeas privilege escalation checks from: Forgotten 2025-09-17 06:48:40 +00:00
HackTricks News Bot
bdcebadde0 Add linpeas privilege escalation checks from: HTB Planning: Grafana CVE-2024-9264 to Container Root, Env-Creds Pivot, Crontab 2025-09-13 18:33:45 +00:00
HackTricks News Bot
4b3f4aa19e Add linpeas privilege escalation checks from: HTB Environment: Laravel env override (CVE‑2024‑52301) → LFM upload RCE (CVE‑202 2025-09-07 01:38:03 +00:00
carlospolop
147de0fc88 f 2025-09-03 14:19:59 +02:00
carlospolop
afaf596342 f 2025-09-03 13:39:15 +02:00
HackTricks News Bot
ed01b32a95 Add linpeas privilege escalation checks from: Case study: Backup leak → CI abuse → internal trust misconfigurations → escalati 2025-08-27 19:45:02 +00:00
Soobin Rho
c3e50dbdbf docs: fix typo (conten -> content) 2025-08-08 17:56:41 -05:00
carlospolop
6fd96f4bdb f 2025-07-01 12:12:01 +02:00
carlospolop
a745f00dd7 fix 2025-07-01 11:10:21 +02:00
SirBroccoli
4061cef7e8 Merge pull request #476 from peass-ng/codex/fix-url-reference-in-linpeasbuilder.py 
Fix url variable reference in linpeasBuilder
 2025-06-25 01:59:43 +02:00
SirBroccoli
cde725dacc Merge pull request #477 from peass-ng/codex/update-docstring-and-fix-typo 
Fix docstring and comment in linpeasBuilder
 2025-06-25 01:57:58 +02:00
SirBroccoli
f0f829890c Merge pull request #479 from peass-ng/codex/replace--parth--with--path--in-argparse 
Fix typo in linpeas builder arg help
 2025-06-25 01:57:11 +02:00
SirBroccoli
a74c6c820f Merge pull request #482 from Aarav-Juneja/builder-exclude-fix 
Fix exclude modules on linPEASS
 2025-06-25 01:55:48 +02:00
Aarav Juneja
9b37fd4ef4 Fix exclude modules on linPEASS 2025-06-24 13:05:10 -07:00
John Doe
f27b1d4816 Added a privilege escalation vulnerability for MySQL 4.x/5.x versions. 2025-06-23 22:37:44 +03:00
SirBroccoli
d5e3c2a885 Fix typo in linpeas builder output argument 2025-06-06 00:38:05 +02:00
SirBroccoli
4af321d138 Fix docstring and comment typo 2025-06-06 00:01:29 +02:00
SirBroccoli
4e556fd594 Fix variable reference when parsing URLs 2025-06-06 00:01:17 +02:00
Jack Vaughn
b9a9ad5ddf Add 4 noisy and useless environment variables to NoEnvVars.sh 
These variables (^PATH=|^INVOCATION_ID=|^WATCHDOG_PID=|^LISTEN_PID=) frequently appear across processes 
on busy systems (10+ each on tested system) and produce a large volume of irrelevant output
 2025-05-25 21:32:51 -04:00
carlospolop
88f08a405e l 2025-05-26 02:55:07 +02:00
SirBroccoli
322792c4ec Merge pull request #471 from Jack-Vaughn/environ-check 
Add module to check for sensitive environment variables via /proc/*/environ
 2025-05-26 02:33:43 +02:00
Jack
c150e63b52 This module scans /proc/*/environ for potentially sensitive environment variables on Linux systems. 
It targets common keywords like token, password, secret, AWS, API, etc.

Uses 'tr' instead of 'strings' to improve compatibility in minimal environments like containers.

The check is skipped entirely on MacPEAS.
 2025-05-25 12:55:34 -04:00
carlospolop
aac3667247 f l 2025-05-25 08:15:48 +02:00
carlospolop
64ab193d25 f linpeas 2025-05-25 07:05:48 +02:00
carlospolop
aab8241ede f 2025-05-25 02:21:39 +02:00
carlospolop
1e7a90d29f cursor rewrite + network checks 2025-05-24 08:29:47 +02:00
carlospolop
604580adbd more 2025-05-19 06:36:39 +02:00
carlospolop
9820c18697 Cursor improvements parts 1 and 2 2025-05-19 06:36:35 +02:00
carlospolop
ea9b930fdb fix capabilities module 2025-05-18 14:33:02 +02:00
SirBroccoli
dae0f7a533 Merge pull request #468 from ThatTotallyRealMyth/ThatTotallyRealMyth-4_capEdit-1 
Update 4_Capabilities.sh: Fix capability decoding to prevent shell breaking output from shell/process capabiltiy checking.
 2025-05-18 14:19:28 +02:00
carlospolop
3a317cc5c4 fix ec2 2025-05-18 14:17:15 +02:00
ThatTotallyRealMyth
01bf3a4ef8 Update 4_Capabilities.sh: Fix capability decoding to prevent sequence number output 
Testing confirmed that certain capability values (specifically ffffffffffffffff) cause memory allocation errors in capsh:
"xrealloc: cannot allocate 716488832 bytes (57344 bytes allocated)"

These memory errors were being propagated into the output, causing the long sequence of numbers. The fix prevents these errors from affecting the script's output.
 2025-05-18 16:05:01 +10:00
carlospolop
ef28ef7a33 fix linpeas not getting EC2 metadata 2025-05-18 04:58:22 +02:00
carlospolop
58c107df40 fix kill? 2025-05-18 04:46:19 +02:00
carlospolop
63c090059b kill frozen external binaries 2025-05-18 01:20:32 +02:00
carlospolop
4c16f72ae2 fix 2025-05-17 16:09:36 +02:00
carlospolop
85684b39ad add timeout 120 when executing external binary 2025-05-17 16:06:35 +02:00
Carlos Polop
97ae1d2e3b Merge branch 'master' of github.com:peass-ng/PEASS-ng 2025-04-24 04:20:22 +02:00
Carlos Polop
3b6f0a5bdc f 2025-04-24 04:20:19 +02:00
Gildasio Junior
8ea67f3cc2 Set grep to show filename that contains passwords 
This way one can identify which file contains the relevant information,
eg:

/var/log/responder/Poisoners-Session.log:2025-02-09 21:12:12,701 - [*] Skipping previously captured cleartext password for donald
/var/log/responder/Responder-Session.log:11/02/2025 12:33:11 PM - [HTTP] Basic Password : bambam
/var/log/responder/Responder-Session.log:11/02/2025 12:36:12 PM - [HTTP] Basic Password : estrella
 2025-02-28 19:54:44 -03:00
Carlos Polop
516aafff27 fix wget 2025-02-16 17:36:01 +01:00
Carlos Polop
2b64ffc803 a 2025-02-16 16:15:19 +01:00