PEASS-ng

mirror of https://github.com/peass-ng/PEASS-ng.git synced 2026-01-16 23:12:16 -08:00

Author	SHA1	Message	Date
Carlos Polop	72dbd9ef28	Fix PR tests Go setup and update linpeas parts	2026-01-16 17:56:34 +01:00
SirBroccoli	32e9bf657a	Merge pull request #537 from Apursuit/fix-busybox-su-false-positive Fix `su` bruteforce false positives on BusyBox systems (bbsuid)	2026-01-16 17:47:57 +01:00
SirBroccoli	d6bd661460	Merge pull request #525 from peass-ng/update_PEASS-linpeas-HTB__Era___IDORs__PHP_ssh2_exec_Wrap_20251129_184039 [LINPEAS] Add privilege escalation check: HTB Era – IDORs, PHP ssh2.exec Wrapper R...	2026-01-16 17:38:44 +01:00
SirBroccoli	ed6263a4b3	Merge pull request #524 from peass-ng/update_PEASS-linpeas-Metasploit_Wrap-Up_11_28_2025_20251129_012934 [LINPEAS] Add privilege escalation check: Metasploit Wrap-Up 11/28/2025	2026-01-16 17:34:21 +01:00
SirBroccoli	93bb3e1a64	Merge pull request #523 from peass-ng/update_PEASS-winpeas-Metasploit_Wrap-Up_11_14_2025_20251127_132610 [WINPEAS] Add privilege escalation check: Metasploit Wrap-Up 11/14/2025	2026-01-16 17:33:05 +01:00
SirBroccoli	bf9d474cd3	Merge pull request #546 from JohannesLks/fix/ssh-key-regex-false-positive fix: SSH key regex false positive with ImageMagick mime.xml	2026-01-16 17:31:28 +01:00
SirBroccoli	f856f0b588	Merge pull request #547 from JohannesLks/fix/rdcman-credentials-highlight fix: Highlight stored credentials in RDCMan.settings 20260114-2f321ee3	2026-01-14 16:57:35 +01:00
JohannesLks	9d35195c56	fix: Highlight stored credentials in RDCMan.settings RDCMan.settings files can contain encrypted credentials in credentialsProfiles sections. This change enables content inspection to highlight: - credentialsProfiles (indicates stored credentials) - password (encrypted password value) - encryptedPassword (alternative password field) Previously, just_list_file only showed the file path without inspecting contents, causing stored credentials to be missed.	2026-01-01 22:53:40 +01:00
JohannesLks	4abbf37cc0	fix: SSH key regex false positive with ImageMagick mime.xml The regex '-----BEGIN .* PRIVATE KEY.-----' was matching '-----BEGIN PGP PRIVATE KEY BLOCK-----' in /etc/ImageMagick-6/mime.xml, causing a false positive for SSH keys. Fixed by removing the trailing . before ----- so the regex now requires the key header to end directly with -----, which excludes PGP key definitions that have 'BLOCK-----' at the end. Tested key types still detected: - RSA PRIVATE KEY - EC PRIVATE KEY - OPENSSH PRIVATE KEY - DSA PRIVATE KEY	2026-01-01 14:07:08 +01:00
npc	10b087febf	Fix su bruteforce false positives on BusyBox systems (bbsuid) Fix su bruteforce false positives on BusyBox systems (bbsuid)	2025-12-15 20:23:52 +08:00
SirBroccoli	b4a1382e8a	Merge pull request #536 from DotNetRussell/patch-1 Fix wording in privilege escalation checklist 20251215-2904ebf1 20260101-f70f6a79	2025-12-15 09:52:13 +01:00
DNR	877b9b81ce	Fix wording in privilege escalation checklist	2025-12-14 12:45:02 -05:00
carlospolop	0277e447f0	f 20251212-32615dcd	2025-12-12 16:25:36 +01:00
carlospolop	b09bd92116	f	2025-12-12 14:28:17 +01:00
SirBroccoli	8f017f98d3	Merge pull request #532 from compass-dexter/fix/ssh-AuthorizedKeysFile [LINPEAS] fix(linPEAS): grep for AuthorizedKeysFile	2025-12-12 00:44:51 +01:00
SirBroccoli	17cfc6c56e	Merge pull request #530 from Xyniath/master [WINPEAS] Fix misspelling of SeDebugPrivilege in winPEAS output	2025-12-12 00:44:30 +01:00
compass-dexter	7e0f678f33	fix(linPEAS): grep for AuthorizedKeysFile According to sshd_config(5) this is the correct setting	2025-12-10 16:58:13 +01:00
Matt	595e021864	fix: correct typo of SeDebugPrivilege	2025-12-08 00:27:02 +00:00
SirBroccoli	94e84dec91	Merge pull request #521 from peass-ng/update_PEASS-winpeas-HackTheBox_Mirage__Chaining_NFS_Leak_20251122_183905 [WINPEAS] Add privilege escalation check: HackTheBox Mirage Chaining NFS Leaks, Dy...	2025-12-07 13:23:17 +01:00
SirBroccoli	ac80ce3a9a	Merge pull request #520 from peass-ng/update_PEASS-linpeas-SupaPwn__Hacking_Our_Way_into_Lovabl_20251119_184112 [LINPEAS] Add privilege escalation check: SupaPwn Hacking Our Way into Lovable’s O...	2025-12-07 13:22:12 +01:00
SirBroccoli	313fe6bef5	Update README.md	2025-12-07 13:21:52 +01:00
HackTricks News Bot	b188ac34b6	Add linpeas privilege escalation checks from: HTB: Era – IDORs, PHP ssh2.exec Wrapper RCE, and Custom-Signed Binary Privilege	2025-11-29 18:48:21 +00:00
HackTricks News Bot	e99e64cddf	Add linpeas privilege escalation checks from: Metasploit Wrap-Up 11/28/2025	2025-11-29 01:41:29 +00:00
HackTricks News Bot	dd220af544	Add winpeas privilege escalation checks from: Metasploit Wrap-Up 11/14/2025	2025-11-27 13:44:39 +00:00
HackTricks News Bot	11c0d14561	Add winpeas privilege escalation checks from: HackTheBox Mirage: Chaining NFS Leaks, Dynamic DNS Abuse, NATS Credential Theft,	2025-11-22 18:54:22 +00:00
HackTricks News Bot	49db1df468	Add linpeas privilege escalation checks from: SupaPwn: Hacking Our Way into Lovable’s Office and Helping Secure Supabase	2025-11-19 18:59:41 +00:00
SirBroccoli	80318c5005	Merge pull request #514 from moscowchill/bat-pr Fix ANSI escape codes displaying as literal text in winPEAS.bat 20251115-74c9337c 20251201-130af74a	2025-11-15 15:45:38 +01:00
SirBroccoli	7af6c33d39	Merge pull request #513 from sttlr/patch-1 Fix: LinPEASS doesn't run via metasploit module 20251115-0322d43c	2025-11-15 15:44:50 +01:00
moscow chill	336c53a163	Fix ANSI escape codes displaying as literal text in winPEAS.bat The script was setting E=0x1B[ as a literal string instead of the actual ESC character (ASCII 27), causing color codes to display as text like "0x1B[33m[+]0x1B[97m" instead of rendering as colors. Changed the SetOnce subroutine to properly capture the ESC character using the 'prompt $E' technique before building the ANSI escape sequence prefix. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-29 20:16:34 +01:00
Max K.	6877f39193	Fix: LinPEASS doesn't run via metasploit module If you set "WINPEASS" to "false" - it's a string, and therefore "true". So it would run WinPEASS anyway. The fix converts value of the variable to string before comparing it.	2025-10-28 13:19:03 +02:00
SirBroccoli	d75525ebbc	Merge pull request #512 from moscowchill/pr-bat-fix Fix winPEAS.bat compatibility with Windows 11 and modern Windows 10 20251028-8d75ce03 20251101-a416400b	2025-10-28 01:51:48 +01:00
moscow chill	29d8132d93	Fix winPEAS.bat compatibility with Windows 11 and modern Windows 10 WMIC has been deprecated since Windows 10 20H1 and removed in Windows 11. The script was exiting early when WMIC commands failed instead of continuing. Changes: - Add proper WMIC existence checks using 'where wmic' before execution - Implement PowerShell fallbacks for all WMIC commands - Fix hotfix enumeration (Get-HotFix) - Fix antivirus detection (Get-CimInstance) - Fix mounted disk enumeration (Get-PSDrive) - Fix running process checks (Get-Process) - Fix service binary permission checks (Get-CimInstance Win32_Service) - Add error suppression (2>nul) to conditional WMIC exploit checks The script now properly detects WMIC availability and falls back to PowerShell equivalents, ensuring full functionality on modern Windows systems while maintaining backward compatibility with older systems. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-27 16:10:42 +01:00
carlospolop	c16c5de36f	f 20251017-d864f4c3	2025-10-18 00:59:40 +02:00
SirBroccoli	be3fe91da4	Merge pull request #507 from CravateRouge/master Add ADCS ESC DC registry checks 20251007-02ee8e3f	2025-10-07 10:50:43 +02:00
CravateRouge	b8b4a0fc14	Fix InterfaceFlags syntax	2025-10-07 11:14:45 +08:00
CravateRouge	7042a182df	Add ADCS ESC DC registry checks	2025-10-06 17:18:44 +02:00
SirBroccoli	c83eef9cd8	Merge pull request #502 from peass-ng/update_PEASS-linpeas-HTB_Planning__Grafana_CVE-2024-9264__20250913_182726 [LINPEAS] Add privilege escalation check: HTB Planning Grafana CVE-2024-9264 to Co... 20251004-13e75f59	2025-10-04 10:38:22 +02:00
SirBroccoli	e15a1f2e12	Update 16_Crontab_UI_misconfig.sh	2025-10-04 10:38:02 +02:00
SirBroccoli	24e9c54290	Merge pull request #505 from jtothef/patch-1 Update README.md 20251004-40dd5c8d	2025-10-04 10:36:24 +02:00
SirBroccoli	bdb5c61dad	Merge pull request #504 from peass-ng/update_PEASS-linpeas-Forgotten_20250917_063428 [LINPEAS] Add privilege escalation check: Forgotten 20251004-ba856a2a	2025-10-04 10:36:09 +02:00
SirBroccoli	ee83c23a74	Update 16_Crontab_UI_misconfig.sh	2025-10-04 10:34:04 +02:00
SirBroccoli	7b36014699	Merge pull request #499 from peass-ng/update_PEASS-linpeas-HTB_Environment__Laravel_env_overrid_20250907_013120 [LINPEAS] Add privilege escalation check: HTB Environment Laravel env override (CV... 20251004-69861b97	2025-10-04 10:29:32 +02:00
SirBroccoli	6fe8304783	Merge pull request #506 from tropkal/tropkal-patch-1 Update the regex for the sudo version 20251004-5f2f5a2d	2025-10-04 10:29:01 +02:00
tropkal	262feb9896	Updated the sudo regex to catch 2 more CVE's.	2025-10-04 08:43:00 +02:00
tropkal	40cf08af85	Update sudovB.sh Modified the regex that checks for vulnerable sudo versions to include sudo version 1.9.17 (not including 1.9.17p1), which is vulnerable to CVE-2025-32463 (https://www.exploit-db.com/exploits/52352).	2025-10-04 09:08:37 +03:00
jtothef	7c9f431649	Update README.md Fix typo	2025-09-23 12:49:05 -05:00
HackTricks News Bot	31bdb339d7	Add linpeas privilege escalation checks from: Forgotten	2025-09-17 06:48:40 +00:00
HackTricks News Bot	bdcebadde0	Add linpeas privilege escalation checks from: HTB Planning: Grafana CVE-2024-9264 to Container Root, Env-Creds Pivot, Crontab	2025-09-13 18:33:45 +00:00
HackTricks News Bot	4b3f4aa19e	Add linpeas privilege escalation checks from: HTB Environment: Laravel env override (CVE‑2024‑52301) → LFM upload RCE (CVE‑202	2025-09-07 01:38:03 +00:00
carlospolop	7c7884fb72	f tf 20251001-67326308 20250904-27f4363e	2025-09-05 01:04:53 +02:00

1 2 3 4 5 ...

1814 Commits