e23cc3b749
chore(winpeas): update windows version vulnerability definitions
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-04 21:43:01 +00:00
ade17cfd05
ci: auto-merge windows definition PRs reliably
2026-06-04 23:39:19 +02:00
4be3e81aef
Auto-merge PR #647 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Autoimprover <peass-autoimprover@hacktricks.xyz >
2026-05-31 06:56:24 +00:00
01d9795902
Auto-merge PR #646 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Autoimprover <peass-autoimprover@hacktricks.xyz >
2026-05-31 06:50:53 +00:00
d01e61a0ac
Merge branch 'master' of github.com:peass-ng/PEASS-ng
2026-05-28 12:44:29 +02:00
195fc242ba
f
2026-05-28 12:44:26 +02:00
e5f01f3df7
Auto-merge PR #643 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Wordlist Updater <peass-wordlist-updater@hacktricks.xyz >
2026-05-25 08:07:28 +00:00
eb31e0dda4
chore(winpeas): update windows version vulnerability definitions ( #641 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-21 13:29:29 +02:00
18ea88b35b
Expand linPEAS module metadata tests
2026-05-21 13:24:52 +02:00
ca743bf978
Bound linpeas sudo listing checks
2026-05-21 13:09:33 +02:00
1ea8107bf5
Fix bot PR auto-merge and linpeas exclude matching
2026-05-21 13:03:38 +02:00
e5866ca0a1
chore(winpeas): update windows version vulnerability definitions ( #638 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-05-10 19:02:06 +02:00
0d6dab6c1e
[LINPEAS] Add Dirty Frag check (CVE-2026-43284 / CVE-2026-43500) ( #640 )
2026-05-10 19:01:55 +02:00
179f79794d
Fix broken link for PackageKit Pack2TheRoot ( #639 )
...
Co-authored-by: Rodrigo <rodrigo@192>
2026-05-06 10:50:12 +02:00
15a244cb30
Improve Azure VM managed identity discovery
2026-05-05 17:58:20 +02:00
49bafa87a9
f
2026-04-30 13:45:33 +02:00
8bf6564d02
f
2026-04-30 13:30:04 +02:00
c447ef1433
copyfail check
2026-04-30 12:59:09 +02:00
2d0eb60e5c
ci: merge validated windows definition PRs
2026-04-30 12:00:32 +02:00
ad0bc26fb0
chore(winpeas): update windows version vulnerability definitions
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-30 12:00:21 +02:00
96b5185cd4
ci: update windows definition bot branch reliably
2026-04-30 11:43:25 +02:00
d78acd4228
perf: download NVD feeds in parallel
2026-04-30 11:35:41 +02:00
7e16c4c635
ci: auto-merge windows definition update PRs
2026-04-30 10:59:50 +02:00
d142e0f1f8
fix: retry incomplete windows definition downloads
2026-04-30 10:38:31 +02:00
eb2c3fbfd1
ci: bound windows definition updater runtime
2026-04-30 10:32:57 +02:00
3b079e9463
ci: validate windows version definition updates
2026-04-30 10:03:59 +02:00
5676661aac
chore(winpeas): update windows version vulnerability definitions ( #631 )
...
Co-authored-by: carlospolop <17181413+carlospolop@users.noreply.github.com >
2026-04-30 10:01:29 +02:00
e9dc98fc9c
fix(linpeas): correct pkexec version regex pattern ( #632 )
2026-04-30 10:00:50 +02:00
1993984d21
Auto-merge PR #636 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Autoimprover <peass-autoimprover@hacktricks.xyz >
2026-04-30 06:07:24 +00:00
dfc53a29f9
Auto-merge PR #635 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Autoimprover <peass-autoimprover@hacktricks.xyz >
2026-04-30 05:58:03 +00:00
f8273fa13b
feat: detect PackageKit Pack2TheRoot (CVE-2026-41651) ( #634 )
2026-04-22 20:05:17 +02:00
5d4b4522ef
lhe
2026-04-17 13:15:05 +02:00
65d6e4662a
fix(linpeas): highlight writable shell binaries as 95% PE vector on merged-usr systems ( #630 )
...
The PATH-derived portion of writeVB uses `sed 's/:/$|^/g'` to turn the
colon-separated PATH into an alternation regex. This produces patterns like
`^/usr/bin$|^/sbin$|^/bin` where every entry except the last gets a trailing
`$` anchor — making it an exact match on the directory name itself rather than
a prefix match on files inside it.
On modern merged-/usr distributions (Debian 10+, Ubuntu 20.04+, Fedora 17+,
Arch) `/bin` is a symlink to `usr/bin`, so `find /` returns `/usr/bin/bash`
rather than `/bin/bash`. The pattern `^/usr/bin$` does not match
`/usr/bin/bash` (the `$` prevents it), so a writable bash binary falls through
to the lower-severity writeB coloring (plain RED) instead of the 95% PE vector
RED/YELLOW.
Add explicit patterns for the common shell interpreters and env so they are
always flagged as 95% PE vectors regardless of PATH ordering or /usr-merge
layout:
/bin/bash /usr/bin/bash
/bin/sh /usr/bin/sh
/bin/dash /usr/bin/dash
/bin/zsh /usr/bin/zsh
/usr/bin/env
Co-authored-by: s1d3r <s1d3r@users.noreply.github.com >
2026-04-12 23:44:18 +02:00
b1a2eef8fd
Update 4_Capabilities.sh ( #629 )
2026-04-09 15:54:03 +02:00
53973a2754
chore(winpeas): update windows version vulnerability definitions ( #626 )
...
Co-authored-by: carlospolop <17181413+carlospolop@users.noreply.github.com >
2026-04-01 12:46:54 +02:00
5841e7c39d
Auto-merge PR #628 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Autoimprover <peass-autoimprover@hacktricks.xyz >
2026-03-31 05:11:16 +00:00
98e5cd39dc
Auto-merge PR #627 (Chack Agent)
...
Co-authored-by: HackTricks PEASS Autoimprover <peass-autoimprover@hacktricks.xyz >
2026-03-31 05:08:57 +00:00
ac31bcefab
feat: detect hidden group access via newgrp (gshadow desync) ( #625 )
...
* feat: detect hidden group access via newgrp (gshadow desync)
Problem: groups/id only show current session memberships
Fix: probe all system groups via newgrp to detect accessible groups not shown
Impact: identifies hidden access (docker, lxd, etc.) missed by standard checks
Real case: user present in gshadow docker group but not reflected in session
newgrp docker succeeds -> container escape -> root
* Update linPEAS/builder/linpeas_parts/6_users_information/19_Actual_groups.sh
fixed the command-injection vector.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
---------
Co-authored-by: Muthra <muthra@example.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: SirBroccoli <carlospolop@gmail.com >
2026-03-23 16:29:33 +01:00
b8528da949
Improve container and runtime enumeration ( #624 )
...
* Improve container and runtime enumeration
* Fix CI failures for PR #624
---------
Co-authored-by: chack-agent <chack-agent@users.noreply.github.com >
2026-03-22 21:44:38 +01:00
5662506cf1
Fix CI-master failures for run #23351051018 ( #623 )
...
Co-authored-by: chack-agent <chack-agent@users.noreply.github.com >
2026-03-20 17:25:26 +01:00
d71e346ab1
f
2026-03-20 16:56:05 +01:00
1fb7aefa40
Auto-merge PR #622 (Chack Agent)
...
* test: trigger linpeas workflow failure
* Fix CI failures for PR #622
* docs: clarify builder output wording
---------
Co-authored-by: chack-agent <chack-agent@users.noreply.github.com >
2026-03-19 21:27:55 +00:00
ac133717d2
Add OpenAI fallback to Chack workflows
2026-03-19 19:11:09 +01:00
ca59d6d0e0
Switch Chack workflows to Codex access token
2026-03-19 19:07:56 +01:00
042aa0cd4d
f
2026-03-19 16:29:30 +01:00
2fb6c4c67d
f
2026-03-15 23:33:31 +01:00
8a455fde49
Merge branch 'master' of github.com:peass-ng/PEASS-ng
2026-03-15 22:37:12 +01:00
aafdfcdcee
f
2026-03-15 22:36:55 +01:00
fe43788f08
chore(winpeas): update windows version vulnerability definitions ( #617 )
...
Co-authored-by: carlospolop <17181413+carlospolop@users.noreply.github.com >
2026-03-15 22:25:49 +01:00
a8f6b16016
Merge branch 'master' of github.com:peass-ng/PEASS-ng
2026-03-08 16:04:31 +01:00
github-actions[bot]