gitea-mirror/PEASS-ng
1
0
Fork 0
mirror of https://github.com/peass-ng/PEASS-ng.git synced 2026-01-19 00:06:10 -08:00
Code Issues Packages Projects Releases Wiki Activity
1,819 Commits 61 Branches 322 Tags
ea787df91ca0d922d4043dff8dcd6f65c99c0c6e
Commit Graph

279 Commits

Author SHA1 Message Date
Carlos Polop
1d4b748cbc Fix builder GTFOBins parsing and protections metadata 2026-01-16 18:07:04 +01:00
Carlos Polop
69371f825e Fix GTFOBins list fetch for linpeas builder 2026-01-16 18:01:40 +01:00
Carlos Polop
72dbd9ef28 Fix PR tests Go setup and update linpeas parts 2026-01-16 17:56:34 +01:00
SirBroccoli
32e9bf657a Merge pull request #537 from Apursuit/fix-busybox-su-false-positive 
Fix `su` bruteforce false positives on BusyBox systems (bbsuid)
 2026-01-16 17:47:57 +01:00
SirBroccoli
d6bd661460 Merge pull request #525 from peass-ng/update_PEASS-linpeas-HTB__Era___IDORs__PHP_ssh2_exec_Wrap_20251129_184039 
[LINPEAS] Add privilege escalation check: HTB Era – IDORs, PHP ssh2.exec Wrapper R...
 2026-01-16 17:38:44 +01:00
SirBroccoli
ed6263a4b3 Merge pull request #524 from peass-ng/update_PEASS-linpeas-Metasploit_Wrap-Up_11_28_2025_20251129_012934 
[LINPEAS] Add privilege escalation check: Metasploit Wrap-Up 11/28/2025
 2026-01-16 17:34:21 +01:00
JohannesLks
4abbf37cc0 fix: SSH key regex false positive with ImageMagick mime.xml 
The regex '-----BEGIN .* PRIVATE KEY.*-----' was matching
'-----BEGIN PGP PRIVATE KEY BLOCK-----' in /etc/ImageMagick-6/mime.xml,
causing a false positive for SSH keys.

Fixed by removing the trailing .* before ----- so the regex now requires
the key header to end directly with -----, which excludes PGP key
definitions that have 'BLOCK-----' at the end.

Tested key types still detected:
- RSA PRIVATE KEY
- EC PRIVATE KEY
- OPENSSH PRIVATE KEY
- DSA PRIVATE KEY
 2026-01-01 14:07:08 +01:00
npc
10b087febf Fix su bruteforce false positives on BusyBox systems (bbsuid) 
Fix su bruteforce false positives on BusyBox systems (bbsuid)
 2025-12-15 20:23:52 +08:00
DNR
877b9b81ce Fix wording in privilege escalation checklist 2025-12-14 12:45:02 -05:00
compass-dexter
7e0f678f33 fix(linPEAS): grep for AuthorizedKeysFile 
According to sshd_config(5) this is the correct setting
 2025-12-10 16:58:13 +01:00
HackTricks News Bot
b188ac34b6 Add linpeas privilege escalation checks from: HTB: Era – IDORs, PHP ssh2.exec Wrapper RCE, and Custom-Signed Binary Privilege 2025-11-29 18:48:21 +00:00
HackTricks News Bot
e99e64cddf Add linpeas privilege escalation checks from: Metasploit Wrap-Up 11/28/2025 2025-11-29 01:41:29 +00:00
HackTricks News Bot
49db1df468 Add linpeas privilege escalation checks from: SupaPwn: Hacking Our Way into Lovable’s Office and Helping Secure Supabase 2025-11-19 18:59:41 +00:00
carlospolop
c16c5de36f f 2025-10-18 00:59:40 +02:00
SirBroccoli
c83eef9cd8 Merge pull request #502 from peass-ng/update_PEASS-linpeas-HTB_Planning__Grafana_CVE-2024-9264__20250913_182726 
[LINPEAS] Add privilege escalation check: HTB Planning Grafana CVE-2024-9264 to Co...
 2025-10-04 10:38:22 +02:00
SirBroccoli
e15a1f2e12 Update 16_Crontab_UI_misconfig.sh 2025-10-04 10:38:02 +02:00
SirBroccoli
bdb5c61dad Merge pull request #504 from peass-ng/update_PEASS-linpeas-Forgotten_20250917_063428 
[LINPEAS] Add privilege escalation check: Forgotten
 2025-10-04 10:36:09 +02:00
SirBroccoli
ee83c23a74 Update 16_Crontab_UI_misconfig.sh 2025-10-04 10:34:04 +02:00
SirBroccoli
7b36014699 Merge pull request #499 from peass-ng/update_PEASS-linpeas-HTB_Environment__Laravel_env_overrid_20250907_013120 
[LINPEAS] Add privilege escalation check: HTB Environment Laravel env override (CV...
 2025-10-04 10:29:32 +02:00
tropkal
262feb9896 Updated the sudo regex to catch 2 more CVE's. 2025-10-04 08:43:00 +02:00
tropkal
40cf08af85 Update sudovB.sh 
Modified the regex that checks for vulnerable sudo versions to include sudo version 1.9.17 (not including 1.9.17p1), which is vulnerable to CVE-2025-32463 (https://www.exploit-db.com/exploits/52352).
 2025-10-04 09:08:37 +03:00
HackTricks News Bot
31bdb339d7 Add linpeas privilege escalation checks from: Forgotten 2025-09-17 06:48:40 +00:00
HackTricks News Bot
bdcebadde0 Add linpeas privilege escalation checks from: HTB Planning: Grafana CVE-2024-9264 to Container Root, Env-Creds Pivot, Crontab 2025-09-13 18:33:45 +00:00
HackTricks News Bot
4b3f4aa19e Add linpeas privilege escalation checks from: HTB Environment: Laravel env override (CVE‑2024‑52301) → LFM upload RCE (CVE‑202 2025-09-07 01:38:03 +00:00
carlospolop
147de0fc88 f 2025-09-03 14:19:59 +02:00
carlospolop
afaf596342 f 2025-09-03 13:39:15 +02:00
HackTricks News Bot
ed01b32a95 Add linpeas privilege escalation checks from: Case study: Backup leak → CI abuse → internal trust misconfigurations → escalati 2025-08-27 19:45:02 +00:00
carlospolop
6fd96f4bdb f 2025-07-01 12:12:01 +02:00
carlospolop
a745f00dd7 fix 2025-07-01 11:10:21 +02:00
SirBroccoli
4061cef7e8 Merge pull request #476 from peass-ng/codex/fix-url-reference-in-linpeasbuilder.py 
Fix url variable reference in linpeasBuilder
 2025-06-25 01:59:43 +02:00
SirBroccoli
cde725dacc Merge pull request #477 from peass-ng/codex/update-docstring-and-fix-typo 
Fix docstring and comment in linpeasBuilder
 2025-06-25 01:57:58 +02:00
SirBroccoli
f0f829890c Merge pull request #479 from peass-ng/codex/replace--parth--with--path--in-argparse 
Fix typo in linpeas builder arg help
 2025-06-25 01:57:11 +02:00
SirBroccoli
a74c6c820f Merge pull request #482 from Aarav-Juneja/builder-exclude-fix 
Fix exclude modules on linPEASS
 2025-06-25 01:55:48 +02:00
Aarav Juneja
9b37fd4ef4 Fix exclude modules on linPEASS 2025-06-24 13:05:10 -07:00
John Doe
f27b1d4816 Added a privilege escalation vulnerability for MySQL 4.x/5.x versions. 2025-06-23 22:37:44 +03:00
SirBroccoli
d5e3c2a885 Fix typo in linpeas builder output argument 2025-06-06 00:38:05 +02:00
SirBroccoli
4af321d138 Fix docstring and comment typo 2025-06-06 00:01:29 +02:00
SirBroccoli
4e556fd594 Fix variable reference when parsing URLs 2025-06-06 00:01:17 +02:00
Jack Vaughn
b9a9ad5ddf Add 4 noisy and useless environment variables to NoEnvVars.sh 
These variables (^PATH=|^INVOCATION_ID=|^WATCHDOG_PID=|^LISTEN_PID=) frequently appear across processes 
on busy systems (10+ each on tested system) and produce a large volume of irrelevant output
 2025-05-25 21:32:51 -04:00
carlospolop
88f08a405e l 2025-05-26 02:55:07 +02:00
SirBroccoli
322792c4ec Merge pull request #471 from Jack-Vaughn/environ-check 
Add module to check for sensitive environment variables via /proc/*/environ
 2025-05-26 02:33:43 +02:00
Jack
c150e63b52 This module scans /proc/*/environ for potentially sensitive environment variables on Linux systems. 
It targets common keywords like token, password, secret, AWS, API, etc.

Uses 'tr' instead of 'strings' to improve compatibility in minimal environments like containers.

The check is skipped entirely on MacPEAS.
 2025-05-25 12:55:34 -04:00
carlospolop
aac3667247 f l 2025-05-25 08:15:48 +02:00
carlospolop
64ab193d25 f linpeas 2025-05-25 07:05:48 +02:00
carlospolop
aab8241ede f 2025-05-25 02:21:39 +02:00
carlospolop
1e7a90d29f cursor rewrite + network checks 2025-05-24 08:29:47 +02:00
carlospolop
604580adbd more 2025-05-19 06:36:39 +02:00
carlospolop
9820c18697 Cursor improvements parts 1 and 2 2025-05-19 06:36:35 +02:00
carlospolop
ea9b930fdb fix capabilities module 2025-05-18 14:33:02 +02:00
SirBroccoli
dae0f7a533 Merge pull request #468 from ThatTotallyRealMyth/ThatTotallyRealMyth-4_capEdit-1 
Update 4_Capabilities.sh: Fix capability decoding to prevent shell breaking output from shell/process capabiltiy checking.
 2025-05-18 14:19:28 +02:00