search regexes

2025-12-12 15:49:51 -08:00 · 2021-12-19 17:54:29 -05:00
parent 6c2bba00f4
commit d30c6ca63a
5 changed files with 77 additions and 67 deletions
--- a/linPEAS/README.md
+++ b/linPEAS/README.md
@@ -69,14 +69,13 @@ By default linpeas takes around **4 mins** to complete, but It could take from *

 **Other parameters:**
 - **-a** (all checks) - This will **execute also the check of processes during 1 min, will search more possible hashes inside files, and brute-force each user using `su` with the top2000 passwords.**
+- **-e** (extra enumeration) - This will execute **enumeration checkes that are avoided by default**
 - **-s** (superfast & stealth) - This will bypass some time consuming checks - **Stealth mode** (Nothing will be written to disk)
 - **-P** (Password) - Pass a password that will be used with `sudo -l` and bruteforcing other users
- **-v** (verbose) - Print information about the checks that haven't discovered anything and about the time each check took
+- **-d** (Debug) - Print information about the checks that haven't discovered anything and about the time each check took

 This script has **several lists** included inside of it to be able to **color the results** in order to highlight PE vector.

-LinPEAS also **exports a new PATH** variable during the execution if common folders aren't present in the original PATH variable.
-
 ![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/images/help.png)

 ## Hosts Discovery and Port Scanning
--- a/linPEAS/builder/linpeas_parts/7_interesting_files.sh
+++ b/linPEAS/builder/linpeas_parts/7_interesting_files.sh
@@ -451,7 +451,6 @@ if [ "$PSTORAGE_DATABASE" ]; then
  echo ""
  printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
    if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd
-      printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
      if [ "$(command -v sqlite3 2>/dev/null)" ]; then
        tables=$(sqlite3 $f ".tables" 2>/dev/null)
        #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
@@ -462,7 +461,8 @@ if [ "$PSTORAGE_DATABASE" ]; then
      else
        tables=""
      fi
-      if [ "$tables" ]; then
+      if [ "$tables" ] || [ "$DEBUG" ]; then
+          printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC
          printf "%s\n" "$tables" | while read t; do
          columns=""
          # Search for credentials inside the table using sqlite3
@@ -479,8 +479,8 @@ if [ "$PSTORAGE_DATABASE" ]; then
            printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g"
            (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head
          fi
+          echo ""
        done
-        echo ""
      fi
    fi
  done
@@ -563,6 +563,13 @@ if [ "$PSTORAGE_PHP_FILES" ] || [ "$DEBUG" ]; then
  echo ""
 fi

+##-- IF) Passwords files in home
+if [ "$PSTORAGE_PASSWORD_FILES" ] || [ "$DEBUG" ]; then
+  print_2title "Finding *password* or *credential* files in home (limit 70)"
+  (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print "  #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
+  echo ""
+fi
+
 ##-- IF) TTY passwords
 print_2title "Checking for TTY (sudo/su) passwords in audit logs"
 aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g"
@@ -570,29 +577,31 @@ find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/nul
 echo ""

 ##-- IF) IPs inside logs
-print_2title "Finding IPs inside logs (limit 70)"
-(find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
-echo ""
+if [ "$DEBUG" ]; then
+  print_2title "Finding IPs inside logs (limit 70)"
+  (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70
+  echo ""
+fi

 ##-- IF) Passwords inside logs
 print_2title "Finding passwords inside logs (limit 70)"
 (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED},"
 echo ""

-##-- IF) Emails inside logs
-print_2title "Finding emails inside logs (limit 70)"
-(find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g"
-echo ""
+if [ "$DEBUG" ]; then
+  ##-- IF) Emails inside logs
+  print_2title "Finding emails inside logs (limit 70)"
+  (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g"
+  echo ""
+fi

-##-- IF) Passwords files in home
-print_2title "Finding *password* or *credential* files in home (limit 70)"
-(printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print "  #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found
-echo ""

-if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
+
+
+if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
  ##-- IF) Find possible files with passwords
  print_2title "Finding passwords inside key folders (limit 70) - only PHP files"
-  intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $HOMESEARCH /var/www /usr/local/www/ $backup_folders_row /tmp /etc /mnt /private 2>/dev/null)
+  intpwdfiles=$(timeout 150 find $HOMESEARCH /var/www /usr/local/www/ $backup_folders_row /tmp /etc /mnt /private -type f -exec grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" '{}' \; 2>/dev/null)
  printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g"
  echo ""

@@ -602,8 +611,9 @@ if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then

  ##-- IF) Find possible files with passwords
  print_2title "Finding possible password variables inside key folders (limit 140)"
-  timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g"
-  timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g"
+  timeout 150 find $HOMESEARCH -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
+  timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
+  wait
  echo ""

  ##-- IF) Find possible conf files with passwords
@@ -617,46 +627,6 @@ if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
  done
  echo ""

-  ##-- IF) Find possible files with usernames
-  print_2title "Finding 'username' string inside key folders (limit 70)"
-  timeout 150 grep -RiIE "username.*[=:].+" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" &
-  timeout 150 grep -RiIE "username.*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" &
-  wait
-  echo ""
-
-  ##-- IF) Specific hashes inside files
-  print_2title "Searching specific hashes inside files - less false positives (limit 70)"
-  regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*'
-  regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}'
-  regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}'
-  regexwp='\$P\$[a-zA-Z0-9_/\.]{31}'
-  regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}'
-  regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
-  regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
-  regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}'
-  regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}'
-  timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc $backup_folders_row /tmp /var/tmp /var/www $HOMESEARCH /mnt /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED},"
-  echo ""
-fi
-
-if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
-  ##-- IF) Specific hashes inside files
-  print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)"
-  regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)'
-  regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)'
-  regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)'
-  regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)'
-  timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc $backup_folders_row /tmp /var/tmp /var/www $HOMESEARCH /mnt /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print "  #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m,"
-  echo ""
-fi
-
-if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then
-  ##-- IF) Find URIs with user:password@hoststrings
-  print_2title "Finding URIs with user:password@host inside key folders"
-  timeout 150 find /var/www $backup_folders_row /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
-  timeout 150 grep -RiIE "://(.+):(.+)@" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
-  timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
-  timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
-  timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g"
-  echo  ""
+  ##-- IF) Find possible regexes
+  peass{REGEXES}
 fi
--- a/linPEAS/builder/linpeas_parts/linpeas_base.sh
+++ b/linPEAS/builder/linpeas_parts/linpeas_base.sh
@@ -213,7 +213,7 @@ print_banner(){
 }


-print_support (){
+print_support () {
  printf """
    ${GREEN}/---------------------------------------------------------------------------\\
    |                             ${BLUE}Do you like PEASS?${GREEN}                            |
@@ -609,7 +609,7 @@ print_title(){
  printf ${BLUE}
  for i in $(seq 1 $rest_len); do printf " "; done
  printf "╔"
-  for i in $(seq 1 $title_len); do printf "═"; done; printf "══";
+  for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
  printf "╗"

  echo ""
@@ -623,7 +623,7 @@ print_title(){
  printf ${BLUE}
  for i in $(seq 1 $rest_len); do printf " "; done
  printf "╚"
-  for i in $(seq 1 $title_len); do printf "═"; done; printf "══";
+  for i in $(seq 1 $title_len); do printf "═"; done; printf "═";
  printf "╝"
  
  printf $NC
--- a/linPEAS/builder/src/linpeasBuilder.py
+++ b/linPEAS/builder/src/linpeasBuilder.py
@@ -28,7 +28,9 @@ from .yamlGlobals import (
    CAP_SETUID_MARKUP,
    CAP_SETGID_MARKUP,
    LES_MARKUP,
-    LES2_MARKUP
+    LES2_MARKUP,
+    REGEXES_LOADED,
+    REGEXES_MARKUP
 )


@@ -79,6 +81,11 @@ class LinpeasBuilder:
        
        self.__replace_mark(EXTRASECTIONS_MARKUP, list(""), "") #Delete extra markup

+        print("[+] Building regexes searches...")
+        section = self.__generate_regexes_search()
+        self.__replace_mark(REGEXES_MARKUP, list(section), "")
+
+
        print("[+] Building linux exploit suggesters...")
        les_b64, les2_b64 = self.__get_linux_exploit_suggesters()
        assert len(les_b64) > 100
@@ -314,6 +321,33 @@ class LinpeasBuilder:
                capsVB.append(b)
        
        return (suidVB, sudoVB, capsVB)
+    
+    def __generate_regexes_search(self) -> str:
+        paths_to_search = REGEXES_LOADED["paths"]
+        regexes = REGEXES_LOADED["regular_expresions"]
+
+        regexes_search_section = ""
+
+        for values in regexes:
+            section_name = values["name"]
+            regexes_search_section += f'print_2title "Searching {section_name}"\n'
+
+            for entry in values["regexes"]:
+                name = entry["name"]
+                regex = entry["regex"]
+                regex = regex.replace('"', '\\"').strip()
+                extra_grep = entry.get("extra_grep")
+                extra_grep = f" | grep {extra_grep} | " if extra_grep else ""
+                
+                regexes_search_section += f'print_3title "Searching {name} (limited to 50)"\n'
+                for path in paths_to_search:
+                    regexes_search_section += "timeout 120 find "+path+" -type f -exec grep -HnRiIE \""+regex+"\" '{}' \; 2>/dev/null "+extra_grep+" | sed '/^.\{150\}./d' | sort | uniq | head -n 50 | sed -${E} \"s~"+regex+"~${SED_RED}~\" &\n"
+                
+                regexes_search_section += "wait\n"
+
+        return regexes_search_section
+
+                        


    def __replace_mark(self, mark: str, find_calls: list, join_char: str):
--- a/linPEAS/builder/src/yamlGlobals.py
+++ b/linPEAS/builder/src/yamlGlobals.py
@@ -47,11 +47,17 @@ LINPEAS_BASE_PATH = LINPEAS_BASE_PARTS + "/linpeas_base.sh"
 TEMPORARY_LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh"
 FINAL_LINPEAS_PATH = CURRENT_DIR + "/../../" + "linpeas.sh"
 YAML_NAME = "sensitive_files.yaml"
+YAML_REGEXES = "regexes.yaml"
 FILES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_NAME
+REGEXES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_REGEXES
+

 with open(FILES_YAML, 'r') as file:
    YAML_LOADED = yaml.load(file, Loader=yaml.FullLoader)

+with open(REGEXES_YAML, 'r') as file:
+    REGEXES_LOADED = yaml.load(file, Loader=yaml.FullLoader)
+
 ROOT_FOLDER = YAML_LOADED["root_folders"]
 DEFAULTS = YAML_LOADED["defaults"]
 COMMON_FILE_FOLDERS = YAML_LOADED["common_file_folders"]
@@ -65,6 +71,7 @@ PEAS_FINDS_MARKUP = YAML_LOADED["peas_finds_markup"]
 FIND_LINE_MARKUP = YAML_LOADED["find_line_markup"]
 FIND_TEMPLATE = YAML_LOADED["find_template"]

+REGEXES_MARKUP = YAML_LOADED["peas_regexes_markup"]
 PEAS_STORAGES_MARKUP = YAML_LOADED["peas_storages_markup"]
 STORAGE_LINE_MARKUP = YAML_LOADED["storage_line_markup"]
 STORAGE_LINE_EXTRA_MARKUP = YAML_LOADED["storage_line_extra_markup"]