added new suids cves

Update CONTRIBUTING.md

.github/workflows/CI-master_tests.yml

@@ -9,7 +9,7 @@ on:
         - '.github/**'
   
   schedule:
-    - cron: "5 4 * * SUN"
+    - cron: "5 4 1 * *"
 
   workflow_dispatch:
 
@@ -100,43 +100,43 @@ jobs:
       
       # Upload all the versions for the release
       - name: Upload winpeasx64
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEASx64.exe
           path: winPEAS\winPEASexe\binaries\x64\Release\winPEASx64.exe
       
       - name: Upload winpeasx86
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEASx86.exe
           path: winPEAS\winPEASexe\binaries\x86\Release\winPEASx86.exe
       
       - name: Upload winpeasany
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEASany.exe
           path: winPEAS\winPEASexe\binaries\Release\winPEASany.exe
       
       - name: Upload winpeasx64ofs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEASx64_ofs.exe
           path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx64_ofs.exe
       
       - name: Upload winpeasx86ofs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEASx86_ofs.exe
           path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASx86_ofs.exe
           
       - name: Upload winpeasanyofs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEASany_ofs.exe
           path: winPEAS\winPEASexe\binaries\Obfuscated Releases\winPEASany_ofs.exe
       
       - name: Upload winpeas.bat
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: winPEAS.bat
           path: winPEAS\winPEASbat\winPEAS.bat
@@ -240,57 +240,57 @@ jobs:
       
       # Upload files for release
       - name: Upload linpeas.sh
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas.sh
           path: linPEAS/linpeas.sh
       
       - name: Upload linpeas_fat.sh
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_fat.sh
           path: linPEAS/linpeas_fat.sh
       
       - name: Upload linpeas_small.sh
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_small.sh
           path: linPEAS/linpeas_small.sh
       
       ## Linux bins
       - name: Upload linpeas_linux_386
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_linux_386
           path: sh2bin/builds/linpeas_linux_386
       
       - name: Upload linpeas_linux_amd64
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_linux_amd64
           path: sh2bin/builds/linpeas_linux_amd64
       
       - name: Upload linpeas_linux_arm
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_linux_arm
           path: sh2bin/builds/linpeas_linux_arm
           
       - name: Upload linpeas_linux_arm64
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_linux_arm64
           path: sh2bin/builds/linpeas_linux_arm64
       
       ## Darwin bins
       - name: Upload linpeas_darwin_amd64
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_darwin_amd64
           path: sh2bin/builds/linpeas_darwin_amd64
           
       - name: Upload linpeas_darwin_arm64
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: linpeas_darwin_arm64
           path: sh2bin/builds/linpeas_darwin_arm64
@@ -345,82 +345,82 @@ jobs:
     steps:
     # Download files to release
     - name: Download winpeasx64ofs
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEASx64_ofs.exe
 
     - name: Download winpeasx86ofs
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEASx86_ofs.exe
 
     - name: Download winpeasanyofs
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEASany_ofs.exe
 
     - name: Download winpeasx64
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEASx64.exe
     
     - name: Download winpeasx86
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEASx86.exe
 
     - name: Download winpeasany
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEASany.exe
     
     - name: Download winpeas.bat
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: winPEAS.bat
 
     - name: Download linpeas.sh
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas.sh
     
     - name: Download linpeas_fat.sh
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_fat.sh
     
     - name: Download linpeas_small.sh
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_small.sh
 
     - name: Download linpeas_linux_386
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_linux_386
 
     - name: Download linpeas_linux_amd64
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_linux_amd64
 
     - name: Download linpeas_linux_arm
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_linux_arm
 
     - name: Download linpeas_linux_arm64
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_linux_arm64
 
     - name: Download linpeas_darwin_amd64
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_darwin_amd64
 
     - name: Download linpeas_darwin_arm64
-      uses: actions/download-artifact@v2
+      uses: actions/download-artifact@v4.1.7
       with:
         name: linpeas_darwin_arm64
     

CONTRIBUTING.md

@@ -13,7 +13,7 @@ If you want to **contribute adding the search of new files that can contain sens
 Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud.
 
 ## Specific LinPEAS additions
-From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/peass-ng/PEASS-ng/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*.
+From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/peass-ng/PEASS-ng/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that will be merged into linpeas.sh*.
 The new linpeas.sh script will be auto-generated in the PR.
 
 ## Specific WinPEAS additions

linPEAS/README.md

@@ -29,7 +29,7 @@ Note that by default, in the releases pages of this repository, you will find a
 - **linpeas_small.sh**: Contains only the most *important* checks making its size smaller.
 
 ## Quick Start
-Find the **latest versions of all the scripts and binaries in [the releases page](releases/latest)**.
+Find the **latest versions of all the scripts and binaries in [the releases page](https://github.com/peass-ng/PEASS-ng/releases/latest)**.
 
 ```bash
 # From public github

linPEAS/builder/linpeas_parts/3_cloud/10_IBM_Cloud.sh

@@ -26,7 +26,7 @@ if [ "$is_ibm_vm" = "Yes" ]; then
     
     ibm_req=""
     if [ "$(command -v curl || echo -n '')" ]; then
-        ibm_req="curl -s -f -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
+        ibm_req="curl -s -f -L -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
     elif [ "$(command -v wget || echo -n '')" ]; then
         ibm_req="wget -q -O - -H '$TOKEN_HEADER' -H '$ACCEPT_HEADER'"
     else 

linPEAS/builder/linpeas_parts/3_cloud/11_Ali_Cloud.sh

@@ -19,7 +19,7 @@ if [ "$is_aliyun_ecs" = "Yes" ]; then
   aliyun_token=""
   if [ "$(command -v curl)" ]; then 
     aliyun_token=$(curl -X PUT "http://100.100.100.200/latest/api/token" -H "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
-    aliyun_req='curl -s -f -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
+    aliyun_req='curl -s -f -L -H "X-aliyun-ecs-metadata-token: $aliyun_token"'
   elif [ "$(command -v wget)" ]; then
     aliyun_token=$(wget -q -O - --method PUT "http://100.100.100.200/latest/api/token" --header "X-aliyun-ecs-metadata-token-ttl-seconds:1000")
     aliyun_req='wget -q -O --header "X-aliyun-ecs-metadata-token: $aliyun_token"'

linPEAS/builder/linpeas_parts/3_cloud/2_AWS_EC2.sh

@@ -21,7 +21,7 @@ if [ "$is_aws_ec2" = "Yes" ]; then
     
     aws_req=""
     if [ "$(command -v curl || echo -n '')" ]; then
-        aws_req="curl -s -f -H '$HEADER'"
+        aws_req="curl -s -f -L -H '$HEADER'"
     elif [ "$(command -v wget || echo -n '')" ]; then
         aws_req="wget -q -O - -H '$HEADER'"
     else 

linPEAS/builder/linpeas_parts/3_cloud/6_Google_cloud_function.sh

@@ -16,7 +16,7 @@
 if [ "$is_gcp_function" = "Yes" ]; then
     gcp_req=""
     if [ "$(command -v curl)" ]; then
-        gcp_req='curl -s -f  -H "Metadata-Flavor: Google"'
+        gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
     elif [ "$(command -v wget)" ]; then
         gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
     else 

linPEAS/builder/linpeas_parts/3_cloud/6_Google_cloud_vm.sh

@@ -16,7 +16,7 @@
 if [ "$is_gcp_vm" = "Yes" ]; then
     gcp_req=""
     if [ "$(command -v curl || echo -n '')" ]; then
-        gcp_req='curl -s -f  -H "Metadata-Flavor: Google"'
+        gcp_req='curl -s -f -L -H "Metadata-Flavor: Google"'
     elif [ "$(command -v wget || echo -n '')" ]; then
         gcp_req='wget -q -O - --header "Metadata-Flavor: Google"'
     else 

linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh

@@ -22,7 +22,7 @@ if [ "$is_az_vm" = "Yes" ]; then
   
   az_req=""
   if [ "$(command -v curl || echo -n '')" ]; then
-      az_req="curl -s -f -H '$HEADER'"
+      az_req="curl -s -f -L -H '$HEADER'"
   elif [ "$(command -v wget || echo -n '')" ]; then
       az_req="wget -q -O - -H '$HEADER'"
   else 

linPEAS/builder/linpeas_parts/3_cloud/8_Azure_app_service.sh

@@ -23,7 +23,7 @@ if [ "$is_az_app" = "Yes" ]; then
 
   az_req=""
   if [ "$(command -v curl || echo -n '')" ]; then
-      az_req="curl -s -f -H '$HEADER'"
+      az_req="curl -s -f -L -H '$HEADER'"
   elif [ "$(command -v wget || echo -n '')" ]; then
       az_req="wget -q -O - -H '$HEADER'"
   else 

linPEAS/builder/linpeas_parts/3_cloud/9_DO_Droplet.sh

@@ -18,7 +18,7 @@ if [ "$is_do" = "Yes" ]; then
 
   do_req=""
   if [ "$(command -v curl || echo -n '')" ]; then
-      do_req='curl -s -f '
+      do_req='curl -s -f -L '
   elif [ "$(command -v wget || echo -n '')" ]; then
       do_req='wget -q -O - '
   else 

linPEAS/builder/linpeas_parts/variables/USEFUL_SOFTWARE.sh

@@ -13,4 +13,4 @@
 # Small linpeas: 1
 
 
-USEFUL_SOFTWARE="authbind aws az base64 ctr curl doas docker fetch g++ gcc gcloud gdb kubectl lxc make nc nc.traditional ncat netcat nmap perl php ping podman python python2 python2.6 python2.7 python3 python3.6 python3.7 pwsh rkt ruby runc socat sudo wget xterm"
+USEFUL_SOFTWARE="authbind aws az base64 ctr curl doas docker fetch g++ gcc gcloud gdb go kubectl lua lxc make nc nc.traditional ncat netcat nmap perl php ping podman python python2 python2.6 python2.7 python3 python3.6 python3.7 pwsh rkt ruby runc socat sudo wget xterm"

linPEAS/builder/linpeas_parts/variables/sidB.sh

@@ -25,6 +25,9 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\
  /dtappgather$%Solaris_7_<_11_\(SPARC/x86\)\(CVE-2017-3622\)\
  /dtprintinfo$%Solaris_10_\(x86\)_and_lower_versions_also_SunOS_5.7_to_5.10\
  /dtsession$%Oracle_Solaris_10_1/13_and_earlier\(CVE-2020-2696\)\
+ /enlightenment_backlight$%Before_0.25.4_\(CVE-2022-37706\)\
+ /enlightenment_ckpasswd$%Before_0.25.4_\(CVE-2022-37706\)\
+ /enlightenment_sys$%Before_0.25.4_\(CVE-2022-37706\)\
  /eject$%FreeBSD_mcweject_0.9/SGI_IRIX_6.2\
  /ibstat$%IBM_AIX_Version_6.1/7.1\(09-2013\)\
  /kcheckpass$%KDE_3.2.0_<-->_3.4.2_\(both_included\)\
@@ -42,7 +45,7 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\
  /newgrp$%HP-UX_10.20\
  /ntfs-3g$%Debian9/8/7/Ubuntu/Gentoo/others/Ubuntu_Server_16.10_and_others\(02-2017\)\
  /passwd$%Apple_Mac_OSX\(03-2006\)/Solaris_8/9\(12-2004\)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1\(02-1997\)\
- /pkexec$%Linux4.10_to_5.1.17\(CVE-2019-13272\)/rhel_6\(CVE-2011-1485\)\
+ /pkexec$%Linux4.10_to_5.1.17\(CVE-2019-13272\)/rhel_6\(CVE-2011-1485\)/Generic_CVE-2021-4034\
  /pppd$%Apple_Mac_OSX_10.4.8\(05-2007\)\
  /pt_chown$%GNU_glibc_2.1/2.1.1_-6\(08-1999\)\
  /pulseaudio$%\(Ubuntu_9.04/Slackware_12.2.0\)\

linPEAS/builder/linpeas_parts/variables/sudovB.sh

@@ -13,4 +13,4 @@
 # Small linpeas: 1
 
 
-sudovB="[01].[012345678].[0-9]+|1.9.[01234]|1.9.5p1"
+sudovB="[01].[012345678].[0-9]+|1.9.[01234][^0-9]|1.9.[01234]$|1.9.5p1"

winPEAS/winPEASexe/winPEAS/Checks/Checks.cs

@@ -75,7 +75,6 @@ namespace winPEAS.Checks
             //Check parameters
             bool isAllChecks = true;
             bool isFileSearchEnabled = false;
-            var searchEnabledChecks = new HashSet<string>() { "fileanalysis, filesinfo" };
             bool wait = false;
             FileStream fileStream = null;
             StreamWriter fileWriter = null;
@@ -94,7 +93,7 @@ namespace winPEAS.Checks
                 new SystemCheck("windowscreds", new WindowsCreds()),
                 new SystemCheck("browserinfo", new BrowserInfo()),
                 new SystemCheck("filesinfo", new FilesInfo()),
-                //new SystemCheck("fileanalysis", new FileAnalysis()),
+                new SystemCheck("fileanalysis", new FileAnalysis()),
             };
 
             var systemCheckAllKeys = new HashSet<string>(_systemChecks.Select(i => i.Key));
@@ -114,11 +113,16 @@ namespace winPEAS.Checks
                 if (string.Equals(arg, "fileanalysis", StringComparison.CurrentCultureIgnoreCase))
                 {
                     print_fileanalysis_warn = false;
+                    isFileSearchEnabled = true;
+                }
+
+                if (string.Equals(arg, "filesinfo", StringComparison.CurrentCultureIgnoreCase))
+                {
+                    isFileSearchEnabled = true;
                 }
 
                 if (string.Equals(arg, "all", StringComparison.CurrentCultureIgnoreCase))
                 {
-                    _systemChecks.Add(new SystemCheck("fileanalysis", new FileAnalysis()));
                     print_fileanalysis_warn = false;
                 }
 
@@ -269,15 +273,11 @@ namespace winPEAS.Checks
                 {
                     _systemCheckSelectedKeysHashSet.Add(argToLower);
                     isAllChecks = false;
-
-                    if (searchEnabledChecks.Contains(argToLower))
-                    {
-                        isFileSearchEnabled = true;
-                    }
                 }
             }
 
             if (print_fileanalysis_warn){
+                _systemChecks.RemoveAt(_systemChecks.Count - 1);
                 Beaprint.ColorPrint(" [!] If you want to run the file analysis checks (search sensitive information in files), you need to specify the 'fileanalysis' or 'all' argument. Note that this search might take several minutes. For help, run winpeass.exe --help", Beaprint.YELLOW);
             }
 

winPEAS/winPEASps1/winPEAS.ps1

@@ -1282,7 +1282,7 @@ $CCreds = @(".aws\credentials",
   ".azure\azureProfile.json") 
 foreach ($u in $users) {
   $CCreds | ForEach-Object {
-    if (Test-Path "c:\$u\$_") { Write-Host "$_ found!" -ForegroundColor Red }
+    if (Test-Path "c:\Users\$u\$_") { Write-Host "$_ found!" -ForegroundColor Red }
   }
 }