Merge pull request #458 from DidierA/macos_echo

Fix echo -n on macOS

build_lists/sensitive_files.yaml

@@ -1271,6 +1271,8 @@ search:
     value:
         config:
           auto_check: True
+          exec:
+            - '(pwsh -Command "Save-AzContext -Path /tmp/az-context3489ht.json" && cat /tmp/az-context3489ht.json && rm /tmp/az-context3489ht.json) || echo_not_found "pwsh"'
 
         files:
           #- name: "credentials"
@@ -1379,13 +1381,54 @@ search:
                   - common
 
           - name: "AzureRMContext.json"
+            value:
+                bad_regex: "Id.*|Credential.*"
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "clouds.config"
+            value: 
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "service_principal_entries.json"
             value: 
                 bad_regex: ".*"
                 type: f
                 search_in: 
                   - common
           
-          - name: "ErrorRecords" #Azure logs can contain creentials
+          - name: "msal_token_cache.json"
+            value: 
+                bad_regex: ".*"
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "msal_http_cache.bin"
+            value: 
+                just_list_file: True
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "service_principal_entries.bin"
+            value: 
+                just_list_file: True
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "msal_token_cache.bin"
+            value: 
+                just_list_file: True
+                type: f
+                search_in: 
+                  - common
+          
+          - name: "ErrorRecords" #Azure logs can contain crentials
             value: 
                 type: d
                 search_in: 

linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh

@@ -25,7 +25,7 @@ print_list "AWS Lambda? .......................... $is_aws_lambda\n"$NC | sed "s
 print_list "AWS Codebuild? ....................... $is_aws_codebuild\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "DO Droplet? .......................... $is_do\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "IBM Cloud VM? ........................ $is_ibm_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
-print_list "Azure VM? ............................ $is_az_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
+print_list "Azure VM or Az metadata? ............. $is_az_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "Azure APP? ........................... $is_az_app\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "Azure Automation Account? ............ $is_az_automation_acc\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "Aliyun ECS? .......................... $is_aliyun_ecs\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"

linPEAS/builder/linpeas_parts/4_procs_crons_timers_srvcs_sockets/4_Processes_PPID_different_user.sh

@@ -28,9 +28,9 @@ if ! [ "$SEARCH_IN_FOLDER" ] && ! [ "$NOUSEPS" ]; then
       continue
     fi
     ppid_user=$(get_user_by_pid "$ppid")
-    if echo "$user" | grep -Eqv "$ppid_user|root$"; then
+    if echo "$ppid_user" | grep -Eqv "$user|root$"; then
       echo "Proc $pid with ppid $ppid is run by user $user but the ppid user is $ppid_user" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED},"
     fi
   done
   echo ""
-fi
+fi

linPEAS/builder/linpeas_parts/9_interesting_files/28_Files_with_passwords.sh

@@ -19,7 +19,7 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
   print_2title "Searching possible password variables inside key folders (limit 140)"
   if ! [ "$SEARCH_IN_FOLDER" ]; then
     timeout 150 find $HOMESEARCH -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
-    timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
+    timeout 150 find /var/www $backup_folders_row /tmp /etc /mnt /private -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
   else
     timeout 150 find $SEARCH_IN_FOLDER -exec grep -HnRiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" '{}' \; 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" &
   fi
@@ -29,12 +29,12 @@ if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then
   ##-- IF) Find possible conf files with passwords
   print_2title "Searching possible password in config files (if k8s secrets are found you need to read the file)"
   if ! [ "$SEARCH_IN_FOLDER" ]; then
-    ppicf=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ /etc /opt /tmp /private /Applications /mnt -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
+    ppicf=$(timeout 150 find $HOMESEARCH /var/www/ /usr/local/www/ /etc /opt /tmp /private /Applications /mnt -name "*.conf" -o -name "*.cnf" -o -name "*.config" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" 2>/dev/null)
   else
-    ppicf=$(timeout 150 find $SEARCH_IN_FOLDER -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null)
+    ppicf=$(timeout 150 find $SEARCH_IN_FOLDER -name "*.conf" -o -name "*.cnf" -o -name "*.config" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" 2>/dev/null)
   fi
   printf "%s\n" "$ppicf" | while read f; do
-    if grep -qEiI 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encryption\-provider\-config' \"$f\" 2>/dev/null; then
+    if grep -qEiI 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encryption\-provider\-config' "$f" 2>/dev/null; then
       echo "$ITALIC $f$NC"
       grep -HnEiIo 'passwd.*|creden.*|^kind:\W?Secret|\Wenv:|\Wsecret:|\WsecretName:|^kind:\W?EncryptionConfiguration|\-\-encryption\-provider\-config' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g"
     fi

linPEAS/builder/linpeas_parts/functions/check_az_vm.sh

@@ -8,7 +8,7 @@
 # Functions Used:
 # Global Variables:
 # Initial Functions:
-# Generated Global Variables: $is_az_vm
+# Generated Global Variables: $is_az_vm, $meta_response
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -16,10 +16,28 @@
 check_az_vm(){
   is_az_vm="No"
 
+  # 1. Check if the Azure log directory exists
   if [ -d "/var/log/azure/" ]; then
     is_az_vm="Yes"
-  
-  elif cat /etc/resolv.conf 2>/dev/null | grep -q "search reddog.microsoft.com"; then
+
+  # 2. Check if 'reddog.microsoft.com' is found in /etc/resolv.conf
+  elif grep -q "search reddog.microsoft.com" /etc/resolv.conf 2>/dev/null; then
     is_az_vm="Yes"
+
+  else
+    # 3. Try querying the Azure Metadata Service for more wide support (e.g. Azure Container Registry tasks need this)
+    if command -v curl &> /dev/null; then
+      meta_response=$(curl -s --max-time 2 \
+        "http://169.254.169.254/metadata/identity/oauth2/token")
+      if echo "$meta_response" | grep -q "Missing"; then
+        is_az_vm="Yes"
+      fi
+    elif command -v wget &> /dev/null; then
+      meta_response=$(wget -qO- --timeout=2 \
+        "http://169.254.169.254/metadata/identity/oauth2/token")
+      if echo "$meta_response" | grep -q "Missing"; then
+        is_az_vm="Yes"
+      fi
+    fi
   fi
-}
+}

linPEAS/builder/linpeas_parts/linpeas_base/0_variables_base.sh

@@ -188,6 +188,9 @@ if [ $? -ne 0 ] ; then
 	fi
 fi
 
+# on macOS the built-in echo does not support -n, use /bin/echo instead
+if [ "$MACPEAS" ] ; then alias echo=/bin/echo ; fi
+
 print_title(){
   if [ "$DEBUG" ]; then
     END_T1_TIME=$(date +%s 2>/dev/null)

winPEAS/winPEASexe/winPEAS/Checks/CloudInfo.cs

@@ -21,6 +21,7 @@ namespace winPEAS.Checks
             {
                new AWSInfo(),
                new AzureInfo(),
+               new AzureTokensInfo(),
                new GCPInfo(),
                new GCPJoinedInfo(),
                new GCDSInfo(),
@@ -57,36 +58,31 @@ namespace winPEAS.Checks
 
                             foreach (var endpointData in endpointDataList)
                             {
-                                var colors = new Dictionary<string, string>
-                                {
-                                    { endpointData.EndpointName, Beaprint.GRAY }
-                                };
+                                string msgcolor = Beaprint.NOCOLOR;
 
                                 string message;
                                 if (!string.IsNullOrEmpty(endpointData.Data))
                                 {
                                     message = endpointData.Data;
                                     // if it is a JSON data, add additional newline so it's displayed on a separate line
-                                    if (message.StartsWith("{"))
+                                    if (message.StartsWith("{") || message.StartsWith("["))
                                     {
                                         message = $"\n{message}\n";
                                     }
 
                                     if (endpointData.IsAttackVector)
                                     {
-                                        colors.Add(message, Beaprint.ansi_color_bad);
-                                    }
-                                    else
-                                    {
-                                        colors.Add(message, Beaprint.ansi_color_gray);
+                                        msgcolor = Beaprint.ansi_color_bad;
                                     }
                                 }
                                 else
                                 {
                                     message = "No data received from the metadata endpoint";
+                                    msgcolor = Beaprint.ansi_color_gray;
                                 }
 
-                                Beaprint.ColorPrint($"{endpointData.EndpointName,-30}{message}", Beaprint.ansi_color_gray);
+                                Beaprint.ColorPrint($"{endpointData.EndpointName,-30}", Beaprint.ansi_users_active);
+                                Beaprint.ColorPrint(message, msgcolor);
                             }
 
                             Beaprint.GrayPrint("");

winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureTokensInfo.cs

@@ -0,0 +1,288 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+using winPEAS.Helpers;
+using System.Data.SQLite;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Modes;
+using System.Linq;
+using Microsoft.Win32;
+using System.Web.Script.Serialization;
+using System;
+using System.IO;
+using System.Text.Json;
+using System.Text.Json.Nodes;
+
+
+namespace winPEAS.Info.CloudInfo
+{
+    internal class AzureTokensInfo : CloudInfoBase
+    {
+        public override string Name => "Azure Tokens";
+
+        public override bool IsCloud => CheckIfAzureTokensInstalled();
+
+        private Dictionary<string, List<EndpointData>> _endpointData = null;
+
+        public static bool CheckIfAzureTokensInstalled()
+        {
+            string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
+            string AzureFolderPath = Path.Combine(homeDirectory, ".Azure");
+            string azureFolderPath = Path.Combine(homeDirectory, ".azure");
+
+            string identityCachePath = Path.Combine(
+                Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+                "Microsoft",
+                "IdentityCache"
+            );
+
+            string tokenBrokerPath = Path.Combine(
+                Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+                "Microsoft",
+                "TokenBroker"
+            );
+
+            return Directory.Exists(AzureFolderPath) || Directory.Exists(azureFolderPath) || Directory.Exists(identityCachePath) || Directory.Exists(tokenBrokerPath);
+        }
+
+        public static string TBRESDecryptedData(string filePath)
+        {
+            var fileJSON = File.ReadAllText(filePath, Encoding.Unicode);
+            fileJSON = fileJSON.Substring(0, fileJSON.Length - 1);
+
+            try
+            {
+                var jsonObject = JsonNode.Parse(fileJSON).AsObject();
+                var encodedData = jsonObject["TBDataStoreObject"]["ObjectData"]["SystemDefinedProperties"]["ResponseBytes"]["Value"].ToString();
+                var encryptedData = Convert.FromBase64String(encodedData);
+                var decryptedData = ProtectedData.Unprotect(encryptedData, null, DataProtectionScope.CurrentUser);
+                string decodedData = Encoding.UTF8.GetString(decryptedData);
+
+                if (decodedData.Contains("No Token"))
+                {
+                    return "";
+                }
+
+                return decodedData;
+
+            }
+            catch (System.Exception)
+            {
+                Beaprint.PrintException($"[!] Error Decrypting File: {filePath}");
+                return "";
+            }
+        }
+
+
+        private List<EndpointData> GetAzureCliValues()
+        {
+            Dictionary<string, string> AzureCliValues = new Dictionary<string, string>();
+            string homeDirectory = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
+            string AzureFolderPath = Path.Combine(homeDirectory, ".Azure");
+            string azureFolderPath = Path.Combine(homeDirectory, ".azure");
+
+            string azureHomePath = azureFolderPath;
+
+            if (Directory.Exists(AzureFolderPath))
+            {
+                azureHomePath = AzureFolderPath;
+            };
+
+            if (Directory.Exists(azureHomePath))
+            {
+
+                // Files that doesn't need decryption
+                string[] fileNames = {
+                @"azureProfile.json",
+                @"clouds.config",
+                @"service_principal_entries.json",
+                @"msal_token_cache.json"
+            };
+
+                foreach (string fileName in fileNames)
+                {
+                    string filePath = Path.Combine(azureHomePath, fileName);
+                    // Check if the file exists
+                    if (File.Exists(filePath))
+                    {
+                        try
+                        {
+                            // Read the file content
+                            string fileContent = File.ReadAllText(filePath);
+
+                            // Add the file path and content to the dictionary
+                            AzureCliValues[filePath] = fileContent;
+                        }
+                        catch (Exception ex)
+                        {
+                            Beaprint.PrintException($"Error reading file '{filePath}': {ex.Message}");
+                        }
+                    }
+                }
+            }
+
+
+
+            // Get the IdentityCache directory path and encrypted files with tokens
+            string identityCachePath = Path.Combine(
+                Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+                "Microsoft",
+                "IdentityCache"
+            );
+
+            string[] binFiles = { };
+
+            // Check if the directory exists
+            if (!Directory.Exists(identityCachePath))
+            {
+                Beaprint.PrintException($"The directory '{identityCachePath}' does not exist.");
+            }
+
+            try
+            {
+                // Recursively find all *.bin files
+                binFiles = Directory.GetFiles(identityCachePath, "*.bin", SearchOption.AllDirectories);
+            }
+            catch (Exception ex)
+            {
+                Beaprint.PrintException($"An error occurred while scanning the identityCache directory: {ex.Message}");
+            }
+            
+
+            // Files that need decryption
+            string[] fileNamesEncrp = {
+                @"service_principal_entries.bin",
+                @"msal_token_cache.bin"
+            };
+
+            foreach (string fileName in fileNamesEncrp.Concat(binFiles).ToArray())//.Concat(tbFiles).ToArray())
+            {
+                string filePath = fileName;
+
+                if (!fileName.Contains("\\"))
+                {
+                    filePath = Path.Combine(azureHomePath, fileName);
+                }
+
+                try
+                {
+                    if (File.Exists(filePath))
+                    {
+                        // Read encrypted file
+                        byte[] encryptedData = File.ReadAllBytes(filePath);
+
+                        // Decrypt using DPAPI for the current user
+                        byte[] decryptedData = ProtectedData.Unprotect(
+                            encryptedData,
+                            null,
+                            DataProtectionScope.CurrentUser
+                        );
+
+                        // Write decrypted data to output file
+                        AzureCliValues[filePath] = Encoding.UTF8.GetString(decryptedData);
+                    }
+
+                }
+                catch (CryptographicException ex)
+                {
+                    Beaprint.PrintException($"Decrypting {filePath} failed: {ex.Message}");
+                }
+                catch (Exception ex)
+                {
+                    Beaprint.PrintException($"An error occurred: {ex.Message}");
+                }
+            }
+
+
+            //TBRES files
+            string tokenBrokerPath = Path.Combine(
+                Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+                "Microsoft",
+                "TokenBroker"
+            );
+
+            string[] tbFiles = { };
+
+            // Check if the directory exists
+            if (!Directory.Exists(tokenBrokerPath))
+            {
+                Beaprint.PrintException($"The directory '{tokenBrokerPath}' does not exist.");
+            }
+
+            try
+            {
+                // Recursively find all *.bin files
+                tbFiles = Directory.GetFiles(tokenBrokerPath, "*.tbres", SearchOption.AllDirectories);
+            }
+            catch (Exception ex)
+            {
+                Beaprint.PrintException($"An error occurred while scanning the Token Broker directory: {ex.Message}");
+            }
+
+            foreach (string filePath in tbFiles)
+            {
+                string TBRESContent = TBRESDecryptedData(filePath);
+                if (TBRESContent.Length > 0)
+                    AzureCliValues[filePath] = TBRESContent;
+            }
+
+            // Format the info in expected CloudInfo format
+            List<EndpointData> _endpointDataList = new List<EndpointData>();
+
+            foreach (var kvp in AzureCliValues)
+            {
+                _endpointDataList.Add(new EndpointData()
+                {
+                    EndpointName = kvp.Key,
+                    Data = kvp.Value?.Trim(),
+                    IsAttackVector = false
+                });
+            }
+
+            return _endpointDataList;
+        }
+        
+
+        public override Dictionary<string, List<EndpointData>> EndpointDataList()
+        {
+            if (_endpointData == null)
+            {
+                _endpointData = new Dictionary<string, List<EndpointData>>();
+
+                try
+                {
+                    if (IsAvailable)
+                    {
+                        _endpointData.Add("Local Info", GetAzureCliValues());
+                    }
+                    else
+                    {
+                        _endpointData.Add("General Info", new List<EndpointData>()
+                        {
+                            new EndpointData()
+                            {
+                                EndpointName = "",
+                                Data = null,
+                                IsAttackVector = false
+                            }
+                        });
+                    }
+                }
+                catch (Exception ex)
+                {
+                    Beaprint.PrintException(ex.Message);
+                }
+            }
+
+            return _endpointData;
+        }
+
+        public override bool TestConnection()
+        {
+            return true;
+        }
+    }
+}

winPEAS/winPEASexe/winPEAS/packages.config

@@ -4,7 +4,7 @@
   <package id="Costura.Fody" version="5.7.0" targetFramework="net48" developmentDependency="true" />
   <package id="EntityFramework" version="6.4.4" targetFramework="net452" />
   <package id="Fody" version="6.5.5" targetFramework="net48" developmentDependency="true" />
-  <package id="Microsoft.Bcl.AsyncInterfaces" version="8.0.0" targetFramework="net48" />
+  <package id="Microsoft.Bcl.AsyncInterfaces" version="9.0.1" targetFramework="net48" />
   <package id="Microsoft.NETCore.Platforms" version="1.1.0" targetFramework="net48" />
   <package id="Microsoft.Win32.Primitives" version="4.3.0" targetFramework="net48" />
   <package id="NETStandard.Library" version="1.6.1" targetFramework="net48" />
@@ -30,6 +30,7 @@
   <package id="System.IO.Compression.ZipFile" version="4.3.0" targetFramework="net48" />
   <package id="System.IO.FileSystem" version="4.3.0" targetFramework="net48" />
   <package id="System.IO.FileSystem.Primitives" version="4.3.0" targetFramework="net48" />
+  <package id="System.IO.Pipelines" version="9.0.1" targetFramework="net48" />
   <package id="System.Linq" version="4.3.0" targetFramework="net48" />
   <package id="System.Linq.Expressions" version="4.3.0" targetFramework="net48" />
   <package id="System.Memory" version="4.5.5" targetFramework="net48" />
@@ -55,7 +56,8 @@
   <package id="System.Security.Cryptography.X509Certificates" version="4.3.0" targetFramework="net48" />
   <package id="System.Text.Encoding" version="4.3.0" targetFramework="net48" />
   <package id="System.Text.Encoding.Extensions" version="4.3.0" targetFramework="net48" />
-  <package id="System.Text.Encodings.Web" version="8.0.0" targetFramework="net48" />
+  <package id="System.Text.Encodings.Web" version="9.0.1" targetFramework="net48" />
+  <package id="System.Text.Json" version="9.0.1" targetFramework="net48" />
   <package id="System.Text.RegularExpressions" version="4.3.1" targetFramework="net48" />
   <package id="System.Threading" version="4.3.0" targetFramework="net48" />
   <package id="System.Threading.Tasks" version="4.3.0" targetFramework="net48" />

winPEAS/winPEASexe/winPEAS/winPEAS.csproj

@@ -129,8 +129,8 @@
     <Reference Include="EntityFramework.SqlServer, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL">
       <HintPath>..\packages\EntityFramework.6.4.4\lib\net45\EntityFramework.SqlServer.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.8.0.0\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
+    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=9.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.9.0.1\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Win32.Primitives, Version=4.0.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Win32.Primitives.4.3.0\lib\net46\Microsoft.Win32.Primitives.dll</HintPath>
@@ -203,6 +203,9 @@
       <Private>True</Private>
       <Private>True</Private>
     </Reference>
+    <Reference Include="System.IO.Pipelines, Version=9.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IO.Pipelines.9.0.1\lib\net462\System.IO.Pipelines.dll</HintPath>
+    </Reference>
     <Reference Include="System.Linq, Version=4.1.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Linq.4.3.0\lib\net463\System.Linq.dll</HintPath>
       <Private>True</Private>
@@ -280,8 +283,11 @@
       <Private>True</Private>
     </Reference>
     <Reference Include="System.ServiceProcess" />
-    <Reference Include="System.Text.Encodings.Web, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Text.Encodings.Web.8.0.0\lib\net462\System.Text.Encodings.Web.dll</HintPath>
+    <Reference Include="System.Text.Encodings.Web, Version=9.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Text.Encodings.Web.9.0.1\lib\net462\System.Text.Encodings.Web.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Text.Json, Version=9.0.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Text.Json.9.0.1\lib\net462\System.Text.Json.dll</HintPath>
     </Reference>
     <Reference Include="System.Text.RegularExpressions, Version=4.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
       <HintPath>..\packages\System.Text.RegularExpressions.4.3.1\lib\net463\System.Text.RegularExpressions.dll</HintPath>
@@ -1220,6 +1226,7 @@
     <Compile Include="Info\CloudInfo\AWSInfo.cs" />
     <Compile Include="Info\CloudInfo\AzureInfo.cs" />
     <Compile Include="Info\CloudInfo\EndpointData.cs" />
+    <Compile Include="Info\CloudInfo\AzureTokensInfo.cs" />
     <Compile Include="Info\CloudInfo\GPSInfo.cs" />
     <Compile Include="Info\CloudInfo\GCDSInfo.cs" />
     <Compile Include="Info\CloudInfo\GWorkspaceInfo.cs" />