diff --git a/CHANGELOG.md b/CHANGELOG.md index e41daf6..871dbc0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,22 @@ # Changelog -## V0.2 (release 30-08/2013) +## V0.4 (release 05-8-2013) +Additions +* Added basic usage details to display on start-up +* Added cron.deny/cron.allow checks + +Modifications +* Fixed printing of scan start date when output is saved to file +* Tidied up output when output is saved to a file + +## V0.3 (release 30-08-2013) +Edited by Nikhil Sreekumar (@roo7break) +Enhancements +* Support for multiple keywords for searching added (space separated) +* Search for keywords optimised +* Store output to file and pass seach keywords from command line (e.g. ./LinEnum.sh output.txt "password credential username" + +## V0.2 (release 30-08-2013) Additions * Date/time is displayed when the scan is started * Checks for word-readable files in /home and displays positive matches diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md new file mode 100644 index 0000000..47e64cb --- /dev/null +++ b/CONTRIBUTORS.md @@ -0,0 +1 @@ +Many thanks to @roo7break (http://roo7break.co.uk/) for the added reporting functionality added to version 3 \ No newline at end of file diff --git a/LinEnum.sh b/LinEnum.sh index b217080..4f216f8 100755 --- a/LinEnum.sh +++ b/LinEnum.sh @@ -1,728 +1,1534 @@ #!/bin/bash #A simple script to enumerate local information from a Linux host -#version 0.2 +#version 0.3 #@oshearing - -echo -e "\n\e[00;30m#########################################################\e[00m" -echo -e "\e[00;34mLocal Linux Enumeration & Privilege Escalation Script\e[00m" -echo -e "\e[00;30m#########################################################\e[00m" -echo -e "\e[00;30m# www.rebootuser.com\e[00m" -echo -e "\e[00;30m# version 0.2\e[00m\n" +#@roo7break (further enhancements) + +#option to store to a file +outfile="$1" + +if [ "$outfile" ]; then + echo -e "#########################################################" >> $outfile + echo -e "Local Linux Enumeration & Privilege Escalation Script" >> $outfile + echo -e "#########################################################" >> $outfile + echo -e "# www.rebootuser.com" >> $outfile + echo -e "# version 0.4" >> $outfile + echo -e "For silent (and clean output) Outfile and keyword(s) can be supplied from the command line:\n" >> $outfile + echo -e "usage ./LinEnum.sh outfile.txt 'keyword1 keyword2'\n" >> $outfile +else + echo -e "\n\e[00;30m#########################################################\e[00m" + echo -e "\e[00;34mLocal Linux Enumeration & Privilege Escalation Script\e[00m" + echo -e "\e[00;30m#########################################################\e[00m" + echo -e "\e[00;30m# www.rebootuser.com\e[00m" + echo -e "\e[00;30m# version 0.4\e[00m\n" + echo -e "\e[00;34mFor silent (and clean output) Outfile and keyword(s) can be supplied from the command line:\e[00m\n" + echo -e "\e[00;34musage ./LinEnum.sh outfile.txt 'keyword1 keyword2'\e[00m\n" +fi #enter a single keyword that'll be used to search within *.conf, *.log & *.ini files. -echo "Enter a keyword that'll be used to search in *.conf, *.log and *.ini files (i.e. password)" -read keyword +if [ "$outfile" ]; then + echo "Enter keywords (space separated) that'll be used to search in *.conf, *.log and *.ini files (e.g. password cred)" >> $outfile + #accepts search keywords from commandline + keyword="$2" + echo -e "$keyword" >> $outfile +else + echo "Enter keywords (space separated) that'll be used to search in *.conf, *.log and *.ini files (e.g. password cred)" + #accepts search keywords from commandline + read keyword +fi who=`whoami` -echo -e "\n" -echo -e "\e[00;30mScan started at:"; date -echo -e "\e[00m\n" +if [ "$outfile" ]; then + echo -e "\n" >> $outfile + thedate=`date` + echo -e "Scan started at: $thedate" >> $outfile + echo -e "\n" >> $outfile +else + echo -e "\n" + echo -e "\e[00;30mScan started at:"; date + echo -e "\e[00m\n" +fi -echo -e "\e[00;34m### SYSTEM ##############################################\e[00m" +if [ "$outfile" ]; then + echo -e "### SYSTEM ##############################################" >> $outfile +else + echo -e "\e[00;34m### SYSTEM ##############################################\e[00m" +fi unameinfo=`uname -a 2>/dev/null` -if [ "$unameinfo" ]; then - echo -e "\e[00;31mKernel information:\e[00m\n$unameinfo" - echo -e "\n" -else - : + +if [ "$outfile" ]; then + if [ "$unameinfo" ]; then + echo -e "Kernel information:\n$unameinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$unameinfo" ]; then + echo -e "\e[00;31mKernel information:\e[00m\n$unameinfo" + echo -e "\n" + else + : + fi fi procver=`cat /proc/version 2>/dev/null` -if [ "$procver" ]; then - echo -e "\e[00;31mKernel information (continued):\e[00m\n$procver" - echo -e "\n" -else - : + +if [ "$outfile" ];then + if [ "$procver" ]; then + echo -e "Kernel information (continued):\n$procver" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$procver" ]; then + echo -e "\e[00;31mKernel information (continued):\e[00m\n$procver" + echo -e "\n" + else + : + fi fi #search all *-release files for version info release=`cat /etc/*-release 2>/dev/null` -if [ "$release" ]; then - echo -e "\e[00;31mSpecific release information:\e[00m\n$release" - echo -e "\n" -else - : + +if [ "$outfile" ];then + if [ "$release" ]; then + echo -e "Specific release information:\n$release" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$release" ]; then + echo -e "\e[00;31mSpecific release information:\e[00m\n$release" + echo -e "\n" + else + : + fi fi hostnamed=`hostname 2>/dev/null` -if [ "$hostnamed" ]; then - echo -e "\e[00;31mHostname:\e[00m\n$hostnamed" - echo -e "\n" -else - : + +if [ "$outfile" ];then + if [ "$hostnamed" ]; then + echo -e "Hostname:\n$hostnamed" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$hostnamed" ]; then + echo -e "\e[00;31mHostname:\e[00m\n$hostnamed" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### USER/GROUP ##########################################\e[00m" +if [ "$outfile" ]; then + echo -e "### USER/GROUP ##########################################" >> $outfile +else + echo -e "\e[00;34m### USER/GROUP ##########################################\e[00m" +fi currusr=`id 2>/dev/null` -if [ "$currusr" ]; then - echo -e "\e[00;31mCurrent user/group info:\e[00m\n$currusr" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$currusr" ]; then + echo -e "Current user/group info:\n$currusr" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$currusr" ]; then + echo -e "\e[00;31mCurrent user/group info:\e[00m\n$currusr" + echo -e "\n" + else + : + fi fi grpinfo=`getent group $who 2>/dev/null` -if [ "$grpinfo" ]; then - echo -e "\e[00;31mAll members of 'our' group(s):\e[00m\n$grpinfo" - echo -e "\n" -else - : +if [ "$outfile" ];then + if [ "$grpinfo" ]; then + echo -e "All members of 'our' group(s):\n$grpinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$grpinfo" ]; then + echo -e "\e[00;31mAll members of 'our' group(s):\e[00m\n$grpinfo" + echo -e "\n" + else + : + fi fi lastlogedonusrs=`lastlog |grep -v "Never" 2>/dev/null` -if [ "$lastlogedonusrs" ]; then - echo -e "\e[00;31mUsers that have previously logged onto the system:\e[00m\n$lastlogedonusrs" - echo -e "\n" -else - : +if [ "$outfile" ];then + if [ "$lastlogedonusrs" ]; then + echo -e "Users that have previously logged onto the system:\n$lastlogedonusrs" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$lastlogedonusrs" ]; then + echo -e "\e[00;31mUsers that have previously logged onto the system:\e[00m\n$lastlogedonusrs" + echo -e "\n" + else + : + fi fi usrsinfo=`cat /etc/passwd | cut -d ":" -f 1,2,3,4 2>/dev/null` -if [ "$usrsinfo" ]; then - echo -e "\e[00;31mAll users and uid/gid info:\e[00m\n$usrsinfo" - echo -e "\n" -else - : +if [ "$outfile" ];then + if [ "$usrsinfo" ]; then + echo -e "All users and uid/gid info:\n$usrsinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$usrsinfo" ]; then + echo -e "\e[00;31mAll users and uid/gid info:\e[00m\n$usrsinfo" + echo -e "\n" + else + : + fi fi hashesinpasswd=`grep -v '^[^:]*:[x]' /etc/passwd 2>/dev/null` -if [ "$hashesinpasswd" ]; then - echo -e "\e[00;33mIt looks like we have password hashes in /etc/passwd!\e[00m\n$hashesinpasswd" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$hashesinpasswd" ]; then + echo -e "It looks like we have password hashes in /etc/passwd!\n$hashesinpasswd" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$hashesinpasswd" ]; then + echo -e "\e[00;33mIt looks like we have password hashes in /etc/passwd!\e[00m\n$hashesinpasswd" + echo -e "\n" + else + : + fi fi - + #locate custom user accounts with some 'known default' uids readpasswd=`grep -v "^#" /etc/passwd | awk -F: '$3 == 0 || $3 == 500 || $3 == 501 || $3 == 502 || $3 == 1000 || $3 == 1001 || $3 == 1002 || $3 == 2000 || $3 == 2001 || $3 == 2002 { print }'` -if [ "$readpasswd" ]; then - echo -e "\e[00;31mSample entires from /etc/passwd (searching for uid values 0, 500, 501, 502, 1000, 1001, 1002, 2000, 2001, 2002):\e[00m\n$readpasswd" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$readpasswd" ]; then + echo -e "Sample entires from /etc/passwd (searching for uid values 0, 500, 501, 502, 1000, 1001, 1002, 2000, 2001, 2002):\n$readpasswd" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$readpasswd" ]; then + echo -e "\e[00;31mSample entires from /etc/passwd (searching for uid values 0, 500, 501, 502, 1000, 1001, 1002, 2000, 2001, 2002):\e[00m\n$readpasswd" + echo -e "\n" + else + : + fi fi readshadow=`cat /etc/shadow 2>/dev/null` -if [ "$readshadow" ]; then - echo -e "\e[00;33m***We can read the shadow file!\e[00m\n$readshadow" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$readshadow" ]; then + echo -e "***We can read the shadow file!\n$readshadow" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$readshadow" ]; then + echo -e "\e[00;33m***We can read the shadow file!\e[00m\n$readshadow" + echo -e "\n" + else + : + fi fi readmasterpasswd=`cat /etc/master.passwd 2>/dev/null` -if [ "$readmasterpasswd" ]; then - echo -e "\e[00;33m***We can read the master.passwd file!\e[00m\n$readmasterpasswd" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$readmasterpasswd" ]; then + echo -e "***We can read the master.passwd file!\n$readmasterpasswd" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$readmasterpasswd" ]; then + echo -e "\e[00;33m***We can read the master.passwd file!\e[00m\n$readmasterpasswd" + echo -e "\n" + else + : + fi fi #all root accounts (uid 0) -echo -e "\e[00;31mSuper user account(s):\e[00m"; grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' -echo -e "\n" +if [ "$outfile" ]; then + echo -e "Super user account(s):" >> $outfile; grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1 }' >> $outfile + echo -e "\n" >> $outfile +else + echo -e "\e[00;31mSuper user account(s):\e[00m"; grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' + echo -e "\n" +fi #pull out vital sudoers info sudoers=`cat /etc/sudoers 2>/dev/null` -if [ "$sudoers" ]; then - echo -e "\e[00;31mSudoers configuration:\e[00m"; cat /etc/sudoers 2>/dev/null | grep -A 1 "User priv"; cat /etc/sudoers | grep -A 1 "Allow" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$sudoers" ]; then + echo -e "Sudoers configuration:" >> $outfile; cat /etc/sudoers 2>/dev/null | grep -A 1 "User priv" >> $outfile; cat /etc/sudoers | grep -A 1 "Allow" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$sudoers" ]; then + echo -e "\e[00;31mSudoers configuration:\e[00m"; cat /etc/sudoers 2>/dev/null | grep -A 1 "User priv"; cat /etc/sudoers | grep -A 1 "Allow" + echo -e "\n" + else + : + fi fi #can we sudo without supplying a password sudoperms=`echo '' | sudo -S -l 2>/dev/null` -if [ "$sudoperms" ]; then - echo -e "\e[00;33mWe can sudo without supplying a password!\e[00m\n$sudoperms" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$sudoperms" ]; then + echo -e "We can sudo without supplying a password!\n$sudoperms" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$sudoperms" ]; then + echo -e "\e[00;33mWe can sudo without supplying a password!\e[00m\n$sudoperms" + echo -e "\n" + else + : + fi fi #known 'good' breakout binaries sudopwnage=`echo '' | sudo -S -l 2>/dev/null | grep -w 'nmap\|perl\|'awk'\|'find'\|'bash'\|'sh'\|'man'\|'more'\|'less'\|'vi'\|'vim'\|'nc'\|'netcat'\|python\|ruby\|lua\|irb' | xargs -r ls -la 2>/dev/null` -if [ "$sudopwnage" ]; then - echo -e "\e[00;33m***Possible Sudo PWNAGE!\e[00m\n$sudopwnage" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$sudopwnage" ]; then + echo -e "***Possible Sudo PWNAGE!\n$sudopwnage" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$sudopwnage" ]; then + echo -e "\e[00;33m***Possible Sudo PWNAGE!\e[00m\n$sudopwnage" + echo -e "\n" + else + : + fi fi rthmdir=`ls -ahl /root/ 2>/dev/null` -if [ "$rthmdir" ]; then - echo -e "\e[00;33m***We can read root's home directory!\e[00m\n$rthmdir" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$rthmdir" ]; then + echo -e "***We can read root's home directory!\n$rthmdir" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$rthmdir" ]; then + echo -e "\e[00;33m***We can read root's home directory!\e[00m\n$rthmdir" + echo -e "\n" + else + : + fi fi homedirperms=`ls -ahl /home/ 2>/dev/null` -if [ "$homedirperms" ]; then - echo -e "\e[00;31mAre permissions on /home directories lax:\e[00m\n$homedirperms" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$homedirperms" ]; then + echo -e "Are permissions on /home directories lax:\n$homedirperms" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$homedirperms" ]; then + echo -e "\e[00;31mAre permissions on /home directories lax:\e[00m\n$homedirperms" + echo -e "\n" + else + : + fi fi wrfileshm=`find /home/ -perm -4 -type f -exec ls -al {} \; 2>/dev/null` -if [ "$wrfileshm" ]; then - echo -e "\e[00;31mWorld-readable files within /home:\e[00m\n$wrfileshm" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$wrfileshm" ]; then + echo -e "World-readable files within /home:\n$wrfileshm" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$wrfileshm" ]; then + echo -e "\e[00;31mWorld-readable files within /home:\e[00m\n$wrfileshm" + echo -e "\n" + else + : + fi fi homedircontents=`ls -ahl ~ 2>/dev/null` -if [ "$homedircontents" ]; then - echo -e "\e[00;31mHome directory contents:\e[00m\n$homedircontents" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$homedircontents" ]; then + echo -e "Home directory contents:\n$homedircontents" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$homedircontents" ]; then + echo -e "\e[00;31mHome directory contents:\e[00m\n$homedircontents" + echo -e "\n" + else + : + fi fi sshfiles=`find / -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" 2>/dev/null |xargs -r ls -la` -if [ "$sshfiles" ]; then - echo -e "\e[00;31mSSH keys/host information found in the following locations:\e[00m\n$sshfiles" - echo -e "\n" -else - : +if [ "$outfile" ];then + if [ "$sshfiles" ]; then + echo -e "SSH keys/host information found in the following locations:\n$sshfiles" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$sshfiles" ]; then + echo -e "\e[00;31mSSH keys/host information found in the following locations:\e[00m\n$sshfiles" + echo -e "\n" + else + : + fi fi sshrootlogin=`grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | awk '{print $2}'` -if [ "$sshrootlogin" = "yes" ]; then - echo -e "\e[00;31mRoot is allowed to login via SSH:\e[00m"; grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$sshrootlogin" = "yes" ]; then + echo -e "Root is allowed to login via SSH:" >> $outfile; grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$sshrootlogin" = "yes" ]; then + echo -e "\e[00;31mRoot is allowed to login via SSH:\e[00m"; grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### ENVIRONMENTAL #######################################\e[00m" +if [ "$outfile" ]; then + echo -e "### ENVIRONMENTAL #######################################" >> $outfile +else + echo -e "\e[00;34m### ENVIRONMENTAL #######################################\e[00m" +fi pathinfo=`echo $PATH 2>/dev/null` -if [ "$pathinfo" ]; then - echo -e "\e[00;31mPath information:\e[00m\n$pathinfo" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$pathinfo" ]; then + echo -e "Path information:\n$pathinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$pathinfo" ]; then + echo -e "\e[00;31mPath information:\e[00m\n$pathinfo" + echo -e "\n" + else + : + fi fi shellinfo=`cat /etc/shells 2>/dev/null` -if [ "$shellinfo" ]; then - echo -e "\e[00;31mAvailable shells:\e[00m\n$shellinfo" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$shellinfo" ]; then + echo -e "Available shells:\n$shellinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$shellinfo" ]; then + echo -e "\e[00;31mAvailable shells:\e[00m\n$shellinfo" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### JOBS/TASKS ##########################################\e[00m" +if [ "$outfile" ]; then + echo -e "### JOBS/TASKS ##########################################" >> $outfile +else + echo -e "\e[00;34m### JOBS/TASKS ##########################################\e[00m" +fi cronjobs=`ls -la /etc/cron* 2>/dev/null` -if [ "$cronjobs" ]; then - echo -e "\e[00;31mCron jobs:\e[00m\n$cronjobs" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$cronjobs" ]; then + echo -e "Cron jobs:\n$cronjobs" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$cronjobs" ]; then + echo -e "\e[00;31mCron jobs:\e[00m\n$cronjobs" + echo -e "\n" + else + : + fi fi cronjobwwperms=`find /etc/cron* -perm -0002 -exec ls -la {} \; -exec cat {} 2>/dev/null \;` -if [ "$cronjobwwperms" ]; then - echo -e "\e[00;33m***World-writable cron jobs and file contents:\e[00m\n$cronjobwwperms" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$cronjobwwperms" ]; then + echo -e "***World-writable cron jobs and file contents:\n$cronjobwwperms" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$cronjobwwperms" ]; then + echo -e "\e[00;33m***World-writable cron jobs and file contents:\e[00m\n$cronjobwwperms" + echo -e "\n" + else + : + fi fi crontab=`cat /etc/crontab 2>/dev/null` -if [ "$crontab" ]; then - echo -e "\e[00;31mCrontab contents:\e[00m\n$crontab" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$crontab" ]; then + echo -e "Crontab contents:\n$crontab" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$crontab" ]; then + echo -e "\e[00;31mCrontab contents:\e[00m\n$crontab" + echo -e "\n" + else + : + fi +fi + +cronallowdeny=`ls -la /etc/cron.allow 2>/dev/null && cat /etc/cron.allow 2>/dev/null; ls -la /etc/cron.deny 2>/dev/null && cat /etc/cron.deny 2>/dev/null` +if [ "$outfile" ]; then + if [ "$cronallowdeny" ]; then + echo -e "Cron Alloy/Deny entries:\n$cronallowdeny" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$cronallowdeny" ]; then + echo -e "\e[00;31mCron Alloy/Deny entries:\e[00m\n$cronallowdeny" + echo -e "\n" + else + : + fi fi crontabvar=`ls -la /var/spool/cron/crontabs 2>/dev/null` -if [ "$crontabvar" ]; then - echo -e "\e[00;31mAnything interesting in /var/spool/cron/crontabs:\e[00m\n$crontabvar" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$crontabvar" ]; then + echo -e "Anything interesting in /var/spool/cron/crontabs:\n$crontabvar" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$crontabvar" ]; then + echo -e "\e[00;31mAnything interesting in /var/spool/cron/crontabs:\e[00m\n$crontabvar" + echo -e "\n" + else + : + fi fi anacronjobs=`ls -la /etc/anacrontab 2>/dev/null; cat /etc/anacrontab 2>/dev/null` -if [ "$anacronjobs" ]; then - echo -e "\e[00;31mAnacron jobs and associated file permissions:\e[00m\n$anacronjobs" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$anacronjobs" ]; then + echo -e "Anacron jobs and associated file permissions:\n$anacronjobs" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$anacronjobs" ]; then + echo -e "\e[00;31mAnacron jobs and associated file permissions:\e[00m\n$anacronjobs" + echo -e "\n" + else + : + fi fi anacrontab=`ls -la /var/spool/anacron 2>/dev/null` -if [ "$anacrontab" ]; then - echo -e "\e[00;31mWhen were jobs last executed (/var/spool/anacron contents):\e[00m\n$anacrontab" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$anacrontab" ]; then + echo -e "When were jobs last executed (/var/spool/anacron contents):\n$anacrontab" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$anacrontab" ]; then + echo -e "\e[00;31mWhen were jobs last executed (/var/spool/anacron contents):\e[00m\n$anacrontab" + echo -e "\n" + else + : + fi fi #pull out account names from /etc/passwd and see if any users have associated cronjobs (priv command) cronother=`cat /etc/passwd | cut -d ":" -f 1 | xargs -n1 crontab -l -u 2>/dev/null` -if [ "$cronother" ]; then - echo -e "\e[00;31mJobs held by all users:\e[00m\n$cronother" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$cronother" ]; then + echo -e "Jobs held by all users:\n$cronother" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$cronother" ]; then + echo -e "\e[00;31mJobs held by all users:\e[00m\n$cronother" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### NETWORKING ##########################################\e[00m" +if [ "$outfile" ]; then + echo -e "### NETWORKING ##########################################" >> $outfile +else + echo -e "\e[00;34m### NETWORKING ##########################################\e[00m" +fi nicinfo=`/sbin/ifconfig -a 2>/dev/null` -if [ "$nicinfo" ]; then - echo -e "\e[00;31mNetwork & IP info:\e[00m\n$nicinfo" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$nicinfo" ]; then + echo -e "Network & IP info:\n$nicinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$nicinfo" ]; then + echo -e "\e[00;31mNetwork & IP info:\e[00m\n$nicinfo" + echo -e "\n" + else + : + fi fi nsinfo=`cat /etc/resolv.conf 2>/dev/null | grep "nameserver"` -if [ "$nsinfo" ]; then - echo -e "\e[00;31mNameserver(s):\e[00m\n$nsinfo" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$nsinfo" ]; then + echo -e "Nameserver(s):\n$nsinfo" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$nsinfo" ]; then + echo -e "\e[00;31mNameserver(s):\e[00m\n$nsinfo" + echo -e "\n" + else + : + fi fi defroute=`route 2>/dev/null | grep default` -if [ "$defroute" ]; then - echo -e "\e[00;31mDefault route:\e[00m\n$defroute" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$defroute" ]; then + echo -e "Default route:\n$defroute" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$defroute" ]; then + echo -e "\e[00;31mDefault route:\e[00m\n$defroute" + echo -e "\n" + else + : + fi fi tcpservs=`netstat -antp 2>/dev/null` -if [ "$tcpservs" ]; then - echo -e "\e[00;31mListening TCP:\e[00m\n$tcpservs" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$tcpservs" ]; then + echo -e "Listening TCP:\n$tcpservs" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$tcpservs" ]; then + echo -e "\e[00;31mListening TCP:\e[00m\n$tcpservs" + echo -e "\n" + else + : + fi fi udpservs=`netstat -anup 2>/dev/null` -if [ "$udpservs" ]; then - echo -e "\e[00;31mListening UDP:\e[00m\n$udpservs" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$udpservs" ]; then + echo -e "Listening UDP:\n$udpservs" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$udpservs" ]; then + echo -e "\e[00;31mListening UDP:\e[00m\n$udpservs" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### SERVICES #############################################\e[00m" +if [ "$outfile" ]; then + echo -e "### SERVICES #############################################" >> $outfile +else + echo -e "\e[00;34m### SERVICES #############################################\e[00m" +fi psaux=`ps aux 2>/dev/null` -if [ "$psaux" ]; then - echo -e "\e[00;31mRunning processes:\e[00m\n$psaux" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$psaux" ]; then + echo -e "Running processes:\n$psaux" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$psaux" ]; then + echo -e "\e[00;31mRunning processes:\e[00m\n$psaux" + echo -e "\n" + else + : + fi fi #lookup process binary path and permissisons procperm=`ps aux | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++'` -if [ "$procperm" ]; then - echo -e "\e[00;31mProcess binaries & associated permissions (from above list):\e[00m\n$procperm" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$procperm" ]; then + echo -e "Process binaries & associated permissions (from above list):\n$procperm" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$procperm" ]; then + echo -e "\e[00;31mProcess binaries & associated permissions (from above list):\e[00m\n$procperm" + echo -e "\n" + else + : + fi fi inetdread=`cat /etc/inetd.conf 2>/dev/null` -if [ "$inetdread" ]; then - echo -e "\e[00;31mContents of /etc/inetd.conf:\e[00m\n$inetdread" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$inetdread" ]; then + echo -e "Contents of /etc/inetd.conf:\n$inetdread" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$inetdread" ]; then + echo -e "\e[00;31mContents of /etc/inetd.conf:\e[00m\n$inetdread" + echo -e "\n" + else + : + fi fi #very 'rough' command to extract associated binaries from inetd.conf & show permisisons of each inetdbinperms=`cat /etc/inetd.conf 2>/dev/null | awk '{print $7}' |xargs -r ls -la 2>/dev/null` -if [ "$inetdbinperms" ]; then - echo -e "\e[00;31mThe related inetd binary permissions:\e[00m\n$inetdbinperms" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$inetdbinperms" ]; then + echo -e "The related inetd binary permissions:\n$inetdbinperms" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$inetdbinperms" ]; then + echo -e "\e[00;31mThe related inetd binary permissions:\e[00m\n$inetdbinperms" + echo -e "\n" + else + : + fi fi - xinetdread=`cat /etc/xinetd.conf 2>/dev/null` -if [ "$xinetdread" ]; then - echo -e "\e[00;31mContents of /etc/xinetd.conf:\e[00m\n$xinetdread" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$xinetdread" ]; then + echo -e "Contents of /etc/xinetd.conf:\n$xinetdread" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$xinetdread" ]; then + echo -e "\e[00;31mContents of /etc/xinetd.conf:\e[00m\n$xinetdread" + echo -e "\n" + else + : + fi fi xinetdincd=`cat /etc/xinetd.conf 2>/dev/null |grep "/etc/xinetd.d" 2>/dev/null` -if [ "$xinetdincd" ]; then - echo -e "\e[00;31m/etc/xinetd.d is included in /etc/xinetd.conf - associated binary permissions are listed below:\e[00m"; ls -la /etc/xinetd.d 2>/dev/null - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$xinetdincd" ]; then + echo -e "/etc/xinetd.d is included in /etc/xinetd.conf - associated binary permissions are listed below:"; ls -la /etc/xinetd.d 2>/dev/null >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$xinetdincd" ]; then + echo -e "\e[00;31m/etc/xinetd.d is included in /etc/xinetd.conf - associated binary permissions are listed below:\e[00m"; ls -la /etc/xinetd.d 2>/dev/null + echo -e "\n" + else + : + fi fi #very 'rough' command to extract associated binaries from xinetd.conf & show permisisons of each xinetdbinperms=`cat /etc/xinetd.conf 2>/dev/null | awk '{print $7}' |xargs -r ls -la 2>/dev/null` -if [ "$xinetdbinperms" ]; then - echo -e "\e[00;31mThe related xinetd binary permissions:\e[00m\n$xinetdbinperms"; - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$xinetdbinperms" ]; then + echo -e "The related xinetd binary permissions:$xinetdbinperms"; >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$xinetdbinperms" ]; then + echo -e "\e[00;31mThe related xinetd binary permissions:\e[00m\n$xinetdbinperms"; + echo -e "\n" + else + : + fi fi initdread=`ls -la /etc/init.d 2>/dev/null` -if [ "$initdread" ]; then - echo -e "\e[00;31m/etc/init.d/ binary permissions:\e[00m\n$initdread" - echo -e "\n" -else - : -fi +if [ "$outfile" ]; then + if [ "$initdread" ]; then + echo -e "/etc/init.d/ binary permissions:\n$initdread" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$initdread" ]; then + echo -e "\e[00;31m/etc/init.d/ binary permissions:\e[00m\n$initdread" + echo -e "\n" + else + : + fi +fi rcdread=`ls -la /etc/rc.d/init.d 2>/dev/null` -if [ "$rcdread" ]; then - echo -e "\e[00;31m/etc/rc.d/init.d binary permissions:\e[00m\n$rcdread" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$rcdread" ]; then + echo -e "/etc/rc.d/init.d binary permissions:\n$rcdread" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$rcdread" ]; then + echo -e "\e[00;31m/etc/rc.d/init.d binary permissions:\e[00m\n$rcdread" + echo -e "\n" + else + : + fi fi usrrcdread=`ls -la /usr/local/etc/rc.d 2>/dev/null` -if [ "$usrrcdread" ]; then - echo -e "\e[00;31m/usr/local/etc/rc.d binary permissions:\e[00m\n$usrrcdread" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$usrrcdread" ]; then + echo -e "/usr/local/etc/rc.d binary permissions:\n$usrrcdread" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$usrrcdread" ]; then + echo -e "\e[00;31m/usr/local/etc/rc.d binary permissions:\e[00m\n$usrrcdread" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### SOFTWARE #############################################\e[00m" +if [ "$outfile" ]; then + echo -e "### SOFTWARE #############################################" >> $outfile +else + echo -e "\e[00;34m### SOFTWARE #############################################\e[00m" +fi sudover=`sudo -V | grep "Sudo version" 2>/dev/null` -if [ "$sudover" ]; then - echo -e "\e[00;31mSudo version:\e[00m\n$sudover" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$sudover" ]; then + echo -e "Sudo version:\n$sudover" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$sudover" ]; then + echo -e "\e[00;31mSudo version:\e[00m\n$sudover" + echo -e "\n" + else + : + fi fi mysqlver=`mysql --version 2>/dev/null` -if [ "$mysqlver" ]; then - echo -e "\e[00;31mMYSQL version:\e[00m\n$mysqlver" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$mysqlver" ]; then + echo -e "MYSQL version:\n$mysqlver" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$mysqlver" ]; then + echo -e "\e[00;31mMYSQL version:\e[00m\n$mysqlver" + echo -e "\n" + else + : + fi fi mysqlconnect=`mysqladmin -uroot -proot version 2>/dev/null` -if [ "$mysqlconnect" ]; then - echo -e "\e[00;33m***We can connect to the local MYSQL service with default root/root credentials!\e[00m\n$mysqlconnect" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$mysqlconnect" ]; then + echo -e "***We can connect to the local MYSQL service with default root/root credentials!\n$mysqlconnect" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$mysqlconnect" ]; then + echo -e "\e[00;33m***We can connect to the local MYSQL service with default root/root credentials!\e[00m\n$mysqlconnect" + echo -e "\n" + else + : + fi fi mysqlconnectnopass=`mysqladmin -uroot version 2>/dev/null` -if [ "$mysqlconnectnopass" ]; then - echo -e "\e[00;33m***We can connect to the local MYSQL service as 'root' and without a password!\e[00m\n$mysqlconnectnopass" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$mysqlconnectnopass" ]; then + echo -e "***We can connect to the local MYSQL service as 'root' and without a password!\n$mysqlconnectnopass" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$mysqlconnectnopass" ]; then + echo -e "\e[00;33m***We can connect to the local MYSQL service as 'root' and without a password!\e[00m\n$mysqlconnectnopass" + echo -e "\n" + else + : + fi fi postgver=`psql -V 2>/dev/null` -if [ "$postgver" ]; then - echo -e "\e[00;31mPostgres version:\e[00m\n$postgver" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$postgver" ]; then + echo -e "Postgres version:\n$postgver" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$postgver" ]; then + echo -e "\e[00;31mPostgres version:\e[00m\n$postgver" + echo -e "\n" + else + : + fi fi postcon1=`psql -U postgres template0 -c 'select version()' 2>/dev/null | grep version` -if [ "$postcon1" ]; then - echo -e "\e[00;33m***We can connect to Postgres DB 'template0' as user 'postgres' with no password!:\e[00m\n$postcon1" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$postcon1" ]; then + echo -e "***We can connect to Postgres DB 'template0' as user 'postgres' with no password!\n$postcon1" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$postcon1" ]; then + echo -e "\e[00;33m***We can connect to Postgres DB 'template0' as user 'postgres' with no password!:\e[00m\n$postcon1" + echo -e "\n" + else + : + fi fi postcon11=`psql -U postgres template1 -c 'select version()' 2>/dev/null | grep version` -if [ "$postcon11" ]; then - echo -e "\e[00;33m***We can connect to Postgres DB 'template1' as user 'postgres' with no password!:\e[00m\n$postcon11" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$postcon11" ]; then + echo -e "***We can connect to Postgres DB 'template1' as user 'postgres' with no password!\n$postcon11" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$postcon11" ]; then + echo -e "\e[00;33m***We can connect to Postgres DB 'template1' as user 'postgres' with no password!:\e[00m\n$postcon11" + echo -e "\n" + else + : + fi fi postcon2=`psql -U pgsql template0 -c 'select version()' 2>/dev/null | grep version` -if [ "$postcon2" ]; then - echo -e "\e[00;33m***We can connect to Postgres DB 'template0' as user 'psql' with no password!:\e[00m\n$postcon2" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$postcon2" ]; then + echo -e "***We can connect to Postgres DB 'template0' as user 'psql' with no password!\n$postcon2" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$postcon2" ]; then + echo -e "\e[00;33m***We can connect to Postgres DB 'template0' as user 'psql' with no password!:\e[00m\n$postcon2" + echo -e "\n" + else + : + fi fi postcon22=`psql -U pgsql template1 -c 'select version()' 2>/dev/null | grep version` -if [ "$postcon22" ]; then - echo -e "\e[00;33m***We can connect to Postgres DB 'template1' as user 'psql' with no password!:\e[00m\n$postcon22" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$postcon22" ]; then + echo -e "***We can connect to Postgres DB 'template1' as user 'psql' with no password!\n$postcon22" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$postcon22" ]; then + echo -e "\e[00;33m***We can connect to Postgres DB 'template1' as user 'psql' with no password!:\e[00m\n$postcon22" + echo -e "\n" + else + : + fi fi apachever=`apache2 -v 2>/dev/null; httpd -v 2>/dev/null` -if [ "$apachever" ]; then - echo -e "\e[00;31mApache version:\e[00m\n$apachever" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$apachever" ]; then + echo -e "Apache version:\n$apachever" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$apachever" ]; then + echo -e "\e[00;31mApache version:\e[00m\n$apachever" + echo -e "\n" + else + : + fi fi apacheusr=`cat /etc/apache2/envvars 2>/dev/null |grep -i 'user\|group' |awk '{sub(/.*\export /,"")}1'` -if [ "$apacheusr" ]; then - echo -e "\e[00;31mApache user configuration:\e[00m\n$apacheusr" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$apacheusr" ]; then + echo -e "Apache user configuration:\n$apacheusr" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$apacheusr" ]; then + echo -e "\e[00;31mApache user configuration:\e[00m\n$apacheusr" + echo -e "\n" + else + : + fi fi -echo -e "\e[00;34m### INTERESTING FILES ####################################\e[00m" -echo -e "\e[00;31mUseful file locations:\e[00m" ;which nc 2>/dev/null; which netcat 2>/dev/null; which wget 2>/dev/null; which nmap 2>/dev/null; which gcc 2>/dev/null -echo -e "\n" -echo -e "\e[00;31mCan we read/write sensitive files:\e[00m" ;ls -la /etc/passwd 2>/dev/null; ls -la /etc/group 2>/dev/null; ls -la /etc/profile 2>/dev/null; ls -la /etc/shadow 2>/dev/null; ls -la /etc/master.passwd 2>/dev/null -echo -e "\n" +if [ "$outfile" ]; then + echo -e "### INTERESTING FILES ####################################" >> $outfile + echo -e "Useful file locations:" >> $outfile;which nc 2>/dev/null >> $outfile; which netcat 2>/dev/null >> $outfile; which wget 2>/dev/null >> $outfile; which nmap 2>/dev/null >> $outfile; which gcc 2>/dev/null >> $outfile + echo -e "\n" >> $outfile + echo -e "Can we read/write sensitive files:" >> $outfile;ls -la /etc/passwd 2>/dev/null >> $outfile; ls -la /etc/group 2>/dev/null >> $outfile; ls -la /etc/profile 2>/dev/null >> $outfile; ls -la /etc/shadow 2>/dev/null >> $outfile; ls -la /etc/master.passwd 2>/dev/null >> $outfile + echo -e "\n" >> $outfile +else + echo -e "\e[00;34m### INTERESTING FILES ####################################\e[00m" + echo -e "\e[00;31mUseful file locations:\e[00m" ;which nc 2>/dev/null; which netcat 2>/dev/null; which wget 2>/dev/null; which nmap 2>/dev/null; which gcc 2>/dev/null + echo -e "\n" + echo -e "\e[00;31mCan we read/write sensitive files:\e[00m" ;ls -la /etc/passwd 2>/dev/null; ls -la /etc/group 2>/dev/null; ls -la /etc/profile 2>/dev/null; ls -la /etc/shadow 2>/dev/null; ls -la /etc/master.passwd 2>/dev/null + echo -e "\n" +fi findsuid=`find / -perm -4000 -type f 2>/dev/null` -if [ "$findsuid" ]; then - echo -e "\e[00;31mSUID files:\e[00m\n$findsuid" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$findsuid" ]; then + echo -e "SUID files:\n$findsuid" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$findsuid" ]; then + echo -e "\e[00;31mSUID files:\e[00m\n$findsuid" + echo -e "\n" + else + : + fi fi #list of 'interesting' suid files - feel free to make additions intsuid=`find / -perm -4000 -type f 2>/dev/null | grep -w 'nmap\|perl\|'awk'\|'find'\|'bash'\|'sh'\|'man'\|'more'\|'less'\|'vi'\|'vim'\|'nc'\|'netcat'\|python\|ruby\|lua\|irb\|pl' | xargs -r ls -la` -if [ "$intsuid" ]; then - echo -e "\e[00;33m***Possibly interesting SUID files:\e[00m\n$intsuid" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$intsuid" ]; then + echo -e "***Possibly interesting SUID files:\n$intsuid" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$intsuid" ]; then + echo -e "\e[00;33m***Possibly interesting SUID files:\e[00m\n$intsuid" + echo -e "\n" + else + : + fi fi wwsuid=`find / -perm -4007 -type f 2>/dev/null` -if [ "$wwsuid" ]; then - echo -e "\e[00;31mWorld-writable SUID files:\e[00m\n$wwsuid" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$wwsuid" ]; then + echo -e "World-writable SUID files:\n$wwsuid" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$wwsuid" ]; then + echo -e "\e[00;31mWorld-writable SUID files:\e[00m\n$wwsuid" + echo -e "\n" + else + : + fi fi wwsuidrt=`find / -uid 0 -perm -4007 -type f 2>/dev/null` -if [ "$wwsuidrt" ]; then - echo -e "\e[00;31mWorld-writable SUID files owned by root:\e[00m\n$wwsuidrt" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$wwsuidrt" ]; then + echo -e "World-writable SUID files owned by root:\n$wwsuidrt" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$wwsuidrt" ]; then + echo -e "\e[00;31mWorld-writable SUID files owned by root:\e[00m\n$wwsuidrt" + echo -e "\n" + else + : + fi fi findguid=`find / -perm -2000 -type f 2>/dev/null` -if [ "$findguid" ]; then - echo -e "\e[00;31mGUID files:\e[00m\n$findguid" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$findguid" ]; then + echo -e "GUID files:\n$findguid" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$findguid" ]; then + echo -e "\e[00;31mGUID files:\e[00m\n$findguid" + echo -e "\n" + else + : + fi fi #list of 'interesting' guid files - feel free to make additions intguid=`find / -perm -2000 -type f 2>/dev/null | grep -w 'nmap\|perl\|'awk'\|'find'\|'bash'\|'sh'\|'man'\|'more'\|'less'\|'vi'\|'vim'\|'nc'\|'netcat'\|python\|ruby\|lua\|irb\|pl' | xargs -r ls -la` -if [ "$intguid" ]; then - echo -e "\e[00;33m***Possibly interesting GUID files:\e[00m\n$intguid" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$intguid" ]; then + echo -e "***Possibly interesting GUID files:\n$intguid" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$intguid" ]; then + echo -e "\e[00;33m***Possibly interesting GUID files:\e[00m\n$intguid" + echo -e "\n" + else + : + fi fi wwguid=`find / -perm -2007 -type f 2>/dev/null` -if [ "$wwguid" ]; then - echo -e "\e[00;31mWorld-writable GUID files:\e[00m\n$wwguid" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$wwguid" ]; then + echo -e "World-writable GUID files:\n$wwguid" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$wwguid" ]; then + echo -e "\e[00;31mWorld-writable GUID files:\e[00m\n$wwguid" + echo -e "\n" + else + : + fi fi wwguidrt=`find / -uid 0 -perm -2007 -type f 2>/dev/null` -if [ "$wwguidrt" ]; then - echo -e "\e[00;31mAWorld-writable GUID files owned by root:\e[00m\n$wwguidrt" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$wwguidrt" ]; then + echo -e "World-writable GUID files owned by root:\n$wwguidrt" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$wwguidrt" ]; then + echo -e "\e[00;31mAWorld-writable GUID files owned by root:\e[00m\n$wwguidrt" + echo -e "\n" + else + : + fi fi #list all world-writable files excluding /proc wwfiles=`find / ! -path "*/proc/*" -perm -2 -type f -print 2>/dev/null` -if [ "$wwfiles" ]; then - echo -e "\e[00;31mWorld-writable files (excluding /proc):\e[00m\n$wwfiles" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$wwfiles" ]; then + echo -e "World-writable files (excluding /proc):\n$wwfiles" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$wwfiles" ]; then + echo -e "\e[00;31mWorld-writable files (excluding /proc):\e[00m\n$wwfiles" + echo -e "\n" + else + : + fi fi usrplan=`find /home -iname *.plan -exec ls -la {} \; -exec cat {} 2>/dev/null \;` -if [ "$usrplan" ]; then - echo -e "\e[00;31mPlan file permissions and contents:\e[00m\n$usrplan" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$usrplan" ]; then + echo -e "Plan file permissions and contents:\n$usrplan" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$usrplan" ]; then + echo -e "\e[00;31mPlan file permissions and contents:\e[00m\n$usrplan" + echo -e "\n" + else + : + fi fi bsdusrplan=`find /usr/home -iname *.plan -exec ls -la {} \; -exec cat {} 2>/dev/null \;` -if [ "$bsdusrplan" ]; then - echo -e "\e[00;31mPlan file permissions and contents:\e[00m\n$bsdusrplan" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$bsdusrplan" ]; then + echo -e "Plan file permissions and contents:\n$bsdusrplan" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$bsdusrplan" ]; then + echo -e "\e[00;31mPlan file permissions and contents:\e[00m\n$bsdusrplan" + echo -e "\n" + else + : + fi fi - rhostsusr=`find /home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;` -if [ "$rhostsusr" ]; then - echo -e "\e[00;31mrhost config file(s) and file contents:\e[00m\n$rhostsusr" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$rhostsusr" ]; then + echo -e "rhost config file(s) and file contents:\n$rhostsusr" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$rhostsusr" ]; then + echo -e "\e[00;31mrhost config file(s) and file contents:\e[00m\n$rhostsusr" + echo -e "\n" + else + : + fi fi bsdrhostsusr=`find /usr/home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;` -if [ "$bsdrhostsusr" ]; then - echo -e "\e[00;31mrhost config file(s) and file contents:\e[00m\n$bsdrhostsusr" - echo -e "\n" -else - : +if [ "$outfile" ]; then + if [ "$bsdrhostsusr" ]; then + echo -e "rhost config file(s) and file contents:\n$bsdrhostsusr" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$bsdrhostsusr" ]; then + echo -e "\e[00;31mrhost config file(s) and file contents:\e[00m\n$bsdrhostsusr" + echo -e "\n" + else + : + fi fi rhostssys=`find /etc -iname hosts.equiv -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;` -if [ "$rhostssys" ]; then - echo -e "\e[00;31mHosts.equiv file details and file contents: \e[00m\n$rhostssys" - echo -e "\n" - else - : +if [ "$outfile" ]; then + if [ "$rhostssys" ]; then + echo -e "Hosts.equiv file details and file contents:\n$rhostssys" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$rhostssys" ]; then + echo -e "\e[00;31mHosts.equiv file details and file contents: \e[00m\n$rhostssys" + echo -e "\n" + else + : + fi fi nfsexports=`ls -la /etc/exports 2>/dev/null; cat /etc/exports 2>/dev/null` -if [ "$nfsexports" ]; then - echo -e "\e[00;31mNFS config details: \e[00m\n$nfsexports" - echo -e "\n" - else - : +if [ "$outfile" ]; then + if [ "$nfsexports" ]; then + echo -e "NFS config details:\n$nfsexports" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$nfsexports" ]; then + echo -e "\e[00;31mNFS config details: \e[00m\n$nfsexports" + echo -e "\n" + else + : + fi fi fstab=`cat /etc/fstab 2>/dev/null |grep username |awk '{sub(/.*\username=/,"");sub(/\,.*/,"")}1'| xargs -r echo username:; cat /etc/fstab 2>/dev/null |grep password |awk '{sub(/.*\password=/,"");sub(/\,.*/,"")}1'| xargs -r echo password:; cat /etc/fstab 2>/dev/null |grep domain |awk '{sub(/.*\domain=/,"");sub(/\,.*/,"")}1'| xargs -r echo domain:` -if [ "$fstab" ]; then - echo -e "\e[00;33m***Looks like there are credentials in /etc/fstab!\e[00m\n$fstab" - echo -e "\n" - else - : +if [ "$outfile" ]; then + if [ "$fstab" ]; then + echo -e "***Looks like there are credentials in /etc/fstab!\n$fstab" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$fstab" ]; then + echo -e "\e[00;33m***Looks like there are credentials in /etc/fstab!\e[00m\n$fstab" + echo -e "\n" + else + : + fi fi fstabcred=`cat /etc/fstab 2>/dev/null |grep cred |awk '{sub(/.*\credentials=/,"");sub(/\,.*/,"")}1'| xargs -I{} sh -c 'ls -la {}; cat {}'` -if [ "$fstabcred" ]; then - echo -e "\e[00;33m***/etc/fstab contains a credentials file!\e[00m\n$fstabcred" - echo -e "\n" - else - : +if [ "$outfile" ]; then + if [ "$fstabcred" ]; then + echo -e "***/etc/fstab contains a credentials file!\n$fstabcred" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$fstabcred" ]; then + echo -e "\e[00;33m***/etc/fstab contains a credentials file!\e[00m\n$fstabcred" + echo -e "\n" + else + : + fi fi -#use supplied keyword and cat *.conf files for potentional matches - output will show line number within relevant file path where a match has been located -if [ "$keyword" = "" ];then - echo -e "Can't search *.conf files as no keyword was entered\n" - else - confkey=`find / -maxdepth 4 -name *.conf -type f -exec grep -Hn $keyword {} \; 2>/dev/null` - if [ "$confkey" ]; then - echo -e "\e[00;31mFind keyword ($keyword) in .conf files (recursive 4 levels - output format filepath:identified line number where keyword appears):\e[00m\n$confkey" +#Search function for optimising searches and to support multiple keywords +function searches(){ + #keyword that will be searched + searchme=$1 + #file type that will be searched (*.conf, *.log, etc.) + searchfile=$2 + #depth for search + depth=$3 + if [ "$outfile" ]; then + if [ "$searchme" = "" ]; then + echo -e "Can't search $searchfile files as no keyword was entered\n" >> $outfile + else + searchkey=`find / -maxdepth $depth -name $searchfile -type f -exec grep -Hn $searchme {} \; 2>/dev/null` + if [ "$searchkey" ]; then + echo -e "Search keyword(s) ($searchme) (recursive $depth levels - output format filepath:identified line number where keyword appears):\n$searchkey" >> $outfile + echo -e "\n" >> $outfile + else + echo -e "Search keyword(s) ($keyword) (recursive 4 levels):" >> $outfile + echo -e "'$searchme' not found in any $searchfile files" >> $outfile + echo -e "\n" >> $outfile + fi + fi + else + if [ "$searchme" = "" ]; then + echo -e "Can't search $searchfile files as no keyword was entered\n" + else + searchkey=`find / -maxdepth $depth -name $searchfile -type f -exec grep -Hn $searchme {} \; 2>/dev/null` + if [ "$searchkey" ]; then + echo -e "\e[00;32mSearch keyword(s) ($searchme) (recursive $depth levels - output format filepath:identified line number where keyword appears):\e[00m\n$searchkey" + echo -e "\n" + else + echo -e "\e[00;31mSearch keyword(s) ($keyword) (recursive 4 levels):\e[00m" + echo -e "'$searchme' not found in any $searchfile files" + echo -e "\n" + fi + fi + fi +} + +IFS=' ' read -a all_keywords <<< "${keyword}" + + +#use supplied keyword/s and selected file types for potentional matches - output will show line number within relevant file path where a match has been located +for words in "${all_keywords[@]}" +do + #call search function with arguments keyword, file extension (*.extension) and depth + searches "$words" *.conf 4 + searches "$words" *.log 2 + searches "$words" *.ini 2 +done + +allconf=`find /etc/ -maxdepth 1 -name *.conf -type f -exec ls -la {} \; 2>/dev/null` +if [ "$outfile" ]; then + if [ "$allconf" ]; then + echo -e "All *.conf files in /etc (recursive 1 level):\n$allconf" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$allconf" ]; then + echo -e "\e[00;31mAll *.conf files in /etc (recursive 1 level):\e[00m\n$allconf" echo -e "\n" - else - echo -e "\e[00;31mFind keyword ($keyword) in .conf files (recursive 4 levels):\e[00m" - echo -e "'$keyword' not found in any .conf files" - echo -e "\n" + else + : fi fi -#use supplied keyword and cat *.log files for potentional matches - output will show line number within relevant file path where a match has been located -if [ "$keyword" = "" ];then - echo -e "Can't search *.log files as no keyword was entered\n" - else - logkey=`find / -maxdepth 2 -name *.log -type f -exec grep -Hn $keyword {} \; 2>/dev/null` - if [ "$logkey" ]; then - echo -e "\e[00;31mFind keyword ($keyword) in .log files (recursive 2 levels - output format filepath:identified line number where keyword appears):\e[00m\n$logkey" +usrhist=`ls -la ~/.*_history 2>/dev/null` +if [ "$outfile" ]; then + if [ "$usrhist" ]; then + echo -e "Current user's history files:\n$usrhist" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$usrhist" ]; then + echo -e "\e[00;31mCurrent user's history files:\e[00m\n$usrhist" echo -e "\n" - else - echo -e "\e[00;31mFind keyword ($keyword) in .log files (recursive 2 levels):\e[00m" - echo -e "'$keyword' not found in any .log files" - echo -e "\n" + else + : fi fi -#use supplied keyword and cat *.ini files for potentional matches - output will show line number within relevant file path where a match has been located -if [ "$keyword" = "" ];then - echo -e "Can't search *.ini files as no keyword was entered\n" - else - logkey=`find / -maxdepth 4 -name *.ini -type f -exec grep -Hn $keyword {} \; 2>/dev/null` - if [ "$logkey" ]; then - echo -e "\e[00;31mFind keyword ($keyword) in .ini files (recursive 4 levels - output format filepath:identified line number where keyword appears):\e[00m\n$logkey" +roothist=`ls -la /root/.*_history 2>/dev/null` +if [ "$outfile" ]; then + if [ "$roothist" ]; then + echo -e "***Root's history files are accessible!\n$roothist" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$roothist" ]; then + echo -e "\e[00;33m***Root's history files are accessible!\e[00m\n$roothist" echo -e "\n" - else - echo -e "\e[00;31mFind keyword ($keyword) in .ini files (recursive 2 levels):\e[00m" - echo -e "'$keyword' not found in any .ini files" - echo -e "\n" + else + : fi fi -allconf=`find /etc/ -maxdepth 1 -name *.conf -type f -exec ls -la {} \; 2>/dev/null` -if [ "$allconf" ]; then - echo -e "\e[00;31mAll *.conf files in /etc (recursive 1 level):\e[00m\n$allconf" - echo -e "\n" -else - : +readmail=`ls -la /var/mail 2>/dev/null` +if [ "$outfile" ]; then + if [ "$readmail" ]; then + echo -e "Any interesting mail in /var/mail:\n$readmail" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$readmail" ]; then + echo -e "\e[00;31mAny interesting mail in /var/mail:\e[00m\n$readmail" + echo -e "\n" + else + : + fi fi -usrhist=`ls -la ~/.*_history 2>/dev/null` -if [ "$usrhist" ]; then - echo -e "\e[00;31mCurrent user's history files:\e[00m\n$usrhist" - echo -e "\n" -else - : +readmailroot=`head /var/mail/root 2>/dev/null` +if [ "$outfile" ]; then + if [ "$readmailroot" ]; then + echo -e "***We can read /var/mail/root! (snippet below)\n$readmailroot" >> $outfile + echo -e "\n" >> $outfile + else + : + fi +else + if [ "$readmailroot" ]; then + echo -e "\e[00;33m***We can read /var/mail/root! (snippet below)\e[00m\n$readmailroot" + echo -e "\n" + else + : + fi fi -roothist=`ls -la /root/.*_history 2>/dev/null` -if [ "$roothist" ]; then - echo -e "\e[00;33m***Root's history files are accessible!\e[00m\n$roothist" - echo -e "\n" -else - : +if [ "$outfile" ]; then + echo -e "### SCAN COMPLETE ####################################" >> $outfile +else + echo -e "\e[00;30m### SCAN COMPLETE ####################################\e[00m" fi -readmail=`ls -la /var/mail 2>/dev/null` -if [ "$readmail" ]; then - echo -e "\e[00;31mAny interesting mail in /var/mail:\e[00m\n$readmail" - echo -e "\n" -else - : -fi -readmailroot=`head /var/mail/root 2>/dev/null` -if [ "$readmailroot" ]; then - echo -e "\e[00;33m***We can read /var/mail/root! (snippet below)\e[00m\n$readmailroot" - echo -e "\n" -else - : -fi -echo -e "\e[00;30m### SCAN COMPLETE ####################################\e[00m" diff --git a/README.md b/README.md index a5865a8..e540164 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,11 @@ # LinEnum For more information visit www.rebootuser.com +For silent (and clean output) Outfile and keyword(s) can be supplied from the command line: +usage ./LinEnum.sh outfile.txt 'keyword1 keyword2' + +Thanks to @roo7break for the above reporting functionality + See CHANGELOG.md for further details High-level summary of the checks/tasks performed by LinEnum: @@ -60,4 +65,4 @@ High-level summary of the checks/tasks performed by LinEnum: * Show NFS server details * Locate *.conf and *.log files containing keyword supplied at script runtime * List all *.conf files located in /etc - * Locate mail + * Locate mail \ No newline at end of file