-
Notifications
You must be signed in to change notification settings - Fork 0
/
secureScripts.1
91 lines (89 loc) · 2.16 KB
/
secureScripts.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
.\" Automatically generated by Pandoc 2.5
.\"
.TH "" "" "" "" ""
.hy
.SH secureScripts
.PP
secureScripts is a small set of tools designed to monitor some basic
system functions and locate possible vulnerabilities.
This set of tools is based on pentesting techniques for learning reasons
.SS Install
.IP
.nf
\f[C]
git clone https://github.com/alohl669/secureScripts.git
\f[R]
.fi
.SS showCommands
.IP
.nf
\f[C]
cd secureScripts/scripts/showCommands
\f[R]
.fi
.SS Description
.PP
showCommands is a tool to discover the processes that go in and out of
execution.
This is useful for identifying vulnerabilities and/or malicious
applications.
One of its most useful examples is for discovering CRON processes.
The tool has the ability to use exclusion and inclusion filters and the
ability to add and remove them easily.
If a more detailed edition is desired, the txt files that are created
can be modified.
.SS usage
.IP
.nf
\f[C]
Usage: ./showCommands.sh [[\-h] | [\-b] | [\-w] | [\-a] | [\-e] | [\-r] | [\-d]]
./showCommands.sh [\-h]
\-b See excluded filters
\-w See filters included
\-a Adds a filter to inclusion list. [showCommands.sh \-a <filter>]
\-e Adds a filter to exclusion list. [showCommands.sh \-e <filter>]
\-r Remove all filters
\-d Document the output in a \[dq]report.txt\[dq] file
\-h help
Examples: if we wanted to simply look for only those processes executed by CRON, we would simply need
\&./showCommands.sh \-a CRON
\&./showCommands.sh
\f[R]
.fi
.RS
.PP
The application is based on an infinite loop and as a consequence brings
with it an excessive consumption of CPU, we will have to look for
alternatives
.RE
.SS suidFinder
.PP
Simple file search with SUID bit and GTFOBINS references
.IP
.nf
\f[C]
cd secureScripts/scripts/suidFinder && \[rs]
\&./suidFinder.sh
\f[R]
.fi
.SS shFinder
.PP
Simple search for *.sh scripts of privileged users with wrongly set
permissions
.IP
.nf
\f[C]
cd secureScripts/scripts/shFinder && \[rs]
\&./shFinder.sh
\f[R]
.fi
.SS capFinder
.PP
Simple capabilities search engine
.IP
.nf
\f[C]
cd secureScripts/scripts/capFinder && \[rs]
\&./capFinder.sh
\f[R]
.fi