From b93b1ba7f2c473cdf228f9305045486e77b61c63 Mon Sep 17 00:00:00 2001 From: Emlyn Corrin Date: Mon, 9 Dec 2019 10:34:19 +0000 Subject: [PATCH] Prevent finding false positive keys in self The script will flag itself as having private keys/AWS secret keys because the search strings match themselves. If one of the characters in the search string is wrapped in square brackets it will still find the same strings, but will no longer match itself. --- LinEnum.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/LinEnum.sh b/LinEnum.sh index 95d801a..041ffb0 100755 --- a/LinEnum.sh +++ b/LinEnum.sh @@ -940,7 +940,7 @@ fi #look for private keys - thanks djhohnstein if [ "$thorough" = "1" ]; then -privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home 2>/dev/null` +privatekeyfiles=`grep -rl "[P]RIVATE KEY-----" /home 2>/dev/null` if [ "$privatekeyfiles" ]; then echo -e "\e[00;33m[+] Private SSH keys found!:\e[00m\n$privatekeyfiles" echo -e "\n" @@ -949,7 +949,7 @@ fi #look for AWS keys - thanks djhohnstein if [ "$thorough" = "1" ]; then -awskeyfiles=`grep -rli "aws_secret_access_key" /home 2>/dev/null` +awskeyfiles=`grep -rli "[a]ws_secret_access_key" /home 2>/dev/null` if [ "$awskeyfiles" ]; then echo -e "\e[00;33m[+] AWS secret keys found!:\e[00m\n$awskeyfiles" echo -e "\n"