Pros of PEASS-ng

• Comprehensive privilege escalation toolset for multiple platforms
• Regular updates and active community support
• Extensive documentation and usage guides

Cons of PEASS-ng

• Large codebase may be overwhelming for beginners
• Some features may require additional dependencies

Code Comparison

Both repositories contain the same codebase, as they are the same project. Here's a sample from the main script:

if [ "$MACPEAS" ]; then
    # MacPEAS-specific code
    :
else
    # LinPEAS-specific code
    :
fi

Summary

PEASS-ng (Privilege Escalation Awesome Scripts Suite - Next Generation) is a powerful collection of tools for privilege escalation and security assessment. The repository you mentioned, peass-ng/PEASS-ng, is the main and only repository for this project. There is no separate repository to compare it with, as both URLs you provided point to the same project.

PEASS-ng includes tools like LinPEAS, WinPEAS, and MacPEAS, which are designed for Linux, Windows, and macOS respectively. The project is actively maintained, with frequent updates and contributions from the security community.

While the toolset is comprehensive and powerful, new users might find the extensive features and options somewhat complex. However, the detailed documentation and examples help mitigate this learning curve.

Pros of LinEnum

• Lightweight and focused specifically on Linux enumeration
• Simple to use with a single script execution
• Well-established and widely recognized in the security community

Cons of LinEnum

• Less frequently updated compared to PEASS-ng
• More limited in scope, focusing primarily on Linux systems
• Lacks some advanced features and customization options found in PEASS-ng

Code Comparison

LinEnum:

#!/bin/bash
# A simple Linux enumeration script

# Basic system information
echo "Hostname: $(hostname)"
echo "Kernel: $(uname -r)"

PEASS-ng:

#!/bin/bash
# Part of PEASS-ng multi-platform enumeration suite

# Advanced system information gathering
print_2title "Basic System Information"
print_info "Hostname: $(/bin/hostname 2>/dev/null)"
print_info "Kernel: $(/bin/uname -r 2>/dev/null)"

The code comparison shows that while both tools gather similar information, PEASS-ng uses more advanced formatting and error handling. PEASS-ng also includes a broader range of checks and a more structured output format, reflecting its more comprehensive approach to system enumeration across multiple platforms.

Pros of linux-smart-enumeration

• Lightweight and focused specifically on Linux enumeration
• Simple to use with a single script execution
• Provides color-coded output for easy readability

Cons of linux-smart-enumeration

• Less comprehensive than PEASS-ng, covering fewer areas of system enumeration
• Not actively maintained, with less frequent updates
• Limited to Linux systems, while PEASS-ng supports multiple platforms

Code Comparison

PEASS-ng (linPEAS) snippet:

function check_tcp_ports {
    print_2title "Open TCP ports:"
    (netstat -tln | awk '{print $4}' | grep ":" | cut -d ":" -f2 | sort -n | uniq | while read -r port; do
        service=$(grep -w "$port" /etc/services | awk '{print $1}' | head -n1)
        echo "$port ($service)"
    done) 2>/dev/null
}

linux-smart-enumeration snippet:

lse_get_listening_tcp_ports() {
    netstat -tln 2>/dev/null | awk 'NR>2{print $4}' | sed 's/.*://' | sort -n | uniq
}

Both scripts aim to enumerate open TCP ports, but PEASS-ng provides more detailed information by including service names associated with each port.

Pros of linuxprivchecker

• Lightweight and simple to use, with a single Python script
• Focuses specifically on Linux privilege escalation
• Easy to understand and modify for specific needs

Cons of linuxprivchecker

• Less actively maintained compared to PEASS-ng
• Limited to Linux systems, while PEASS-ng supports multiple platforms
• Fewer features and less comprehensive checks than PEASS-ng

Code Comparison

linuxprivchecker:

def getOSInfo():
    print("[*] Operating System Info")
    print("    [+] Kernel Info: " + str(os.uname()))
    print("    [+] Kernel Version: " + str(os.uname()[2]))
    print("    [+] Hostname: " + str(os.uname()[1]))

PEASS-ng:

print_2title "Operative system"
print_detected_architecture
echo ""
print_2title "Kernel version"
cat /proc/version
echo ""
if [ "$MACPEAS" ]; then
    sw_vers
    echo ""
fi

Both projects aim to gather system information for privilege escalation, but PEASS-ng offers a more comprehensive and actively maintained solution across multiple platforms. linuxprivchecker provides a simpler, Linux-focused approach that may be easier to customize for specific needs.

Pros of linux-exploit-suggester

• Lightweight and focused solely on suggesting potential exploits
• Faster execution due to its specific purpose
• Easier to integrate into automated scripts or workflows

Cons of linux-exploit-suggester

• Limited scope compared to PEASS-ng's comprehensive system analysis
• Lacks additional privilege escalation techniques beyond kernel exploits
• May require manual verification and exploitation of suggested vulnerabilities

Code Comparison

PEASS-ng (linPEAS) snippet:

if [ "$MACPEAS" ]; then
    print_2title "System Info"
    system_info
else
    print_2title "Linux System Information"
    debug_print "linpeas_main function: Starting linux_sys_info"
    linux_sys_info
fi

linux-exploit-suggester snippet:

sub get_kernel_version {
    my $kv = `uname -r`;
    $kv =~ s/\s+$//;
    return $kv;
}

The PEASS-ng code shows a more comprehensive approach, handling different operating systems and calling specific functions for system information gathering. In contrast, the linux-exploit-suggester code focuses on a single task of retrieving the kernel version, demonstrating its more targeted nature.

Pros of BeRoot

• Focused specifically on Windows privilege escalation
• Lightweight and easy to use
• Provides detailed output on potential privilege escalation vectors

Cons of BeRoot

• Limited to Windows systems only
• Less frequently updated compared to PEASS-ng
• Smaller feature set and less comprehensive than PEASS-ng

Code Comparison

BeRoot (Python):

def check_msv1_0():
    results = []
    try:
        security = OpenKey(HKEY_LOCAL_MACHINE, 'SYSTEM\\CurrentControlSet\\Control\\Lsa')
        value = winreg.QueryValueEx(security, 'Auth0')
    except WindowsError:
        return results

PEASS-ng (Bash):

print_2title "Searching root files in home dirs (limit 30)"
for h in /home/*; do
    (find "$h" -type f -user root 2>/dev/null | head -n 30 | while read f; do ls -l "$f"; done) 2>/dev/null
done

Both repositories focus on privilege escalation, but BeRoot is specialized for Windows environments, while PEASS-ng offers a more comprehensive toolkit for multiple operating systems. BeRoot's code is primarily in Python, tailored for Windows API interactions, while PEASS-ng uses Bash scripting for broader system compatibility. PEASS-ng is more actively maintained and offers a wider range of features, but BeRoot provides a simpler, more focused approach for Windows-specific privilege escalation checks.