Fix typos, grammar and spacing

linPEAS/builder/linpeas_builder.py

@@ -6,12 +6,12 @@
 import os
 import stat
 
-#python3 -m builder.linpeas_builder
+# python3 -m builder.linpeas_builder
 def main():
     # Load configuration
     ploaded = PEASLoaded()
 
-    # Build temporary  linpeas_base.sh file
+    # Build temporary linpeas_base.sh file
     lbasebuilder = LinpeasBaseBuilder()
     lbasebuilder.build()
 
@@ -20,7 +20,7 @@ def main():
     lbuilder.build()
     lbuilder.write_linpeas(FINAL_FAT_LINPEAS_PATH)
     lbuilder.write_linpeas(FINAL_LINPEAS_PATH, rm_startswith="FAT_LINPEAS")
-    os.remove(TEMPORARY_LINPEAS_BASE_PATH) #Remove the built linpeas_base.sh file
+    os.remove(TEMPORARY_LINPEAS_BASE_PATH) # Remove the built linpeas_base.sh file
 
     st = os.stat(FINAL_FAT_LINPEAS_PATH)
     os.chmod(FINAL_FAT_LINPEAS_PATH, st.st_mode | stat.S_IEXEC)
@@ -30,4 +30,4 @@ def main():
 
 
 if __name__ == "__main__":
-    main()
+    main()

linPEAS/builder/linpeas_parts/2_container.sh

@@ -16,7 +16,7 @@ containerCheck() {
     containerType="docker\n"
   fi
 
-  # Are we inside kubenetes?
+  # Are we inside kubernetes?
   if grep "/kubepod" /proc/1/cgroup -qa 2>/dev/null ||
     grep -qai kubepods /proc/self/cgroup 2>/dev/null; then
 
@@ -257,7 +257,7 @@ else
     if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi
 fi
 
-#If docker
+# If docker
 if echo "$containerType" | grep -qi "docker"; then
     print_2title "Docker Container details"
     inDockerGroup
@@ -279,7 +279,7 @@ if echo "$containerType" | grep -qi "docker"; then
     fi
 fi
 
-#If token secrets mounted
+# If token secrets mounted
 if [ "$(mount | sed -n '/secret/ s/^tmpfs on \(.*default.*\) type tmpfs.*$/\1\/namespace/p')" ]; then
   print_2title "Listing mounted tokens"
   print_info "https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/attacking-kubernetes-from-inside-a-pod"

linPEAS/builder/linpeas_parts/3_cloud.sh

@@ -150,9 +150,9 @@ if [ "$is_gcp" = "Yes" ]; then
         echo "Neither curl nor wget were found, I can't enumerate the metadata service :("
     fi
 
-
+    # GCP Enumeration
     if [ "$gcp_req" ]; then
-        print_2title "Google CLoud Platform Enumeration"
+        print_2title "Google Cloud Platform Enumeration"
         print_info "https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security"
 
         ## GC Project Info
@@ -236,7 +236,7 @@ if [ "$is_gcp" = "Yes" ]; then
     fi
 fi
 
-
+# AWS ECS Enumeration
 if [ "$is_aws_ecs" = "Yes" ]; then
     print_2title "AWS ECS Enumeration"
 
@@ -270,6 +270,7 @@ if [ "$is_aws_ecs" = "Yes" ]; then
     fi
 fi
 
+# AWS EC2 Enumeration
 if [ "$is_aws_ec2" = "Yes" ]; then
     print_2title "AWS EC2 Enumeration"
 
@@ -334,6 +335,7 @@ if [ "$is_aws_ec2" = "Yes" ]; then
     fi
 fi
 
+# AWS Lambda Enumeration
 if [ "$is_aws_lambda" = "Yes" ]; then
   print_2title "AWS Lambda Enumeration"
   printf "Function name: "; env | grep AWS_LAMBDA_FUNCTION_NAME
@@ -346,6 +348,7 @@ if [ "$is_aws_lambda" = "Yes" ]; then
   printf "Event data: "; (curl -s "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next" 2>/dev/null || wget -q -O - "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next")
 fi
 
+# AWS Codebuild Enumeration
 if [ "$is_aws_codebuild" = "Yes" ]; then
   print_2title "AWS Codebuild Enumeration"
 
@@ -371,6 +374,7 @@ if [ "$is_aws_codebuild" = "Yes" ]; then
   fi
 fi
 
+# DO Droplet Enumeration
 if [ "$is_do" = "Yes" ]; then
   print_2title "DO Droplet Enumeration"
 
@@ -398,11 +402,12 @@ if [ "$is_do" = "Yes" ]; then
   fi
 fi
 
+# IBM Cloud Enumeration
 if [ "$is_ibm_vm" = "Yes" ]; then
   print_2title "IBM Cloud Enumeration"
 
   if ! [ "$IBM_TOKEN" ]; then
-    echo "Couldn't get the metdata token:("
+    echo "Couldn't get the metadata token:("
 
   else
     TOKEN_HEADER="Authorization: Bearer $IBM_TOKEN"
@@ -436,12 +441,13 @@ if [ "$is_ibm_vm" = "Yes" ]; then
 
 fi
 
+# Azure VM Enumeration
 if [ "$is_az_vm" = "Yes" ]; then
   print_2title "Azure VM Enumeration"
 
   HEADER="Metadata:true"
   URL="http://169.254.169.254/metadata"
-  API_VERSION="2021-12-13" #https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux#supported-api-versions
+  API_VERSION="2021-12-13" # https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux#supported-api-versions
 
   az_req=""
   if [ "$(command -v curl)" ]; then

linPEAS/builder/linpeas_parts/7_software_information.sh

@@ -45,7 +45,7 @@ if [ "$MACPEAS" ]; then
     done
 fi
 
-#-- SI) Mysql version
+#-- SI) MySQL version
 if [ "$(command -v mysql)" ] || [ "$(command -v mysqladmin)" ] || [ "$DEBUG" ]; then
   print_2title "MySQL version"
   mysql --version 2>/dev/null || echo_not_found "mysql"
@@ -56,7 +56,7 @@ if [ "$(command -v mysql)" ] || [ "$(command -v mysqladmin)" ] || [ "$DEBUG" ];
   echo ""
   echo ""
 
-  #-- SI) Mysql connection root/root
+  #-- SI) MySQL connection root/root
   print_list "MySQL connection using default root/root ........... "
   mysqlconnect=$(mysqladmin -uroot -proot version 2>/dev/null)
   if [ "$mysqlconnect" ]; then
@@ -65,7 +65,7 @@ if [ "$(command -v mysql)" ] || [ "$(command -v mysqladmin)" ] || [ "$DEBUG" ];
   else echo_no
   fi
 
-  #-- SI) Mysql connection root/toor
+  #-- SI) MySQL connection root/toor
   print_list "MySQL connection using root/toor ................... "
   mysqlconnect=$(mysqladmin -uroot -ptoor version 2>/dev/null)
   if [ "$mysqlconnect" ]; then
@@ -74,7 +74,7 @@ if [ "$(command -v mysql)" ] || [ "$(command -v mysqladmin)" ] || [ "$DEBUG" ];
   else echo_no
   fi
 
-  #-- SI) Mysql connection root/NOPASS
+  #-- SI) MySQL connection root/NOPASS
   mysqlconnectnopass=$(mysqladmin -uroot version 2>/dev/null)
   print_list "MySQL connection using root/NOPASS ................. "
   if [ "$mysqlconnectnopass" ]; then
@@ -85,7 +85,7 @@ if [ "$(command -v mysql)" ] || [ "$(command -v mysqladmin)" ] || [ "$DEBUG" ];
   echo ""
 fi
 
-#-- SI) Mysql credentials
+#-- SI) MySQL credentials
 if [ "$PSTORAGE_MYSQL" ] || [ "$DEBUG" ]; then
   print_2title "Searching mysql credentials and exec"
   printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do
@@ -144,7 +144,7 @@ peass{PostgreSQL}
 
 #-- SI) PostgreSQL brute
 if [ "$TIMEOUT" ] && [ "$(command -v psql)" ] || [ "$DEBUG" ]; then  # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it.
-#checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this
+# Checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this
   print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ "
   if [ "$(timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED},"
   else echo_no
@@ -239,7 +239,7 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
     privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null)
     privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null)
   else
-    privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout
+    privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) # If there is tons of files linpeas gets frozen here without a timeout
     privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null)
   fi
 else
@@ -352,8 +352,8 @@ if [ "$kadmin_exists" ] || [ "$klist_exists" ] || [ "$kinit_exists" ] || [ "$PST
         printf "$(klist -k $f 2>/dev/null)\n" | awk '{print $2}' | while read l; do
           if [ "$l" ] && echo "$l" | grep -q "@"; then
             printf "$ITALIC  --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g"
-            #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid
-            #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that
+            # kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid
+            # We could also try to create a new user or modify a password, but I'm not user if linpeas should do that
           fi
         done
       elif echo "$f" | grep -q krb5.conf; then
@@ -533,7 +533,7 @@ fi
 ##-- SI) Gitlab
 if [ "$(command -v gitlab-rails)" ] || [ "$(command -v gitlab-backup)" ] || [ "$PSTORAGE_GITLAB" ] || [ "$DEBUG" ]; then
   print_2title "Searching GitLab related files"
-  #Check gitlab-rails
+  # Check gitlab-rails
   if [ "$(command -v gitlab-rails)" ]; then
     echo "gitlab-rails was found. Trying to dump users..."
     gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED},"
@@ -546,7 +546,7 @@ if [ "$(command -v gitlab-rails)" ] || [ "$(command -v gitlab-backup)" ] || [ "$
     echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'"
     echo ""
   fi
-  #Check gitlab files
+  # Check gitlab files
   printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do
     if echo $f | grep -q secrets.yml; then
       echo "Found $f" | sed "s,$f,${SED_RED},"

linPEAS/builder/linpeas_parts/8_interesting_perms_files.sh

@@ -24,15 +24,15 @@ fi
 suids_files=$(find $ROOT_FOLDER -perm -4000 -type f ! -path "/dev/*" 2>/dev/null)
 for s in $suids_files; do
   s=$(ls -lahtr "$s")
-  #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
+  # If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
   if echo "$s" | grep -qE "^total"; then break; fi
 
   sname="$(echo $s | awk '{print $9}')"
   if [ "$sname" = "."  ] || [ "$sname" = ".."  ]; then
-    true #Don't do nothing
+    true # Don't do nothing
   elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
     echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED},"
-  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
+  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then # If write permision, win found (no check exploits)
     echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
   else
     c="a"
@@ -55,12 +55,12 @@ for s in $suids_files; do
             $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do
               sline_first="$(echo "$sline" | cut -d ' ' -f1)"
               if echo "$sline_first" | grep -qEv "$cfuncs"; then
-                if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
-                  if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
+                if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then # If a path
+                  if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then # And modifiable
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
                   fi
                 else #If not a path
-                  if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary
+                  if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then # Check if existing binary
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n"
                   fi
                 fi
@@ -105,15 +105,15 @@ print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sud
 sgids_files=$(find $ROOT_FOLDER -perm -2000 -type f ! -path "/dev/*" 2>/dev/null)
 for s in $sgids_files; do
   s=$(ls -lahtr "$s")
-  #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
+  # If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder
   if echo "$s" | grep -qE "^total";then break; fi
 
   sname="$(echo $s | awk '{print $9}')"
   if [ "$sname" = "."  ] || [ "$sname" = ".."  ]; then
     true #Don't do nothing
   elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then
     echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED},"
-  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits)
+  elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then # If write permision, win found (no check exploits)
     echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW},"
   else
     c="a"
@@ -136,12 +136,12 @@ for s in $sgids_files; do
             $STRINGS "$sname" | sort | uniq | while read sline; do
               sline_first="$(echo $sline | cut -d ' ' -f1)"
               if echo "$sline_first" | grep -qEv "$cfuncs"; then
-                if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path
-                  if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable
+                if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then # If a path
+                  if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then # And modifiable
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n"
                   fi
-                else #If not a path
-                  if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary
+                else # If not a path
+                  if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then # Check if existing binary
                     printf "$ITALIC  --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n"
                   fi
                 fi
@@ -456,7 +456,7 @@ fi
 if ! [ "$IAMROOT" ]; then
   print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)"
   print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files"
-  #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all
+  # In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all
   obmowbe=$(find $ROOT_FOLDER '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500)
   printf "%s\n" "$obmowbe" | while read entry; do
     if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC;
@@ -488,4 +488,4 @@ if ! [ "$IAMROOT" ]; then
     fi
   done
   echo ""
-fi
+fi

linPEAS/builder/linpeas_parts/9_interesting_files.sh

@@ -11,7 +11,7 @@ if ! [ "$SEARCH_IN_FOLDER" ]; then
     for f in $(find "$d" -name "*.sh" -o -name "*.sh.*" 2>/dev/null); do
       if ! [ "$IAMROOT" ] && [ -O "$f" ]; then
         echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED},"
-      elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits)
+      elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then # If write permision, win found (no check exploits)
         echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW},"
       else
         echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},";
@@ -80,14 +80,14 @@ find $ROOT_FOLDER -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/
 echo ""
 
 ##-- IF) Writable log files
-if command -v logrotate >/dev/null && logrotate --version | head -n 1 | grep -Eq "[012]\.[0-9]+\.|3\.[0-9]\.|3\.1[0-7]\.|3\.18\.0"; then #3.18.0 and below
+if command -v logrotate >/dev/null && logrotate --version | head -n 1 | grep -Eq "[012]\.[0-9]+\.|3\.[0-9]\.|3\.1[0-7]\.|3\.18\.0"; then # 3.18.0 and below
 print_2title "Writable log files (logrotten) (limit 50)"
   print_info "https://book.hacktricks.xyz/linux-hardening/privilege-escalation#logrotate-exploitation"
   logrotate --version 2>/dev/null || echo_not_found "logrotate"
   lastWlogFolder="ImPOsSiBleeElastWlogFolder"
   logfind=$(find $ROOT_FOLDER -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 50)
   printf "%s\n" "$logfind" | while read log; do
-    if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found
+    if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then # Only print info if something interesting found
       if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC;
       elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case
       elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log";
@@ -164,7 +164,7 @@ if [ "$PSTORAGE_DATABASE" ] || [ "$DEBUG" ]; then
   SQLITEPYTHON=""
   echo ""
   printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do
-    if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd
+    if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then # If readable and filecmd and sqlite, or readable and not filecmd
       if [ "$(command -v sqlite3 2>/dev/null)" ]; then
         tables=$(sqlite3 $f ".tables" 2>/dev/null)
         #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g"
@@ -186,7 +186,7 @@ if [ "$PSTORAGE_DATABASE" ] || [ "$DEBUG" ]; then
           else
             columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null)
           fi
-          #Check found columns for interesting fields
+          # Check found columns for interesting fields
           INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt")
           if [ "$INTCOLUMN" ]; then
             printf ${BLUE}"  --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g"