Apply changes by @dev-fortress

Author: NeffIsBack

nxc/modules/aws-credentials.py

@@ -32,13 +32,13 @@ def options(self, context, module_options):
     def on_login(self, context, connection):
         # search for aws_credentials-related files on linux systems
         if "ssh" in context.protocol:
-            search_aws_creds_files_payload = f"find {self.search_path_linux} -type f  -name credentials -o -name credentials.bk -o -name config.bk -o -name config"
+            search_aws_creds_files_payload = f"find {self.search_path_linux} -type f  -name credentials -exec grep -l 'aws_' {{}} \\; 2>&1 | grep -v 'Permission denied$'"
             search_aws_creds_files_cmd = f'/bin/bash -c "{search_aws_creds_files_payload}"'
             output = connection.execute(search_aws_creds_files_cmd)
         else:
             # search for aws_credentials-related files on windows systems
             # we have to exclude "Application Data" as this creates an infinite recursion, see: https://www.reddit.com/r/PowerShell/comments/17pctnv/symbolic_link_application_data_in_appdatalocal/
-            search_aws_creds_files_payload_win = f"Get-ChildItem -Path {self.search_path_win} -Recurse -Include ('credentials','credentials.bk','config','config.bk') -Force -ErrorAction SilentlyContinue | ? {{ $_.FullName -inotmatch 'Application Data' }} | Select FullName -ExpandProperty FullName"
+            search_aws_creds_files_payload_win = f"Get-ChildItem -Path {self.search_path_win} -Recurse -Force -Include 'credentials' -ErrorAction SilentlyContinue | Where-Object {{ Select-String -Path $_.FullName -Pattern 'aws' -Quiet }} | Select-Object -ExpandProperty FullName"
             search_aws_creds_files_cmd_win = f'powershell.exe "{search_aws_creds_files_payload_win}"'
             output = connection.execute(search_aws_creds_files_cmd_win, True)