Useful tools and methods to do Linux Enumeration.
LinEnum.sh
Collect Linux info – exploit suggest and priv escalation
https://github.com/rebootuser/LinEnum.git
|
1 2 |
./LinEnum.sh -k password -r report -e /tmp/.a -t |
Linux-smart-enumeration
https://github.com/diego-treitos/linux-smart-enumeration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
./lse.sh Use: ./lse.sh [options] OPTIONS -c Disable color -i Non interactive mode -h This help -l LEVEL Output verbosity level 0: Show highly important results. (default) 1: Show interesting results. 2: Show all gathered information. -s SELECTION Comma separated list of sections or tests to run. Available sections: usr: User related tests. sud: Sudo related tests. fst: File system related tests. sys: System related tests. sec: Security measures related tests. ret: Recurren tasks (cron, timers) related tests. net: Network related tests. srv: Services related tests. pro: Processes related tests. sof: Software related tests. ctn: Container (docker, lxc) related tests. Specific tests can be used with their IDs (i.e.: usr020,sud) |
Linuxprivchecker.py
https://gist.github.com/sh1n0b1/e2e1a5f63fbec3706123
|
1 2 |
python linuxprivchecker.py |
Linux Exploit Suggester
https://github.com/jondonas/linux-exploit-suggester-2
https://github.com/mzet-/linux-exploit-suggester
|
1 2 |
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh |
Linux Soft Exploit Suggester
https://github.com/belane/linux-soft-exploit-suggester
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
dpkg -l > package_list python linux-soft-exploit-suggester.py --file package_list Update exploit database: python linux-soft-exploit-suggester.py --update Basic usage: python linux-soft-exploit-suggester.py --file package_list Specify exploit db: python linux-soft-exploit-suggester.py --file package_list --db files_exploits.cve Use Redhat/Centos format file: python linux-soft-exploit-suggester.py --file package_list --distro redhat Search exploit for major version: python linux-soft-exploit-suggester.py --file package_list --level 4 Filter by remote exploits: python linux-soft-exploit-suggester.py --file package_list --type remote Search specific words in exploit title: python linux-soft-exploit-suggester.py --file package_list --filter Overflow Advanced usage: python linux-soft-exploit-suggester.py --file package_list --level 3 --type local --filter escalation |
pspy
Enum on running processes and tasks…
https://github.com/DominicBreuker/pspy
Common Linux
Find Bins with SUID bit set:
|
1 2 |
find / -uid 0 -perm -4000 -type f 2>/dev/null |
Find folders and bins with write access:
|
1 2 |
find / -perm -o+w |
Look for string in all files and folders:
|
1 2 |
grep -r 'password' / |
Linux Enum