{"id":13492849,"url":"https://github.com/rebootuser/LinEnum","last_synced_at":"2025-03-28T11:30:52.205Z","repository":{"id":10156483,"uuid":"12236152","full_name":"rebootuser/LinEnum","owner":"rebootuser","description":"Scripted Local Linux Enumeration \u0026 Privilege Escalation Checks","archived":false,"fork":false,"pushed_at":"2023-09-06T18:02:29.000Z","size":248,"stargazers_count":7011,"open_issues_count":24,"forks_count":1988,"subscribers_count":195,"default_branch":"master","last_synced_at":"2024-10-31T07:34:01.836Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rebootuser.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2013-08-20T06:26:58.000Z","updated_at":"2024-10-31T07:15:27.000Z","dependencies_parsed_at":"2022-07-12T13:34:52.812Z","dependency_job_id":"270d107a-491b-4adf-89e6-4e57502db9a1","html_url":"https://github.com/rebootuser/LinEnum","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rebootuser%2FLinEnum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rebootuser%2FLinEnum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rebootuser%2FLinEnum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rebootuser%2FLinEnum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rebootuser","download_url":"https://codeload.github.com/rebootuser/LinEnum/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246020779,"owners_count":20710819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T19:01:09.839Z","updated_at":"2025-03-28T11:30:51.907Z","avatar_url":"https://github.com/rebootuser.png","language":"Shell","readme":"# LinEnum\nFor more information visit www.rebootuser.com\n\nNote: Export functionality is currently in the experimental stage.\n\nGeneral usage:\n\nversion 0.982\n\n* Example: ./LinEnum.sh -s -k keyword -r report -e /tmp/ -t \n\nOPTIONS:\n* -k\tEnter keyword\n* -e\tEnter export location\n* -t\tInclude thorough (lengthy) tests\n* -s\tSupply current user password to check sudo perms (INSECURE)\n* -r\tEnter report name\n* -h\tDisplays this help text\n\n\nRunning with no options = limited scans/no output file\n\n* -e Requires the user enters an output location i.e. /tmp/export. If this location does not exist, it will be created.\n* -r Requires the user to enter a report name. The report (.txt file) will be saved to the current working directory.\n* -t Performs thorough (slow) tests. Without this switch default 'quick' scans are performed.\n* -s Use the current user with supplied password to check for sudo permissions - note this is insecure and only really for CTF use!\n* -k An optional switch for which the user can search for a single keyword within many files (documented below).\n\nSee CHANGELOG.md for further details\n\nHigh-level summary of the checks/tasks performed by LinEnum:\n\n* Kernel and distribution release details\n* System Information:\n  * Hostname\n  * Networking details:\n  * Current IP\n  * Default route details\n  * DNS server information\n* User Information:\n  * Current user details\n  * Last logged on users\n  * Shows users logged onto the host\n  * List all users including uid/gid information\n  * List root accounts\n  * Extracts password policies and hash storage method information\n  * Checks umask value\n  * Checks if password hashes are stored in /etc/passwd\n  * Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc\n  * Attempt to read restricted files i.e. /etc/shadow\n  * List current users history files (i.e .bash_history, .nano_history etc.)\n  * Basic SSH checks\n* Privileged access:\n  * Which users have recently used sudo\n  * Determine if /etc/sudoers is accessible\n  * Determine if the current user has Sudo access without a password\n  * Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)\n  * Is root’s home directory accessible\n  * List permissions for /home/\n* Environmental:\n  * Display current $PATH\n  * Displays env information\n* Jobs/Tasks:\n  * List all cron jobs\n  * Locate all world-writable cron jobs\n  * Locate cron jobs owned by other users of the system\n  * List the active and inactive systemd timers\n* Services:\n  * List network connections (TCP \u0026 UDP)\n  * List running processes\n  * Lookup and list process binaries and associated permissions\n  * List inetd.conf/xined.conf contents and associated binary file permissions\n  * List init.d binary permissions\n* Version Information (of the following):\n  * Sudo\n  * MYSQL\n  * Postgres\n  * Apache\n    * Checks user config\n    * Shows enabled modules\n    * Checks for htpasswd files\n    * View www directories\n* Default/Weak Credentials:\n  * Checks for default/weak Postgres accounts\n  * Checks for default/weak MYSQL accounts\n* Searches:\n  * Locate all SUID/GUID files\n  * Locate all world-writable SUID/GUID files\n  * Locate all SUID/GUID files owned by root\n  * Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)\n  * Locate files with POSIX capabilities\n  * List all world-writable files\n  * Find/list all accessible *.plan files and display contents\n  * Find/list all accessible *.rhosts files and display contents\n  * Show NFS server details\n  * Locate *.conf and *.log files containing keyword supplied at script runtime\n  * List all *.conf files located in /etc\n  * .bak file search\n  * Locate mail\n* Platform/software specific tests:\n  * Checks to determine if we're in a Docker container\n  * Checks to see if the host has Docker installed\n  * Checks to determine if we're in an LXC container\n","funding_links":[],"categories":["Shell","Table of Contents","Privilege Escalation Tools","Privilige Escalation","Shell (473)","Pentest Methodology","GNU/Linux Utilities","Tools","🚀 Elevating Privileges","Operating Systems","Pentesting","Linux","Programming/Comp Sci/SE Things","Hacking 💀","Privilege Escalation"],"sub_categories":["Penetration Testing Tools","Web application and resource analysis tools","Standard Scripts for Enumeration","Privilege Escalation","Docker Containers of Penetration Testing Distributions and Tools","GNU/Linux Utilities","🧰 Standard Scripts for Enumeration (CTF Cheatsheet)","Linux","Enumeration","Tools","Hack Back","Apps (Terminal)","Linux Privilege Escalation"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frebootuser%2FLinEnum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frebootuser%2FLinEnum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frebootuser%2FLinEnum/lists"}