Convert Figma logo to code with AI

rebootuser logoLinEnum

Scripted Local Linux Enumeration & Privilege Escalation Checks

6,934
1,986
6,934
25

Top Related Projects

15,911

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Linux enumeration tool for pentesting and CTFs with verbosity levels

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Linux privilege escalation auditing tool

Next-Generation Linux Kernel Exploit Suggester

Quick Overview

LinEnum is a shell script that automates the process of enumerating local information from Linux systems. It's designed to perform local privilege escalation checks and gather system information for both penetration testing and system administration purposes.

Pros

  • Comprehensive system enumeration, covering a wide range of potential security issues
  • Easy to use with minimal setup required
  • Regularly updated to include new checks and improve existing ones
  • Outputs results in an organized, easy-to-read format

Cons

  • May trigger antivirus or intrusion detection systems due to its nature
  • Can be noisy and potentially leave traces on the target system
  • Some checks may not be applicable to all Linux distributions
  • Requires bash to be present on the target system

Getting Started

To use LinEnum:

  1. Download the script from the GitHub repository:

    wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
    
  2. Make the script executable:

    chmod +x LinEnum.sh
    
  3. Run the script:

    ./LinEnum.sh
    

For more thorough enumeration, you can use additional flags:

./LinEnum.sh -k keyword -r report -e /tmp/ -t

This command will search for a specific keyword, generate a report, look for files in /tmp/, and perform thorough tests.

Competitor Comparisons

15,911

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Pros of PEASS-ng

  • More comprehensive and actively maintained, with regular updates
  • Supports multiple operating systems (Linux, macOS, Windows)
  • Includes additional features like automatic exploitation and report generation

Cons of PEASS-ng

  • Larger codebase, potentially slower execution on resource-constrained systems
  • May require more setup and configuration for specific use cases
  • Higher complexity, which could lead to a steeper learning curve for new users

Code Comparison

LinEnum (bash script):

#!/bin/bash
version="0.982"

# Global variables
thorough=0
header=""
debug=""

PEASS-ng (Python script):

#!/usr/bin/env python3
import sys
import os
import argparse
from peass.linpeas.linpeas import LinPEAS

if __name__ == "__main__":
    LinPEAS().run()

The code comparison shows that PEASS-ng uses Python, which offers more flexibility and easier maintenance compared to LinEnum's bash script. PEASS-ng's modular structure allows for better organization and extensibility, while LinEnum's single-file approach may be simpler for quick deployments.

Linux enumeration tool for pentesting and CTFs with verbosity levels

Pros of linux-smart-enumeration

  • More focused on smart and efficient enumeration, potentially faster for large systems
  • Colorized output for better readability and quick identification of important information
  • Actively maintained with more recent updates

Cons of linux-smart-enumeration

  • Less comprehensive in some areas compared to LinEnum
  • May require more manual interpretation of results
  • Smaller community and fewer contributions

Code Comparison

LinEnum:

#!/bin/bash
version="version"

#help function
usage () 
{ 
echo -e "\n\e[00;31m#########################################################\e[00m" 
echo -e "\e[00;31m#\e[00m" "\e[00;33mLocal Linux Enumeration & Privilege Escalation Script\e[00m" "\e[00;31m#\e[00m"

linux-smart-enumeration:

#!/bin/sh

###########################################
#---------------) Colors (----------------#
###########################################

C=$(printf '\033')
RED="${C}[1;31m"
GREEN="${C}[1;32m"
Y="${C}[1;33m"

Both scripts start with a shebang and include color definitions, but linux-smart-enumeration uses a more compact color definition approach. LinEnum includes a version variable and a usage function, while linux-smart-enumeration focuses on color definitions upfront.

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Pros of linuxprivchecker

  • Written in Python, making it more versatile and easier to modify
  • Provides a more detailed output, including system information and user accounts
  • Actively maintained with recent updates

Cons of linuxprivchecker

  • Slower execution compared to LinEnum's bash script
  • Requires Python to be installed on the target system
  • Less comprehensive in some areas, such as SUID/SGID file checks

Code Comparison

LinEnum (Bash):

#!/bin/bash
version="version"

# Header
header() {
  echo "LinEnum $version"
  echo "[+] Performing Linux Enumeration"
}

linuxprivchecker (Python):

#!/usr/bin/env python

# Check if we are running as root
if os.geteuid() != 0:
    print("\nWARNING: Not running as root. Some checks may fail.\n")

Both tools aim to perform Linux privilege escalation checks, but they differ in their implementation and output format. LinEnum is a bash script that provides a quick and comprehensive overview, while linuxprivchecker offers a more detailed analysis using Python. The choice between the two depends on the specific requirements of the user and the target system's configuration.

Linux privilege escalation auditing tool

Pros of linux-exploit-suggester

  • Focuses specifically on suggesting potential exploits based on system information
  • Provides more detailed exploit information, including CVE numbers and references
  • Regularly updated with new exploit suggestions

Cons of linux-exploit-suggester

  • Less comprehensive system enumeration compared to LinEnum
  • May require more manual analysis to determine exploit applicability
  • Limited to suggesting kernel exploits, while LinEnum covers broader system information

Code Comparison

LinEnum:

#!/bin/bash
version="0.982"

#help function
usage () 
{ 
echo -e "\n\e[00;31m#########################################################\e[00m" 
echo -e "\e[00;31m#\e[00m" "\e[00;33mLocal Linux Enumeration & Privilege Escalation Script\e[00m" "\e[00;31m#\e[00m"

linux-exploit-suggester:

#!/usr/bin/env perl
use strict;
use warnings;
use Getopt::Long qw(:config no_ignore_case bundling);
use Term::ANSIColor;

my $VERSION = "2.0.0";

The code comparison shows that LinEnum is written in Bash, while linux-exploit-suggester is written in Perl. LinEnum's code focuses on setting up the script and defining helper functions, while linux-exploit-suggester's code sets up the environment and imports necessary modules.

Next-Generation Linux Kernel Exploit Suggester

Pros of linux-exploit-suggester-2

  • Focuses specifically on suggesting potential kernel exploits
  • Regularly updated with new exploit information
  • Lightweight and easy to run on target systems

Cons of linux-exploit-suggester-2

  • Limited scope compared to LinEnum's comprehensive system enumeration
  • May produce false positives or outdated exploit suggestions
  • Requires manual verification and exploitation of suggested vulnerabilities

Code Comparison

LinEnum (bash script):

#!/bin/bash
VERSION="0.982"

# Global variables
SCRIPTNAME="LinEnum.sh"
LOGNAME=""

linux-exploit-suggester-2 (Perl script):

#!/usr/bin/perl
use strict;
use warnings;
use Getopt::Long;

my $VERSION = "2.0";

Summary

LinEnum is a comprehensive system enumeration tool, while linux-exploit-suggester-2 focuses specifically on identifying potential kernel exploits. LinEnum provides a broader range of system information, but linux-exploit-suggester-2 offers more targeted and up-to-date exploit suggestions. The choice between the two depends on the specific needs of the user and the context of the security assessment.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

LinEnum

For more information visit www.rebootuser.com

Note: Export functionality is currently in the experimental stage.

General usage:

version 0.982

  • Example: ./LinEnum.sh -s -k keyword -r report -e /tmp/ -t

OPTIONS:

  • -k Enter keyword
  • -e Enter export location
  • -t Include thorough (lengthy) tests
  • -s Supply current user password to check sudo perms (INSECURE)
  • -r Enter report name
  • -h Displays this help text

Running with no options = limited scans/no output file

  • -e Requires the user enters an output location i.e. /tmp/export. If this location does not exist, it will be created.
  • -r Requires the user to enter a report name. The report (.txt file) will be saved to the current working directory.
  • -t Performs thorough (slow) tests. Without this switch default 'quick' scans are performed.
  • -s Use the current user with supplied password to check for sudo permissions - note this is insecure and only really for CTF use!
  • -k An optional switch for which the user can search for a single keyword within many files (documented below).

See CHANGELOG.md for further details

High-level summary of the checks/tasks performed by LinEnum:

  • Kernel and distribution release details
  • System Information:
    • Hostname
    • Networking details:
    • Current IP
    • Default route details
    • DNS server information
  • User Information:
    • Current user details
    • Last logged on users
    • Shows users logged onto the host
    • List all users including uid/gid information
    • List root accounts
    • Extracts password policies and hash storage method information
    • Checks umask value
    • Checks if password hashes are stored in /etc/passwd
    • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
    • Attempt to read restricted files i.e. /etc/shadow
    • List current users history files (i.e .bash_history, .nano_history etc.)
    • Basic SSH checks
  • Privileged access:
    • Which users have recently used sudo
    • Determine if /etc/sudoers is accessible
    • Determine if the current user has Sudo access without a password
    • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
    • Is root’s home directory accessible
    • List permissions for /home/
  • Environmental:
    • Display current $PATH
    • Displays env information
  • Jobs/Tasks:
    • List all cron jobs
    • Locate all world-writable cron jobs
    • Locate cron jobs owned by other users of the system
    • List the active and inactive systemd timers
  • Services:
    • List network connections (TCP & UDP)
    • List running processes
    • Lookup and list process binaries and associated permissions
    • List inetd.conf/xined.conf contents and associated binary file permissions
    • List init.d binary permissions
  • Version Information (of the following):
    • Sudo
    • MYSQL
    • Postgres
    • Apache
      • Checks user config
      • Shows enabled modules
      • Checks for htpasswd files
      • View www directories
  • Default/Weak Credentials:
    • Checks for default/weak Postgres accounts
    • Checks for default/weak MYSQL accounts
  • Searches:
    • Locate all SUID/GUID files
    • Locate all world-writable SUID/GUID files
    • Locate all SUID/GUID files owned by root
    • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
    • Locate files with POSIX capabilities
    • List all world-writable files
    • Find/list all accessible *.plan files and display contents
    • Find/list all accessible *.rhosts files and display contents
    • Show NFS server details
    • Locate *.conf and *.log files containing keyword supplied at script runtime
    • List all *.conf files located in /etc
    • .bak file search
    • Locate mail
  • Platform/software specific tests:
    • Checks to determine if we're in a Docker container
    • Checks to see if the host has Docker installed
    • Checks to determine if we're in an LXC container