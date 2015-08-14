Kernel and distribution release details

System Information:

Hostname



Networking details:



Current IP





Default route details





DNS server information

User Information:

Current user details



Last logged on users



Shows users logged onto the host



List all users including uid/gid information



List root accounts



Extracts password policies and hash storage method information



Checks umask value



Checks if password hashes are stored in /etc/passwd



Extract full details for 'default' uid's such as 0, 1000, 1001 etc



Attempt to read restricted files i.e. /etc/shadow



List current users history files (i.e .bash_history, .nano_history etc.)



Basic SSH checks

Privileged access:

Determine if /etc/sudoers is accessible



Determine if the current user has Sudo access without a password



Are known 'good' breakout binaries available via Sudo (i.e. nmap, vim etc.)



Is root's home directory accessible



List permissions for /home/

Environmental:

Display current $PATH



Displays env information

Jobs/Tasks:

List all cron jobs



Locate all world-writable cron jobs



Locate cron jobs owned by other users of the system

Services:

List network connections (TCP & UDP)



List running processes



Lookup and list process binaries and associated permissions



List inetd.conf/xined.conf contents and associated binary file permissions



List init.d binary permissions

Version Information (of the following):

Sudo



MYSQL



Postgres



Apache



Checks user config





Shows enabled modules

Default/Weak Credentials:

Checks for default/weak Postgres accounts



Checks for default/weak MYSQL accounts

Searches:

Locate all SUID/GUID files



Locate all world-writable SUID/GUID files



Locate all SUID/GUID files owned by root



Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)



List all world-writable files



Find/list all accessible *.plan files and display contents



Find/list all accessible *.rhosts files and display contents



Show NFS server details



Locate *.conf and *.log files containing keyword supplied at script runtime



List all *.conf files located in /etc



Locate mail

Platform/software specific tests:

Checks to determine if we're in a Docker container



Checks to see if the host has Docker installed

LinEnum is a shell script that can automate 65+ Linux commands that may come in useful when you are trying to escalate privileges on a target system.The script also allows you to search for a keyword in *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified.After the scan has completed (please be aware that it make take some time) you’ll be presented with (possibly quite extensive) output, to which any key findings will be highlighted in yellow with everything else documented under the relevant headings.