Enumeration

Automated enumeration on Linux is a common technique used for gathering system and network information during penetration testing or system auditing. There are several tools and scripts available to automate this process. Below is a breakdown of how you can use different modules and scripts for automated enumeration on a Linux system.

Automated Enumeration Using Metasploit Modules

Metasploit offers several post-exploitation modules that can help gather system, network, and configuration information from a compromised Linux machine. The following are the relevant modules for automation:

  1. Post/Linux/Gather/Enum_Configs

    • This module gathers system configuration information such as the contents of configuration files, sudoers file, crontab, etc.

    • Example usage:

      use post/linux/gather/enum_configs
run

  2. Post/Linux/Gather/Enum_Network

    • This module collects network-related information, such as network interfaces, routes, DNS settings, and network shares.

    • Example usage:

      use post/linux/gather/enum_network
run

  3. Post/Linux/Gather/Enum_System

    • This module retrieves system information, including the kernel version, system architecture, installed software, and running processes.

    • Example usage:

      use post/linux/gather/enum_system
run

Using LinEnum.sh for Linux Enumeration

LinEnum.sh is a popular script used for automated enumeration on Linux. It performs a thorough scan of the system and gathers important information like user privileges, system configurations, kernel information, and more.

To use LinEnum.sh, follow these steps:

  1. Download LinEnum.sh You can download the script from a trusted source such as the official GitHub repository or other trusted repositories.

  2. Make the script executable Once the script is downloaded, you need to make it executable:

    chmod +x LinEnum.sh

  3. Run the script You can now run the script to gather detailed information:

    ./LinEnum.sh

    By default, the script will scan for the following types of information:

    • User information: Active users, sudo permissions, groups.

    • Kernel and architecture: Kernel version, system architecture, etc.

    • Network information: Network interfaces, routes, open ports, etc.

    • Sudo and cron jobs: Configuration files, cron jobs, sudo permissions.

    • File system information: Writable files, directories, and other system-related information.

  4. Run with different options You can specify different options to focus on particular aspects of enumeration. For example:

    • Run a simple enumeration:

      ./LinEnum.sh -e

    • Full enumeration:

      ./LinEnum.sh -all
PreviousPrivilege EscalationNextWindows

Last updated