image
First, a couple of useful oneliners 😉 wget “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh” -O lse.sh curl “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh” -o lse.sh linux-smart-enumeration Linux enumeration tools for pentesting and CTFs This project was inspired by https://github.com/rebootuser/LinEnum and uses many of its tests. Unlike LinEnum, lse tries to gradualy expose the information depending on its importance from a privesc point of view. What is it? This script will show relevant information about the security of the local Linux system. It has 3 levels of verbosity so you can control how much information you see. In the default level you should see the highly important security flaws in the system. The level 1 ( ./lse.sh -l1 ) shows interesting information that should help you to privesc. The level 2 ( ./lse.sh -l2 ) will just dump all the information it gathers about the system. By default it will ask you some questions: mainly the current user password (if you know it 😉 so it can do some additional tests. How to use it? The idea is to get the information gradually. First you should execute it just like ./lse.sh . If you see some green yes! , you probably have already some good stuff to work with. If not, you should try the level 1 verbosity with ./lse.sh -l1 and you will see some more information that can be interesting. If that does not help, level 2 will just dump everything you can gather about the service using ./lse.sh -l2 . In this case you might find useful to use ./lse.sh -l2 | less -r . You can also select what tests to execute by passing the -s parameter. With it you can select specific tests or sections to be executed. For example ./lse.sh -l2 -s usr010,net,pro will execute the test usr010 and all the tests in the sections net and pro . Use: ./lse.sh [options] OPTIONS -c Disable color -i Non interactive mode -h This help -l LEVEL Output verbosity level 0: Show highly important results. (default) 1: Show interesting results. 2: Show all gathered information. -s SELECTION Comma separated list of sections or tests to run. Available sections: usr: User related tests. sud: Sudo related tests. fst: File system related tests. sys: System related tests. sec: Security measures related tests. ret: Recurren tasks (cron, timers) related tests. net: Network related tests. srv: Services related tests. pro: Processes related tests. sof: Softw are related tests. ctn: Container (docker, lxc) related tests. Specific tests can be used with their IDs (i.e.: usr020,sud) Is it pretty? Usage demo Also available in webm video Level 0 (default) output sample Level 1 verbosity output sample Level 2 verbosity output sample Download Linux-Smart-Enumeration