Home / Unlabelled / Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels


First, a couple of useful oneliners ;)
wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh
curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh

linux-smart-enumeration
Linux enumeration tools for pentesting and CTFs
This project was inspired by https://github.com/rebootuser/LinEnum and uses many of its tests.
Unlike LinEnum, lse tries to gradualy expose the information depending on its importance from a privesc point of view.

What is it?
This script will show relevant information about the security of the local Linux system.
It has 3 levels of verbosity so you can control how much information you see.
In the default level you should see the highly important security flaws in the system. The level 1 (./lse.sh -l1) shows interesting information that should help you to privesc. The level 2 (./lse.sh -l2) will just dump all the information it gathers about the system.
By default it will ask you some questions: mainly the current user password (if you know it ;) so it can do some additional tests.

How to use it?
The idea is to get the information gradually.
First you should execute it just like ./lse.sh. If you see some green yes!, you probably have already some good stuff to work with.
If not, you should try the level 1 verbosity with ./lse.sh -l1 and you will see some more information that can be interesting.
If that does not help, level 2 will just dump everything you can gather about the service using ./lse.sh -l2. In this case you might find useful to use ./lse.sh -l2 | less -r.
You can also select what tests to execute by passing the -s parameter. With it you can select specific tests or sections to be executed. For example ./lse.sh -l2 -s usr010,net,pro will execute the test usr010 and all the tests in the sections net and pro.
Use: ./lse.sh [options]
 
  OPTIONS
    -c           Disable color
    -i           Non interactive mode
    -h           This help
    -l LEVEL     Output verbosity level
                   0: Show highly important results. (default)
                   1: Show interesting results.
                   2: Show all gathered information.
    -s SELECTION Comma separated list of sections or tests to run. Available
                 sections:
                   usr: User related tests.
                   sud: Sudo related tests.
                   fst: File system related tests.
                   sys: System related tests.
                   sec: Security measures related tests.
                   ret: Recurren tasks (cron, timers) related tests.
                   net: Network related tests.
                   srv: Services related tests.
                   pro: Processes related tests.
                   sof: Softw   are related tests.
                   ctn: Container (docker, lxc) related tests.
                 Specific tests can be used with their IDs (i.e.: usr020,sud)

Is it pretty?

Usage demo
Also available in webm video


Level 0 (default) output sample


Level 1 verbosity output sample


Level 2 verbosity output sample




Source: feedproxy.google.com
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels Reviewed by Anonymous on 3:03 PM Rating: 5

Tags