LinEnum:Linux主机本地信息自动采集与权限提升检测工具

LinEnum 是一个Linux本地文件内容采集和权限提升检测的自动化工具。Owen 在这篇文章中列举各种或者系统信息的命令速查表。而LinEnum 可以自动采集,从而获取内核的各种信息。除此之外,LinEnum还会扫描 *.conf 和 *.log 文件,根据关键字匹配定位到这些文件的具体位置。扫描完成后,将突出显示结果。如下图
linenum-out-example-001

以下是 LinEnum 检测的内容。

  • Kernel and distribution release details
  • System Information:
    • Hostname
    • Networking details:
      • Current IP
      • Default route details
      • DNS server information
  • User Information:
    • Current user details
    • Last logged on users
    • Llist all users including uid/gid information
    • List root accounts
    • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
    • Attempt to read restricted files i.e. /etc/shadow
    • List current users history files (i.e .bash_history, .nano_history etc.)
  • Privileged access:
    • Determine if /etc/sudoers is accessible
    • Determine if the current user has Sudo access without a password
    • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
    • Is root’s home directory accessible
    • List permissions for /home/
  • Environmental:
    • Display current $PATH
  • Jobs/Tasks:
    • List all cron jobs
    • Locate all world-writable cron jobs
    • Locate cron jobs owned by other users of the system
  • Services:
    • List network connections (TCP & UDP)
    • List running processes
    • Lookup and list process binaries and associated permissions
    • List inetd.conf/xined.conf contents and associated binary file permissions
    • List init.d binary permissions
  • Version Information (of the following):
    • Sudo
    • MYSQL
    • Postgres
    • Apache
  • Default/Weak Credentials:
    • Checks for default/weak Postgres accounts
    • Checks for default root/root access to local MYSQL services
  • Searches:
    • Locate all SUID/GUID files
    • Locate all world-writable SUID/GUID files
    • Locate all SUID/GUID files owned by root
    • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
    • List all world-writable files
    • Find/list all accessible *.plan files and display contents
    • Find/list all accesible *.rhosts files and display contents
    • Show NFS server details
    • Locate *.conf and *.log files containing keyword supplied at script runtime
    • List all *.conf files located in /etc
    • Locate mail

上述的有些操作是有权限限制的,因此,有些操作可能失败。不过 LinEnum 并不会提醒有哪些操作,而仅仅显示成功完成的操作。LinEnum的GitHub主页维护着上述列表的更新。

LinEnum 在GitHub的主页&下载地址:https://github.com/rebootuser/LinEnum

1 收藏

资源整理者简介:黄余粮

伯乐在线发起人。热爱技术和产品,崇尚极客文化。 个人主页 · 贡献了108个资源 · 13 ·  


直接登录
最新评论

推荐关注

按分类快速查找

关于资源导航
  • 伯乐在线资源导航收录优秀的工具资源。内容覆盖开发、设计、产品和管理等IT互联网行业相关的领域。目前已经收录 1439 项工具资源。
    推送伯乐头条热点内容微信号:jobbole 分享干货的技术类微信号:iProgrammer