Linux Enumeration

Info of Interest
OS & Kernel
Environment Variables
Interesting Files & Sensitive Information
Users, Groups, Permissions, & Privileges
Services & Associated Configuration files
Cron jobs, & System Tasks
Installed Applications & Versions
Running Processes

# Pass Spray SSH
cat /etc/passwd | cut -d: -f1
nxc ssh 192.168.100.123 -u users.txt -p 'pass'

# Current User Information from /etc/passwd
grep $USER /etc/passwd
cat /etc/passwd | grep -i "user"

# Current, last logged on user, & recent logins
w, last, lastlog

# Sudoers file
cat /etc/sudoers

# Mail
netstat -tulnp
cat /var/mail/user
nc 127.0.0.1 25

# Read other users bash_history
find /home/* -name *history -print 2> /dev/null

# OS
cat /etc/issue && cat /etc/*-release

# Current $PATH env variable
echo $PATH

# List all cron jobs
cat /etc/crontab && ls -als /etc/cron*

# Find world-writable cron jobs
find /etc/cron* -type f -perm -o+w -exec ls -l {} \;

# List running processes
ps auxwww

# List all running processes running as root
ps -u root

# Find GUID files
find / -perm -2000 -type f 2>/dev/null

# All Users including UID and GID information
for user in $(cut -f1 -d":" /etc/passwd); do id $user; done

# Find world-writable files
find -perm -2 -type f 2>/dev/null

# List all conf files in /etc/
ls -al /etc/*.conf

# Find conf files that contain the string "pass*"
grep -i "pass" /etc/*.conf

# List open files
lsof -n

# List installed packages
Debian: dpkg -l
Fedora: rpm -qa
Arch: pacman -Qe
Solaris: pkginfo
Gentoo: cd /var/db/pkg/ && ls -d */*

# Print process binaries/paths and permissions
ps aux | awk '{print $11}' | xargs -r ls -la 2>/dev/null | awk '!x[$0]++'

# DNS Server
cat /etc/resolv.conf

# List Current Network Interface Config
ifconfig -a

# Established and Listening TCP/UDP Ports/Connections
netstat -auntp

# Listing active connections, processes, users, and bytes
ss -twurp

# Locate a script doing an operation
grep -nri "/tmp/message" /usr