I'm sorry man, but i runned this on a machine i did in htb and it didn't find world writable files although in the offical write up there were find with your tool. i don't know what's the problem, but something is wrong

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#LinEnum

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

• Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
• Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
• Fast: Using static and client side technologies resulting in fast browsing.
• Rich tables: search, sort, browse, filter, clear
• Fancy informational popups
• Badges / Shields
• Static API
• Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

• Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
• Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
• Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make the project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care.

The title speaks for itself. I can't get LinEnum because of that. :/

I am a developer for archassault(https://github.com/ArchAssault-Project), we would like to distribute your script in our distro. Can you please provide a license file as well as give us permission to distribute this file?

Might find a few extra possibilities to check off this tweet. https://twitter.com/JaneScott_/status/1144134954353217536

Check /etc/passwd writable

Hi,
To find world writable suid files, the following script is used,
wwsuid=find / -perm -4007 -type f -exec ls -la {} 2>/dev/null \;

Should it be:
wwsuid=find / -perm -4002 -type f -exec ls -la {} 2>/dev/null \;

Cheers,
JJ

Hi, I just ran the script on one of my machines and it returns:

Super user account(s):
root

We can sudo without supplying a password!
User user1 may run the following commands on localhost:
    (ALL) ALL

However, the line in sudoers doesn't have the NOPASSWD item, so that statement is not accurate. Is this a bug or am I misunderstanding the message?

Thanks!

The export location parameter (-e) is not working properly.
When defining a location, a folder is generated, but it will be empty at the end of the program execution.
Instead the files will be archived in a new folder in the LinEnum directory.

Example:
./LinEnum.sh -e /tmp/LinEnum_files -r /tmp/LinEnum_report -t

Will generate

1. an empty folder LinEnum-export-<date> in /tmp/LinEnum_files/
2. the report file (LinEnum_test-<date>) in /tmp/
3. a new folder <time> in the LinEnum directory with the files

local@local1:~$ ./linenum.sh ./linenum.sh: line 45: \n\e[00;31m############################################## ###########\e[00m: command not found ./linenum.sh: line 46: syntax error near unexpected token|'
./linenum.sh: line 46: |tee -a $report 2>/dev/null' local@local1:~$ ./linenum.sh

the fix is to replace all occurrences of "\n\e[00;31m#"

Hello guys, first of all thank you for your awesome project!

Some days ago I wanted to add some functionality to your script but I saw that there was a lot of room for improvement regarding the structure so I forked your repository and started organizing and modularizing some things. Using functions to call the tests saved a lot of code and shrinked the size of the file by several hundreds of lines. However I realised that I needed to change too much for what I wanted to do so I ended giving up and starting from zero.
I would like to point out where my fork is in case you want to get some ideas from there: https://github.com/diego-treitos/LinEnum
I also added some tests and fixed others.

Just in case you are interested, I have publised also my script for enumeration. I am trying to show by default the most important information for a privesc. I used many tests from your script, although rewritten and added a bunch more. Hopefully we can colaborate to improve both.
https://github.com/diego-treitos/linux-smart-enumeration

Use LinEnum_sh (actually version 0.2) until the issue is resolved.

i found an error when the script try to find "sudo permission". this error only occurred on version 0.9

[+] We can sudo without supplying a password!
usage: sudo -h | -K | -k | -L | -l | -V | -v
usage: sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value]
{-i | -s | }
usage: sudo -e [-S] [-p prompt] [-u username|#uid] file ...

this error doesnt happen on version 0.8

Hi! Thank you for the amazing script!!

I've found myself multiple time having trouble locating interesting files because there are so many, so I like at the created/updated date because interesting files are most likely to be the most recent ones.

I would like to make an addition to that script something like:

find . -printf "%T@ %Tc %p\n" | sort -n

Which would numerically sort files by date. I don't know if that's something you would want, but I can try to come up with a good way without adding too much dependencies and try to stay as portable as possible.

It might be interesting to check the value of ptrace_scope (reference: https://www.kernel.org/doc/Documentation/security/Yama.txt). If it is set to 0, this might help elevate privileges: https://github.com/nongiach/sudo_inject

LinEnum finds lots of useful info but, it can some times be a bit hard to analyze when the reports big and there's lots their.

Perhaps, have an option to create an html report with hyperlinks and cullers as well as minimizing or expanding sections, this may make it easier to analyze.
Thanks

As ifconfig and other old tools will not be default we need to find ways to use other alternative tools also.

"For more information visit www.rebootuser.com" is suggested when the website/blog is down. I know, small issue, but this is my first contribution and I'm on my way to an OSCP!

Thanks for your work good sirs and ladies.

Hi, thank you for this script. It has been extremely useful throughout my offsec learning journey!

Today I happened to try the -t (thorough) option and it seemed to not be working. The offending piece of code seem to be line 1327:
while getopts "h:k:r:e:st" option; do

Changing it to
while getopts "h:k:r:e:s:t" option; do

seem to fix it. Please ignore if I'm wrong. Once again, thanks! :)

might be useful to add, just played a CTF where the flag was hidden as an env variable. (unless i missed that the script already does this, if so disregard)

I was doing CTF, and I noticed script doesn't include writable files.

because it was actually good to use at one point..

can't you offer the community to commit to it and help made modifications?

i'm sure they would.

I have just run enum.sh in my Ubuntu VM but it didn't give me the trash file that can be accessible with that user permission which I have used to run this file. So we have to add this thing in The enum.sh.

It should be useful to look for 'hidden' files.
find / -name ".*" -ls 2>/dev/null

I got this error after executing:

""" ./LinEnum.sh: line 8: syntax error near unexpected token `newline' """

""" ./LinEnum.sh: line 8: `' """

Example from linuxprivchecker.py.. ur script is more user friendly.. if added this feature it will be useful.. Available dev tools like python,perl,awk etc. And include shell escapes

print
print "[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...\n"

devTools = {"TOOLS":{"cmd":"which awk perl python ruby gcc cc vi vim nmap find netcat nc wget tftp ftp 2>/dev/null", "msg":"Installed Tools", "results":results}}
devTools = execCmd(devTools)
printResults(devTools)

print "[+] Related Shell Escape Sequences...\n"
escapeCmd = {"vi":[":!bash", ":set shell=/bin/bash:shell"], "awk":["awk 'BEGIN {system("/bin/bash")}'"], "perl":["perl -e 'exec "/bin/bash";'"], "find":["find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;"], "nmap":["--interactive"]}
for cmd in escapeCmd:
for result in devTools["TOOLS"]["results"]:
if cmd in result:
for item in escapeCmd[cmd]:
print " " + cmd + "-->\t" + item
print

I recently came across a system with misconfigured capabilities. It would be neat to them added as well.

# print current capabilities
capsh --print

# print capabilities for files
getcap -r / 2>/dev/null

I know it is questionable to what extend the privilege escalation checker should be harmful to the system or not, but there is a nice tool that suggests viable kernel exploits given the current version the "Linux Exploit Suggester". A blog post describing it briefly can be found on the author's web page