Linux Smart Enumeration


Linux enumeration tools for pentesting and CTFs

Unlike LinEnum, lse tries to gradualy expose the information depending on its importance from a privesc point of view.

This project was inspired by and uses many of its tests.

Usage demo

First, a couple of useful oneliners ;)

wget "" -O

curl "" -o

What is it?

This script will show relevant information about the security of the local Linux system.

It has 3 levels of verbosity so you can control how much information you see.

In the default level you should see the highly important security flaws in the system. The level 1 (./ -l1) shows interesting information that should help you to privesc. The level 2 (./ -l2) will just dump all the information it gathers about the system.

By default it will ask you some questions: mainly the current user password (if you know it ;) so it can do some additional tests.

How to use it?

The idea is to get the information gradually.

First you should execute it just like ./ If you see some green yes!, you probably have already some good stuff to work with.

If not, you should try the level 1 verbosity with ./ -l1 and you will see some more information that can be interesting.

If that does not help, level 2 will just dump everything you can gather about the service using ./ -l2. In this case you might find useful to use ./ -l2 | less -r.

You can also select what tests to execute by passing the -s parameter. With it you can select specific tests or sections to be executed. For example ./ -l2 -s usr010,net,pro will execute the test usr010 and all the tests in the sections net and pro.

Use: ./ [options]

   -c           Disable color
   -i           Non interactive mode
   -h           This help
   -l LEVEL     Output verbosity level
                  0: Show highly important results. (default)
                  1: Show interesting results.
                  2: Show all gathered information.
   -s SELECTION Comma separated list of sections or tests to run. Available
                  usr: User related tests.
                  sud: Sudo related tests.
                  fst: File system related tests.
                  sys: System related tests.
                  sec: Security measures related tests.
                  ret: Recurren tasks (cron, timers) related tests.
                  net: Network related tests.
                  srv: Services related tests.
                  pro: Processes related tests.
                  sof: Software related tests.
                  ctn: Container (docker, lxc) related tests.
                Specific tests can be used with their IDs (i.e.: usr020,sud)

Is it pretty?

Level 0 (default) output sample

Level 1 verbosity output sample

Level 2 verbosity output sample

Share this post


Welcome to my personal blog to share my knowledge
Cyber Security, Ethical Hacking, Web & Network Auditing, Reverse Engineering and Cryptography
This website don't use analytics tracking and is ads-free. JavaScript is enabled .


Contact Form : Connect with Us

    Ricochet : ricochet:3ka6l4q255cakeirgxupsl5i4lw3qpk5gmngtv5amax64hckuovgozyd

2023 © 0x1 | Cyber Security Consulting - Copyright All Rights Reserved