Enum4Linux

Enum4linux is a tool for enumerating information from Windows and Samba systems. It is written in PERL and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup.

• Official Documentation
• enum4linux Cheat Sheet (HighOnCoffee)

Installation

sudo apt install enum4linux

FIX: Use of uninitialized value $global_workgroup

❗ Clone from git to fix error: Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 834

cd ~
git clone https://github.com/CiscoCXSecurity/enum4linux.git

Replace original script

sudo mv /usr/share/enum4linux/enum4linux.pl /usr/share/enum4linux/enum4linux.pl.bak
sudo mv ~/enum4linux/enum4linux.pl /usr/share/enum4linux/
sudo chown root:root /usr/share/enum4linux/enum4linux.pl
rm -rf ~/enum4linux

Help

enum4linux

Enumeration

# Can get: domain name, OS, share, domain SID, users, group
IP=x.x.x.x
enum4linux -a $IP > enum4linux.txt

enum4linux -M IPs.txt

enum4linux -a -u $USER -p $PASS $IP > enum4linux-authenticated.txt

From list of IP addresses in a file

❗ Enum4Linux does not support a list of IP addresses in a file.

for IP in $(cat IPs.txt); do enum4linux -a $IP > enum4linux_${IP}.txt; done

All enumeration – except dictionary based share name guessing

enum4linux -a $IP

Verbose – Shows full commands being run

enum4linux -v $IP

Get OS information

enum4linux -o $IP

Enumerate users

Pulls usernames from the default RID range (500-550,1000-1050).

enum4linux -r $IP

Enumerate groups

enum4linux -G $IP

Enumerate Windows shares

enum4linux -S $IP