Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
Total 1 files
■ ■ ■ ■ ■ ■
linPEAS/README.md
skipped 105 lines
106
106
```
107
107
Enumerate and search Privilege Escalation vectors.
108
108
This tool enum and search possible misconfigurations (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...) inside the host and highlight possible misconfigurations with colors.
109
-
-h To show this message
110
-
-q Do not show banner
111
-
-e Perform extra enumeration
112
-
-s SuperFast (don't check some time consuming checks) - Stealth mode
113
-
-a All checks except regexes - Noisy mode, for CTFs mainly
114
-
-r Activate Regexes (this can take from some mins toseveral hours)
115
-
-f </FOLDER/PATH> Execute linpeas to search passwords/file permissions misconfigs inside a folder
116
-
-w Wait execution between big blocks of checks
117
-
-N Do not use colours
118
-
-D Debug mode
119
-
-P Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
120
-
-o Only execute selected checks (system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files,api_keys_regex). Select a comma separated list.
121
-
-L Force linpeas execution.
122
-
-M Force macpeas execution.
123
-
-d <IP/NETMASK> Discover hosts using fping or ping. Ex: -d 192.168.0.1/24
124
-
-p <PORT(s)> -d <IP/NETMASK> Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports. Ex: -d 192.168.0.1/24 -p 53,139
125
-
-i <IP> [-p <PORT(s)>] Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead. Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
126
-
-t Automatic network scan (host discovery and port scanning) - This option writes to files
127
-
Notice that if you specify some network scan (options -d/-p/-i but NOT -t), no PE check will be performed
109
+
Checks:
110
+
-o Only execute selected checks (system_information,container,cloud,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files,api_keys_regex). Select a comma separated list.
111
+
-s Stealth & faster (don't check some time consuming checks)
112
+
-e Perform extra enumeration
113
+
-t Automatic network scan & Internet conectivity checks - This option writes to files
114
+
-r Enable Regexes (this can take from some mins to hours)
115
+
-P Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
116
+
-D Debug mode
117
+
118
+
Network recon:
119
+
-t Automatic network scan & Internet conectivity checks - This option writes to files
120
+
-d <IP/NETMASK> Discover hosts using fping or ping. Ex: -d 192.168.0.1/24
121
+
-p <PORT(s)> -d <IP/NETMASK> Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports. Ex: -d 192.168.0.1/24 -p 53,139
122
+
-i <IP> [-p <PORT(s)>] Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead. Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
123
+
Notice that if you specify some network scan (options -d/-p/-i but NOT -t), no PE check will be performed
124
+
125
+
Port forwarding:
126
+
-F LOCAL_IP:LOCAL_PORT:REMOTE_IP:REMOTE_PORT Execute linpeas to forward a port from a local IP to a remote IP
127
+
128
+
Firmware recon:
129
+
-f </FOLDER/PATH> Execute linpeas to search passwords/file permissions misconfigs inside a folder