darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Carlos Polop 2022-09-01 20:12:39 +02:00 committed by GitHub
parent 8b444ba674
commit 55faa3b5e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
linPEAS/README.md
View File

@ -106,25 +106,36 @@ This script has **several lists** included inside of it to be able to **color th
``` ```
Enumerate and search Privilege Escalation vectors. Enumerate and search Privilege Escalation vectors.
This tool enum and search possible misconfigurations (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...) inside the host and highlight possible misconfigurations with colors. This tool enum and search possible misconfigurations (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...) inside the host and highlight possible misconfigurations with colors.
-h To show this message Checks:
-q Do not show banner -o Only execute selected checks (system_information,container,cloud,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files,api_keys_regex). Select a comma separated list.
-e Perform extra enumeration -s Stealth & faster (don't check some time consuming checks)
-s SuperFast (don't check some time consuming checks) - Stealth mode -e Perform extra enumeration
-a All checks except regexes - Noisy mode, for CTFs mainly -t Automatic network scan & Internet conectivity checks - This option writes to files
-r Activate Regexes (this can take from some mins to several hours) -r Enable Regexes (this can take from some mins to hours)
-f </FOLDER/PATH> Execute linpeas to search passwords/file permissions misconfigs inside a folder -P Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su'
-w Wait execution between big blocks of checks -D Debug mode
-N Do not use colours
-D Debug mode Network recon:
-P Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' -t Automatic network scan & Internet conectivity checks - This option writes to files
-o Only execute selected checks (system_information,container,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files,api_keys_regex). Select a comma separated list. -d <IP/NETMASK> Discover hosts using fping or ping. Ex: -d 192.168.0.1/24
-L Force linpeas execution. -p <PORT(s)> -d <IP/NETMASK> Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports. Ex: -d 192.168.0.1/24 -p 53,139
-M Force macpeas execution. -i <IP> [-p <PORT(s)>] Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead. Ex: -i 127.0.0.1 -p 53,80,443,8000,8080
-d <IP/NETMASK> Discover hosts using fping or ping. Ex: -d 192.168.0.1/24 Notice that if you specify some network scan (options -d/-p/-i but NOT -t), no PE check will be performed
-p <PORT(s)> -d <IP/NETMASK> Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports. Ex: -d 192.168.0.1/24 -p 53,139
-i <IP> [-p <PORT(s)>] Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead. Ex: -i 127.0.0.1 -p 53,80,443,8000,8080 Port forwarding:
-t Automatic network scan (host discovery and port scanning) - This option writes to files -F LOCAL_IP:LOCAL_PORT:REMOTE_IP:REMOTE_PORT Execute linpeas to forward a port from a local IP to a remote IP
Notice that if you specify some network scan (options -d/-p/-i but NOT -t), no PE check will be performed
Firmware recon:
-f </FOLDER/PATH> Execute linpeas to search passwords/file permissions misconfigs inside a folder
Misc:
-h To show this message
-w Wait execution between big blocks of checks
-L Force linpeas execution
-M Force macpeas execution
-q Do not show banner
-N Do not use colours
``` ```
## Hosts Discovery and Port Scanning ## Hosts Discovery and Port Scanning