From 34bf5e258b13807778899ba5fa6e5167e0cf0266 Mon Sep 17 00:00:00 2001 From: jsav0 Date: Mon, 27 Apr 2020 22:42:54 -0400 Subject: [PATCH 1/2] added interactive mode to allow manual stepping through the output --- LinEnum.sh | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/LinEnum.sh b/LinEnum.sh index d8c69f2..949cca9 100755 --- a/LinEnum.sh +++ b/LinEnum.sh @@ -35,6 +35,12 @@ echo -e "\e[00;33m# $version\e[00m\n" } +is_interactive() { + printf "\n" + read -p "Press any key to continue.." + printf "\n" +} + debug_info() { echo "[-] Debug Info" @@ -111,6 +117,9 @@ if [ "$hostnamed" ]; then echo -e "\e[00;31m[-] Hostname:\e[00m\n$hostnamed" echo -e "\n" fi + +[ "$interactive" ] && is_interactive + } user_info() @@ -350,6 +359,9 @@ if [ "$sshrootlogin" = "yes" ]; then echo -e "\e[00;31m[-] Root is allowed to login via SSH:\e[00m" ; grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v "#" echo -e "\n" fi + +[ "$interactive" ] && is_interactive + } environmental_info() @@ -413,6 +425,9 @@ if [ "$export" ] && [ "$logindefs" ]; then mkdir $format/etc-export/ 2>/dev/null cp /etc/login.defs $format/etc-export/login.defs 2>/dev/null fi + +[ "$interactive" ] && is_interactive + } job_info() @@ -480,6 +495,8 @@ if [ "$systemdtimers" ]; then echo -e "\n" fi +[ "$interactive" ] && is_interactive + } networking_info() @@ -564,6 +581,9 @@ if [ ! "$udpservs" ] && [ "$udpservsip" ]; then echo -e "\e[00;31m[-] Listening UDP:\e[00m\n$udpservsip" echo -e "\n" fi + +[ "$interactive" ] && is_interactive + } services_info() @@ -697,6 +717,9 @@ if [ "$systemdperms" ]; then echo -e "\e[00;33m[+] /lib/systemd/* config files not belonging to root:\e[00m\n$systemdperms" echo -e "\n" fi + +[ "$interactive" ] && is_interactive + } software_configs() @@ -805,6 +828,8 @@ if [ "$thorough" = "1" ]; then fi fi +[ "$interactive" ] && is_interactive + } interesting_files() @@ -947,6 +972,7 @@ privatekeyfiles=`grep -rl "PRIVATE KEY-----" /home 2>/dev/null` echo -e "\e[00;33m[+] Private SSH keys found!:\e[00m\n$privatekeyfiles" echo -e "\n" fi +[ "$interactive" ] && is_interactive fi #look for AWS keys - thanks djhohnstein @@ -956,6 +982,7 @@ awskeyfiles=`grep -rli "aws_secret_access_key" /home 2>/dev/null` echo -e "\e[00;33m[+] AWS secret keys found!:\e[00m\n$awskeyfiles" echo -e "\n" fi +[ "$interactive" ] && is_interactive fi #look for git credential files - thanks djhohnstein @@ -965,6 +992,7 @@ gitcredfiles=`find / -name ".git-credentials" 2>/dev/null` echo -e "\e[00;33m[+] Git credentials saved on the machine!:\e[00m\n$gitcredfiles" echo -e "\n" fi +[ "$interactive" ] && is_interactive fi #list all world-writable files excluding /proc and /sys @@ -974,6 +1002,7 @@ wwfiles=`find / ! -path "*/proc/*" ! -path "/sys/*" -perm -2 -type f -exec ls -l echo -e "\e[00;31m[-] World-writable files (excluding /proc and /sys):\e[00m\n$wwfiles" echo -e "\n" fi +[ "$interactive" ] && is_interactive fi if [ "$thorough" = "1" ]; then @@ -981,6 +1010,7 @@ if [ "$thorough" = "1" ]; then mkdir $format/ww-files/ 2>/dev/null for i in $wwfiles; do cp --parents $i $format/ww-files/; done 2>/dev/null fi +[ "$interactive" ] && is_interactive fi #are any .plan files accessible in /home (could contain useful information) @@ -1006,6 +1036,8 @@ if [ "$export" ] && [ "$bsdusrplan" ]; then for i in $bsdusrplan; do cp --parents $i $format/plan_files/; done 2>/dev/null fi +[ "$interactive" ] && is_interactive + #are there any .rhosts files accessible - these may allow us to login as another user etc. rhostsusr=`find /home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;` if [ "$rhostsusr" ]; then @@ -1061,6 +1093,7 @@ if [ "$thorough" = "1" ]; then echo -e "$fstab" echo -e "\n" fi +[ "$interactive" ] && is_interactive fi #looking for credentials in /etc/fstab @@ -1255,6 +1288,9 @@ if [ "$export" ] && [ "$readmailroot" ]; then mkdir $format/mail-from-root/ 2>/dev/null cp $readmailroot $format/mail-from-root/ 2>/dev/null fi + +[ "$interactive" ] && is_interactive + } docker_checks() @@ -1294,6 +1330,9 @@ if [ "$dockeryml" ]; then echo -e "\e[00;31m[-] Anything juicy in docker-compose.yml:\e[00m\n$dockeryml" echo -e "\n" fi + +[ "$interactive" ] && is_interactive + } lxc_container_checks() @@ -1336,13 +1375,14 @@ call_each() footer } -while getopts "h:k:r:e:st" option; do +while getopts "h:k:r:e:sti" option; do case "${option}" in k) keyword=${OPTARG};; r) report=${OPTARG}"-"`date +"%d-%m-%y"`;; e) export=${OPTARG};; s) sudopass=1;; t) thorough=1;; + i) interactive=1;; h) usage; exit;; *) usage; exit;; esac From bf8e38e9e23c3f2023553381a5a0ebb70d371177 Mon Sep 17 00:00:00 2001 From: jsav0 Date: Mon, 27 Apr 2020 22:58:18 -0400 Subject: [PATCH 2/2] added interactive mode --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 97965f3..bb94bdd 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ OPTIONS: * -e Enter export location * -t Include thorough (lengthy) tests * -s Supply current user password to check sudo perms (INSECURE) +* -i Step through the output interactively * -r Enter report name * -h Displays this help text