You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This tool is a rewrite of Mark Lowe's enum4linux.pl, a tool for enumerating information from Windows and Samba systems. It is mainly a wrapper around the Samba tools nmblookup, net,
78
-
rpcclient and smbclient. Other than the original tool it allows to export enumeration results as YAML or JSON file, so that it can be further processed with other tools. The tool tries to
79
-
do a 'smart' enumeration. It first checks whether SMB or LDAP is accessible on the target. Depending on the result of this check, it will dynamically skip checks (e.g. LDAP checks if LDAP
80
-
is not running). If SMB is accessible, it will always check whether a session can be set up or not. If no session can be set up, the tool will stop enumeration. The enumeration process can
81
-
be interupted with CTRL+C. If the options -oJ or -oY are provided, the tool will write out the current enumeration state to the JSON or YAML file, once it receives SIGINT triggered by
82
-
CTRL+C. The tool was made for security professionals and CTF players. Illegal use is prohibited.
78
+
This tool is a rewrite of Mark Lowe's enum4linux.pl, a tool for enumerating information from Windows and Samba systems. It is mainly a wrapper around the Samba tools nmblookup, net, rpcclient and smbclient. Other than the original
79
+
tool it allows to export enumeration results as YAML or JSON file, so that it can be further processed with other tools. The tool tries to do a 'smart' enumeration. It first checks whether SMB or LDAP is accessible on the target.
80
+
Depending on the result of this check, it will dynamically skip checks (e.g. LDAP checks if LDAP is not running). If SMB is accessible, it will always check whether a session can be set up or not. If no session can be set up, the
81
+
tool will stop enumeration. The enumeration process can be interupted with CTRL+C. If the options -oJ or -oY are provided, the tool will write out the current enumeration state to the JSON or YAML file, once it receives SIGINT
82
+
triggered by CTRL+C. The tool was made for security professionals and CTF players. Illegal use is prohibited.
83
83
84
84
positional arguments:
85
85
host
86
86
87
-
optional arguments:
87
+
options:
88
88
-h, --help show this help message and exit
89
89
-A Do all simple enumeration including nmblookup (-U -G -S -P -O -N -I -L). This option is enabled if you don't provide any other option.
90
90
-As Do all simple short enumeration without NetBIOS names lookup (-U -G -S -P -O -I -L)
@@ -99,11 +99,14 @@ optional arguments:
99
99
-I Get printer information via RPC
100
100
-R Enumerate users via RID cycling
101
101
-N Do an NetBIOS names lookup (similar to nbtstat) and try to retrieve workgroup from output
102
-
-w WORKGROUP Specify workgroup/domain manually (usually found automatically)
102
+
-w DOMAIN Specify workgroup/domain manually (usually found automatically)
103
103
-u USER Specify username to use (default "")
104
104
-p PW Specify password to use (default "")
105
+
-K TICKET_FILE Try to authenticate with Kerberos, only useful in Active Directory environment
106
+
-H NTHASH Try to authenticate with hash
107
+
--local-auth Authenticate locally to target
105
108
-d Get detailed information for users and groups, applies to -U, -G and -R
106
-
-k USERS User(s) that exists on remote system (default: administrator,guest,krbtgt,domain admins,root,bin,none). Used to get sid with "lookupsid known_username"
109
+
-k USERS User(s) that exists on remote system (default: administrator,guest,krbtgt,domain admins,root,bin,none). Used to get sid with "lookupsids"
107
110
-r RANGES RID ranges to enumerate (default: 500-550,1000-1050)
108
111
-s SHARES_FILE Brute force guessing for shares
109
112
-t TIMEOUT Sets connection timeout in seconds (default: 5s)
0 commit comments