Note | Knowledge Garden

MSF Modules:

post/multi/recon/local_exploit_suggester # Select a session from options then just run the "Post Exploitation Module"

MSF Module	Description
`post/linux/gather/enum_configs`	This module collects configuration files found on commonly installed applications and services, such as Apache, MySQL, Samba, Sendmail, etc. If a config file is found in its default path, the module will assume that is the file we want.
`post/multi/gather/env`	This module prints out the operating system environment variables.
`post/linux/gather/enum_network`	This module gathers network information from the target system IPTables rules, interfaces, wireless information, open and listening ports, active network connections, DNS information and SSH information. Then u can access them by cat ing the files in msfconsole.
`post/linux/gather/checkvm` `post/linux/gather/checkcontainer`	This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and Parallels. ---=========== This module attempts to determine whether the system is running inside of a container and if so, which one. This module supports detection of Docker, WSL, LXC, Podman and systemd nspawn.
`post/linux/gather/enum_protections`	This module checks whether popular system hardening mechanisms are in place, such as SMEP, SMAP, SELinux, PaX and grsecurity. It also tries to find installed applications that can be used to hinder, prevent, or detect attacks, such as tripwire, snort, and apparmor. This module is meant to identify Linux Secure Modules (LSM) in addition to various antivirus, IDS/IPS, firewalls, sandboxes and other security related software.
`post/linux/gather/enum_system`	This module gathers system information. We collect installed packages, installed services, mount information, user list, user bash history and cron jobs
`post/linux/gather/enum_users_history`	This module gathers the following user-specific information: shell history, MySQL history, PostgreSQL history, MongoDB history, Vim history, lastlog, and sudoers.