nullinux is an internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. Unlike many of the enumeration tools out there already, nullinux can enumerate multiple targets at once and when finished, creates a users.txt file of all users found on the host(s). This file is formatted for direct implementation and further exploitation.This program assumes Python 2.7, and the Samba package are installed on the machine.
Features
- Enumerating Multiple Hosts at Oncenullinux provides several options for enumerating users and shares from multiple hosts. Although this can be completed with other tools using a bash loop, nullinux simplifies this process.Bash Loop: x=0;until [ $x -eq “3” ]; do enum4linux 192.168.1.$x; ((x++)); doneORpython nullinux.py -all 192.168.1.1-5python nullinux.py 192.168.1.1,192.168.1.7
- Creates user.txt file of all users enumeratedBy evoking the command line argument “-users”, nullinux will attempt to enumerate users through all available options and display the results on screen. nullinux will compile all users collected during enumeration into a single .txt file, free of duplicates. This nullinux_user.txt file can then be used for password spraying or other internal attacks.Nullinux can also be set to use non-invasive and lengthy techniques to enumerate users through the "-quick" option. This will perform a quick enumeration of users leaving out brute force options such as known usernames, rid cycling, and enumerating the LSA.
- Dynamic Share EnumerationThe command line argument “-shares” will attempt to enumerate all available shares on the host and automatically attempt to enumerate the directory of each share found. Simplifying what used to be a very manual process. Both “-shares” and “-users” can be implemented together using the “-all” command line argument.python nullinux.py -shares 192.168.1.1python nullinux.py -all 10.0.0.1
Usage
nullinux | v4.0
SMB Null Session Enumeration Tool
Scanning:
-shares Dynamically Enumerate all possible
shares. (formally: --enumshares)
-users Enumerate users through a variety of
techniques. (formally: --enumusers)
-quick Quickly enumerate users, leaving out brute
force options. (used with: -users, or -all)
-all Enumerate both users and shares
(formally: --all)
Host:
-U Set username (optional)
-P Set password (optional)
More Options:
-v Verbose Output
-h Help menu
Example Usage:
python nullinux.py -users -quick DC1.Domain.net
python nullinux.py -all 192.168.0.0-5
python nullinux.py -shares -U 'Domain\User' -P 'Password1' 10.0.0.1,10.0.0.5
python nullinux.py 10.0.0.0/24
Share This :
comment 0 comments
more_vert