[](<https://1.bp.blogspot.com/-n_GKgqLlqFw/XsCE2zggfMI/AAAAAAAASn4/HRITC2CZR-Qj2bdOgDNIoQynwOrpLt3gwCNcBGAsYHQ/s1600/enumy.png>)
Enumy is portable executable that you drop on target Linux machine during a [pentest](<https://www.kitploit.com/search/label/Pentest> "pentest" ) or CTF in the [post exploitation](<https://www.kitploit.com/search/label/Post%20Exploitation> "post exploitation" ) phase. Running enumy will enumerate the box for common security vulnerabilities. Enumy has a Htop like Ncurses interface or a standard interface for dumb reverse shells.
**Installation**
You can download the final binary from the release x86 or x64 tab. _Statically linked to musl_ Transfer the final enumy binary to the target machine
* [latest release](<https://github.com/luke-goddard/enumy/releases> "latest release" )
./enumy
**Who Should Use Enumy?**
* Pentester can run on a target machine raisable issues for their reports.
* CTF players can use it identify things that they might have missed.
* People who are curious to know how many isues enumy finds on their local machine?
**Options**
$ ./enumy64 -h
▄█▀─▄▄▄▄▄▄▄─▀█▄ _____
▀█████████████▀ | __|___ _ _ _____ _ _
█▄███▄█ | __| | | | | | |
█████ |_____|_|_|___|_|_|_|_ |
█▀█▀█ |___|
------------------------------------------
Enumy - Used to enumerate the target environment and look for common
security [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> "vulnerabilities" ) and hostspots
-o <loc> Save results to location
-i <loc> Ignore files in this directory (usefull for network shares)
-w <loc> Only walk files in thi s directory (usefull for devlopment)
-t <num> Threads (default 4)
-f Run full scans
-d Display [debugging](<https://www.kitploit.com/search/label/Debugging> "debugging" ) information
-n Enabled ncurses
-h Show help
**Compilation**
To compile during _devlopment_, make libcap and the ncurses libary is all that is required.
make
To remove the glibc dependency and statically link all libaries/compile with musl do the following. _Note to do this you will have to have docker installed to create the apline build environment._
./build.sh 64bit ./build.sh 32bit ./build.sh all cd output
**Scans That've Been Implemented**
Below is the ever growing list of scans that have been implemented.
**Quck Scan**
* SUID/GUID scans
* File capabilities
* Interesting files scan
* Coredump scan
* Breakout binary scan
**Full Scan**
* Quick Scan
* Binary analysis
**Scan Times**
Changing the default number of threads is pretty pointless **unless** you're running a full scan. A full scan will do a lot more IO so more threads greatly decrease scan times. These are the scan times with a i7-8700k and 2 million files scanned.
**Quick Scan Times**
* 2 Thread -> `system 70% cpu 54.093 total`
* 2 Thread -> `system 121% cpu 26.122 total`
* 4 Thread -> `system 289% cpu 15.657 total`
* 8 Threads -> `system 468% cpu 15.863 total`
* 12 Thread -> `system 420% cpu 20.548 total`
**Full Scan Times**
* 1 Thread -> `system 50% cpu 3:16.38 total`
* 2 Thread -> `system 86% cpu 1:33.95 total`
* 4 Thread -> `system 165% cpu 47.753 total`
* 8 Threads -> `system 366% cpu 29.768 total`
* 12 Thread -> `system 467% cpu 29.815 total`
**How To Contribute**
* If you can think of a scan idea that has not been implemented, raise it as an issue.
* Make a pull request, make sure that.
* Each scan is given a unique ID
* Multiple related scans are in the same file.
* No more than one scan/test per function.
**[Download Enumy](<https://github.com/luke-goddard/enumy> "Download Enumy" )**
{"id": "KITPLOIT:6384515767173020709", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Enumy - Linux Post Exploitation Privilege Escalation Enumeration", "description": "[](<https://1.bp.blogspot.com/-n_GKgqLlqFw/XsCE2zggfMI/AAAAAAAASn4/HRITC2CZR-Qj2bdOgDNIoQynwOrpLt3gwCNcBGAsYHQ/s1600/enumy.png>)\n\n \nEnumy is portable executable that you drop on target Linux machine during a [pentest](<https://www.kitploit.com/search/label/Pentest> \"pentest\" ) or CTF in the [post exploitation](<https://www.kitploit.com/search/label/Post%20Exploitation> \"post exploitation\" ) phase. Running enumy will enumerate the box for common security vulnerabilities. Enumy has a Htop like Ncurses interface or a standard interface for dumb reverse shells. \n \n**Installation** \nYou can download the final binary from the release x86 or x64 tab. _Statically linked to musl_ Transfer the final enumy binary to the target machine \n\n\n * [latest release](<https://github.com/luke-goddard/enumy/releases> \"latest release\" )\n \n \n ./enumy\n\n \n**Who Should Use Enumy?** \n\n\n * Pentester can run on a target machine raisable issues for their reports.\n * CTF players can use it identify things that they might have missed.\n * People who are curious to know how many isues enumy finds on their local machine?\n \n**Options** \n\n \n \n $ ./enumy64 -h\n \n \u2584\u2588\u2580\u2500\u2584\u2584\u2584\u2584\u2584\u2584\u2584\u2500\u2580\u2588\u2584 _____\n \u2580\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2580 | __|___ _ _ _____ _ _\n \u2588\u2584\u2588\u2588\u2588\u2584\u2588 | __| | | | | | |\n \u2588\u2588\u2588\u2588\u2588 |_____|_|_|___|_|_|_|_ |\n \u2588\u2580\u2588\u2580\u2588 |___|\n \n ------------------------------------------\n \n Enumy - Used to enumerate the target environment and look for common\n security [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) and hostspots\n \n -o <loc> Save results to location\n -i <loc> Ignore files in this directory (usefull for network shares)\n -w <loc> Only walk files in thi s directory (usefull for devlopment)\n -t <num> Threads (default 4)\n -f Run full scans\n -d Display [debugging](<https://www.kitploit.com/search/label/Debugging> \"debugging\" ) information\n -n Enabled ncurses\n -h Show help\n\n \n**Compilation** \nTo compile during _devlopment_, make libcap and the ncurses libary is all that is required. \n\n \n \n make\n\nTo remove the glibc dependency and statically link all libaries/compile with musl do the following. _Note to do this you will have to have docker installed to create the apline build environment._ \n\n \n \n ./build.sh 64bit ./build.sh 32bit ./build.sh all cd output \n\n \n**Scans That've Been Implemented** \nBelow is the ever growing list of scans that have been implemented. \n \n**Quck Scan** \n\n\n * SUID/GUID scans\n * File capabilities\n * Interesting files scan\n * Coredump scan\n * Breakout binary scan\n \n**Full Scan** \n\n\n * Quick Scan\n * Binary analysis\n \n**Scan Times** \nChanging the default number of threads is pretty pointless **unless** you're running a full scan. A full scan will do a lot more IO so more threads greatly decrease scan times. These are the scan times with a i7-8700k and 2 million files scanned. \n \n**Quick Scan Times** \n\n\n * 2 Thread -> `system 70% cpu 54.093 total`\n * 2 Thread -> `system 121% cpu 26.122 total`\n * 4 Thread -> `system 289% cpu 15.657 total`\n * 8 Threads -> `system 468% cpu 15.863 total`\n * 12 Thread -> `system 420% cpu 20.548 total`\n \n**Full Scan Times** \n\n\n * 1 Thread -> `system 50% cpu 3:16.38 total`\n * 2 Thread -> `system 86% cpu 1:33.95 total`\n * 4 Thread -> `system 165% cpu 47.753 total`\n * 8 Threads -> `system 366% cpu 29.768 total`\n * 12 Thread -> `system 467% cpu 29.815 total`\n \n**How To Contribute** \n\n\n * If you can think of a scan idea that has not been implemented, raise it as an issue.\n * Make a pull request, make sure that. \n * Each scan is given a unique ID\n * Multiple related scans are in the same file.\n * No more than one scan/test per function.\n \n \n\n\n**[Download Enumy](<https://github.com/luke-goddard/enumy> \"Download Enumy\" )**\n", "published": "2020-06-01T12:30:00", "modified": "2020-06-01T12:30:08", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2020/06/enumy-linux-post-exploitation-privilege.html", "reporter": "KitPloit", "references": ["https://github.com/luke-goddard/enumy", "https://github.com/luke-goddard/enumy/releases"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:54", "viewCount": 100, "enchantments": {"dependencies": {}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "_state": {"dependencies": 1659876597, "score": 1659818015}, "_internal": {"score_hash": "18dad975c31718e6849ce191196a6c42"}, "toolHref": "https://github.com/luke-goddard/enumy"}