• Stars
    star
    515
  • Rank 85,879 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created over 8 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

nullinux

        

Nullinux is an internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB. If no username and password are provided in the command line arguments, an anonymous login, or null session, is attempted. Nullinux acts as a wrapper around the Samba tools smbclient & rpcclient to enumerate hosts using a variety of techniques.

Key Features:

  • Single or multi-host enumeration
  • Enumerate shares and list files in root directory
  • Enumerate users & groups
  • Multi-threaded RID Cycling
  • Creates a formatted nullinux_users.txt output file free of duplicates for further exploitation
  • Python 2.7 & 3 compatible

For more information, and example output, visit the wiki page.

Getting Started

In the Linux terminal run:

git clone https://github.com/m8sec/nullinux
cd nullinux
sudo bash setup.sh

Usage

positional arguments:
  target                    Target server
optional arguments:
  -h, --help                show this help message and exit
  -v                        Verbose output
  -o OUTPUT_FILE            Output users to the specified file
  
Authentication:
  -u USERNAME, -U USERNAME  Username
  -p PASSWORD, -P PASSWORD  Password
  
Enumeration:
  -shares                 Enumerate shares only
  -users                  Enumerate users only
  -q, -quick              Fast user enumeration
  -r, -rid                Perform RID cycling only
  -range RID_RANGE        Set Custom RID cycling range (Default: '500-550')
  -T MAX_THREADS          Max threads for RID cycling (Default: 15)

More Repositories

1

CrossLinked

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Python
806
star
2

subscraper

Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.
Python
665
star
3

pymeta

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Python
382
star
4

ActiveReign

A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
Python
239
star
5

enumdb

Relational database brute force and post exploitation tool for MySQL and MSSQL
Python
211
star
6

ldap_search

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Python
91
star
7

taser

Python resource library for creating security related tooling
Python
79
star
8

CVE-2021-34527

PrintNightmare (CVE-2021-34527) PoC Exploit
Python
74
star
9

SubWalker

Simultaneously execute various subdomain enumeration tools and aggregate results.
Shell
33
star
10

OffsecDev

Working repo used to experiment with various languages as it relates to offensive security & evasion.
Python
23
star
11

transportc2

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
Python
22
star
12

EAPrimer

C# project that Reflectively loads .Net assemblies in memory.
PowerShell
13
star
13

ipparser

Python module to parse IPv4 addresses / target information and return a single list for iteration. Useful when creating security or network related tools.
Python
9
star
14

m8sec.github.io

https://m8sec.dev
HTML
2
star