enum4linux ⚙️

The Perl script is a powerful tool able to operate recon techniques for LDAP, NBT-NS and MS-RPC. It's an alternative to a similar program named enum.exe (C++) created for Windows systems. Lately, a rewrite of enum4linux in Python has surfaced, called The enum4linux scripts are mainly wrappers around the Samba tools nmblookup, net, rpcclient and smbclient.
The following techniques can be operated.
  • Service & port scan (for LDAP(S), SMB, NetBIOS, MS-RPC)
  • NetBIOS names and workgroup (via reverse lookup)
  • SMB dialects checks (SMBv1 only or SMBv1 and higher)
  • RPC sessions checks (checks if the user creds supplied are valid or if null session works)
  • Domain information via LDAP (find out whether host is a parent or child DC)
  • Domain information via RPC (via SMB named pipe \pipe\lsarpc for MS-RPC)
  • OS information via RPC (via SMB named pipe \pipe\srvsvc for MS-RPC)
  • Users, groups, shares, policies, printers, services via RPC
  • Users, groups and machines via RID cycling
  • SMB Share names bruteforcing
All of the techniques mentioned above (except RID cycling) will be operated when running the following command. -A $TARGET_IP
RID cycling can be enabled with the -R option.