Scribd
Upload
303 views

Enum4linux Cheat Sheet - Commands & Examples

enum4linux is a Perl script that uses Samba tools to get information from Windows and Samba systems, such as userlist, sharelist, password policy, OS version, etc.

Uploaded by

bagdaran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
303 views

Enum4linux Cheat Sheet - Commands & Examples

enum4linux is a Perl script that uses Samba tools to get information from Windows and Samba systems, such as userlist, sharelist, password policy, OS version, etc.

Uploaded by

bagdaran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

7/10/24, 3:53 PM enum4linux Cheat Sheet - Commands & Examples

enum4linux Cheat Sheet - Commands &


Examples
29 Mar 2015 Arr0way

What is enum4linux

enum4linux is an alternative to enum.exe on Windows, enum4linux is used


by penetration testers to enumerate Windows and Samba hosts.

enum4linux provides the following functionality:

RID cycling (When RestrictAnonymous is set to 1 on Windows 2000)


User listing (When RestrictAnonymous is set to 0 on Windows 2000)
Listing of group membership information
Share enumeration
Detecting if host is in a workgroup or a domain
Identifying the remote operating system
Password policy retrieval (using polenum)

enum4linux Cheat Sheet

COMMAND DESCRIPTION

Verbose mode, shows the underlying


enum4linux -v target-ip commands being executed by
enum4linux

Do Everything, runs all options apart


enum4linux -a target-ip from dictionary based share name
guessing

Lists usernames, if the server allows


enum4linux -U target-ip
it - (RestrictAnonymous = 0)

enum4linux -u administrator If you've managed to obtain


-p password -U target-ip credentials, you can pull a full list of

https://highon.coffee/blog/enum4linux-cheat-sheet/ 1/3
7/10/24, 3:53 PM enum4linux Cheat Sheet - Commands & Examples

COMMAND DESCRIPTION
users regardless of the
RestrictAnonymous option

Pulls usernames from the default


enum4linux -r target-ip
RID range (500-550,1000-1050)

Pull usernames using a custom RID


enum4linux -R 600-660 target-ip
range

Lists groups. if the server allows it,


enum4linux -G target-ip you can also specify username -u
and password -p

List Windows shares, again you can


enum4linux -S target-ip also specify username -u and
password -p

Perform a dictionary attack, if the


enum4linux -s shares.txt target-ip server doesn't let you retrieve a
share list

Pulls OS information using


smbclient, this can pull the service
enum4linux -o target-ip
pack version on some versions of
Windows

Pull information about printers


enum4linux -i target-ip
known to the remove device.

enum4linux Command Examples


The following are examples of enum4linux usage.

enum4linux Command Examples

The following command performs a complete enum4linux scan:

enum4linux -a target-ip

https://highon.coffee/blog/enum4linux-cheat-sheet/ 2/3
7/10/24, 3:53 PM enum4linux Cheat Sheet - Commands & Examples

The following command retrieves a list of usernames:

enum4linux -U target-ip

The following command retrieves the local machine groups:

enum4linux -G target-ip

enum4linux Multiple IP’s

The following command scans a subnet using enum4linux:

enum4linux -a target-subnet/24

https://highon.coffee/blog/enum4linux-cheat-sheet/ 3/3

You might also like