Add Linux post-authentication enumeration module over SSH#1045
Add Linux post-authentication enumeration module over SSH#1045liyander wants to merge 1 commit intoPennyw0rth:mainfrom
Conversation
liyander
requested review from
Marshall-Hallenbeck,
NeffIsBack,
mpgn and
zblurx
as code owners
|
is there is any update |
|
We'll have to see. This PR looks kinda AI generated. Which parts did you create? What was generated by AI? Any resources that should be linked? Also looking like a pretty large overlap to this PR: #897 |
|
Thanks for the feedback Regarding AI: the module design, command selection, and overall scope were done by me, based on common Linux enumeration techniques and reference code from existing tools. AI was only used lightly for integration and cleanup, not for generating the module logic itself. About the overlap with PR #897: while both touch sudo and SUID, the intent is different. PR #897 focuses on priv-esc analysis and GTFOBins mapping, whereas this module is strictly read-only enumeration for situational awareness — no exploitability checks, no GTFOBins, no escalation logic. If needed, i can adjust naming or add a short note in the docs to make this distinction clearer. |
|
is there is any update |
Nope, this will take time and we also have to look at overlapping functionality because a lot of the logic already exists. |
|
thankyou , will be waiting for the update |
2 participants
Summary
This PR introduces a new Linux enumeration module for NetExec that performs read-only, post-authentication discovery over SSH to help operators quickly assess potential privilege escalation paths after obtaining shell access.
The module is intentionally scoped to safe enumeration only and does not perform exploitation or modify the target system.
Features
Context Information
Sudo Privileges
sudo -lSUID Binaries
Scheduled Tasks
/etc/cron.*Design Goals
Usage
Scope (Non-Goals)
This module is intended purely for enumeration and situational awareness.