| Category | Tools / Commands | | --------------------------------------------- | ---------------------------------------------------------------------- | | **Manual** | | | Host information | `hostname` | | | `/etc/os-release` | | | `uname -a` | | User information | `whoami` | | | `id` | | | [[sudo -l]], [[sudo -l > Python]] | | | `/home/<user>` | | | `/home/<user>/.ssh` | | User/Group information | `/etc/passwd` | | | `/etc/group` | | | `getend group <group>` | | | `groups <user>` | | Network information | `arp -a` <br>IP addresses of hosts the target interacted with recently | | | `ifconfig` | | | `route -n` | | | `netstat -ano` | | | `/etc/resolv.conf` any local DNS servers | | Process information | `ps faux`<br>`ps auxww` | | | [[pspy]] | | Service information | `systemctl --type=service --state=running` | | Port/Session information | `ss -tulnp` | | | `netstat -tulnp` | | Installed softwares | `dpkg --list` | | | `/opt` | | System configuration files & privileged files | [[find]] | | | [[SUID]] | | | [[Capabilities]] | | | [[root priv + writable]] | | [[Cron jobs]] | `/etc/cron.d` | | | `/etc/cron.*` | | | `crontab -l` | | Variables | `$SHELL`, `$PATH` | | | [[PATH]] | | | [[env]] | | | `/var/log` | | Additional information | `/proc/self/cgroup` | | | `/.dockerenv` | | **Automated** | linPEAS | | | linEnum |