Skip to content
Disclaimer: This material is provided for educational purposes and authorized security testing only. You are solely responsible for how you use the information. Do not use these techniques on systems without explicit permission from the owner. We do not encourage any kind of illegal or harmful activity

Enum4Linux

Enum4Linux is a Linux-based command-line tool used for gathering information from Windows machines and Samba servers.
It is commonly used by penetration testers and security professionals to perform SMB (Server Message Block) enumeration.

Basic Usage

  1. Run basic enumeration against a target:

    enum4linux [IP-ADDRESS]

  2. Run full basic enumeration (all options):

    enum4linux -a [IP-ADDRESS]

User and Group Enumeration

  1. Enumerate users:

    enum4linux -U [IP-ADDRESS]

  2. Enumerate users with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -U [IP-ADDRESS]

  3. Enumerate groups:

    enum4linux -G [IP-ADDRESS]

  4. Enumerate groups with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -G [IP-ADDRESS]

RID Cycling

  1. Perform RID cycling to enumerate users:

    enum4linux -r [IP-ADDRESS]

  2. Perform RID cycling with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -r [IP-ADDRESS]

Share Enumeration

  1. List shares on the target:

    enum4linux -S [IP-ADDRESS]

  2. List shares with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -S [IP-ADDRESS]

  3. List publicly accessible shares:

    enum4linux -s [IP-ADDRESS]

  4. List publicly accessible shares with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -s [IP-ADDRESS]

Password Policy Enumeration

  1. Retrieve password policy:

    enum4linux -P [IP-ADDRESS]

  2. Retrieve password policy with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -P [IP-ADDRESS]

Domain and Workgroup Information

  1. Get domain and workgroup information:

    enum4linux -n [IP-ADDRESS]

  2. Get domain and workgroup information with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -n [IP-ADDRESS]

OS Information

  1. Get OS information:

    enum4linux -o [IP-ADDRESS]

  2. Get OS information with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -o [IP-ADDRESS]

Detailed Report

  1. Perform all basic checks:

    enum4linux -a [IP-ADDRESS]

  2. Perform all basic checks with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -a [IP-ADDRESS]

Miscellaneous

  1. List hostnames:

    enum4linux -i [IP-ADDRESS]

  2. List hostnames with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -i [IP-ADDRESS]

  3. Check for null sessions:

    enum4linux -N [IP-ADDRESS]

  4. Check for null sessions with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -N [IP-ADDRESS]

  5. List all available options:

    enum4linux -A [IP-ADDRESS]

  6. List all available options with credentials:

    enum4linux -u [USERNAME] -p [PASSWORD] -A [IP-ADDRESS]