Vulnerability Analysis

nullinux – SMB null Session Identification and Enumeration Tool

nullinux is an internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. Unlike many of the enumeration tools out there already, nullinux can enumerate multiple targets at once and when finished, creates a users.txt file of all users found on the host(s). This file is formatted for direct implementation and further exploitation. This program assumes Python 2.7, and the Samba package are installed on the machine.

Features
    1. Enumerating Multiple Hosts at Once
       nullinux provides several options for enumerating users and shares from multiple hosts. Although this can be completed with other tools using a bash loop, nullinux simplifies this process.
       Bash Loop: x=0;until [ $x -eq “3” ]; do enum4linux 192.168.1.$x; ((x++)); done
      OR
      python nullinux.py -all 192.168.1.1-5
      python nullinux.py 192.168.1.1,192.168.1.7
    1. Creates user.txt file of all users enumerated
      By evoking the command line argument “-users”, nullinux will attempt to enumerate users through all available options and display the results on screen. nullinux will compile all users collected during enumeration into a single .txt file, free of duplicates. This nullinux_user.txt file can then be used for password spraying or other internal attacks.
      Nullinux can also be set to use non-invasive and lengthy techniques to enumerate users through the “-quick” option. This will perform a quick enumeration of users leaving out brute force options such as known usernames, rid cycling, and enumerating the LSA.
  1. Dynamic Share Enumeration
    The command line argument “-shares” will attempt to enumerate all available shares on the host and automatically attempt to enumerate the directory of each share found. Simplifying what used to be a very manual process. Both “-shares” and “-users” can be implemented together using the “-all” command line argument.
    python nullinux.py -shares 192.168.1.1
    python nullinux.py -all 10.0.0.1

Usage

                 nullinux | v4.0
         SMB Null Session Enumeration Tool

Scanning:
    -shares             Dynamically Enumerate all possible
                        shares. (formally: --enumshares)

    -users              Enumerate users through a variety of
                        techniques. (formally: --enumusers)

    -quick              Quickly enumerate users, leaving out brute
                        force options. (used with: -users, or -all)

    -all                Enumerate both users and shares
                        (formally: --all)

Host:
    -U                  Set username (optional)
    -P                  Set password (optional)

More Options:
    -v                  Verbose Output
    -h                  Help menu

Example Usage:
    python nullinux.py -users -quick DC1.Domain.net
    python nullinux.py -all 192.168.0.0-5
    python nullinux.py -shares -U 'Domain\User' -P 'Password1' 10.0.0.1,10.0.0.5
    python nullinux.py 10.0.0.0/24

Download nullinux

About the author

Icarus

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: