enum4linux Cheatsheet
Tool for enumerating information from Windows and Samba systems via SMB.
Basic Syntax
enum4linux [options] <target>
Enumeration Options
| Option | Description |
|---|---|
-a | Do all simple enumeration (default) |
-U | Get user list |
-M | Get machine list |
-S | Get share list |
-P | Get password policy |
-G | Get group and member list |
-d | Detail mode (applies to -U and -S) |
-o | Get OS information |
-i | Get printer information |
-n | Do nmblookup (similar to nbtstat) |
-r | Enumerate users via RID cycling |
Authentication Options
| Option | Description | Example |
|---|---|---|
-u USER | Username | enum4linux -u admin 10.10.10.10 |
-p PASS | Password | enum4linux -u admin -p Password123 10.10.10.10 |
-w DOMAIN | Workgroup/domain | enum4linux -w MYDOMAIN 10.10.10.10 |
Common Examples
Full Enumeration (Anonymous)
enum4linux -a 10.10.10.10
Enumerate Users
enum4linux -U 10.10.10.10
Enumerate Shares
enum4linux -S 10.10.10.10
Enumerate Groups
enum4linux -G 10.10.10.10
Get Password Policy
enum4linux -P 10.10.10.10
RID Cycling (User Enumeration)
enum4linux -r 10.10.10.10
With Credentials
enum4linux -a -u admin -p Password123 10.10.10.10
Detailed User Enumeration
enum4linux -U -d 10.10.10.10
enum4linux-ng
Modern rewrite with additional features:
Installation
pip install enum4linux-ng
Basic Usage
enum4linux-ng 10.10.10.10
With Credentials
enum4linux-ng -u admin -p Password123 10.10.10.10
Output to JSON
enum4linux-ng -oJ output.json 10.10.10.10
Information Gathered
- Target information (hostname, domain, OS)
- User accounts and RIDs
- Group memberships
- Share listings and permissions
- Password policies
- Printer information
- NetBIOS names