linPEAS is a server vulnerability and information scanner script written in pure shell.

It's one of the first things you should launch after gaining access to the server, since it will tell you a lot of useful information such as:

  • System information (useful for testing old CVEs)
  • Password files
  • Binaries permissions
  • Cron Jobs

However, it's not a magic get-root script. You still need some knowledge to analyze the output and try to build a way to make a lateral-movement or escalate privileges.


Pretty straightforward, so I won't really go into details

Giving execution privileges after downloading it
chmod +x
Executing it and dumping output to file
./ -a > /tmp/linpeas.txt


Example output
linpeas v2.3.8 by carlospolop

ADVISORY: linpeas should be used for authorized penetration testing and/or educational purposes only. Any misuse of t
his software will not be the responsibility of the author or of any other collaborator. Use it at your own networks a
nd/or with the network owner's permission.

Linux Privesc Checklist:
  RED/YELLOW: 99% a PE vector
  RED: You must take a look at it
  LightCyan: Users with console
  Blue: Users without console & mounted devs
  Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs)
  LightMangenta: Your username

====================================( Basic information )=====================================
OS: Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) ( (gcc version 4.3.5 (Debian 4.3.5-4) ) #1
 SMP Tue May 13 16:34:35 UTC 2014
User & Groups: uid=1000(user) gid=1001(john) groups=1001(john),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(pl
Hostname: debian
Writable folder: /dev/shm
[+] /bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h)
[+] /bin/nc is available for network discover & port scanning (linpeas can discover hosts and scan ports, learn more
with -h)
[+] nmap is available for network discover & port scanning, you should use it yourself