linPEAS is a server vulnerability and information scanner script written in pure shell.
It's one of the first things you should launch after gaining access to the server, since it will tell you a lot of useful information such as:
However, it's not a magic get-root script. You still need some knowledge to analyze the output and try to build a way to make a lateral-movement or escalate privileges.
Pretty straightforward, so I won't really go into details
chmod +x linpeas.sh
./linpeas.sh -a > /tmp/linpeas.txt
linpeas v2.3.8 by carlospolop ADVISORY: linpeas should be used for authorized penetration testing and/or educational purposes only. Any misuse of t his software will not be the responsibility of the author or of any other collaborator. Use it at your own networks a nd/or with the network owner's permission. Linux Privesc Checklist: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist LEGEND: RED/YELLOW: 99% a PE vector RED: You must take a look at it LightCyan: Users with console Blue: Users without console & mounted devs Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) LightMangenta: Your username ====================================( Basic information )===================================== OS: Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (email@example.com) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue May 13 16:34:35 UTC 2014 User & Groups: uid=1000(user) gid=1001(john) groups=1001(john),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(pl ugdev) Hostname: debian Writable folder: /dev/shm [+] /bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h) [+] /bin/nc is available for network discover & port scanning (linpeas can discover hosts and scan ports, learn more with -h) [+] nmap is available for network discover & port scanning, you should use it yourself