Enum4linux Cheat Sheet
enum4linux is a Perl tool used to enumerate SMB (Samba/Windows) information from remote hosts. It is widely used during network reconnaissance and Active Directory assessments.
Basic Usage
enum4linux <target_ip>
Full Enumeration
enum4linux -a <target_ip>
Performs: - OS discovery - User enumeration - Group enumeration - Share listing - Password policy checks
Enumerate Users
enum4linux -U <target_ip>
Enumerate Groups
enum4linux -G <target_ip>
Enumerate Shares
enum4linux -S <target_ip>
Password Policy
enum4linux -P <target_ip>
RID Cycling
enum4linux -r <target_ip>
Discovers users via RID brute forcing.
Use Credentials
enum4linux -u username -p password <target_ip>
Improves results when anonymous access is restricted.
Null Session Check
enum4linux -n <target_ip>
Typical Workflow
nmap -p 445 <target_ip>
enum4linux -a <target_ip>
smbclient -L //<target_ip>
Common Findings
- Valid usernames
- Writable shares
- Weak password policies
- Legacy SMB configurations
Common Issues
No SMB services found
- SMB port closed or filtered
- SMBv1 disabled
Access denied
- Anonymous enumeration disabled
- Try with credentials
Alternatives
enum4linux-ngsmbmapcrackmapexecrpcclient
Use Cases
- Initial network reconnaissance
- Active Directory enumeration
- Lateral movement preparation
Legal Notice
Danger
Enumerate SMB services only on authorized systems.