As with Windows, there are many tools and local Linux commands you can use to enumerate information. For example, once you compromise a Linux machine in Metasploit, you can use the post/linux/enum_system module to get information about the system. Additional enumeration modules include:
You can also use nmap -O or -sV scans to fingerprint the operating system and interrogate its services. If the Linux host is running the Samba service, you can use nmap smb-* NSE scripts and rpcclient commands against the target. For example:
If you prefer to use built-in Bash commands, there is a very wide range to choose from. The following table lists just a few you can choose from. Some require root privilege. If you receive a "Permission denied" error, start the command with sudo and supply the root password when prompted.
Note: Commands may vary between Linux distributions.
Local Linux Bash Command
Show all available system information.
Show computer host name.
Show route table.
Show ARP cache.
Show interface configuration, including IP address.
Show TCP listening ports and socket status.
Show UDP listening ports and socket status.
Display any firewall rules.
Show mounted storage devices or file systems.
List all packages installed on the system.
List information about Apache2 web server.
List information about MySQL.
Show disk information.
Show distribution information.
Show information about the CPU.
List DNS servers host is using.
List interface IP configuration.
List all users on the system.
List all groups on the system.
Show user hashes (privileged command).
List currently logged in users.
List currently logged in users and their processes.
Show when all users last logged in.
Show current user name.
Show current user information.
List programs current user can run as root.
find | head
Find all files in the current directory and sub-directories.