As with Windows, there are many tools and local Linux commands you can use to enumerate information. For example, once you compromise a Linux machine in Metasploit, you can use the post/linux/enum_system module to get information about the system. Additional enumeration modules include:

  • enum_configs
  • enum_network
  • enum_protections
  • enum_users_history

You can also use nmap -O or -sV scans to fingerprint the operating system and interrogate its services. If the Linux host is running the Samba service, you can use nmap smb-* NSE scripts and rpcclient commands against the target. For example:

nmap -O
nmap -sV
nmap --script=smb-os-discovery
rpcclient -U ""

If you prefer to use built-in Bash commands, there is a very wide range to choose from. The following table lists just a few you can choose from. Some require root privilege. If you receive a "Permission denied" error, start the command with sudo and supply the root password when prompted.

Note: Commands may vary between Linux distributions.

Local Linux Bash Command


uname -a

Show all available system information.


Show computer host name.


Show route table.


Show ARP cache.


Show interface configuration, including IP address.

netstat -antp

Show TCP listening ports and socket status.

netstat -anup

Show UDP listening ports and socket status.

iptables -L

Display any firewall rules.


Show mounted storage devices or file systems.

dpkg -l

List all packages installed on the system.

apache2 -v

List information about Apache2 web server.

mysql --version

List information about MySQL.

df -a

Show disk information.

cat /etc/*-release

Show distribution information.

cat /proc/cpuinfo

Show information about the CPU.

cat /etc/resolv.conf

List DNS servers host is using.

cat /etc/network/interfaces

List interface IP configuration.

cat /etc/passwd

List all users on the system.

cat /etc/group

List all groups on the system.

cat /etc/shadow

Show user hashes (privileged command).


List currently logged in users.


List currently logged in users and their processes.


Show when all users last logged in.


Show current user name.


Show current user information.

sudo -l

List programs current user can run as root.

find | head

Find all files in the current directory and sub-directories.

find / -iname *.txt

Find all txt files (case insensitive) in /.

find / -type f -exec grep -l "password" {} \;

List file names containing the word "password".

find . -type f -name ".*"

Find all hidden files.