Nullinux is an internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB. If no username and password are provided in the command line arguments, an anonymous login, or null session, is attempted. Nullinux acts as a wrapper around the Samba tools smbclient & rpcclient to enumerate hosts using a variety of techniques.

Key Features:

• Single or multi-host enumeration
• Enumerate shares and list files in root directory
• Enumerate users & groups
• Multi-threaded RID Cycling
• Creates a formatted nullinux_users.txt output file free of duplicates for further exploitation
• Python 2.7 & 3 compatible

For more information, and example output, visit the wiki page.

In the Linux terminal run:

git clone https://github.com/m8r0wn/nullinux
cd nullinux
sudo bash setup.sh

positional arguments:
  target                Target server
optional arguments:
  -h, --help            show this help message and exit
  -v                    Verbose output
Authentication:
  -u USERNAME, -U USERNAME Username
  -p PASSWORD, -P PASSWORD Password
Enumeration:
  -shares               Enumerate shares only
  -users                Enumerate users only
  -q, -quick            Fast user enumeration
  -r, -rid              Perform RID cycling only
  -range RID_RANGE      Set Custom RID cycling range (Default: '500-550')
  -T MAX_THREADS        Max threads for RID cycling (Default: 15)