LinFo v0.6

LinFo v0.6

LinFo is a lightweight Linux system information and security enumeration tool designed for quick, comprehensive insights into a target system’s hardware, software, and security posture. It is intended for use by system administrators, penetration testers, and security researchers who need an efficient way to gather system details and identify potential security weaknesses.

---

Features

• Collects detailed OS and kernel information.
• Reports CPU, GPU, memory, disk usage, and package count.
• Detects desktop environment and display resolution.
• Enumerates network interfaces and IP/MAC addresses.
• Provides an extensive security report covering firewall status, SELinux/AppArmor, kernel hardening features, SUID binaries, permissions, listening ports, and more.
• Gathers "loot" relevant for red team operations: suspicious cron jobs, writable directories, SSH authorized keys, shell startup files, and recently modified binaries.
• Interactive prompts for saving scan or loot reports to file.
• Supports running with or without root privileges, with full functionality recommended under root.
• Command-line options for scanning, loot gathering, or both combined.

---

Installation

Clone or download the repository:

git clone https://github.com/kaotickj/LinFo.git
cd LinFo
chmod +x linfo.sh

Run the script directly on the target Linux system.

---

Usage

Usage: linfo.sh [OPTIONS]

Options:

  --quiet               Run script in quiet mode (minimal output).
  --no-ip               Skip displaying network interface IP addresses.
  --raw                 Output raw, uncolored text for easier parsing.
  --scan                Perform security scanning checks and display a security report.
  --loot, --c2ready     Gather potential loot, indicators, and staging areas for C2 readiness.
  --fullscan            Run both --scan and --loot checks; skips IP info for speed.
  --help, -h            Show this help message and exit.

Examples:

  ./linfo.sh --scan
      Run only the security scan report.

  ./linfo.sh --loot
      Run loot gathering report.

  ./linfo.sh --fullscan
      Run full security and loot reports in one execution.

---

Notes

• Running with root privileges (e.g., via sudo) is recommended to ensure full scan accuracy and access to all system information.
• The loot report can be very detailed; the script will prompt to save output to a file if desired.
• The script attempts to detect various kernel hardening features and potential security risks, but some checks depend on kernel version and system configuration.
• Designed for Linux environments only.

---

License

This project is licensed under the GPL-3 License. See the LICENSE file for details.

---

Contributing

Contributions, bug reports, and feature requests are welcome. Please open issues or pull requests on GitHub.

---

Disclaimer

Use this tool responsibly and only on systems where you have explicit permission to perform security assessments.

Changelog

General Changes

• Version incremented from 0.1 to 0.6, reflecting major improvements and feature additions.
• Added a configuration section with flags: SHOW_ART, SKIP_IP, RUN_SCAN, and RUN_LOOT.
• Introduced command-line argument parsing with detailed options for --scan, --loot, --c2ready, --fullscan, and help flags.
• Added help message output with detailed descriptions, usage examples, and notes.
• Added a root privilege check with interactive prompt for automatic sudo rerun if not root.
• Improved color and text styling system, including new background color variables and text styles (UNDERLINED, ITALIC, etc.).
• Switched from simple inline color codes to more structured variables including SED-style color variables for future text processing.

---

Functional Enhancements

System Info Gathering:

• Modularized system info retrieval into functions:

  • get_os()
  • get_cpu()
  • get_gpu()
  • get_memory()
  • get_disk()
  • get_packages() — added RPM support fallback
  • get_de()
  • get_resolution()
  • get_interfaces()
  • get_interface_ip()

• Improved kernel and system info display with architecture and shell version details.

• Added logged-in users count (who | wc -l).

• Enhanced network interface display includes MAC addresses alongside IPs.

• Added root permission warning for partial report accuracy.

---

Security Scanning

• Added a dedicated run_scan_report() function:

  • Root access check.

  • Firewall active status with support for ufw and iptables.

  • SSH daemon running status.

  • SELinux/AppArmor detection.

  • Detailed kernel hardening report (get_kernel_hardening()):

    • SELinux enforcement
    • AppArmor status
    • Yama LSM ptrace_scope
    • Kernel hardening flags from dmesg (SMEP, SMAP, NX, stack protector)
    • Grsecurity detection
    • Stack protector config from kernel config
    • NX bit support

  • Kernel exploitability estimation (kernel version check < 5.15).

  • Count of SUID binaries in standard paths.

  • Listing suspicious SUID binaries outside standard paths.

  • /etc/shadow file permissions.

  • Crontab directories count.

  • Counts of world-writable directories and files.

  • Listening TCP ports via ss.

  • Detection of extra UID 0 users.

  • Writable NFS/Samba shares detection (using showmount).

  • PATH environment dangers (current directory in PATH and writable PATH entries).

  • Detection of unusual background processes (nc, python sockets, dev/tcp, etc.).

  • Unsigned kernel modules detection.

  • Suspicious environment variables related to library preloading and PATH issues.

---

Loot Gathering

• Added run_loot_gather() function that collects potential system "loot" relevant for red team or C2 readiness:

  • Potential C2 staging directories (world-writable temp dirs).
  • Mounted filesystems excluding virtual ones.
  • User cron jobs with non-comment lines.
  • Writable binaries found in user PATH directories.
  • Users with last login info (who).
  • SSH authorized_keys files for all users.
  • Hidden files and directories in /tmp and /var/tmp.
  • Cron jobs with potentially suspicious commands targeting writable or temp directories.
  • Last 10 commands from users' .bash_history files.
  • Detailed listing of SUID binaries.
  • Suspicious shell startup files containing keywords related to common backdoors or remote execution.
  • Recently modified temp binaries (last 2 days).
  • Recently modified SUID binaries (last 7 days).

---

Output Handling and UX

• Added interactive output handlers for scan, loot, and fullscan to prompt user whether to save output to a file, with filename suggestions, overwrite confirmation, or fallback to terminal output.

  • scan_output_handler()
  • loot_output_handler()
  • fullscan_output_handler()

• These handlers improve usability by managing potentially lengthy output gracefully.

---

Execution Flow

• Script now runs one or more modes depending on command line arguments:

  • --scan → runs security scan report.
  • --loot or --c2ready → runs loot gathering.
  • --fullscan → runs both scan and loot, skipping IP info for speed.

---

Other Notable Improvements

• Removed hard-coded system commands in favor of checking availability with command -v before running.
• Defensive coding and fallback mechanisms added, e.g., fallback for OS detection, CPU info.
• File path and permissions checks now include error handling.
• Use of awk, sed, and grep improved for better parsing and reliability.
• Overall script structure improved, better modularity, and readability.

---

Summary

The update from LinFo v0.1 to v0.6 is a comprehensive overhaul adding:

• Command-line interface with options and help.
• Modular system info functions.
• Root elevation prompt.
• In-depth security scanning with kernel hardening and system checks.
• Extensive loot gathering for reconnaissance.
• Interactive output file saving.
• Better error handling, fallbacks, and usability.
• Enhanced colors and display styles.

This version turns LinFo from a simple info dump into a powerful enumeration and security reconnaissance tool suitable for red team or pentest contexts.

LinFo v0.7

LinFo v0.7

  --     LinFo is a lightweight Linux system information and security enumeration tool designed for quick, comprehensive insights into a target system’s hardware, software, and security posture. It is intended for use by system administrators, penetration testers, and security researchers who need an efficient way to gather system details and identify potential security weaknesses.

---

Features

• Collects detailed OS and kernel information.

• Reports CPU, GPU, memory, disk usage, and package count.

• Detects desktop environment and display resolution.

• Enumerates network interfaces and IP/MAC addresses.

• Provides an extensive security report covering firewall status, SELinux/AppArmor, kernel hardening features, SUID binaries, permissions, listening ports, and more.

• Gathers "loot" relevant for red team operations: suspicious cron jobs, writable directories, SSH authorized keys, shell startup files, and recently modified binaries.

• Interactive prompts for saving scan or loot reports to file.

• Supports running with or without root privileges, with full functionality recommended under root.

• Command-line options for scanning, loot gathering, hardening evaluation or all three combined.

---

Functional Enhancements

v0.6 → v0.7

07/4/2025

System Hardening Evaluation:

The run_hardening_check() function performs a comprehensive Linux system security assessment and makes hardening recommendations. Here's a breakdown of its features:

---

General Features

• Colorized Output: Uses color codes for readability:

  • ${GREEN} – Success/good
  • ${RED} – Errors, misconfigurations
  • ${BLUE} – Recommendations
  • ${YELLOW} – Informational
  • ${LIGHT_MAGENTA} – Process prompts

• OS Detection:

  • Determines package manager (apt, dnf, yum, zypper, pacman) to tailor checks accordingly.

---

Hardening Checks Performed

• System Updates:

  • Checks for available package updates using check_updates_available.

• Hardening Tools:

  • Checks if fail2ban, auditd, and aide are installed and active.
  • If not present or inactive, gives recommendations.

• Firewall:

  • Calls firewall_check function to detect and evaluate firewalls (iptables, nftables, ufw, firewalld).
  • Recommends installing a firewall only if none are detected.

• Mandatory Access Control:

  • For Debian/Ubuntu: checks for AppArmor directory and activity.
  • For RHEL-based systems: checks for SELinux and firewalld, and suggests enabling if inactive.

• SSH Root Login:

  • Verifies if PermitRootLogin no is explicitly set and uncommented in sshd_config.
  • Flags and recommends changes if improperly configured.

• PAM Password Policy:

  • Looks for pam_pwquality or pam_cracklib in /etc/pam.d/common-password.
  • Warns if no complexity enforcement is detected and recommends configuring it.

• Intrusion Detection Systems:

  • Detects if aide is installed or if ossec is active via systemctl.
  • Recommends installation if neither is found.

• Audit Logging:

  • Confirms if auditd is active.
  • Recommends installing and enabling auditd if not.

• Automatic Security Updates:

  • Checks for:

    • unattended-upgrades (Debian/Ubuntu)
    • dnf-automatic (Fedora/RHEL)

  • Warns for Arch systems (unsupported).

  • Recommends installing if missing.

---

Installation

Clone or download the repository:

git clone https://github.com/kaotickj/LinFo.git
cd LinFo
chmod +x linfo.sh

Run the script directly on the target Linux system.

---

Usage

Usage: linfo.sh [OPTIONS]
​
Options:
​
--quiet               Run script in quiet mode (minimal output).
--no-ip               Skip displaying network interface IP addresses.
--raw                 Output raw, uncolored text for easier parsing.
--scan               Perform security scanning checks and display a security report.
--loot, --c2ready     Gather potential loot, indicators, and staging areas for C2 readiness.
--fullscan           Run both --scan and --loot checks; skips IP info for speed.
--help, -h           Show this help message and exit.
​
Examples:
​
./linfo.sh --scan
    Run only the security scan report.
​
./linfo.sh --loot
    Run loot gathering report.
​
./linfo.sh --fullscan
    Run full security and loot reports in one execution.

LinFo

LinFo

🌟 Introducing LinFo v0.1: Your Ultimate System Info Companion! 🌟

🔮 Are you curious about your system's inner secrets? Want to know everything about your Linux environment? Look no further! We present to you LinFo, the magical script that unveils all the hidden details about your system!

🌈 With LinFo, prepare to embark on a journey of discovery, where every command reveals a delightful surprise. It's like having your own personal detective, only cooler!

🔍 Powered by the enigmatic KaotickJ 👽, LinFo is here to transform your terminal experience into a mesmerizing adventure.

🏰 Picture this: As you run LinFo, a world of colorful information unfolds before your eyes, with dazzling details that will leave you in awe. Let's take a quick tour of what awaits you:

🌍 OS: Immerse yourself in the realm of operating systems as LinFo reveals the enchanting name of your Linux distro.
🏠 Host: Uncover the identity of your mysterious host. It's like meeting a new friend from a parallel universe!
🐧 Kernel: Experience the power of the Linux kernel as LinFo uncovers its version.
⏲️ Uptime: Discover the age of your system, as LinFo tells you how long it has been alive and kicking!
📦 Packages: Be amazed by the vast array of packages that have found their way onto your system.
🖥️ DE: Enter the world of desktop environments and find out which one is currently dancing on your screen.
🎨 Resolution: Marvel at the resolution of your display, making every pixel burst with vibrant colors!
💻 Terminal: Unveil the secret identity of your trusted terminal companion.
🔨 Shell: Discover the magical shell that grants you the power to wield commands like a wizard.
⚡️ CPU: Behold the mighty CPU that fuels your adventures in the digital realm.
🎮 GPU: Get ready to explore the graphic wonders of your system with LinFo's GPU revelation.
🧠 Memory: Dive into the vast depths of your system's memory, where every byte has a story to tell.
💾 Disk Usage: Explore the usage of your disk, witnessing the delicate balance between used and free space.

But wait, there's more! LinFo is not just about numbers and technicalities. It's also about connections and networks! Brace yourself as LinFo introduces you to the vast web of interfaces, connecting you to the world beyond your imagination!

And now, prepare for the grand finale! 🎉🎉🎉

🎈🎈🎈 You'll float too! 🎈🎈🎈

🌟 Yes, that's right! LinFo's grand finale will leave you floating with joy and excitement. As the colors explode on your screen, and the captivating banner fills the terminal, you'll experience a moment of pure exhilaration! It's a celebration of knowledge and discovery, and LinFo invites you to be part of it!

So, what are you waiting for? Embark on this extraordinary adventure with LinFo and let your curiosity soar to new heights! Run the script, embrace the magic, and let the world of your Linux system unfold before your eyes!

⚙️ LinFo: Unveiling the Magic of Your Linux System! ⚙️

LinFo. Unveiling the Magic of Your Linux System!