LinuxCheck : Linux Information Collection Script 2019

LinuxCheck is a small Linux information collection script is mainly used for emergency response. It can be used under Debian or Centos.

Features

  • CPU TOP10, memory TOP10
  • CPU usage
  • boot time
  • Hard disk space information
  • User information, passwd information
  • Environmental variable detection
  • Service list
  • System program changes (debsums -e and rpm -va)
  • Network traffic statistics
  • Network connection, listening port
  • Open port
  • Routing table information
  • Route forwarding
  • ARP
  • DNS Server
  • SSH login information
  • SSH login IP
  • iptables information
  • SSH key detection
  • SSH burst IP
  • Crontab detection
  • Crontab backdoor detection
  • Find common configuration files
  • Find common software
  • Audit history files
  • Querying HOSTS files
  • lsmod exception kernel module
  • Anomaly file detection (nc, tunnel, proxy common hacker tools)
  • Large file detection (some large files packaged)
  • Free space, hard disk mount
  • Open port
  • LD_PRELOAD detection
  • LD_LIBRARY_PATH
  • ld.so.preload
  • NIC promiscuous mode
  • Most used software
  • Change the file mtime in the last 7 days
  • Change the file ctime in the last 7 days
  • View SUID file
  • Find: hidden files
  • Find sensitive files (nc, nmap, tunnel)
  • alias
  • LSOF -L1
  • SSHD
  • Find bash bounce shell
  • php webshell scan
  • jsp webshell scan
  • asp / aspx webshell scan
  • Detection of mining process
  • rkhunter scan

Also Read – Sooty : The SOC Analysts All-In-One CLI Tool To Automate & Speed Up Workflow

Usage

Networking status:

apt-get install silversearcher-ag
yum -y install the_silver_searcher

Offline status:

Debian:dpkg -i silversearcher-ag_2.2.0-1+b1_amd64.deb
Centos:rpm -ivh the_silver_searcher-2.1.0-1.el7.x86_64.rpm

$git clone https://github.com/al0ne/LinuxCheck.git
$chmod u+x LinuxCheck.sh
$./LinuxCheck.sh
If you have installed ag and rkhunter, you can directly use the following command:
$ bash -c “$(curl -sSL https://raw.githubusercontent.com/al0ne/LinuxCheck/master/LinuxCheck.sh)”
The file will be saved in the format $ipaddr_hostname_username_timestamp.log

Download
R K

Share
Published by
R K
Tags: linuxLinuxCheck
5 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

14 hours ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

14 hours ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

14 hours ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

14 hours ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago