massh-enum
Tool and Usage
Project details | |
---|---|
Inception | |
License | GPLv3 |
Programming languages | Python, shell script |
Author | Michał Żurawski |
Latest release | 1.0 [] |
Project health
Links
GitHub project |
Why this tool?
Massh-enum is a user enumeration tool for OpenSSH with the goal to find valid usernames. This can be useful during penetration tests or security assessments. The usernames can be valuable to brute-force or may be used on different locations within a network.
How it works
Massh-enum uses a small Python library by Matthew Daley to connect to SSH and test if a username is valid. This testing is done using a predefined wordlist or one that is specified using the --users parameter.
Usage and audience
massh-enum is commonly used for information gathering or user enumeration. Target users for this tool are pentesters and security professionals.
Features
- Command line interface
Example usage and output
› Generating a list of hosts
› Username Enumeration
host: 10.240.20.1 (p:22), found user: root
host: 10.240.20.1 (p:22), found user: supervisor
host: 10.240.20.2 (p:22), found user: root
host: x33con.info (p:22), found user: root
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + The source code is easy to read and understand
- + Tool is easy to use
- + The source code of this software is available
Weaknesses
- - Minimal or no documentation available
Installation
Supported operating systems
Massh-enum is known to work on Linux.
massh-enum alternatives
Similar tools to massh-enum:
LinEnum
LinEnum can be used during penetration tests to perform scripted local Linux enumeration and check for privilege escalations.
RID_ENUM
RID_ENUM is a security tool to attempt retrieving users from a Windows domain controller. In this review we cover what the tool does and how it works.
altdns
Altdns is a security tool to discover subdomains during pentesting. Read this review to learn how it works and how to use it.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Definitions
- Enumeration
- An enumeration is an ordered listing of items in a collection. In the field of information security, it is the retrieval of data lists from systems and applications, like usernames. Similarly, network enumeration is focused on getting all system names on a network.
Categories
This tool is categorized as a system enumeration tool and user enumeration tool.