Summary

This PR introduces a new Linux enumeration module for NetExec that performs read-only, post-authentication discovery over SSH to help operators quickly assess potential privilege escalation paths after obtaining shell access.

The module is intentionally scoped to safe enumeration only and does not perform exploitation or modify the target system.

Features

Context Information

• Current user
• UID and group memberships
• Host and environment details (OS, kernel, architecture)

Sudo Privileges

• Enumerates sudo -l
• Identifies NOPASSWD rules and allowed commands

SUID Binaries

• Detects SUID binaries
• Highlights non-standard SUID files

Scheduled Tasks

• User and system cron jobs
• Contents of /etc/cron.*
• systemd timers (when accessible)

Design Goals

• Read-only enumeration (no exploitation)
• Safe defaults with graceful error handling
• Clear, structured output aligned with NetExec workflows
• Avoids large external enumeration scripts (e.g., linpeas-style checks)

Usage

nxc ssh <target> -u <user> -p <password> -M linux_enum

Scope (Non-Goals)

• No privilege escalation or exploitation
• No file modification or persistence
• No external script execution

This module is intended purely for enumeration and situational awareness.