Portcullis Labs
Research and Development

winlanfoe

Published 24/10/2013 | By RGH

Winlanfoe is a tool that parses the output from enum4linux and displays Domain/Workgroup membership, IP address, Operating System (OS) information and if a host is a domain controller. It is intended to provide an overview of the Samba network structure as reported by enum4linux.

The name is derived from “Windows LAN Info”

The auto-find mode (-f parameter) uses the results from the command:

$ find | grep -i enum4linux

Dependencies

winlanfoe is a simple Perl script that uses one module from CPAN (which is typically installed by default).

Run ‘cpan’ as root then install the File::Basename module:

# cpan
cpan[1]#> install File::Basename

Example output 1: Usage information

$ winlanfoe.pl
winlanfoe.pl v0.4 (https://labs.portcullis.co.uk/application/winlanfoe/)
Copyright (C) 2012 Richard Hatch (rgh@portcullis-security.com)

Parses enum4linux output for Windows for hostname, workgroup/domain, domain-member, OS.

Usage:
 ./winlanfoe.pl enum4linux-10.0.0.1.out [ enum4linux-10.0.0.2.out ]
or
 ./winlanfoe.pl -f   # To search the current directory tree for enum4linux files

Example output 2: A single Windows 2008 R2 SP1 host

$ winlanfoe.pl w2008r2-enum4linux.out
winlanfoe.pl v0.4 (https://labs.portcullis.co.uk/application/winlanfoe/)
Copyright (C) 2012 Richard Hatch (rgh@portcullis-security.com)

Note: OS Version is taken from enum4linux. You might get more precise results with:
# msfcli auxiliary/scanner/smb/smb_version RHOSTS=1.2.3.4 e, or examining nessus output

Domain: CORP, Hostname: W2008R2DC, IP: 172.16.1.10, OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1, Domain Controller

Example output 3: The auto-find results mode

$ winlanfoe.pl -f
winlanfoe.pl v0.4 (https://labs.portcullis.co.uk/application/winlanfoe/)
Copyright (C) 2012 Richard Hatch (rgh@portcullis-security.com)

Note: OS Version is taken from enum4linux. You might get more precise results with:
# msfcli auxiliary/scanner/smb/smb_version RHOSTS=1.2.3.4 e, or examining nessus output

Domain: CORP,      Hostname: WIN7ALICE,    IP: 172.16.1.11,  OS: Windows 7 Ultimate 7600,
Domain: CORP,      Hostname: W2008R2DC,    IP: 172.16.1.10,  OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1, Domain Controller

Wrkgrp: WORKGROUP, Hostname: OFFICEMONKEY, IP: 172.16.1.102, OS: Windows 5.1 (XP),
Wrkgrp: WORKGROUP, Hostname: WIN2K3SP1,    IP: 172.16.1.101, OS: Windows Server 2003 3790 Service Pack 1,
Winlanfoe
winlanfoe-0.4.tgz
October 10, 2013
Version: 0.4
11.2 KiB
MD5 hash: 217be9b7cfa757aa4ad87113781387e3
Details

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)