Enumerate

Current User

whoami

Displays the user name of the user running the command.

sudo -l

May be configured to allow users to run some commands with root privileges.

id

Shows a user's privileges and group membership.

groups

Displays the current user's groups.

finger

Provides detailed information for the current user (if installed).

logname

Shows the username of the user who initiated the session.

env

Lists all environment variables associated with the current user's shell session.

echo $USER

Prints the username.

echo $HOME

Displays the user's home directory path.

echo $SHELL

Shows the user's default login shell.

history

Displays previously executed commands from the last terminal session.

All Users

cat /etc/passwd

Lists user accounts.

grep <pattern> /etc/passwd

Search /etc/password for pattern.

id <username>

Shows user and group IDs for a user.

finger <username>

Provides user details (may not be installed by default).

users

Displays logged-in users.

who

Display currently logged-in users.

w

Display who is logged in and what they are doing.

last

Lists last logged-in users (/var/log/wtmp).

lastb

List last bad login attempts (/var/log/btmp).

lastlog

Shows the last login time for users.

cat /etc/sudoers

Display sudo configuration.

groups <username>

Lists groups for a user.

compgen -u

Lists usernames (bash built-in).

getent passwd

Entries from passwd database similar to /etc/passwd, but includes network-based user databases.

passwd -s <username>

Info about a user's password status (locked, expired, etc.) (requires root privileges).

Extract just usernames from the /etc/passwd file:

awk -F ':' '{print $1}' /etc/passwd

Groups

cat /etc/group

Lists groups.

cat /etc/sudoers

Sudo configuration.

groups

Current user's groups.

groups <username>

Lists groups for a user.

compgen -g

Lists group names (bash built-in).

id

Shows the current user's group IDs.

id <username>

Shows the user's group IDs for a specific user.

grep <pattern> /etc/group

Search /etc/groups by patterns.

getent group

Group entries from databases similar to /etc/group, but includes network-based group databases.

Extract just group names from the /etc/group file:

awk -F ':' '{print $1}' /etc/group

Last updated

Was this helpful?