Skip to main content



Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from

It is written in PERL and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup. The samba package is therefore a dependency.


When to Use

 You'll know when you've found a domain controller, because it will have several ports open that clearly distinguish it:

53/tcp   open  domain
88/tcp   open  kerberos-sec
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap
445/tcp  open  microsoft-ds
464/tcp  open  kpasswd5
593/tcp  open  http-rpc-epmap
636/tcp  open  ldapssl
3268/tcp open  globalcatLDAP
3269/tcp open  globalcatLDAPssl

Given that enum4linux is a SMB client, you could run it against other hosts where SMB is enabled an enumerate your access levels on hosts other than the domain controller.



Example Usage

Help Message

enum4linux -h

Dump Information from a Domain Controller

enum4linux -u username -p password -a dc-ip-address


Via Proxy Host Using Proxychains

proxychains -q enum4linux -u username -p password -a dc-ip-address