| Tool | Description |
|---|---|
| Seatbelt | C# project for performing a wide variety of local privilege escalation checks |
| winPEAS | WinPEAS is a script that searches for possible paths to escalate privileges on Windows hosts. All of the checks are explained here |
| PowerUp | PowerShell |
| script for finding common Windows privilege escalation vectors that | |
| rely on misconfigurations. It can also be used to exploit some of the | |
| issues found | |
| SharpUp | C# version of PowerUp |
| JAWS | PowerShell script for enumerating privilege escalation vectors written in PowerShell 2.0 |
| SessionGopher | SessionGopher |
| is a PowerShell tool that finds and decrypts saved session information | |
| for remote access tools. It extracts PuTTY, WinSCP, SuperPuTTY, | |
| FileZilla, and RDP saved session information | |
| Watson | Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. |
| LaZagne | Tool |
| used for retrieving passwords stored on a local machine from web | |
| browsers, chat tools, databases, Git, email, memory dumps, PHP, sysadmin | |
| tools, wireless network configurations, internal Windows password | |
| storage mechanisms, and more | |
| Windows Exploit Suggester - Next Generation | WES-NG is a tool based on the output of Windows' systeminfo |
| utility which provides the list of vulnerabilities the OS is vulnerable | |
| to, including any exploits for these vulnerabilities. Every Windows OS | |
| between Windows XP and Windows 10, including their Windows Server | |
| counterparts, is supported | |
| Sysinternals Suite | We will use several tools from Sysinternals in our enumeration including AccessChk, PipeList, and PsService |
Seatbelt and SharpUp precompiled: https://github.com/r3motecontrol/Ghostpack-CompiledBinaries
LaZagne precompiled: https://github.com/AlessandroZ/LaZagne/releases/