#privesc

Seatbelt
Seatbelt

Performs security oriented safety checks relevant from offensive/defensive security perspectives.

LocalPotato
LocalPotato

Another local Windows privilege escalation using a new potato technique.

Moriarty
Moriarty

Designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential.

GTFONow
GTFONow

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

evil-winrm
evil-winrm

The ultimate WinRM shell for hacking/pentesting.

Tool WPXStrike
Tool WPXStrike

Escalate a Cross-Site Scripting vulnerability to Remote Code Execution in WordPress.

PersistenceSniper
PersistenceSniper

Hunt persistences implanted in Windows machines.

Pspy
Pspy

Unprivileged Linux process snooping.

traitor
traitor

Automatic Linux privilege escalation via exploitation of low-hanging fruit.

ctftool
ctftool

Interactive CTF exploration tool.

GTFOBins
GTFOBins

Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS
LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

GTFOArgs
GTFOArgs

Unix binaries that can be manipulated for argument injection.

LOOBins
LOOBins

Living Off the Orchard: macOS Binaries.

SUID3NUM
SUID3NUM

Standalone script to enumerate SUID binaries, separate default binaries from customs.

adPEAS
adPEAS

Powershell tool to automate Active Directory enumeration.

Nishang
Nishang

Offensive PowerShell for red team, penetration testing and offensive security.

SharpSCCM
SharpSCCM

A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager.

GodPotato
GodPotato

Privilege escalation tool for Windows.

wmiexec-RegOut
wmiexec-RegOut

Modify version of impacket wmiexec.py, get output from registry.

wmiexec-Pro
wmiexec-Pro

The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.

AWS Sensitive Permissions
AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

PowerUpSQL
PowerUpSQL

A PowerShell toolkit for attacking SQL Server.

PoshC2
PoshC2

A proxy aware C2 framework used to aid with post-exploitation and lateral movement.

ScareCrow
ScareCrow

Payload creation framework designed around EDR bypass.

Invoke-SocksProxy
Invoke-SocksProxy

Socks proxy, and reverse socks server using powershell.

unix-privesc-check
unix-privesc-check

Shell script to check for simple privilege escalation vectors on Unix systems.

windows-privesc-check
windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

PowerSploit
PowerSploit

A PowerShell Post-Exploitation Framework.

WMEye
WMEye

Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

WinPwnage
WinPwnage

UAC bypass, Elevate, Persistence methods.

SUDO_KILLER
SUDO_KILLER

A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

AzureADLateralMovement
AzureADLateralMovement

Lateral movement graph for Azure Active Directory.

linuxprivchecker
linuxprivchecker

A Linux privilege escalation check script.

Snaffler
Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

ShellPop
ShellPop

Pop shells like a master.

Weaponised XSS Payloads
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

mssqlproxy
mssqlproxy

Perform lateral movement in restricted environments through a compromised MSSQL Server.

Print-My-Shell
Print-My-Shell

Automate the process of generating various reverse shells.

SweetPotato
SweetPotato

A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.

pwncat
pwncat

Netcat on steroids with many extra features.

pivotnacci
pivotnacci

A tool to make socks connections through HTTP agents.

PEASS-ng
PEASS-ng

Privilege Escalation Awesome Scripts SUITE.

BeRoot
BeRoot

Multiplaform privilege escalation project.

Hawkeye
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

LinEnum
LinEnum

Scripted Local Linux Enumeration & Privilege Escalation Checks.