All Projects → itm4n → Privesccheck

itm4n / Privesccheck

Licence: bsd-3-clause
Privilege Escalation Enumeration Script for Windows

Programming Languages

powershell
3383 projects

Projects that are alternatives of or similar to Privesccheck

Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+26.26%)
Mutual labels:  pentesting, pentest-tool, privilege-escalation
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+602.13%)
Mutual labels:  pentesting, pentest-tool
Habu
Hacking Toolkit
Stars: ✭ 635 (-38.47%)
Mutual labels:  pentesting, pentest-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (-25.97%)
Mutual labels:  pentesting, pentest-tool
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-47.58%)
Mutual labels:  pentesting, pentest-tool
Msdat
MSDAT: Microsoft SQL Database Attacking Tool
Stars: ✭ 621 (-39.83%)
Mutual labels:  pentest-tool, privilege-escalation
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (-29.46%)
Mutual labels:  pentesting, pentest-tool
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (-51.55%)
Mutual labels:  pentesting, pentest-tool
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-24.9%)
Mutual labels:  pentesting, pentest-tool
Finalrecon
The Last Web Recon Tool You'll Need
Stars: ✭ 888 (-13.95%)
Mutual labels:  pentesting, pentest-tool
Eyes
👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (-96.32%)
Mutual labels:  pentesting, pentest-tool
Babysploit
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Stars: ✭ 883 (-14.44%)
Mutual labels:  pentesting, pentest-tool
Thc Hydra
hydra
Stars: ✭ 5,645 (+447%)
Mutual labels:  pentesting, pentest-tool
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (-15.7%)
Mutual labels:  pentesting, privilege-escalation
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-49.9%)
Mutual labels:  pentesting, pentest-tool
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (-34.4%)
Mutual labels:  pentesting, pentest-tool
Cve 2016 8610 Poc
CVE-2016-8610 (SSL Death Alert) PoC
Stars: ✭ 26 (-97.48%)
Mutual labels:  pentesting, pentest-tool
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+374.52%)
Mutual labels:  pentest-tool, pentesting
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-54.07%)
Mutual labels:  pentesting, pentest-tool
Perun
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
Stars: ✭ 773 (-25.1%)
Mutual labels:  pentesting, pentest-tool

PrivescCheck

This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation.

The purpose of this tool is to help security consultants identify potential weaknesses on Windows machines during penetration tests and Workstation/VDI audits. It is not intended to be used during Red Team engagements although it may still provide you with a lot of useful information.

This tool is heavily inspired from the amazing work that @harmj0y and @mattifestation put in PowerUp. The two original authors decided to switch to DotNet and are now working on the great SeatBelt project, which explains why PowerUp is no longer maintained. Although SeatBelt brings some undeniable benefits, I think that a standalone PowerShell script is still a good way to go for most pentesters, hence the motivation behind the creation of this tool.

You can find more information about PrivescCheck here.

Usage

1. Basic usage

From a command prompt:

C:\Temp\>powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck"

From a PowerShell prompt:

PS C:\Temp\> Set-ExecutionPolicy Bypass -Scope process -Force
PS C:\Temp\> . .\PrivescCheck.ps1; Invoke-PrivescCheck

2. Extended mode

By default, the scope is limited to vulnerability discovery but, you can get a lot more information with the -Extended option:

From a command prompt:

C:\Temp\>powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended"

From a PowerShell prompt:

PS C:\Temp\> Set-ExecutionPolicy Bypass -Scope process -Force
PS C:\Temp\> . .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended

3. Generate report files

You can use the -Report and -Format options to save the results of the script to files in various formats. Accepted formats are TXT, CSV and HTML for now. If -Format is empty, the default format is TXT, which is a simple copy of what is printed on the terminal.

The value of -Report will be used as the base name for the final report, the extension will be automatically appended depending on the chosen format(s).

From a command prompt:

C:\Temp\>powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Report PrivescCheck_%COMPUTERNAME%"
C:\Temp\>powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Report PrivescCheck_%COMPUTERNAME% -Format TXT,CSV,HTML"

From a PowerShell prompt:

PS C:\Temp\> Set-ExecutionPolicy Bypass -Scope process -Force
PS C:\Temp\> . .\PrivescCheck.ps1; Invoke-PrivescCheck -Report "PrivescCheck_$env:COMPUTERNAME"
PS C:\Temp\> . .\PrivescCheck.ps1; Invoke-PrivescCheck -Report "PrivescCheck_$env:COMPUTERNAME" -Format TXT,CSV,HTML

Bug reporting. Feature Request. Overall enhancement.

  • You think you identified a bug or a false positive/negative?
  • You think a particular check is missing?
  • You think something could be improved?

That's awesome! 🙂 Please let me know by opening an issue and include as much detail as possible.

Especially if it's a bug, I will need:

  • The Windows version and the PowerShell version.
  • The script output (do not forget to remove sensitive information).
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]