On this page, we'll look at some automated tools we can use to enumerate privilege escalation vectors. These tools can be very useful because of their efficiency, speed and complete coverage. However, using such tools can significantly reduce our OpSec as it can be a very noisy process.
Practice
is a powerful and widely used privilege escalation tool to identify security weaknesses and privilege escalation vectors within Windows environments.
aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
Import-Module .\PowerUp.ps1
Invoke-AllChecks
is a PowerShell script designed to quickly identify potential privilege escalation vectors on Windows systems.
.\jaws-enum.ps1 -OutputFileName Jaws-Enum.txt
is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
.\Seatbelt.exe -group=all
Compiled binaries can be found .
is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.
.\WatsonNet3.5AnyCPU.exe
Precompiled binaries can be found .
Import-Module .\Sherlock.ps1
Find-AllVulns
Sherlock has been deprecated and replaced by Watson, but can still be relevant.
is a PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
