LinPEAS
LinPEAS LinPEAS is the ultimate Swiss Army knife for Linux privilege escalation, meticulously enumerating system configs, cron jobs, and SUID binaries to uncover that one overlooked path to root. It's a single bash script you can wget and run in seconds on a compromised box, spitting out color-coded findings that guide your next move without overwhelming noise. Open-source and community-refined, it's a must-have for any solo pentester turning initial access into full control.
Explore →WinPEAS
WinPEAS WinPEAS dives into Windows internals like a digital archaeologist, scanning for weak services, unquoted paths, and registry keys that scream privilege escalation opportunities. Drop it via PowerShell on your foothold and let it churn through the OS, delivering a digestible report of potential exploits ready for your toolkit. Fully open-source, it's the Windows counterpart to LinPEAS, empowering individual testers to escalate quietly and efficiently.
Explore →LinEnum
LinEnum LinEnum is the no-nonsense enumerator that methodically probes Linux systems for users, groups, and kernel exploits, building a comprehensive snapshot for post-breach mapping. It's a lightweight bash script perfect for quick runs on low-resource targets, outputting to files for offline review without leaving much trace. Open-source and straightforward, it's ideal for beginners scripting their way through privilege hunts.
Explore →Linux Smart Enumeration
Linux Smart Enumeration Linux Smart Enumeration (LSE) is the clever curator that prioritizes high-value findings like writable files and scheduled tasks, filtering noise to focus on escalation vectors that matter. Run it with varying levels of stealth on your shell, and it adapts to your needs, from basic overviews to deep dives. Open-source with modular design, it's a thoughtful choice for pentesters who value precision over volume in their recon.
Explore →Linux Exploit Suggester 2
Linux Exploit Suggester 2 Linux Exploit Suggester 2 is the matchmaker for kernel vulns, cross-referencing your target's version against a database of public exploits to suggest reliable escalation paths. It's a Perl script that's easy to transfer and execute, providing ranked suggestions with proof-of-concept links for immediate action. Open-source and kernel-focused, it's the shortcut every individual tester wishes they had from day one.
Explore →PowerUp
PowerUp PowerUp is the PowerShell wizard that unearths Windows privilege escalation gold like misconfigured services and DLL hijacks, automating what used to be hours of manual digging. Invoke it on your compromised host for a structured output of abuses, complete with commands to exploit them on the spot. Open-source from HarmJ0y, it's a staple for Windows post-ex, blending depth with deployable simplicity.
Explore →Windows Exploit Suggester
Windows Exploit Suggester Windows Exploit Suggester is the targeted advisor that scans your Windows install for patch gaps, matching against MS bulletins to flag exploitable services and kernels. It's a quick Perl or batch script to run locally, outputting a prioritized list of CVEs with Metasploit modules for swift follow-through. Open-source and lightweight, it's the essential primer for escalating on outdated enterprise boxes.
Explore →BloodHound
BloodHound BloodHound is the graph wizard that maps Active Directory relationships, revealing shortest paths to domain admin through user, group, and session edges in a visual neo4j dashboard. Sharp your collector script on the target, ingest data, and query away to expose hidden attack chains. Open-source and eye-opening, it's a game-changer for AD enumeration in post-ex scenarios.
Explore →CrackMapExec
CrackMapExec CrackMapExec is the Swiss Army knife for network post-ex, spraying creds and enumerating SMB/WinRM shares across domains with modular plugins for stealthy lateral movement. Fire it up from your attack box to map users, hashes, and tickets without full logons, keeping your footprint light. Open-source Python magic, it's the multitool every pentester packs for Windows-heavy hunts.
Explore →Enum4linux