LinPEAS
LinPEAS LinPEAS is the exhaustive Linux enumerator that combs through your shell for everything from SUID binaries to kernel exploits, highlighting paths to root with color-coded clarity. It's a drop-and-run bash script that fits any post-ex scenario, generating a detailed log you can sift through offline for those golden tickets. Open-source and battle-tested, it's the first stop for anyone chasing escalation on Unix-like systems without the fluff.
Explore →WinPEAS
WinPEAS WinPEAS is the Windows whisperer that uncovers escalation gold like unpatched services and weak ACLs, running silently via PowerShell to map your attack surface in one go. Tailored for post-compromise, it prioritizes findings with exploit suggestions, making it a breeze to pivot from user to admin. Community-driven open-source, it's essential for red-teamers navigating enterprise sprawl.
Explore →PowerUp
PowerUp PowerUp is the PowerShell powerhouse that automates Windows priv esc recon, spotting DLL hijacks and service misconfigs with ready-to-fire abuse commands. Invoke it on your foothold for a structured dump of vectors, turning hours of manual checks into minutes of targeted strikes. From the PowerSploit family, it's open-source gold for solo operators in AD-heavy environments.
Explore →Linux Exploit Suggester 2
Linux Exploit Suggester 2 Linux Exploit Suggester 2 is the kernel whisperer that matches your target's version against a curated exploit DB, ranking viable priv esc paths with reliability scores and PoC links. It's a snappy Perl script you curl and execute, ideal for quick triage in time-sensitive ops. Open-source and precise, it cuts through the noise for focused escalation plays.
Explore →Windows Exploit Suggester
Windows Exploit Suggester Windows Exploit Suggester is the patch-gap detective that probes your OS for missing updates, linking them to Metasploit modules for seamless escalation chains. Run it locally with systeminfo output for a prioritized hit list, perfect for chaining vulns in layered defenses. Open-source and evergreen, it's the bridge between enum and exploit for Windows warriors.
Explore →RoguePotato
RoguePotato RoguePotato is the stealthy Windows local priv esc exploit that abuses DCOM and token manipulation to leap from medium to SYSTEM integrity without traces. It's a C# executable you compile and drop, executing payloads via named pipes for clean ops. Open-source from ohpeleg, it's a modern twist on classic techniques for evading EDR in post-ex hunts.
Explore →JuicyPotato
JuicyPotato JuicyPotato is the classic Windows priv esc tool that leverages CLR and DCOM for impersonating SYSTEM from a low-priv shell, reliable on older builds. Compile it in C++ and run with your chosen payload, watching it weave through the token dance effortlessly. Open-source and proven, it's the nostalgic hammer for testers tackling legacy Windows iron.
Explore →PrintSpoofer
PrintSpoofer PrintSpoofer is the printer-spoofing wizard that exploits Spooler services to escalate via impersonation, firing payloads without spawning suspicious processes. It's a Go binary for cross-platform ease, letting you test from Linux against Windows targets in hybrid setups. Open-source from itm4n, it's the subtle scalpel for Spooler-vulnerable environments.
Explore →GodPotato
GodPotato GodPotato is the next-gen Windows priv esc that chains DCOM hardening mitigations with token tricks to hit NT AUTHORITY YSTEM reliably on modern patches. Drop the .NET exe and specify your command, letting it handle the impersonation magic under the hood. Open-source evolution of RoguePotato, it's for pentesters staying ahead of the update curve.
Explore →Potato