Tools

Tool	Description
Seatbelt	C# project for performing a wide variety of local privilege escalation checks
winPEAS	WinPEAS is a script that searches for possible paths to escalate privileges on Windows hosts. All of the checks are explained here
PowerUp	PowerShell script for finding common Windows privilege escalation vectors that rely on misconfigurations. It can also be used to exploit some of the issues found
SharpUp	C# version of PowerUp
JAWS	PowerShell script for enumerating privilege escalation vectors written in PowerShell 2.0
SessionGopher	SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It extracts PuTTY, WinSCP, SuperPuTTY, FileZilla, and RDP saved session information
Watson	Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.
LaZagne	Tool used for retrieving passwords stored on a local machine from web browsers, chat tools, databases, Git, email, memory dumps, PHP, sysadmin tools, wireless network configurations, internal Windows password storage mechanisms, and more
Windows Exploit Suggester - Next Generation	WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported
Sysinternals Suite	We will use several tools from Sysinternals in our enumeration including AccessChk, PipeList, and PsService

PowerUp

PowerSploit/PowerUp.ps1 at master · PowerShellMafia/PowerSploitGitHub

PowerUp: A Usage Guideharmj0y

PS C:\Users\Peter> Import-Module .\PowerUp.ps1
PS C:\Users\Peter> Invoke-AllChecks

SharpUp

GitHub - GhostPack/SharpUp: SharpUp is a C# port of various PowerUp functionality.GitHub

Ghostpack-CompiledBinaries/SharpUp.exe at master · r3motecontrol/Ghostpack-CompiledBinariesGitHub

SharpUp.exe audit
#-> Runs all vulnerability checks regardless of integrity level or group membership.

SharpUp.exe HijackablePaths
#-> Check only if there are modifiable paths in the user's %PATH% variable.

SharpUp.exe audit HijackablePaths
#-> Check only for modifiable paths in the user's %PATH% regardless of integrity level or group membership.

WinPEAS

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe/winPEAS/bingithub.com

PrivEsc

GitHub - enjoiz/Privesc: Windows batch script that finds misconfiguration issues which can lead to privilege escalation.GitHub

# All Check

Invoke-PrivEsc

Carseat

Python implementation of Seatbelt

GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness toolGitHub

Windows-Exploit-Suggester

GitHub - AonCyberLabs/Windows-Exploit-Suggester: This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.GitHub

WES-NG

GitHub - bitsadmin/wesng: Windows Exploit Suggester - Next GenerationGitHub

Watson - Exploit Suggester

GitHub - rasta-mouse/Watson: Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilitiesGitHub

PrivescCheck

GitHub - itm4n/PrivescCheck: Privilege Escalation Enumeration Script for WindowsGitHub

PrivescCheck

BeRoot

GitHub - AlessandroZ/BeRoot: Privilege Escalation Project - Windows / Linux / MacGitHub

BeRoot

Pre-compiled Tools

GitHub - r3motecontrol/Ghostpack-CompiledBinaries: Compiled Binaries for Ghostpack (.NET v4.0)GitHub

All Tools from CPTS pre-compiled

13.06 MB folder on MEGA

Windows Privilege Escalation Tools (CPTS) - Mega

Also on my github

GitHub - 0xSs0rZ/Windows_PrivEsc_Tools_precompiledGitHub