Tool Reference

Sections Tool Reference

Enumeration & Situational Awareness

WinPEAS - Comprehensive automated enumeration

https://github.com/peass-ng/PEASS-ng
PowerUp - PowerShell-based privesc enumeration

https://github.com/PowerShellMafia/PowerSploit
Seatbelt - Detailed host survey and security configuration checks

https://github.com/GhostPack/Seatbelt
PrivescCheck - PowerShell alternative to WinPEAS

https://github.com/itm4n/PrivescCheck
SharpUp - C# version of PowerUp

https://github.com/GhostPack/SharpUp
accesschk - Sysinternals tool to check permissions

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

WES-NG (Windows Exploit Suggester) - Match systeminfo against known exploits

https://github.com/bitsadmin/wesng
Watson - C# automated exploit suggestion (on-target)

https://github.com/rasta-mouse/Watson
Sherlock - PowerShell automated exploit suggestion (on-target)

https://github.com/rasta-mouse/Sherlock
PrintNightmare - Print Spooler service exploit (CVE-2021-1675 / CVE-2021-34527)

https://github.com/calebstewart/CVE-2021-1675
HiveNightmare (SeriousSAM) - Copy registry hives from shadow copies

https://github.com/GossiTheDog/HiveNightmare
Certipy - AD CS enumeration and exploitation

https://github.com/ly4k/Certipy
Windows Kernel Exploits Repository - Pre-compiled legacy exploits (MS16-032, MS15-051, MS14-058, MS11-046)

https://github.com/SecWiki/windows-kernel-exploits

SharpDLLProxy - Automate DLL forwarding for DLL hijacking

https://github.com/Flangvik/SharpDllProxy
msfvenom - Payload generator for executable and DLL formats

https://github.com/rapid7/metasploit-framework

GodPotato - DCOM/RPCSS token impersonation

https://github.com/BeichenDream/GodPotato
SweetPotato - Local Service to SYSTEM privesc using multiple combined methods

https://github.com/CCob/SweetPotato
JuicyPotatoNG - Updated JuicyPotato utilizing DCOM

https://github.com/antonioCoco/JuicyPotatoNG
PrintSpoofer - Abuses Print Spooler service via named pipes

https://github.com/itm4n/PrintSpoofer
RoguePotato - Remote OXID resolver token impersonation

https://github.com/antonioCoco/RoguePotato
JuicyPotato - Legacy DCOM token impersonation for older systems

https://github.com/ohpe/juicy-potato
LocalPotato - NTLM local relay for arbitrary file read/write

https://github.com/decoder-it/LocalPotato
CoercedPotato - Token impersonation via combined coercion methods

https://github.com/Prepouce/CoercedPotato
EfsPotato - EFS coercion with local named pipe impersonation

https://github.com/bugch3ck/SharpEfsPotato
PetitPotam Local - Local variant of PetitPotam MS-EFSRPC coercion

https://github.com/topotam/PetitPotam
KrbRelayUp - Kerberos relay with RBCD or Shadow Credentials for local privilege escalation

https://github.com/Dec0ne/KrbRelayUp
socat - Multipurpose relay utility for port forwarding

https://github.com/3ndG4me/socat

EoPLoadDriver / ExploitCapcom - Toolset to load and exploit vulnerable kernel drivers

https://github.com/TarlogicSecurity/EoPLoadDriver
SeManageVolumeExploit - Abuse SeManageVolumePrivilege for raw disk read access

https://github.com/CsEnox/SeManageVolumeExploit

Impacket - Python toolkit for network protocols (smbserver, secretsdump)

https://github.com/fortra/impacket
Mimikatz - Windows credential extraction and ticket manipulation

https://github.com/gentilkiwi/mimikatz
pypykatz - Offline LSASS dump parser in Python

https://github.com/skelsec/pypykatz
psgetsystem - Inject into SYSTEM process

https://github.com/decoder-it/psgetsystem