Post-Exploit
Tools to assist with further enumeration and privilege escalation on compromised systems
Tool | Description | Source |
Bloodhound | Identifies the complex links within an Active Directory Environment | |
Empire | PowerShell script for post-exploit enumeration | |
Empire GUI | The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework | |
enum4linux-ng | Linux alternative to enum.exe for enumerating data from Windows and Samba hosts. | |
Girsh | Upgrades reverse shell to fully interactive | |
Linenum | Linux bash script for post-exploit enumeration | |
Linux Exploit Suggester 2 | Next-generation exploit suggester based on Linux_Exploit_Suggester | |
PEASS | Privilege Escalation Awesome Scripts Suite - For Windows and Linux | |
Penelope | Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python >= 3.6. It is a single script, it needs no installation or any 3rd party dependency and hopefully it will stay that way | |
Powerless | A Windows privilege escalation (enumeration) script designed with OSCP labs (i.e. legacy Windows machines without Powershell) in mind. The script represents a conglomeration of various privilege escalation checks, gathered from various sources, all done via native Windows binaries present in almost every version of Windows. | |
PowerSploit | Powershell script for post-exploit enumeration and priv esc | |
PrivescCheck | This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation. | |
pspy | Unprivileged Linux process snooping - Look at processes and tasks running in Linux as non privileged user | |
Repsonder/Multirelay | LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay. Used to priv esc in windows domain environments. | |
Seatbelt | Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. | |
snmpwalk | SNMP enumeration tool - Link is for Windows OS - Can be installed on Linux with APT and YUM | |
Traitor | Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. | |
UACME | Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor | |
Villain | Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team. | |
Windows Exploit Suggester | This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target | |
WPE | Will download common windows priv esc tools and serve them via Python http |
Last updated