Post-Exploit

Tools to assist with further enumeration and privilege escalation on compromised systems

Tool	Description	Source
Bloodhound	Identifies the complex links within an Active Directory Environment	https://bloodhound.readthedocs.io/en/latest/index.html
Empire	PowerShell script for post-exploit enumeration	https://github.com/BC-Security/Empire
Empire GUI	The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework	https://github.com/EmpireProject/Empire-GUI
enum4linux-ng	Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.	https://github.com/cddmp/enum4linux-ng
Girsh	Upgrades reverse shell to fully interactive	https://github.com/nodauf/Girsh
Linenum	Linux bash script for post-exploit enumeration	https://github.com/rebootuser/LinEnum
Linux Exploit Suggester 2	Next-generation exploit suggester based on Linux_Exploit_Suggester	https://github.com/jondonas/linux-exploit-suggester-2
PEASS	Privilege Escalation Awesome Scripts Suite - For Windows and Linux	https://github.com/carlospolop/privilege-escalation-awesome-script-suite
Penelope	Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python >= 3.6. It is a single script, it needs no installation or any 3rd party dependency and hopefully it will stay that way	https://github.com/brightio/penelope
Powerless	A Windows privilege escalation (enumeration) script designed with OSCP labs (i.e. legacy Windows machines without Powershell) in mind. The script represents a conglomeration of various privilege escalation checks, gathered from various sources, all done via native Windows binaries present in almost every version of Windows.	https://github.com/M4ximuss/Powerless
PowerSploit	Powershell script for post-exploit enumeration and priv esc	https://github.com/PowerShellMafia/PowerSploit
PrivescCheck	This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation.	https://github.com/itm4n/PrivescCheck
pspy	Unprivileged Linux process snooping - Look at processes and tasks running in Linux as non privileged user	https://github.com/DominicBreuker/pspy
Repsonder/Multirelay	LLMNR/NBT-NS/mDNS Poisoner and NTLMv1/2 Relay. Used to priv esc in windows domain environments.	https://github.com/lgandx/Responder
Seatbelt	Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.	https://github.com/GhostPack/Seatbelt
snmpwalk	SNMP enumeration tool - Link is for Windows OS - Can be installed on Linux with APT and YUM	https://sourceforge.net/projects/net-snmp/file/net-snmp/
Traitor	Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell.	https://github.com/liamg/traitor
UACME	Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor	https://github.com/hfiref0x/UACME
Villain	Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.	https://github.com/t3l3machus/Villain
Windows Exploit Suggester	This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target	https://github.com/AonCyberLabs/Windows-Exploit-Suggester
WPE	Will download common windows priv esc tools and serve them via Python http	https://github.com/melnicek/wpe