PrivescCheck vs Seatbelt
GitHub Stats
About PrivescCheck
PrivescCheck is a PowerShell script that enumerates common Windows privilege escalation vectors. It checks for misconfigured services (unquoted paths, weak permissions, writable binaries), vulnerable scheduled tasks, exploitable registry keys, stored credentials (Windows Vault, GPP passwords, autologon), DLL hijacking opportunities, AlwaysInstallElevated policies, and dozens of other escalation paths. Unlike automated exploitation tools, PrivescCheck only enumerates and reports findings, allowing the tester to understand and manually exploit each vector. Output is color-coded by severity with detailed remediation guidance.
About Seatbelt
Seatbelt is a C# project that performs a number of security-oriented host-survey 'safety checks' relevant from both offensive and defensive security perspectives. It gathers system data including OS info, installed AV/EDR, PowerShell settings, audit policies, saved credentials, browser data, scheduled tasks, installed software, network shares, and much more. It's typically the first tool run after gaining access to understand the environment and identify opportunities.
Platform Support
Tags
Shared
PrivescCheck only
Seatbelt only