PrivescCheck vs WinPwn
GitHub Stats
About PrivescCheck
PrivescCheck is a PowerShell script that enumerates common Windows privilege escalation vectors. It checks for misconfigured services (unquoted paths, weak permissions, writable binaries), vulnerable scheduled tasks, exploitable registry keys, stored credentials (Windows Vault, GPP passwords, autologon), DLL hijacking opportunities, AlwaysInstallElevated policies, and dozens of other escalation paths. Unlike automated exploitation tools, PrivescCheck only enumerates and reports findings, allowing the tester to understand and manually exploit each vector. Output is color-coded by severity with detailed remediation guidance.
About WinPwn
WinPwn is an automation framework for Windows internal penetration testing that combines dozens of offensive tools and techniques into a single PowerShell script. It performs automated reconnaissance (AD enumeration, network scanning, share hunting), privilege escalation checks, credential extraction (SAM, LSA, DPAPI, browser passwords), lateral movement, and persistence. WinPwn integrates with tools like Rubeus, SharpHound, Mimikatz, and Seatbelt, downloading and executing them in-memory. It is designed for situations where a tester has initial access to a Windows domain environment and needs rapid comprehensive assessment.
Platform Support
Tags
Shared
PrivescCheck only
WinPwn only