ENNAENNA

PrivescCheck

BSD-3-Clause

๐Ÿ”ฅ Offensive Ops ยท PowerShell

PrivescCheck is a PowerShell script that enumerates common Windows privilege escalation vectors. It checks for misconfigured services (unquoted paths, weak permissions, writable binaries), vulnerable scheduled tasks, exploitable registry keys, stored credentials (Windows Vault, GPP passwords, autologon), DLL hijacking opportunities, AlwaysInstallElevated policies, and dozens of other escalation paths. Unlike automated exploitation tools, PrivescCheck only enumerates and reports findings, allowing the tester to understand and manually exploit each vector. Output is color-coded by severity with detailed remediation guidance.

3.8kstars
500forks
4issues
Updated 11d ago
+I use this
View on GitHub

Installation

$ git clone https://github.com/itm4n/PrivescCheck.git

Use Cases

  • Enumerating Windows privilege escalation vectors
  • Finding misconfigured services and weak permissions
  • Discovering stored credentials and autologon entries
  • Security auditing Windows host configurations

Tags

privilege-escalationwindowsenumerationsecurity-auditpowershellpentest-toolpentestingwindows-privilege-escalation

Details

Category
๐Ÿ”ฅ Offensive Ops
Language
PowerShell
License
BSD-3-Clause
Platforms
๐ŸชŸwindows

Links

GitHub Repository

github.com/itm4n/PrivescCheck

Releases

github.com/itm4n/PrivescCheck/releases

Issues

github.com/itm4n/PrivescCheck/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

LinPEAS

Shell

Linux privilege escalation enumeration script. Finds misconfigs, SUID bins, creds, and escalation paths.

Compare PrivescCheck vs LinPEAS

PowerSploit

PowerShell

Collection of PowerShell post-exploitation modules. Credential theft, privilege escalation, persistence, exfiltration.

Compare PrivescCheck vs PowerSploit

Seatbelt

C#

C# safety checks for offensive operations. Enumerates host security config, credentials, and interesting data.

Compare PrivescCheck vs Seatbelt

WinPwn

PowerShell

Automated Windows internal penetration testing toolkit. Runs recon, privesc, credential extraction, and lateral movement in one script.

Compare PrivescCheck vs WinPwn

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound