ENNAENNA

WinPwn

BSD-3-Clause

๐Ÿ”ฅ Offensive Ops ยท PowerShell

WinPwn is an automation framework for Windows internal penetration testing that combines dozens of offensive tools and techniques into a single PowerShell script. It performs automated reconnaissance (AD enumeration, network scanning, share hunting), privilege escalation checks, credential extraction (SAM, LSA, DPAPI, browser passwords), lateral movement, and persistence. WinPwn integrates with tools like Rubeus, SharpHound, Mimikatz, and Seatbelt, downloading and executing them in-memory. It is designed for situations where a tester has initial access to a Windows domain environment and needs rapid comprehensive assessment.

3.7kstars
542forks
2issues
Updated 8mo ago
+I use this
View on GitHub

Installation

$ git clone https://github.com/SecureThisShit/WinPwn.git

Use Cases

  • Automated Windows domain penetration testing
  • Rapid privilege escalation enumeration
  • In-memory credential extraction
  • Active Directory attack automation

Tags

windowsautomationinternal-pentestprivilege-escalationactive-directoryadsecurityexploitationpentest-toolpentestingpowershellpowersploitreconredteam

Details

Category
๐Ÿ”ฅ Offensive Ops
Language
PowerShell
License
BSD-3-Clause
Platforms
๐ŸชŸwindows

Links

GitHub Repository

github.com/SecureThisShit/WinPwn

Releases

github.com/SecureThisShit/WinPwn/releases

Issues

github.com/SecureThisShit/WinPwn/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

CrackMapExec

Python

Swiss army knife for pentesting Active Directory. SMB, LDAP, MSSQL, WinRM enumeration and exploitation.

Compare WinPwn vs CrackMapExec

LinPEAS

Shell

Linux privilege escalation enumeration script. Finds misconfigs, SUID bins, creds, and escalation paths.

Compare WinPwn vs LinPEAS

NetExec

Python

Network execution tool - the maintained successor to CrackMapExec. SMB, LDAP, WinRM, SSH, MSSQL, and more.

Compare WinPwn vs NetExec

PrivescCheck

PowerShell

Windows privilege escalation enumeration script. Checks services, scheduled tasks, registry, credentials, and dozens of escalation vectors.

Compare WinPwn vs PrivescCheck

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound