PurplePanda – Identify Privilege Escalation Paths Within And Across Different Clouds

This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms. The name comes from the animal Red Panda. This panda eats peas, just like Purple Panda,Read More

BloodyAD – An Active Directory Privilege Escalation Framework

BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently withRead More

IAM Vulnerable – Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation. RecommendedRead More

PEASS-ng – Privilege Escalation Awesome Scripts SUITE new generation

Basic Tutorial Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz WinPEAS – WindowsRead More

Concealed Position – Bring Your Own Print Driver Privilege Escalation Tool

Concealed Position is a local privilege escalation attack against Windows using the concept of “Bring Your Own Vulnerability”. Specifically, Concealed Position (CP) uses the as designed package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with known vulnerabilities which are thenRead More

Rootend – A *Nix Enumerator And Auto Privilege Escalation Tool

rootend is a python *nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit our website https://www.twelvesec.com/ Written by: nickvourd (twitter) maldevel (twitter) servo Usage Enumeration & Automation Privilege Escalation tool. rootend is an open source tool licensed under GPLv3. Affected systems: *nix. Written by: @nickvourd of @twelvesec. SpecialRead More

Lucifer – A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration And More…

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More… Use Or Build Automation Modules To Speed Up Your Cyber Security Life Setup git clone https://github.com/Skiller9090/Lucifer.gitcd Luciferpip install -r requirements.txtpython main.py –help If you want the cutting edge changes add -b dev to the end of git cloneRead More

Watson – Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities

[*] Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004 Server 2016 & 2019 Usage C:> Watson.exe __ __ _ / / / __ _| |_ ___ ___ _ __ / / /Read More

Pytmipe – Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE (PYthon library for Token Manipulation and Impersonation for Privilege Escalation) is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python client: tmipe (python3 tmipe.py) A python library: pytmipe. Useful forRead More

X