3rd-party lists
- m0nad/awesome-privilege-escalation - A curated list of awesome privilege escalation
- carlospolop/PEASS-ng - Privilege Escalation Awesome Scripts SUITE (with colors)
- Ascotbe/Kernelhub - Windows 提权漏洞合集,附带编译环境,演示GIF图,漏洞详细信息,可执行文件
- De4dCr0w/Linux-kernel-EoP-exp
- Al1ex/WindowsElevation - Windows Elevation(持续更新)
- bsauce/kernel-exploit-factory - Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore
- nickvourd/Windows-Local-Privilege-Escalation-Cookbook - Windows Local Privilege Escalation Cookbook
Online services
Local - windows
- 0x00Check/ExploitLeakedHandle - Identify and exploit leaked handles for local privilege escalation
- bitsadmin/wesng - Windows Exploit Suggester - Next Generation - 2.6K star
- Hzllaga/BT_Panel_Privilege_Escalation - 宝塔面板Windows版提权方法
- gist: acltest.ps1 - Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation
- GhostPack/SharpUp - SharpUp is a C# port of various PowerUp functionality
- pentestmonkey/windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
- rasta-mouse/Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
- rasta-mouse/Watson - a (.NET 2.0 compliant) C# implementation of
- AlessandroZ/BeRoot - Privilege Escalation Project - Windows / Linux / Mac
- Windows-Exploit-Suggester - compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target
- PowerShellMafia/PowerSploit/Privesc - PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations
- enjoiz/Privesc - Windows batch script that finds misconfiguration issues which can lead to privilege escalation
- Dankirk/RegSLScan - A tool for scanning registery key permissions. Find where non-admins can create symbolic links
- decoder-it/BadBackupOperator - SeBackupPrivilege/SeRestorePrivilege 利用,通常 Backup Operators 组有这个权限
- itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows
- itm4n/PrintSpoofer - From LOCAL/NETWORK SERVICE to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 and Server 2016/2019 - SeImpersonatePrivilege + 命名管道模拟提权
- BC-SECURITY/Invoke-PrintDemon - This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell dll already embedded which levages CVE-2020-1048 for privilege escalation
- hlldz/dazzleUP - A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems
Local - Elevate To SYSTEM
- decoder-it/pipeserverimpersonate - named pipe server with impersonation - 监听命名管道,有客户端访问时自动调用CreateProcessWithToken,比如 echo a > \IP\pipe\dummypipe
- justinbui/PrimaryTokenTheft - Steal a primary token and spawn cmd.exe using the stolen token
- yusufqk/SystemToken - Steal privileged token to obtain SYSTEM shell
- f-secure: Windows Services – All roads lead to SYSTEM
- gtworek/PSBits/LSASecretDumper/LSASecretDumper.c - 复制winlogon token,然后用ImpersonateLoggedOnUser修改当前进程权限
Local - UAC/token tool
- hfiref0x/UACME - Defeating Windows User Account Control - UAC绕过工具,持续更新
- 0xbadjuju/Tokenvator - A tool to elevate privilege with Windows Tokens
- FuzzySecurity/PowerShell-Suite - Bypass-UAC powershell 版本,方法很少
Local - Linux
- diego-treitos/linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
- Snoopy-Sec/Localroot-ALL-CVE - Linux本地提权搜集,持续更新
- Rezilion/mi-x - Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect actual exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc.
- Al1ex/LinuxEelvation - Linux Eelvation(持续更新)
- liamg/traitor - Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins
- WazeHell/PE-Linux - Linux Privilege Escalation Tool By WazeHell
- mzet-/linux-exploit-suggester - Linux privilege escalation auditing tool
- jondonas/linux-exploit-suggester-2 - Next-Generation Linux Kernel Exploit Suggester
- spencerdodd/kernelpop - kernel privilege escalation enumeration and exploitation framework
- rebootuser/LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
- pentestmonkey/unix-privesc-check - Automatically exported from code.google.com/p/unix-privesc-check
- reider-roque/linpostexp - linuxprivchecker.py - a Linux Privilege Escalation Check Script
- nilotpalbiswas/Auto-Root-Exploit - Auto Root Exploit Tool
- nongiach/sudo_inject - Two Privilege Escalation techniques abusing sudo token
- TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo
- lawrenceamer/0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), fast, intelligent enumeration with Web API integration
- initstring/uptux - Linux privilege escalation checks (systemd, dbus, socket fun, etc)
- xairy/unlockdown - Disabling kernel lockdown on Ubuntu without physical access - 没测试
- bindecy/HugeDirtyCowPOC - A POC for the Huge Dirty Cow vulnerability (CVE-2017-1000405)
Uncategorized