Skip to content


Privilege Escalation

Learn Privilege Escalation

Linux Privilege Escalation

  • Basic Linux Privilege Escalation - Linux Privilege Escalation by @g0tmi1k
  • - Linux privilege escalation auditing tool written in bash (updated)
  • - Linux Exploit Suggester written in Perl (last update 3 years ago)
  • v2 - Next-generation exploit suggester based on Linux_Exploit_Suggester (updated)
  • Linux Soft Exploit Suggester - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities
  • - bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source)
  • - This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits (@SecuritySift)
  • LinEnum - This tool is great at running through a heap of things you should check on a Linux system in the post exploit process. This include file permissions, cron jobs if visible, weak credentials etc.(@Rebootuser)
  • linPEAS - LinPEAS - Linux Privilege Escalation Awesome Script. Check the Local Linux Privilege Escalation checklist from

Windows Privilege Escalation

  • PowerUp - Excellent powershell script for checking of common Windows privilege escalation vectors. Written by harmj0y (direct link)
  • PowerUp Cheat Sheet
  • Windows Exploit Suggester - Tool for detection of missing security patches on the windows operating system and mapping with the public available exploits
  • Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities
  • Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
  • Precompiled Windows Exploits - Collection of precompiled Windows exploits
  • Metasploit Modules
    • post/multi/recon/local_exploit_suggester - suggests local meterpreter exploits that can be used
    • post/windows/gather/enum_patches - helps to identify any missing patches

Privilege Escalation Tools

  • Active Directory and Privilege Escalation (ADAPE) - Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
  • LinEnum - Scripted local Linux enumeration and privilege escalation checker useful for auditing a host and during CTF gaming.
  • Postenum - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
  • unix-privesc-check - Shell script to check for simple privilege escalation vectors on UNIX systems.

Password Spraying Tools

  • DomainPasswordSpray - Tool written in PowerShell to perform a password spray attack against users of a domain.
  • SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.

Shellcoding Guides and Tutorials