Although this is a reasonable list, the list of ‘good’ tools seemingly changes every month. As of late 2019, this is a decent list of tools that can be used to aid in privilege escalation.
Linux
Linux Smart Enumeration
File type: Shell Script
Download: Here
“This script will show relevant information about the security of the local Linux system.
It has 3 levels of verbosity so you can control how much information you see.
In the default level you should see the highly important security flaws in the system. The level 1
(./lse.sh -l1
) shows interesting information that should help you to privesc. The level 2
(./lse.sh -l2
) will just dump all the information it gathers about the system.
By default it will ask you some questions: mainly the current user password (if you know it ![😉](List of Privilege Escalation T.svg) so it can do some additional tests.”
LinEnum
File Type: Shell Script
Download: Here
Has several different options that it can be run with. Best to run with thorough testing enabled.
Linux Exploit Suggester 2
File Type: Perl Script
Download: Here
“This script is extremely useful for quickly finding privilege escalation vulnerabilities both in on-site and exam environments.”
Windows
PowerUp
File Type: Powershell Script
Download: Here
“PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations. See README.md for more information.”
Sherlock
File Type: Powershell Script
Download: Here
Deprecated ~3 years ago. Should work well for < 2017 Windows Builds.
“PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.”
Watson
File Type: Windows Executable
Download: Here
Does need to be compiled inside of VScode.
“Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities.”
Seatbelt
File Type: Windows Executable
Download: Here
“Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives.”
SharpUp
File Type: Windows Executable
Download: Here
“SharpUp is a C# port of various PowerUp functionality. Currently, only the most common checks have been ported; no weaponization functions have yet been implemented.”