Automated enumeration script

Windows-exploit-suggester.py
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target.
​GitHub - AonCyberLabs/Windows-Exploit-Suggester​
windowsEnum.bat by Azmatt
Windows Enumeration Batch Script
​windowsEnum/windowsEnum.bat​
​FuzzySecurity | Windows Privilege Escalation Fundamentals​
WindowsEnum.ps1 by Absolomb
​GitHub - absolomb/WindowsEnum: A Powershell Privilege Escalation Enumeration Script.​
A Powershell Privilege Escalation Enumeration Script.
​Windows Privilege Escalation Guide​
JAWS - Just Another Windows (Enum) Script
JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so 'should' run on every Windows version since Windows 7.
​GitHub - 411Hall/JAWS: JAWS - Just Another Windows (Enum) Script​
windows-privesc-check by pentestmonkey
Find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases
​GitHub - pentestmonkey/windows-privesc-check: Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems​
wmic_info.bat by FuzzySecurity
use WMIC to extract the following information: processes, services, user accounts, user groups, network interfaces, Hard Drive information, Network Share information, installed Windows patches, programs that run at startup, list of installed software, information about the operating system and timezone.
for /f "delims=" %%A in ('dir /s /b %WINDIR%\system32*htable.xsl') do set "var=%%A"
​
wmic process get CSName,Description,ExecutablePath,ProcessId /format:"%var%" >> out.html
wmic service get Caption,Name,PathName,ServiceType,Started,StartMode,StartName /format:"%var%" >> out.html
wmic USERACCOUNT list full /format:"%var%" >> out.html
wmic group list full /format:"%var%" >> out.html
wmic nicconfig where IPEnabled='true' get Caption,DefaultIPGateway,Description,DHCPEnabled,DHCPServer,IPAddress,IPSubnet,MACAddress /format:"%var%" >> out.html
wmic volume get Label,DeviceID,DriveLetter,FileSystem,Capacity,FreeSpace /format:"%var%" >> out.html
wmic netuse list full /format:"%var%" >> out.html
wmic qfe get Caption,Description,HotFixID,InstalledOn /format:"%var%" >> out.html
wmic startup get Caption,Command,Location,User /format:"%var%" >> out.html
wmic PRODUCT get Description,InstallDate,InstallLocation,PackageCache,Vendor,Version /format:"%var%" >> out.html
wmic os get name,version,InstallDate,LastBootUpTime,LocalDateTime,Manufacturer,RegisteredUser,ServicePackMajorVersion,SystemDirectory /format:"%var%" >> out.html
wmic Timezone get DaylightName,Description,StandardName /format:"%var%" >> out.html
​
PowerUp
PowerUp is an extremely useful script for quickly checking for obvious paths to privilege escalation on Windows. It is not an exploit itself, but it can reveal vulnerabilities such as administrator password stored in registry and similar. 
​PowerUp: A Usage Guide – harmj0y​

Last modified 3yr ago