AUTOMATED ENUMERATION

Run winPEAS

Most comprehensive auto-enum — Color-coded findings

.\winPEASx64.exe
or: .\winPEASany.bat
Example Output
winPEAS output:
[!] Possible privesc:
  SeImpersonatePrivilege: ENABLED
[!] Unquoted service path:
  C:\Program Files\My App\service.exe
[!] Writable service:
  CustomSvc -> C:\custom\svc.exe

PowerUp.ps1

PowerShell privesc checker — Finds service misconfigs

Import-Module .\PowerUp.ps1
Invoke-AllChecks
Example Output
Import-Module .\PowerUp.ps1
Invoke-AllChecks

[*] Checking service permissions...
[!] CustomSvc - Users have AllAccess
[*] Checking unquoted service paths...
[!] VulnService - C:\Program Files\My App\svc.exe

Seatbelt

Detailed system enum — GhostPack tool

.\Seatbelt.exe -group=all
Example Output
.\Seatbelt.exe -group=all
====== InterestingFiles ======
  C:\Users\admin\Desktop\passwords.txt
====== TokenPrivileges ======
  SeImpersonatePrivilege: Enabled
====== SavedRDPConnections ======
  DC01.corp.local - admin

SharpUp

C# version of PowerUp — Quick audit

.\SharpUp.exe audit
Example Output
.\SharpUp.exe audit
=== Modifiable Services ===
Name: CustomSvc
Path: C:\custom\svc.exe
Permissions: Everyone [AllAccess]
(Can change service binary path)

windows-exploit-suggester

Match patches to exploits — Run systeminfo on target first

python3 windows-exploit-suggester.py --database <db> --systeminfo <sysinfo.txt>
Example Output
python3 wes.py sysinfo.txt
[E] MS17-010: EternalBlue (KB4013389)
[E] CVE-2019-1458: WizardOpium (KB4530684)
[E] CVE-2021-36934: HiveNightmare
[M] MS16-032: Secondary Logon (KB3143141)