- A lightweight, fast, and fully‑native Windows privilege‑escalation scanner written in C, designed to mimic real APT‑style tradecraft (like APT28, FIN7, etc.).
- The tool performs deep enumeration to uncover misconfigurations, weak permissions, token privileges, and exploitable system settings used during real‑world intrusions.
- Detects SeImpersonatePrivilege, SeDebugPrivilege, and other high‑value token privileges.
- Returns clean results (1/0) for automation in chained exploits.
- Finds Unquoted Service Paths and checks if they are actually exploitable (write access).
- Scans for writable directories in system‑level paths.
- Enumerates all Windows services
- Detects weak ACLs & permission abuse
- Checks binary paths, start type, and attack surface
- OS version, build, and architecture
- Logged‑in users
- Network interfaces & ARP table
- Domain/workgroup details
- Behaves similarly to tools used by APT groups and advanced operators
- No dependencies—static and stealthy
- Fast, minimal, ideal for initial foothold enumeration
bash install.sh
makemake=== Unquoted Service Path Analysis ===
======== Unquoted Service Path =========
[INFO] rsDNSClientSvc
service name : rsDNSClientSvc
writable path : Yes
service path : C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe
======== Privilege Escalation CVE Scan =========
[VULNERABLE] System is affected by CVE-2024-21338
Exploit : https://www.exploit-db.com/exploits/52275
------------------------------------------- This tool is for educational, red teaming, and authorized penetration testing only.
- The author is not responsible for any misuse.
- UAC bypass detection
- Registry misconfiguration scanning
- DLL hijacking & search‑order weaknesses
Pull requests welcome—optimizations, new modules, exploit detection logic, or documentation improvements.