Skip to content

HernanRodriguez1/Invoke-Enum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Invoke-Enum.ps1
Invoke-Enum.ps1
 
 
README.md
README.md
 
 

Repository files navigation

Invoke-Enum.ps1

Advanced Enumeration for Privilege Escalation in Windows

Overview

Invoke-Enum.ps1 is an advanced tool written in PowerShell that allows cybersecurity analysts to identify potential privilege escalation vectors on Windows systems. The script provides structured, secure, and fully Spanish-language output, with a professional approach for auditing, red teaming, or defensive analysis environments.

Features

  • Detection of installed security patches
  • Enumeration of sensitive privileges of the current user with whoami /priv
  • Detection of privileged tokens (SeImpersonate, SeAssignPrimaryToken, SeBackupPrivilege, SeRestorePrivilege, SeTakeOwnershipPrivilege, SeDebugPrivilege, SeLoadDriverPrivilege, SeTcbPrivilege, SeManageVolumePrivilege, SeCreateTokenPrivilege)
  • Credential extraction:
  • AutoLogon keys (DefaultUserName, DefaultPassword)
  • Credentials saved in cmdkey
  • Groups.xml files with cpassword
  • unattend.xml, sysprep.xml files autounattend.xml
  • Unquoted Service Paths (Unquoted Service Paths)
  • Detection of dangerous configurations such as AlwaysInstallElevated
  • Analysis of PATH paths with Write, Modify, or FullControl permissions
  • Review of automatic execution keys (Run from HKCU and HKLM)
  • Detection of scheduled tasks outside of Microsoft and their associated executables
  • Association of open ports with services and processes
  • Deep disk scan:
  • .exe executables with FullControl for Users or Everyone
  • .ps1, .bat, .dll, .vbs files with write permissions
  • Detection of services and their binary versions to search for CVEs
  • Enumeration of installed third-party applications
  • Collection of sensitive files:
  • .pfx, .pem, .sql, .config, .bak, .rdp, .key, .ini, .kdbx, .ovpn, etc.
  • Verification and location of SAM and SYSTEM hives on disk
  • Analysis of system information (OS, hardware, users, groups)
  • Evaluation of UAC (User Account Control) settings
  • Search for DPAPI credentials in registry and files
  • Scanning of extended network information (IP configuration, routing table)
  • Detection of PowerShell history and sensitive commands

How to use

powershell.exe -ep bypass -File .\Invoke-Enum.ps1

Or run in memory:

iex (Get-Content .\Invoke-Enum.ps1 -Raw)

1

2

3

4

5

6

Requirements

  • PowerShell 5.0 or higher
  • Standard user permissions (no administrative privileges required)
  • Compatible with: Windows 7, 10, 11, Server 2012/2016/2019

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

16 stars

Watchers

0 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages