ly4k/PwnKit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ly4k/PwnKit)

ly4k / PwnKit

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

☆1,282

Alternatives and similar repositories for PwnKit

Users that are interested in PwnKit are comparing it to the libraries listed below

Sorting:

arthepsy / CVE-2021-4034
View on GitHub
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
☆1,128May 4, 2023Updated 2 years ago
berdav / CVE-2021-4034
View on GitHub
CVE-2021-4034 1day
☆2,028Jun 8, 2022Updated 3 years ago
ly4k / SpoolFool
View on GitHub
Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
☆793Feb 9, 2022Updated 4 years ago
BeichenDream / GodPotato
View on GitHub
☆2,202Nov 24, 2023Updated 2 years ago
ly4k / Certipy
View on GitHub
Tool for Active Directory Certificate Services enumeration and abuse
☆3,401Feb 18, 2026Updated last week
topotam / PetitPotam
View on GitHub
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
☆2,179Aug 15, 2024Updated last year
cube0x0 / noPac
View on GitHub
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
☆1,397Dec 16, 2021Updated 4 years ago
itm4n / PrintSpoofer
View on GitHub
Abusing impersonation privileges through the "Printer Bug"
☆2,187Sep 10, 2020Updated 5 years ago
antonioCoco / RunasCs
View on GitHub
RunasCs - Csharp and open version of windows builtin runas.exe
☆1,341Jul 12, 2024Updated last year
CCob / SweetPotato
View on GitHub
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
☆1,812Sep 4, 2024Updated last year
antonioCoco / RoguePotato
View on GitHub
Another Windows Local Privilege Escalation from Service Account to System
☆1,155Jan 9, 2021Updated 5 years ago
decoder-it / LocalPotato
View on GitHub
☆707Nov 7, 2023Updated 2 years ago
fortra / nanodump
View on GitHub
The swiss army knife of LSASS dumping
☆2,072Sep 17, 2024Updated last year
GhostPack / Rubeus
View on GitHub
Trying to tame the three-headed dog.
☆4,904Nov 14, 2025Updated 3 months ago
itm4n / PrivescCheck
View on GitHub
Privilege Escalation Enumeration Script for Windows
☆3,697Jan 30, 2026Updated last month
CravateRouge / bloodyAD
View on GitHub
BloodyAD is an Active Directory Privilege Escalation Framework
☆2,098Updated this week
antonioCoco / JuicyPotatoNG
View on GitHub
Another Windows Local Privilege Escalation from Service Account to System
☆939Nov 12, 2022Updated 3 years ago
zcgonvh / EfsPotato
View on GitHub
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
☆816Dec 14, 2023Updated 2 years ago
Ridter / noPac
View on GitHub
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
☆976Jan 29, 2023Updated 3 years ago
Greenwolf / ntlm_theft
View on GitHub
A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)
☆1,350Sep 22, 2025Updated 5 months ago
cube0x0 / CVE-2021-1675
View on GitHub
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
☆1,966Jul 20, 2021Updated 4 years ago
GhostPack / Certify
View on GitHub
Active Directory certificate abuse.
☆1,921Oct 27, 2025Updated 4 months ago
ropnop / kerbrute
View on GitHub
A tool to perform Kerberos pre-auth bruteforcing
☆3,255Aug 20, 2024Updated last year
calebstewart / CVE-2021-1675
View on GitHub
Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)
☆1,089Jul 5, 2021Updated 4 years ago
S3cur3Th1sSh1t / MultiPotato
View on GitHub
☆540Nov 20, 2021Updated 4 years ago
cube0x0 / KrbRelay
View on GitHub
Framework for Kerberos relaying
☆937May 29, 2022Updated 3 years ago
DominicBreuker / pspy
View on GitHub
Monitor linux processes without root permissions
☆5,891Jan 17, 2023Updated 3 years ago
dirkjanm / krbrelayx
View on GitHub
Kerberos relaying and unconstrained delegation abuse toolkit
☆1,537Jan 27, 2025Updated last year
Dec0ne / KrbRelayUp
View on GitHub
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…
☆1,631Aug 6, 2022Updated 3 years ago
dirkjanm / PKINITtools
View on GitHub
Tools for Kerberos PKINIT and relaying to AD CS
☆882Jan 3, 2025Updated last year
optiv / ScareCrow
View on GitHub
ScareCrow - Payload creation framework designed around EDR bypass.
☆2,874Aug 18, 2023Updated 2 years ago
antonioCoco / RemotePotato0
View on GitHub
Windows Privilege Escalation from User to Domain Admin.
☆1,442Dec 18, 2022Updated 3 years ago
GhostPack / ForgeCert
View on GitHub
"Golden" certificates
☆710Aug 17, 2024Updated last year
ohpe / juicy-potato
View on GitHub
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts t…
☆2,732Dec 18, 2021Updated 4 years ago
61106960 / adPEAS
View on GitHub
Powershell tool to automate Active Directory enumeration.
☆1,284Sep 9, 2025Updated 5 months ago
nicocha30 / ligolo-ng
View on GitHub
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
☆4,301Feb 15, 2026Updated 2 weeks ago
FuzzySecurity / StandIn
View on GitHub
StandIn is a small .NET35/45 AD post-exploitation toolkit
☆839Dec 2, 2023Updated 2 years ago
S3cur3Th1sSh1t / Amsi-Bypass-Powershell
View on GitHub
This repo contains some Amsi Bypass methods i found on different Blog Posts.
☆2,132Nov 28, 2024Updated last year
bats3c / ADCSPwn
View on GitHub
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…
☆864Mar 20, 2023Updated 2 years ago