{"id":27221208,"url":"https://github.com/exploitworks/escalatex","last_synced_at":"2025-04-11T15:48:09.957Z","repository":{"id":286295920,"uuid":"960988535","full_name":"ExploitWorks/EscalateX","owner":"ExploitWorks","description":"A powerful Linux privilege escalation scanner — a feature-rich and modern alternative to LinPEAS, built for speed, depth, and clarity.","archived":false,"fork":false,"pushed_at":"2025-04-06T14:07:03.000Z","size":324,"stargazers_count":28,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-07T14:23:42.027Z","etag":null,"topics":["bash","blackarch","capability-checker","container-security","ctf-tools","cybersecurity","ethical-hacking","infosec","kali-linux","kernel-exploitation","linux","penetration-testing","pentesting","privilege-escalation","redteam","security","security-tools","suidsploit","sysadmin","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ExploitWorks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-05T14:11:14.000Z","updated_at":"2025-04-07T13:12:19.000Z","dependencies_parsed_at":"2025-04-07T14:33:49.760Z","dependency_job_id":null,"html_url":"https://github.com/ExploitWorks/EscalateX","commit_stats":null,"previous_names":["reschjonas/escalatex","exploitworks/escalatex"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExploitWorks%2FEscalateX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExploitWorks%2FEscalateX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExploitWorks%2FEscalateX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExploitWorks%2FEscalateX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ExploitWorks","download_url":"https://codeload.github.com/ExploitWorks/EscalateX/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248174886,"owners_count":21059820,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","blackarch","capability-checker","container-security","ctf-tools","cybersecurity","ethical-hacking","infosec","kali-linux","kernel-exploitation","linux","penetration-testing","pentesting","privilege-escalation","redteam","security","security-tools","suidsploit","sysadmin","vulnerability-scanners"],"created_at":"2025-04-10T07:24:21.413Z","updated_at":"2025-04-10T07:24:26.499Z","avatar_url":"https://github.com/ExploitWorks.png","language":"Shell","readme":"# EscalateX\n\n\u003cdiv align=\"center\"\u003e\n   \n[![License: CC BY-NC 4.0](https://img.shields.io/badge/License-CC%20BY--NC%204.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc/4.0/)\n![Bash](https://img.shields.io/badge/Made%20with-Bash-1f425f.svg)\n![Platform](https://img.shields.io/badge/Platform-Linux-blue)\n![Status](https://img.shields.io/badge/Status-Active-success)\n\n![EscalateX Preview](title.png)\n\n**A powerful Linux privilege escalation scanner for security professionals**\n\n\u003c/div\u003e\n\n## 📖 About\n\nEscalateX is a cybersecurity tool designed to identify privilege escalation vectors on Linux systems. Automating the process of finding potential vulnerabilities and a modern alternative to LinPEAS is the purpose of EscalateX. \n\nThe tool is currently in its early development phase. Bugs can and will occur while running the tool - therefore, please report your findings by sending me an email.\n\n### Key Features\n\n- ✅ **System Configuration Analysis**: Identifies misconfigurations in system settings\n- ✅ **Privilege Abuse Detection**: Locates SUID/SGID binaries and dangerous capabilities\n- ✅ **Filesystem Vulnerability Scanning**: Finds writable files in sensitive locations\n- ✅ **Kernel Exploit Detection**: Discovers kernel vulnerabilities that could lead to privilege escalation\n- ✅ **Container Security**: Evaluates potential container escape vectors\n\n## 🚀 Installation\n\nQuick setup in three simple steps:\n\n```bash\n# Clone the repository\ngit clone https://github.com/reschjonas/EscalateX.git\n\n# Navigate to the directory\ncd EscalateX\n\n# Make it executable\nchmod +x escalatex.sh\n```\n\n### 📋 Requirements\n\nRuns on most Linux distributions with:\n- Bash 4.0+\n- Standard Unix utilities (find, grep, ls, etc.)\n- The `timeout` command (optional but recommended)\n\n## 💻 Usage\n\n### Basic Operation\n\nSimply run the script:\n\n```bash\n./escalatex.sh\n```\n\n### Advanced Options\n\n```bash\n# Run a comprehensive scan (longer but more thorough)\n./escalatex.sh --thorough\n\n# Target specific checks only\n./escalatex.sh --only system_info,suid_sgid\n\n# Use elevated privileges for deeper analysis\n./escalatex.sh --multi --password yourpassword\n\n# Maximum depth scan for critical systems\n./escalatex.sh --extreme\n```\n\n### Command Line Options\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eClick to expand all options\u003c/b\u003e\u003c/summary\u003e\n\n#### Core Options\n- `-a, --all` - Run all checks (thorough mode)\n- `-t, --thorough` - More comprehensive but slower scan\n- `-x, --extreme` - Maximum depth scan for critical systems\n- `-o, --only CHECKS` - Run specific checks (comma-separated)\n- `-d, --dir PATH` - Check a specific directory\n- `-m, --multi` - Use multiple threads (default)\n- `-s, --single` - Single-threaded mode\n- `--threads N` - Set number of threads for multithreaded mode\n\n#### Output Options\n- `-q, --quiet` - Minimal output\n- `-n, --no-color` - Turn off colors\n- `-w, --wait` - Pause between check groups\n\n#### Advanced Options\n- `-p, --password PWD` - For sudo operations\n- `-S, --sudo-pass` - Prompt for sudo password for privilege escalation attempts\n- `-D, --debug` - Verbose logging\n- `-h, --help` - Show help\n\u003c/details\u003e\n\n## 🔍 What It Checks For\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eSystem Information\u003c/b\u003e\u003c/summary\u003e\n\n- OS details and kernel version\n- Security configurations and patch status\n- Hardware info and resource usage\n- Filesystem mounts and permissions\n- Boot configuration and services\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eUser \u0026 Permissions\u003c/b\u003e\u003c/summary\u003e\n\n- Current user privileges\n- User enumeration and group memberships\n- Password policy issues\n- Sudo rules that could be abused\n- Home directory permissions\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003ePrivilege Escalation Vectors\u003c/b\u003e\u003c/summary\u003e\n\n- SUID/SGID binaries (especially exploitable ones)\n- Files with dangerous capabilities\n- Custom privilege escalation paths\n- Container security issues\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eFilesystem Issues\u003c/b\u003e\u003c/summary\u003e\n\n- Writable files in sensitive locations\n- Misconfigured home directory permissions\n- PATH manipulation vulnerabilities\n- Wildcard injection opportunities\n\u003c/details\u003e\n\n## 📊 Sample Output\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eClick to see sample scan results\u003c/b\u003e\u003c/summary\u003e\n\n```\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━ System Information ━━━━━━━━━━━━━━━━━━━━━━━━━━┓\n\n╔════════[ Operating System Information ]════════╗\n[+] OS: Ubuntu 20.04.3 LTS (ubuntu)\n[+] Kernel version: 5.11.0-27-generic\n[+] Architecture: x86_64\n[+] Running on physical hardware\n\n╔════════[ Hardware Information ]════════╗\n[+] CPU: Intel(R) Core(TM) i7-10700K CPU @ 3.80GHz (8 cores)\n[+] Memory: 6453MB / 16000MB (40% used)\n[+] Swap: 2048MB / 4096MB (50% used)\n\n...\n\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━ SUID/SGID Binaries and Capabilities ━━━━━━━━━━━━━━━━━━━━━━━━━━┓\n\n╔════════[ SUID/SGID Binaries ]════════╗\n[*] Looking for SUID binaries (might take a while)...\n[+] Found 35 SUID/SGID binaries:\n[!] /usr/bin/sudo [Owner: root]\n   → Purpose: Execute commands as root with proper permissions\n[!] /usr/bin/pkexec [Owner: root]\n   → Purpose: Execute commands as another user with policykit\n[CRITICAL] /usr/bin/python3 [Owner: root]\n   → Exploitable: python -c 'import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")'\n\n...\n\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━ Scan Summary ━━━━━━━━━━━━━━━━━━━━━━━━━━┓\n\n[*] EscalateX scan completed at Wed Feb 14 14:32:18 EST 2024\n[*] Remember to check the most promising privilege escalation vectors highlighted in red\n\nThank you for using EscalateX!\n```\n\u003c/details\u003e\n\n## 🗺️ Roadmap\n\n\u003cdiv align=\"center\"\u003e\n  \n### Future Development Plans\n\n\u003c/div\u003e\n\n| Feature | Status | Description |\n|---------|--------|-------------|\n| 📑 **Report Generator** | Planned | Create comprehensive HTML/PDF reports with findings and remediation recommendations |\n| 🛠️ **Single Script Builder** | Planned | Build-Script to compile all modules into a singular script |\n| 🔍 **Service Version Scanning** | Planned | Identify outdated software versions running as services |\n| 🌐 **Real-time CVE Collection** | Planned | Connect to vulnerability databases to map identified software versions to known CVEs |\n| 🛠️ **Automatic Vulnerability Exploiter** | Considering | Optional module to automatically exploit identified vulnerabilities |\n\n\u003cdiv align=\"center\"\u003e\n\u003c/div\u003e\n\n## 🧩 Custom Modules\n\nYou can extend EscalateX with your own custom modules:\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eHow to create custom modules\u003c/b\u003e\u003c/summary\u003e\n\n1. Create a script in the modules directory\n2. Use this basic structure:\n\n```bash\n#!/bin/bash\n\n# Title: My Custom Check\n# Description: What this thing does\n\ncheck_something_interesting() {\n  print_subtitle \"My Interesting Check\"\n  \n  # Your check logic here\n  print_info \"Checking something...\"\n  \n  # Found something worth noting\n  print_warning \"Hmm, that's interesting\"\n  \n  # Found something bad\n  print_critical \"This is definitely exploitable\"\n}\n\n# Main function\ncustom_checks() {\n  print_title \"My Custom Stuff\"\n  \n  # Run your checks\n  check_something_interesting\n  \n  # Pause if wait mode is on\n  wait_for_user\n}\n```\n\n3. Add your module to loader.sh\n\u003c/details\u003e\n\n## ⚠️ Important Warning\n\n\u003cdiv align=\"center\"\u003e\n  \n**This is a security tool. Use it responsibly.**\n\n\u003c/div\u003e\n\n- 🔒 Only run it on systems you own or have permission to test\n- 🚨 Some checks might trigger security alerts or monitoring\n- ⚙️ Be careful in production environments\n- 🤝 Don't be a jerk - never use this for unauthorized access\n\n## 📝 License\n\n\u003cdiv align=\"center\"\u003e\n  \n[![License: CC BY-NC 4.0](https://licensebuttons.net/l/by-nc/4.0/88x31.png)](https://creativecommons.org/licenses/by-nc/4.0/)\n\n\u003c/div\u003e\n\nThis project is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0) - see the [LICENSE](LICENSE.md) file for details.\n\nThis means you can freely use, modify, and distribute this software, as long as:\n- You give appropriate credit to the original author\n- You don't use it for commercial purposes\n\nFor more information, visit: https://creativecommons.org/licenses/by-nc/4.0/\n\n## 👥 Contributing\n\nContributions are welcome and appreciated! To contribute:\n\n1. Fork the repository\n2. Create a branch (`git checkout -b cool-new-feature`)\n3. Commit your changes (`git commit -m 'Added some cool feature'`)\n4. Push to your branch (`git push origin cool-new-feature`)\n5. Open a Pull Request\n\n\u003cdiv align=\"center\"\u003e\n  \n**[⬆ Back to top](#escalatex)**\n\n\u003c/div\u003e \n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexploitworks%2Fescalatex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexploitworks%2Fescalatex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexploitworks%2Fescalatex/lists"}