Useful scripts for Windows reconnaissance

• WinPEAS
• PowerUp
• Windows Exploit Suggester
• Metasploit

Notes

• WinPEAS is detected and quarantined by Microsoft Defender (service windefend) by default.
• PowerUp may require an unrestricted PowerShell session (powershell -nop -exec bypass), which can raise alerts.
• Windows Exploit Suggester analyzes the output of systeminfo, and can be run on the attacker’s machine.
• The multi/recon/local_exploit_suggester module works through meterpreter to analyze a Windows system for potential vulnerabilities.