Skip to content

Feat: added additional windows enum features#157

Merged
r-a303931 merged 7 commits intomainfrom
feat/windows-enum
Mar 23, 2026
Merged

Feat: added additional windows enum features#157
r-a303931 merged 7 commits intomainfrom
feat/windows-enum

Conversation

@BenPPetersons
Copy link
Contributor

@BenPPetersons BenPPetersons commented Mar 12, 2026

Added windows enumeration features. At the moment, this code should be able to:

  1. List ports and associated PIDs, as well as the hostname (same as before)
  2. List if the "wsl" or "docker" binary is in the user's PATH.
  3. List out the directories of where IIS Sites are being served from
  4. List out potential shells that are in those IIS directories
  5. List out potential python web servers and other web servers
  6. List startup items in startup (items that are not signed by microsoft)
  7. List suspicious files in system32 (-d option lists out dll's and .ps1's on top of the .exe's).
image

r-a303931
r-a303931 requested changes Mar 12, 2026
View reviewed changes
@r-a303931
Copy link
Contributor

r-a303931 commented Mar 12, 2026

Also, please go to the development side on the right and mark all the issues that this closes

This was linked to issues Mar 13, 2026
JJ-Enum: IIS Enum #79
Closed
JJ-Enum: Defender Check #80
Closed
JJ-Enum: System32/DLL Check #81
Closed
JJ-enum: autoruns #78
Closed
@BenPPetersons
feat: added windows 2019 to Vagrantfile
a5b894b
@BenPPetersons
feat: minor changes
9082e4f 
added enum for finding startup processes, websites, shells in websites, and sus stuff in System32
@BenPPetersons
fix: fixed subcommand structure and system32 enum issue
d366f9f 
changed the subcommand structure to allow users to specify specific enums if wanted, and fixed a system32 enum issue with the -d flag where it wouldn't accept it with the subcommand
@BenPPetersons
fix: fixed shells being missed with some cases and added PII enum cap…
1da6a30 
…ability to IIS sites
@BenPPetersons
fix: fixed shell scanning functionality to allow for scanning files f…
170a199 
…or actual shells in the files instead of just basing it off the file name
@BenPPetersons
fix: updated comments in code and added additional regex matching for…
f7ee0ca 
… shells
@BenPPetersons
feat: added winrm enumerater and local Admin lister. Added additional…
c70d10c 
… functionality with startup checker as well.
@r-a303931 r-a303931 merged commit c70d10c into main Mar 23, 2026
1 check passed
@r-a303931 r-a303931 deleted the feat/windows-enum branch March 23, 2026 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r-a303931 r-a303931 r-a303931 requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

JJ-Enum: System32/DLL Check JJ-Enum: Defender Check JJ-Enum: IIS Enum JJ-enum: autoruns

2 participants

@BenPPetersons @r-a303931