Whirlpool / Privesc reasoning engine

01 Premise

Privilege escalation reasoning engine for exploitation playbook generation.

Transform raw enumeration output into ranked exploitation playbooks. Feed it LinPEAS, WinPEAS, or manual command output and receive prioritized attack plans with exact commands and confidence ratings.

Engine matches findings against comprehensive offline knowledge bases containing 329 GTFOBins, 86 LOLBAS, 42 kernel exploits, and 9 potato attacks. Pure analysis with zero network calls.

02 Specs

What's in the engine.

PARSING

Auto-detection of LinPEAS, WinPEAS, manual formats with aggressive false-positive filtering.

KNOWLEDGE

462 entries total — GTFOBins (329) · LOLBAS (86) · kernel exploits (42) · potato attacks (9).

SCORING

Composite ranking across reliability, safety, simplicity, stealth with 5 profiles.

CHAINS

12 attack chain types for multi-step privilege escalation paths single scanners miss.

OUTPUT

Terminal UI (Catppuccin) · Markdown reports · structured JSON for tool integration.

STACK

Pure Python 3.9+ · offline analysis · zero API dependencies · 237 tests with HTB samples.

03 Quickstart

Install, analyze, generate playbooks.

Engine deployment: enumeration input → knowledge base analysis → composite scoring → ranked playbook output.

# Install reasoning engine (Python 3.9+ required)
$ pipx install git+https://github.com/Real-Fruit-Snacks/Whirlpool.git

# Analyze LinPEAS/WinPEAS output (auto-detected format)
$ whirlpool linpeas_output.txt
$ whirlpool winpeas_output.txt

# Generate focused playbook with top techniques
$ whirlpool enum.txt --quick-wins

# OSCP-optimized ranking for exam scenarios
$ whirlpool enum.txt --profile oscp --format markdown --output report.md

04 Analysis

Three-stage pipeline.

Parse enumeration output into structured data, analyze findings against knowledge bases to generate exploitation paths, rank paths using composite scoring across four dimensions.

whirlpool/
cli.py              # argparse entry, auto-detection
parser/             # LinPEAS/WinPEAS/manual formats
engine/analyzer.py  # knowledge base matching
engine/ranker.py    # composite scoring profiles
data/*.json         # offline knowledge bases

05 Profiles

Five ranking profiles for different scenarios.

Composite scoring across reliability, safety, simplicity, and stealth dimensions with profile-specific weights optimized for OSCP, CTF, stealth operations, and system stability priorities.

DEFAULT

whirlpool enum.txt — balanced weights

OSCP

--profile oscp — reliable + documented

CTF

--profile ctf — speed-focused

STEALTH

--profile stealth — low detection

SAFE

--profile safe — system stability

06 Authorization

Authorized security testing with explicit permission.

Reasoning engine designed for enumeration analysis only. Generates exploitation playbooks for operator review — does not execute commands, scan hosts, or maintain access.

Report vulnerabilities via private security advisories, never public issues. Engine runs entirely offline with no network connections or API dependencies.

Knowledge bases: 329 GTFOBins + 86 LOLBAS + 42 kernel exploits + 9 potato attacks — pure analysis, no exploitation capability.

WHIRLPOOL.

Privilege escalation reasoning engine for exploitation playbook generation.

What's in the engine.

Install, analyze, generate playbooks.

Three-stage pipeline.

Five ranking profiles for different scenarios.

Authorized security testing with explicit permission.

Transform enumeration findings
into ranked attack strategies.

WHIRLPOOL.

Privilege escalation reasoning engine for exploitation playbook generation.

What's in the engine.

Install, analyze, generate playbooks.

Three-stage pipeline.

Five ranking profiles for different scenarios.

Authorized security testing with explicit permission.

Transform enumeration findingsinto ranked attack strategies.

Transform enumeration findings
into ranked attack strategies.