PostExploitTool — Post-Exploitation
PostExploitTool executes post-exploitation operations based on the access type achieved during exploitation. It automates privilege escalation, lateral movement, persistence, credential harvesting, and container escape.
Actions
| Action | Purpose |
|---|---|
run | Execute post-exploitation scripts based on access type |
list-scripts | Show available scripts for a given access type |
status | Show current post-exploitation status |
Access Types
| Access Type | Description | Typical Post-Exploitation |
|---|---|---|
webapp-admin | Admin access to web application | Credential harvesting, persistence, lateral movement |
webapp-user | User-level access to web application | Privilege escalation, credential harvesting |
shell | Command execution on host | Full post-exploitation — privesc, harvest, move, persist |
database | Database access | Data exfiltration, credential harvesting from DB |
container | Container access | Container escape, credential harvesting, lateral movement |
cloud-metadata | Cloud metadata API access | IAM role enumeration, credential harvesting, cloud pivoting |
Scripts by Access Type
shell access
| Script | Purpose |
|---|---|
privesc_linux | Linux privilege escalation (SUID, capabilities, kernel exploits) |
credential_harvester | Dump credentials from memory, files, and processes |
persistence_finder | Identify and exploit persistence mechanisms |
lateral_movement | Pivot to other hosts on the network |
webapp-admin access
| Script | Purpose |
|---|---|
credential_harvester | Extract credentials from the web application |
persistence_finder | Find admin backdoor opportunities |
lateral_movement | Pivot to connected systems |
container access
| Script | Purpose |
|---|---|
container_escape | Break out of container to host |
credential_harvester | Harvest credentials from container and host |
lateral_movement | Pivot to other containers or hosts |
5-Phase Post-Exploitation Workflow
- Stabilize — Establish reliable access, deploy persistence
- Escalate — Elevate privileges (user → root / admin)
- Move — Lateral movement to high-value targets
- Persist — Deploy durable persistence mechanisms
- Exfiltrate — Collect and extract sensitive data
Usage
Running post-exploitation scripts
PostExploitTool(
action="run",
accessType="shell",
accessDetails='{"host":"10.0.0.5","user":"www-data","method":"webshell"}',
target="http://target.com"
)Running specific scripts
PostExploitTool(
action="run",
accessType="shell",
accessDetails="...",
target="http://target.com",
scripts=["privesc_linux", "credential_harvester"]
)Listing available scripts
PostExploitTool(
action="list-scripts",
accessType="shell"
)