WinPEAS Command Guide

WinPEAS is the Windows counterpart. It enumerates registry, services, files, and updates to find privilege escalation vectors.

Top 10 Useful Commands

1. Basic Run

winpeas.exe

Explanation: Run checks.

2. Fast Scan

winpeas.exe fast

Explanation: Skip heavy checks (like file analysis).

3. Search Passwords

winpeas.exe searchfast

Explanation: Look for stored credentials/autologon specifically.

4. Cmd Only (No Color/Binary)

winpeas.bat

Explanation: If you can't drop an EXE, use the Batch script version.

5. Services Check

winpeas.exe servicesinfo

Explanation: Enumerate services, look for Unquoted Service Paths.

6. PowerShell Mode

winpeas.ps1

Explanation: Powershell version. Runs in memory, better for AV evasion often.

7. System Info

winpeas.exe systeminfo

Explanation: Check patch levels, OS version (Kernel exploits).

8. Process Info

winpeas.exe processinfo

Explanation: Check running processes.

9. User Info

winpeas.exe userinfo

Explanation: Check current user privileges (SeDebugPrivilege, etc).

10. Output

winpeas.exe > report.txt

The Most Powerful Command

winpeas.exe quiet

Explanation: Like LinPEAS, running it and looking for RED text is the key. It highlights "AlwaysInstallElevated" or "Writable Service Exe" paths instantly.