Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
This branch is 47 commits ahead, 1 commit behind CUEH:master.

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


LEAP: Local Enumeration and Privilege escalation, is a tool designed in the Python programming language. LEAP is designed to grant users privilege escalation on the local network and enumerate the host on which it is run on. It contains a variety of enumerations and privilege escalation methods, which range from: Port Enumeration, NIC (Network Interface Controller) Enumeration, ARP (Address Resolution Protocol) Enumeration, Host Running Services Enumeration, Hardware Enumeration, User Enumeration, and Network Enumeration, Keystroke / Keylogger Privilege escalation, Emacs Binary Exploit, and AWK File Read Exploit for the given operating systems.

LEAP is designed to function mainly on the Windows and Linux operating systems. It has a basic multi-step menu system which makes it easy to use and understand. The features of leap are very wide-ranged assured to give a user the information required to further probe and exploit a target. It can also be used for privilege escalation as the name suggests and not just gathering sensitive information.


This section briefly explains the tool in general. Software requirements to successfully run and manage the program to give you the desired output every time. Ensure to follow the installation steps below:


Linux and Windows:

  • Linux and Windows operating system are required
  • Python 3 (Install Python 3 for both Windows and Linux)
  • Pip 3 (How to install PiP 3 on LInux , How to Install PIP on Windows)


After the software requirements above have been met, you can the further proceed to install LEAP basic requirements and shown below:

Setup for Windows and Linux

  • python
    The above command will install the required dependencies need to run the LEAP program. Ensure all dependencies installed successfully

Usage windows:

  • There are 2 ways to run the LEAP program:
    • python

    • python

    • python -e enumerate:

    • python -e enumerate

Usage Linux:

There are 2 ways to run the LEAP program:

  • python3

  • python3

  • python3 -e enumerate:

  • python3 -e enumerate

For more help on using the program simply do: python or python3 -h

  • python -h (windows)
  • python3 -h (linux)
    Brief explanation: When you run the program a multi-level based menu system will be displayed to you, this system is really easy to understand and follow. Simply choose your desired model based on the key provided e.g 1, 2, 0, 11, 99, 12. Keys are the way you navigate through the system.

Team Members

  • Olajuwon Olawale Faleke
  • Alexander Hall
  • Rodrigo Silva Rolo

List of Currently Available Plugins

  • Port Enumeration
  • N.I.C Enumeration
  • ARP Table Enumeration
  • Service Enumeration
  • Hardware Enumeration
  • User Enumeration
  • Network Enumeration
  • Team members Enumeration
  • Capture Keystroke or Keylogger
  • Emacs Binary Exploit
  • AWK File Read Exploit
  • Team members Escalation


  • Port Enumeration: This plugin simply scans the open ports and closed ports on the host it is being run on if the host is connected to the internet. If the host does not have internet connection, then it will resolve to retrieve the local ports that are opened on the host and display or store the output of the result to file. This plugin is functional for and runs of both Windows and Linux.

  • N.I.C Enumeration: This Plugin retrieves all the hardware devices and Ipv4 and Ipv6 addresses, including the subnet mask of the network, and the Network adapters pretty name which is the human-readable name. it is also compatible with both Windows and Linux and displays the result in a pretty table for preview.

  • ARP Table Enumeration: This Plugin simply retrieves the data stored in the hosts' Address resolution protocol table and displays it to the attacker in a nice format. It includes Ipaddress and related hardware addresses also a little output of the network statistic is shown. It is also compatible with both Windows and Linux.

  • Service Enumeration: This plugin retrieves all the running services on the hosts' network while giving extensive information about each running service, their process identifiers, and so on. It is also compatible with Windows and Linux

  • Hardware Enumeration: It retrieves the hosts’ hardware information such as the graphic card, the memory size, free space, mounted drives, operating system kernel information, and so on. This plugin was built to only run on the Linux operating system.

  • Network Enumeration: This enumerates the users recently and previously connected wireless interfaces like WiFi name and can then receive input from the attacker selecting which interface he would like to probe, when given input it resolves to display the chosen wifi network’s secret key. This is only compatible with Windows. The Password retrieval plugin embedded here is only functional in the interactive shell and not the automated enumeration technique.

  • Team members Enumeration: This plugin will contain the team members plugin.

Privileged Escalations

  • Capture Keystroke or Keylogger: This plugin uses Pynput a python module the listens and captures keystrokes to record all the keystrokes the Host type and cleans the keystrokes up to look more meaningful in the presentation. The plugin when activated displays a keystroke to the attacker every 15 seconds. This is only compatible with Linux.

  • Emac Binary Exploit: This exploit uses a special suid bit to instantly spawn a shell that the attacker can use. If the suid bit is not set the plugin will resolve to attempt basic social engineering on the host user to try to make him set the suid bit.

  • AWK File Read Exploit: This uses awk to read contents of the /etc/shadow file only if the suid bit is set. Just like the Binary exploit using Emacs this also tries to get the suid bit set using a basic social engineering method.

  • Team Members Plugin: This will contain the team members plugin.

Program Folder Structure

Leap > src >



Basic Formatting

File Naming and Structuring

  • All Enumerations will be inside one 'Enumeration' file, called ""
  • All Privilege Escalations will be inside one 'PrivEsc' file, called ""
  • will contain the basic menu
  • will contain general-reusable functions to be used by individual code

Naming Conventions

  • We will follow the snake_case styling method in function naming
  • Function names will begin with the programmer's pseudo-name followed by the suitable operating system name, before finally the function name.

Plugin Output

  • Each plugin will return the plugin name, the plugin author and the plugin description
  • Each plugin will print the specified output to the user


LEAP: Local Enumeration And Privesc. Framework for project.







No releases published


  • Python 98.2%
  • Makefile 1.8%