Local Privilege Escalation Analyzer is a read-only Linux security assessment tool focused on identifying and correlating potential local privilege escalation risks. It collects baseline system artifacts, detects independent misconfigurations, and correlates higher-risk combinations — without exploiting anything and without modifying the system.
This project is designed as a professional cybersecurity portfolio tool, emphasizing reasoning, signal-to-noise balance, and clear reporting.
Privilege escalation is rarely caused by a single vulnerability. In real environments, it usually emerges from the combination of multiple weak conditions.
This tool models that reality by:
- Collecting relevant privilege escalation primitives
- Detecting individual risk factors
- Correlating related conditions into higher-impact scenarios
- Explaining why each condition matters and how it should be mitigated
The analyzer focuses on identifying local privilege escalation risk by inspecting system conditions that are commonly involved in escalation scenarios.
It evaluates:
- User identity, effective privileges, and group memberships
- Environment configuration, with emphasis on PATH handling
- sudo availability and privilege boundaries
- Cron configuration, ownership, and permission models
- Presence and characteristics of SUID and SGID binaries
Rather than treating each condition in isolation, the tool correlates related signals to highlight combinations that significantly increase escalation risk, such as writable execution paths in the presence of privileged binaries or elevated group memberships combined with administrative tooling.
The scope is intentionally limited to safe inspection and reasoning. All findings are derived from observable system state and are presented with contextual explanations and defensive mitigation guidance.
This tool explicitly does not:
- Exploit vulnerabilities
- Attempt privilege escalation
- Execute payloads or commands beyond inspection
- Modify system state
- Perform scoring beyond defined correlation rules
- Use external services or dependencies
The focus is analysis and risk understanding, not exploitation.
Run a full analysis:
python3 analyzer.pyWrite JSON output to a file:
python3 analyzer.py --json-out snapshot.jsonFilter findings by severity:
python3 analyzer.py --severity HIGHShow only the executive summary:
python3 analyzer.py --summary-onlyCombine filters:
python3 analyzer.py --severity MEDIUM --summary-onlyThe console report includes:
- Baseline system artifacts
- Executive summary
- Correlated findings (prioritized)
- Independent findings grouped by severity
The JSON report contains:
- Raw collected artifacts
- Independent and correlated findings
- Severity summaries
- Correlation metadata
- Tool metadata (name, version)
- Host context (OS, kernel, architecture, timestamp)
All output is sanitized and safe to share.
Executive Summary
Total findings: 3
Correlated findings: 1
Independent findings: 2
By severity: HIGH=2, MEDIUM=1, LOW=0
- Security engineers
- Penetration testers
- Blue team and SOC analysts
- Advanced security students
- Technical interviewers evaluating Linux security knowledge
Many tools enumerate privilege escalation vectors, but few explain how multiple small issues combine into real risk.
This project demonstrates:
- Professional Linux privilege escalation reasoning
- Safe enumeration practices
- Correlation-based risk analysis
- Clean, structured reporting suitable for review and automation