# Automating local enumeration with JAWS

**JAWS** is an open-source PowerShell script designed to help penetration testers automate local enumeration and identify privilege escalation vectors on Windows systems.

To use this script, you will need to copy the script into your lab environment. To begin with, you can access the script through the following GitHub repository: 

{% embed url="<https://github.com/411Hall/JAWS>" %}

On the GitHub repo, navigate to the jaws-enum.ps1 script as shown in the following screenshot.

<figure><img src="https://assets.ine.com/lab/learningpath/b37f83205f553305725d6f6999cdb098a6fad3204ed5f21208d20e4fda256679.png" alt=""><figcaption></figcaption></figure>

You will then need to view the script in raw format, this can be done by clicking the raw button as shown in the following screenshot.

<figure><img src="https://assets.ine.com/lab/learningpath/56ec8ee9b21a16e7e606231004b9af0620ad0ef5c43f1f8ee23fa6b03b97c219.png" alt=""><figcaption></figcaption></figure>

You will now need to copy the content of the script in raw format and paste it into the lab environment clipboard.

<figure><img src="https://assets.ine.com/lab/learningpath/38c15cd468623a40f6f4c6df281f64f4b1e11dfa06e6fe4b9ff1ee3e1e2a9f24.png" alt=""><figcaption></figcaption></figure>

Once you have copied the script from the GitHub repo, navigate back to the Kali Linux system in your lab environment and create a new file with a text editor like Mousepad.

Then paste in the script you copied in the file, after which save the file as jaws-enum.ps1 as shown in the following screenshots.

<figure><img src="https://assets.ine.com/lab/learningpath/b4a678b01b4a454629a6aa988d575275fa1973d233b059fcc90f44fcaf5daecb.png" alt=""><figcaption></figcaption></figure>

<figure><img src="https://assets.ine.com/lab/learningpath/e963975315a12915b21158eafa9529c03e4c3d1f4ee7d836959ffcf3f9710673.png" alt=""><figcaption></figcaption></figure>

We can now navigate back to our meterpreter session and navigate to the C:\ drive by running the following command:

**Command:**

```
cd C:\\
```

We will then need to create the **temp** directory by running the following command:

**Command:**

```
mkdir temp
```

**Command:**

```
cd temp
```

<figure><img src="https://assets.ine.com/lab/learningpath/8f5a4ca9ff43a69db4673d66007c6f548cf505699294176912423f1e9231051c.png" alt=""><figcaption></figcaption></figure>

We can now upload the **jaws-enum.ps1** script we copied from the GitHub repo by running the following command:

**Command:**

```
upload /root/Desktop/jaws-enum.ps1
```

<figure><img src="https://assets.ine.com/lab/learningpath/14284915936c6a3dd5a116b6a920d12e24f90163e29359643fb3e732961a9e3a.png" alt=""><figcaption></figcaption></figure>

After uploading the script successfully, we will need to spawn a command shell session, this can be done by running the following command:

**Command:**

```
shell
```

We can now execute the **jaws-enum.ps1** script by running the following command:

**Command:**

```
powershell.exe -ExecutionPolicy Bypass -File .\jaws-enum.ps1 -OutputFilename JAWS-Enum.txt
```

<figure><img src="https://assets.ine.com/lab/learningpath/b7ed0cd334fb1a5048a89556e9df908979d1a88a90e7cc409d4a85f5cd922eec.png" alt=""><figcaption></figcaption></figure>

As shown in the preceding screenshot, the jaws-enum.ps1 script will run and save the results into a file called **JAWS-Enum.txt**.

**Note:** JAWS will take a couple of minutes to complete the enumeration process, so do not be alarmed if the script looks like it has paused or stopped running.

Once the jaws-enum.ps1 script is done, we can download the output file for analysis, this can be done by running the following command:

**Command:**

```
download JAWS-Enum.txt
```

<figure><img src="https://assets.ine.com/lab/learningpath/cdfdc6be5971e6f2c295d8775330e0349b2201d7949a9c6943c10780cc5fda6d.png" alt=""><figcaption></figcaption></figure>

Now that we have downloaded the output generated by the jaws-enum.ps1 script, we can open up the output file on our Kali system by navigating to **/root/** and opening the **JAWS-Enum.txt** file with the mousepad as shown in the following screenshot.

<figure><img src="https://assets.ine.com/lab/learningpath/70294131878f300115f2e60210d83c1244390390c337848b5fc17c634e6e26aa.png" alt=""><figcaption></figcaption></figure>

<figure><img src="https://assets.ine.com/lab/learningpath/f8a90b81a8308d3d67b9bbc14ceeae5c7b037a599878c003aaa8431d5053003b.png" alt=""><figcaption></figcaption></figure>

As shown in the preceding screenshot, the output file generated by jaws-enum.ps1 contains all relevant information about the target system that we would have otherwise had to have enumerated manually.

Take a few minutes to go through the output file and analyze what information JAWS was able to enumerate in addition to any potentially interesting information that we were unable to enumerate manually or with Metasploit modules.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.cavementech.com/pentesting-quick-reference/windows-basics/automating-local-enumeration-with-jaws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.