explaingit

niker-lixy/postex

Analysis updated 2026-05-18

1PythonAudience · ops devopsComplexity · 3/5LicenseSetup · easy

TLDR

A Python tool for Windows that collects a full security snapshot during authorized penetration tests, covering privileges, patches, credentials, and persistence, with optional AI-powered red or blue team analysis.

Mindmap

mindmap
  root((PostEX))
    What it collects
      System and user info
      Installed patches
      Defense tools present
      Network configuration
      Saved credentials
      Persistence mechanisms
    CVE checks
      CVE-2020-0796
      CVE-2021-34527
      CVE-2020-1472
    AI analysis modes
      Red Team attack paths
      Blue Team defense gaps
      Via OpenRouter API
    Output
      Structured JSON report
    Getting started
      Clone repo
      pip install requirements
      Run on Windows target
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run an authorized post-exploitation assessment on a Windows machine to generate a full JSON report of privileges, patches, and credential exposure.

USE CASE 2

Use Blue Team mode to send the collected report to an AI model and get a prioritized list of security gaps and remediation steps.

USE CASE 3

Check whether known privilege escalation vulnerabilities like PrintSpoofer or Zerologon are unpatched on a Windows system during a security audit.

What is it built with?

PythonWindowsOpenRouter

How does it compare?

niker-lixy/postexa-bissell/unleash-liteabhiinnovates/whatsapp-hr-assistant
Stars111
LanguagePythonPythonPython
Setup difficultyeasyhardhard
Complexity3/54/53/5
Audienceops devopsresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 30min

Windows only. Optional AI analysis requires an OpenRouter API key. For authorized security testing only.

MIT license, meaning you can use, modify, and distribute it freely for any purpose including commercial use.

In plain English

PostEX is a Python tool for Windows that collects a comprehensive snapshot of a machine's security state during authorized penetration tests or internal security audits. It runs on a Windows system and generates a structured JSON report covering system configuration, user privileges, installed patches, network setup, and potential security weaknesses. The tool gathers information across several categories. On the system side it records the operating system version, current user, privilege level, and the status of UAC (User Account Control). For patch coverage it checks which Windows updates are installed and flags whether specific well-known vulnerabilities remain unpatched, including CVE-2020-0796 and CVE-2021-34527. For defense detection it identifies whether Windows Defender is active, what its exclusion lists contain, and whether any of over 60 third-party endpoint security products are running. On the network side it collects interface addresses, the ARP table showing nearby devices, open ports and their associated processes, the DNS cache, and saved WiFi profile names. It also checks for saved credentials in the Windows credential manager, browser password database file locations, autologin registry entries, and PowerShell command history. The persistence module checks registry autorun keys, scheduled tasks, Windows services, and writable system folders. After collection, the report can be sent to an AI model via OpenRouter for automatic analysis in two modes. Red Team mode suggests attack paths, privilege escalation routes, and defense evasion approaches. Blue Team mode produces a prioritized list of gaps to address, covering credential hygiene, persistence risks, and network exposure. The README states that the tool is for authorized security testing only. It requires Python 3.10 or later and runs on Windows. The project is licensed under MIT.

Copy-paste prompts

Prompt 1
I am running an authorized penetration test on a Windows machine. Walk me through using PostEX to collect system privileges and patch status and save the JSON report.
Prompt 2
Using PostEX's Blue Team analysis mode via OpenRouter, explain what the prioritized defense gap report covers and how to interpret the credential hygiene section.
Prompt 3
PostEX flagged CVE-2021-34527 as potentially unpatched on my test machine. Explain what that vulnerability is and what an attacker could do with it.
Prompt 4
How does PostEX detect third-party endpoint detection products like CrowdStrike and SentinelOne? What does it check and how do I read that section of the report?
Prompt 5
Walk me through the persistence section of a PostEX report. What do writable service binaries and writable system folders mean as security findings?

Frequently asked questions

What is postex?

A Python tool for Windows that collects a full security snapshot during authorized penetration tests, covering privileges, patches, credentials, and persistence, with optional AI-powered red or blue team analysis.

What language is postex written in?

Mainly Python. The stack also includes Python, Windows, OpenRouter.

What license does postex use?

MIT license, meaning you can use, modify, and distribute it freely for any purpose including commercial use.

How hard is postex to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is postex for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub niker-lixy on gitmyhub

Verify against the repo before relying on details.