Research and development

Connect with us
The Coalfire Labs Research and Development (R&D) team creates cutting-edge, open-source security tools that provide our clients with more realistic adversary simulations and advance operational tradecraft for the security industry.

All tools

  • AmazonSecurityScanner

    AmazonSecurityScanner is a script to scan an EC2 instance for potential AWS-related attack surfaces. You can utilize it for rapid post-exploitation reconnaissance on a compromised EC2 instance.

  • AngryHippo

    This script was designed to attack the HippoConnect protocol, which is used with the HippoRemote iPhone app and the HippoConnect listener.

  • CrestCrack

    CrestCrack is a simple script that exploits CVE-2016-5640 / CLVA-2016-05-002 within the Crestron AirMedia AM-100 (v1.1.1.11 - v1.2.1). When supplied with arguments, CrestCrack will utilize netcat to create a reverse shell between your target and a netcat listener of your choice.

  • DeathMetal

    DeathMetal exploits the legitimate capabilities of Intel AMT.

  • DeathStar

    DeathStar is a Python script that uses Empire's RESTful API to automate the attainment of domain admin rights in Active Directory environments through a variety of techniques.

  • Dissonance

    This script was designed to spoof a Synergy server and entice users to connect to it.

  • HandyHeaderHacker

    HandyHeaderHacker is a script to examine HTTP responses from a server for best security practices. You can quickly analyze a web server with a single request.

  • Hwacha

    Hwacha is a tool to quickly execute payloads on *nix-based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained.

  • Icebreaker

    Break the ice with that cute Active Directory environment over there. When you're cold and alone staring at an Active Directory party but don't possess a single AD credential to join the fun, this tool's for you.

  • iOS 11 Jailbreak

    This jailbreak works for iOS 11.1.2 (15B202) and enables running unsigned code, a remote shell, full file system access, and live kernel memory introspection.

    READ THE WHITEPAPER
  • Java Deserialization Exploit

    Here you’ll find a collection of curated Java Deserialization Exploits.

  • LANs.py

    With LANs.py, you can automatically find the most active WLAN users, and then spy on one of them and/or inject arbitrary HTML/JS into pages they visit.

  • Malrule

    This quick and painless utility generates malicious OWA rules.

  • Net-creds

    Thoroughly sniff passwords and hashes from an interface or .pcap file with Net-creds. It concatenates fragmented packets and does not rely on ports for service identification.

  • NorkNork

    This script was designed to identify PowerShell Empire persistence payloads on Windows systems.

  • NPK

    NPK provides an effective, low-upkeep method for leveraging cloud GPU-based hash cracking. Featuring a serverless support layer, NPK eliminates the risk of runaway instances, enforces removal of usernames, and provides support for multiple attack types.

  • Pentest machine

    Automates some pentesting work via a Nmap XML file. As soon as each command finishes, it writes its output to the terminal and the files in output-by-service/ and output-by-host/.

  • pOSt-eX

    This script creates a new rule in the OS X Mail application to automatically trigger an AppleScript payload when an email is received with a trigger word in its subject line.

  • Red Baron

    Red Baron is a set of modules and custom, third-party providers for Terraform that automates the creation of resilient, disposable, secure, and agile infrastructure for red teams, while simultaneously reducing the amount of code required and making it as accessible as possible.

  • Slackor

    Slackor is a Remote Access Tool (RAT) written in Golang that uses slack as a command and control (C2) channel.

  • sLNKy

    sLNKy is a utility that automates the process of generating and dropping malicious LNK files on SMB shares.

  • Vampire

    Vampire integrates Cobalt Strike and Bloodhound by providing an aggressor script, which adds a "mark-owned" right-click option to beacons.

  • Wifijammer

    Continuously jam all Wi-Fi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation.

  • WPForce

    WPForce is a suite of WordPress attack tools. Currently, this contains two scripts: WPForce, which brute forces logins via the API; and Yertle, which uploads shells once admin credentials have been found and contains a number of post-exploitation modules.

  • Xsscrapy

    A fast, thorough, XSS/SQLi spider, Xsscrapy tests every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection.

See All Tools

Follow CoalfireLabs on Twitter

@CoalfireLabs

Follow
Top