Tools developed by Coalfire Labs for security testing

These tools and utilities are developed by the Coalfire Labs team.

Everything on this page is free for use by the community. Posted on GitHub, you can access and use the tools for your needs. Got a good idea for one of these? Care to contribute? Use the form on the right to reach out and let us know how you'd like to contribute.


Ping sweep a list of subnets then save a random % sample of the hosts that are up.

Give the script a newline separated list of subnets and it will scan each subnet for live hosts then write a certain percentage (5% by default) of random live IPs from each subnet to a SampleIPs.txt.



IRC bot for cracking hashes

Willie module for sending hashes to hashcat to be cracked. As soon as a hash is cracked, HashBot will PM the invoker with the cracked hash and plaintext.



Password cracking utility

Doozer is an extensible, automated hash cracking utility used to automate the parsing, cracking, and organization of password hashes. Currently, Doozer supports nt/lm, ntlmv1, and ntlmv2 hashes (from Responder or SAM), but sports a modular architecture that allows other hash types to be trivially plugged in. A simple, Django-based web interface allows users to view cracking sessions in real time, view session results, and search the hash database. A simple REST API is also exposed, allowing scripts to easily interface with the database.