Research and development

The Coalfire Labs Research and Development (R&D) team creates cutting-edge, open-source security tools that provide our clients with more realistic adversary simulations and advance operational tradecraft for the security industry.

All tools

  • AmazonSecurityScanner

    AmazonSecurityScanner is a script to scan an EC2 instance for potential AWS-related attack surfaces. You can utilize it for rapid post-exploitation reconnaissance on a compromised EC2 instance.

  • AngryHippo

    This script was designed to attack the HippoConnect protocol, which is used with the HippoRemote iPhone app and the HippoConnect listener.

  • CrestCrack

    CrestCrack is a simple script that exploits CVE-2016-5640 / CLVA-2016-05-002 within the Crestron AirMedia AM-100 (v1.1.1.11 - v1.2.1). When supplied with arguments, CrestCrack will utilize netcat to create a reverse shell between your target and a netcat listener of your choice.

  • DeathMetal

    DeathMetal exploits the legitimate capabilities of Intel AMT.

  • DeathStar

    DeathStar is a Python script that uses Empire's RESTful API to automate the attainment of domain admin rights in Active Directory environments through a variety of techniques.

  • Dissonance

    This script was designed to spoof a Synergy server and entice users to connect to it.

  • HandyHeaderHacker

    HandyHeaderHacker is a script to examine HTTP responses from a server for best security practices. You can quickly analyze a web server with a single request.

  • Hwacha

    Hwacha is a tool to quickly execute payloads on *nix-based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained.

  • Icebreaker

    Break the ice with that cute Active Directory environment over there. When you're cold and alone staring at an Active Directory party but don't possess a single AD credential to join the fun, this tool's for you.

  • iOS 11 Jailbreak

    This jailbreak works for iOS 11.1.2 (15B202) and enables running unsigned code, a remote shell, full file system access, and live kernel memory introspection.

    READ THE WHITEPAPER
  • Java Deserialization Exploit

    Here you’ll find a collection of curated Java Deserialization Exploits.

  • LANs.py

    With LANs.py, you can automatically find the most active WLAN users, and then spy on one of them and/or inject arbitrary HTML/JS into pages they visit.

  • Net-creds

    Thoroughly sniff passwords and hashes from an interface or .pcap file with Net-creds. It concatenates fragmented packets and does not rely on ports for service identification.

  • NorkNork

    This script was designed to identify PowerShell Empire persistence payloads on Windows systems.

  • NPK

    NPK provides an effective, low-upkeep method for leveraging cloud GPU-based hash cracking. Featuring a serverless support layer, NPK eliminates the risk of runaway instances, enforces removal of usernames, and provides support for multiple attack types.

  • Pentest machine

    Automates some pentesting work via a Nmap XML file. As soon as each command finishes, it writes its output to the terminal and the files in output-by-service/ and output-by-host/.

  • pOSt-eX

    This script creates a new rule in the OS X Mail application to automatically trigger an AppleScript payload when an email is received with a trigger word in its subject line.

  • Wifijammer

    Continuously jam all Wi-Fi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation.

  • Xsscrapy

    A fast, thorough, XSS/SQLi spider, Xsscrapy tests every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection.

See All Tools

Follow CoalfireLabs on Twitter to hear about our latest projects and tools.

@CoalfireLabs

Follow

CVE disclosure list

The following is a list of CVEs identified by Coalfire's R&D team. All security issues described here were responsibly disclosed and reported in accordance with our Vulnerability Disclosure Policy.

CVE ID Title Affects Date CVSS
CVE-2018-8819 ALC WebCTRL XXE Versions 6.0, 6.1 and 6.5. 2018-06-14 7.5
CVE-2019-14257 Zenoss local privilege escalation <= 2.5.3 2019-07-24 7.8
CVE-2019-14258 Zenoss unauthenticated information disclosure <= 2.5.3 2019-07-24 7.5

More from Coalfire Labs

Top