{"id":13717283,"url":"https://github.com/p0dalirius/Coercer","last_synced_at":"2025-05-07T07:31:00.497Z","repository":{"id":43531321,"uuid":"509162073","full_name":"p0dalirius/Coercer","owner":"p0dalirius","description":"A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.","archived":false,"fork":false,"pushed_at":"2024-10-15T16:00:53.000Z","size":11590,"stargazers_count":1783,"open_issues_count":8,"forks_count":181,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-10-29T15:45:51.832Z","etag":null,"topics":["authentication","automatic","call","coerce","fuzzing","ntlm","privilege-escalation","rpc"],"latest_commit_sha":null,"homepage":"https://podalirius.net/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p0dalirius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"p0dalirius","patreon":"Podalirius"}},"created_at":"2022-06-30T16:52:33.000Z","updated_at":"2024-10-29T13:54:29.000Z","dependencies_parsed_at":"2023-11-09T11:19:24.479Z","dependency_job_id":"faba0b67-c44e-48a6-b8bc-cfcbffafcf3d","html_url":"https://github.com/p0dalirius/Coercer","commit_stats":{"total_commits":82,"total_committers":6,"mean_commits":"13.666666666666666","dds":"0.35365853658536583","last_synced_commit":"de064edf5e58d64a7abc232a478204674f7eec99"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FCoercer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FCoercer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FCoercer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FCoercer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p0dalirius","download_url":"https://codeload.github.com/p0dalirius/Coercer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224573437,"owners_count":17333804,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","automatic","call","coerce","fuzzing","ntlm","privilege-escalation","rpc"],"created_at":"2024-08-03T00:01:20.274Z","updated_at":"2025-05-07T07:31:00.477Z","avatar_url":"https://github.com/p0dalirius.png","language":"Python","funding_links":["https://github.com/sponsors/p0dalirius","https://patreon.com/Podalirius"],"categories":["⚔️ NTLM Relay, Coercion \u0026 Network Attacks","Network Tools"],"sub_categories":["Vulnerable Apps"],"readme":"![](./.github/banner.png)\n\n\u003cp align=\"center\"\u003e\n  A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.\n  \u003cbr\u003e\n  \u003cimg alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/coercer\"\u003e\n  \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/p0dalirius/Coercer\"\u003e\n  \u003ca href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius\u0026style=social\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"\u003e\u003cimg alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\n## Windows Support\nTo build a binary for Windows, download the `installer.ps1` script from this repository. Run it simply with no arguments to create a binary in the working directory. Use `-h` or `--help` for the help menu with options.\n\n## Features\n\n - Core:\n    + [x] Lists open SMB pipes on the remote machine (in modes [scan](./documentation/Scan-mode.md) authenticated and [fuzz](./documentation/Fuzz-mode.md) authenticated)\n    + [x] Tries to connect on a list of known SMB pipes on the remote machine (in modes [scan](./documentation/Scan-mode.md) unauthenticated and [fuzz](./documentation/Fuzz-mode.md) unauthenticated)\n    + [x] Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine.\n    + [x] Random UNC paths generation to avoid caching failed attempts (all modes)\n    + [x] Configurable delay between attempts with `--delay`\n - Options:\n    + [x] Filter by method name with `--filter-method-name`, by protocol name with `--filter-protocol-name` or by pipe name with `--filter-pipe-name` (all modes)\n    + [x] Target a single machine `--target` or a list of targets from a file with `--targets-file`\n    + [x] Specify IP address OR interface to listen on for incoming authentications. (modes [scan](./documentation/Scan-mode.md) and [fuzz](./documentation/Fuzz-mode.md))\n - Exporting results\n    + [x] Export results in SQLite format (modes [scan](./documentation/Scan-mode.md) and [fuzz](./documentation/Fuzz-mode.md))\n    + [x] Export results in JSON format (modes [scan](./documentation/Scan-mode.md) and [fuzz](./documentation/Fuzz-mode.md))\n    + [x] Export results in XSLX format (modes [scan](./documentation/Scan-mode.md) and [fuzz](./documentation/Fuzz-mode.md))\n\n## Installation\n\nYou can now install it from pypi (latest version is \u003cimg alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/coercer\"\u003e) with this command:\n\n```\nsudo python3 -m pip install coercer\n```\n\n## Quick start\n\n - You want to **assess** the Remote Procedure Calls listening on a machine to see if they can be leveraged to coerce an authentication?\n   + Use [**scan** mode](./documentation/Scan-mode.md), example:\n\n    https://user-images.githubusercontent.com/79218792/204374471-bc5094a3-8539-4df7-842e-faadcaf9c945.mp4\n\n - You want to **exploit** the Remote Procedure Calls on a remote machine to coerce an authentication to ntlmrelay or responder?\n   + Use [**coerce** mode](./documentation/Coerce-mode.md), example:\n\n    https://user-images.githubusercontent.com/79218792/204372851-4ba461ed-6812-4057-829d-0af6a06b0ecc.mp4\n   \n - You are doing **research** and want to fuzz Remote Procedure Calls listening on a machine with various paths?\n   + Use [**fuzz** mode](./documentation/Fuzz-mode.md), example:\n\n    https://user-images.githubusercontent.com/79218792/204373310-64f90835-b544-4760-b0a3-3071429b3940.mp4\n\n---\n\n## Contributing\n\nPull requests are welcome. Feel free to open an issue if you want to add other features.\n\n## Credits\n\n - [@tifkin_](https://twitter.com/tifkin_) and [@elad_shamir](https://twitter.com/elad_shamir) for finding and implementing **PrinterBug** on [MS-RPRN](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/d42db7d5-f141-4466-8f47-0a4be14e2fc1)\n - [@topotam77](https://twitter.com/topotam77) for finding and implementing **PetitPotam** on [MS-EFSR](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/08796ba8-01c8-4872-9221-1000ec2eff31)\n - [@topotam77](https://twitter.com/topotam77) for finding and [@_nwodtuhs](https://twitter.com/_nwodtuhs) for implementing **ShadowCoerce** on [MS-FSRVP](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b)\n - [@filip_dragovic](https://twitter.com/filip_dragovic) for finding and implementing **DFSCoerce** on [MS-DFSNM](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979)\n  - [@evilashz](https://github.com/evilashz/) for finding and implementing **CheeseOunce** on [MS-EVEN](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-even/55b13664-f739-4e4e-bd8d-04eeda59d09f)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2FCoercer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp0dalirius%2FCoercer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2FCoercer/lists"}