EN
ENNA

Coercer

GPL-2.0

🔥 Offensive Ops · Python

Coercer is an automated tool designed to locate and exploit Windows authentication coercion vulnerabilities. It specifically targets vulnerabilities such as PetitPotam and PrinterBug, which can be exploited to relay NTLM authentication requests. By automating the discovery and exploitation process, Coercer assists attackers and security testers in assessing the security posture of Active Directory environments against these types of threats.

2.2kstars
215forks
9issues
Updated 2mo ago
View on GitHubOfficial Website

Installation

$ pip install coercer

Use Cases

  • Windows authentication coercion exploitation
  • NTLM relay attack setup via forced authentication
  • PetitPotam, PrinterBug, and DFSCoerce automation
  • Active Directory privilege escalation chains

Tags

authentication-coercionntlm-relaypetitpotamactive-directoryauthenticationautomaticcallcoercefuzzingntlmprivilege-escalationrpc

Details

Category
🔥 Offensive Ops
Language
Python
License
GPL-2.0
Platforms
🐧linux🍎macos

Links

GitHub Repository

github.com/p0dalirius/Coercer

Official Website

podalirius.net

Releases

github.com/p0dalirius/Coercer/releases

Issues

github.com/p0dalirius/Coercer/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

Alternatives & Comparisons

Responder

Python

LLMNR/NBT-NS/mDNS poisoner and rogue authentication server. Captures NTLMv1/v2 hashes on the network.

Compare Coercer vs Responder

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound

BeEF

Ruby

Browser Exploitation Framework. Hook browsers via XSS, then pivot into the network using browser-based attacks.

browserxsshook