Carseat is a Python-based tool that replicates the functionality of the well-known security auditing tool, Seatbelt. It includes nearly all modules from Seatbelt, focusing on remote execution capabilities.
Designed for cybersecurity professionals, Carseat is particularly useful for gathering system information and assessing security configurations on target hosts.
However, privileged access is typically required to execute its modules effectively.
Carseat relies on two non-standard Python libraries: impacket
and pefile
. These can be installed individually or via a requirements file:
bashpip3 install -r requirements.txt
Carseat provides flexibility in executing commands. Below are examples of its usage:
python CarSeat.py domain/user:password@10.10.10.10 AntiVirus
python CarSeat.py domain/user:password@10.10.10.10 AntiVirus,UAC,ScheduledTasks
python CarSeat.py -group remote domain/user:password@10.10.10.10 InterestingProcesses
python CarSeat.py -group remote domain/user:password@10.10.10.10 ExplicitLogonEvents 10
Carseat supports authentication via passwords, NTLM hashes, or Kerberos tickets, similar to other impacket
tools.
Carseat includes a wide range of modules for system auditing and forensic analysis, such as:
AntiVirus
, WindowsDefender
, and UAC
help identify defensive measures.OSInfo
and InstalledProducts
provide insights into the operating system and installed software.LogonEvents
and ProcessCreationEvents
parse event logs for sensitive data.ChromiumHistory
and FirefoxHistory
.CloudCredentials
and CredGuard
identify stored credentials or related configurations.While Carseat mirrors Seatbelt’s functionality, it focuses exclusively on modules supporting remote execution. The -group remote
flag ensures all available modules are executed remotely.
Carseat builds upon the foundational work of Will (@harmj0y) and Lee (@tifkin_), the creators of Seatbelt, with additional event log parsing inspired by Iwan Timmer’s tivan project.
Carseat is a powerful tool for security auditing and reconnaissance, offering extensive functionality for remote environments while maintaining compatibility with existing Seatbelt workflows1.
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…