CrimsonTools

CrimsonTools is an advanced offensive security toolkit designed to help Ethical Hackers, Red Teams, and Purple Teams bypass modern antivirus and EDR solutions seamlessly. By automating and simplifying evasion techniques, it allows professionals to focus on actual exploitation and high‑value objectives rather than wasting time on complex security solutions bypassing.

Additionally, CrimsonTools includes a locker module that enables safe, controlled simulations of ransomware attacks to validate detection, response and recovery procedures.

Professional Grade Toolkit

Built for cybersecurity professionals who demand reliability, stealth, and effectiveness in their offensive operations.

Key Features & Capabilities

🔧

Malleable Builders

Generate customizable loaders, packers, and controlled ransomware samples with three powerful modules: Loader, Packer, and Locker. Adapt to various operational contexts and simulation needs.

💉

Multiple Injection Techniques

Implement various process injection methods with flexible allocation and execution choices. Support for both indirect syscalls and Win32 API, with architecture-specific options.

⚡

Flexible API Call Systems

Switch between classic kernel32/ntdll calls and indirect syscalls to bypass advanced hooks and security monitoring solutions.

🛡️

AMSI & ETW Bypass

Leverage multiple built-in methods to bypass Windows AMSI and ETW protections seamlessly, ensuring your payloads remain undetected.

🎯

Guardrails Implementation

Integrate different guardrail mechanisms including domain, hostname, start/kill dates, and self-deleting to limit payload execution to specific environments.

🔐

Encryption & Obfuscation

Multiple layers of payload protection through encryption, obfuscation, and compression to evade static analysis and signature-based detection systems.

🧹

DLL Unhooking

Choose from multiple methods to unhook monitored DLLs and bypass security product hooks that intercept your API calls.

😴

Advanced Sleep Masking

Implement various sleep mask techniques to evade memory scanning and behavioral detection.

🎭

Metadata Spoofing

Fully customize binary metadata to reduce static detection signatures and improve operational flexibility during engagements.

📦

Multiple Output Formats

Export payloads in various formats including EXE, DLL, CPL, MSI, SCR, PIF, and more to fit different delivery scenarios and execution vectors.

🧼

Proxy API Call

Executing sensitive APIs with a clean callstack to bypass detection mechanisms.

⚙️

Profile Management

Import and export configuration profiles to automate the configuration of your payload in just a few clicks.

GUI Themes & Customization

Discover CrimsonTools' modern and sleek GUI. Switch between multiple built-in themes or create your own to match your style. Enhance your offensive operations experience with a refined, intuitive interface.

Mint Theme

Midnight Theme

Sepia Theme

Advanced Payload Generation Modules

Malleable Loader

Discover the powerful loader builder included in CrimsonTools. Easily customize your loader behavior to adapt to different environments, increase stealth, and ensure smooth payload delivery.

Malleable Packer

Explore how the malleable packer feature helps you obfuscate and pack your payloads to avoid detection and maximize operational success.

Malleable Locker

See how the customizable locker module can generate controlled ransomware-like simulations to test your defensive controls and incident response procedures in a safe environment.

Ready to elevate your offensive operations?

Empower your team with advanced, stealthy, and customizable tools. Take your simulations and engagements to the next level with CrimsonTools.

Request Free Trial

CRIMSON OPS