whatisgithub

What is seatbelt?

ghostpack/seatbelt — explained in plain English

Analysis updated 2026-06-26

4,570C#Audience · ops devopsComplexity · 3/5Setup · moderate

In one sentence

A Windows security audit tool that runs dozens of read-only checks and reports what an attacker or defender would find, saved credentials, startup programs, browser history, network shares, and security settings.

Mindmap

mindmap
  root((seatbelt))
    System Checks
      Antivirus status
      Startup programs
      Network shares
      Event logs
    User Checks
      Browser history
      Cloud credentials
      Password managers
      Recent documents
    Usage
      Local machine
      Remote machine
      File output
    Audience
      Pentesters
      Defenders
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run Seatbelt during a penetration test to quickly inventory what credentials, configs, and sensitive files are exposed on a Windows host.

USE CASE 2

Use Seatbelt as a defender to snapshot a machine's security state and check for common misconfigurations.

USE CASE 3

Point Seatbelt at a remote Windows machine over the network to audit it without needing direct keyboard access.

USE CASE 4

Add a custom C# module to Seatbelt to run a check specific to your organization's environment.

What is it built with?

C#.NET

How does it compare?

ghostpack/seatbeltxunit/xunitseblague/digital-logic-sim
Stars4,5704,5714,563
LanguageC#C#C#
Setup difficultymoderateeasyeasy
Complexity3/52/51/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Visual Studio and the .NET framework to compile from source before running.

So what is it?

Seatbelt is a Windows inspection tool written in C#. It runs a large set of security-focused checks on a Windows computer, collecting information relevant to both people testing a system's security and people defending it. Think of it as a detailed snapshot tool: you run it, and it reports back dozens of facts about the machine's current state. The checks cover a wide range of areas. On the system side, it can report what antivirus software is installed, what programs launch automatically on startup, what Windows event logs show about recent logins, what network shares the machine exposes, what version of .NET is present, and much more. On the user side, it can find saved browser history from Chrome, Firefox, Edge, and others, locate cloud credential files for AWS, Google, and Azure, identify KeePass password manager configurations, and list recently opened Office documents. There are also checks for specific security settings like NTLM authentication, AppLocker policies, and whether Windows Credential Guard is active. You run Seatbelt from a Windows command prompt. You can tell it to run all checks, a named group of checks (there are built-in groups for system, user, and miscellaneous categories), or individual checks by name. It supports pointing at a remote Windows machine rather than just the local one, which is useful when a security tester has network access but not direct keyboard access. Results can be written to a file instead of the screen. The tool is built for security professionals: people doing authorized penetration tests who want to understand what an attacker could find on a compromised machine, and defenders who want a thorough inventory of what is exposed on a given host. It does not change anything on the system, it only reads and reports. The source code is open, so teams can add their own custom checks by writing a small C# class that follows the project's module pattern. Building it requires Visual Studio and the .NET framework. The README covers compile steps and explains how to add custom modules. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Using Seatbelt, write a command to run all user-focused checks on a Windows machine and save the output to a text file.
Prompt 2
How do I add a custom C# check module to Seatbelt that scans for a specific registry key?
Prompt 3
Help me interpret this Seatbelt output section about NTLM authentication settings on a Windows host.
Prompt 4
Write a script that runs Seatbelt against a list of remote Windows machines and collects all results into one report.

Frequently asked questions

What is seatbelt?

A Windows security audit tool that runs dozens of read-only checks and reports what an attacker or defender would find, saved credentials, startup programs, browser history, network shares, and security settings.

What language is seatbelt written in?

Mainly C#. The stack also includes C#, .NET.

How hard is seatbelt to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is seatbelt for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.