Alternatives and similar repositories for MaccaroniC2

Users that are interested in MaccaroniC2 are comparing it to the libraries listed below

• PhoenixC2 / PhoenixC2

  View on GitHub
  Command & Control-Framework created for collaboration in python3
  ☆322Aug 7, 2023Updated 2 years ago
• 3NailsInfoSec / DCVC2

  View on GitHub
  A Golang Discord C2 unlike any other. DCVC2 uses RTP packets over a voice channel to transmit all data leaving no operational traces in t…
  ☆133Nov 5, 2024Updated last year
• icyguider / LightsOut

  View on GitHub
  Generate an obfuscated DLL that will disable AMSI & ETW
  ☆329Jul 15, 2024Updated last year
• itaymigdal / Nimbo-C2

  View on GitHub
  Nimbo-C2 is yet another (simple and lightweight) C2 framework
  ☆441Jan 29, 2026Updated 2 weeks ago
• rkbennett / pyThreadlessInject

  View on GitHub
  A python port of CCob's ThreadlessInject
  ☆25Mar 18, 2023Updated 2 years ago
• OffenseTeacher / NimRekey

  View on GitHub
  ☆39May 20, 2023Updated 2 years ago
• 4g3nt47 / Striker

  View on GitHub
  A Command and Control (C2)
  ☆305May 4, 2023Updated 2 years ago
• sominsong / NIMOS

  View on GitHub
  Analysis of syscall sequence pattern from exploit codes for advanced system call sequence filtering for enhanced container security
  ☆16May 21, 2023Updated 2 years ago
• phackt / wptsextensions.dll

  View on GitHub
  WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.
  ☆55Jun 30, 2021Updated 4 years ago
• darksh3llRU / dark-doh

  View on GitHub
  ☆19Dec 12, 2023Updated 2 years ago
• magisterquis / chromecookiestealer

  View on GitHub
  Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.
  ☆112May 19, 2023Updated 2 years ago
• madalin-dogaru / profiler

  View on GitHub
  A Red Teaming tool focused on profiling the target.
  ☆29Jan 10, 2026Updated last month
• Dump-GUY / sc2pe

  View on GitHub
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆66May 1, 2023Updated 2 years ago
• advanced-threat-research / NetLlix

  View on GitHub
  A project created with an aim to emulate and test exfiltration of data over different network protocols.
  ☆31Mar 21, 2023Updated 2 years ago
• WKL-Sec / GregsBestFriend

  View on GitHub
  GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
  ☆205Jun 23, 2023Updated 2 years ago
• georgesotiriadis / Chimera

  View on GitHub
  Automated DLL Sideloading Tool With EDR Evasion Capabilities
  ☆502Dec 19, 2023Updated 2 years ago
• 0xNslabs / CanaryTokenScanner

  View on GitHub
  Detects CanaryTokens in Office docs and PDFs (docx, xlsx, pptx, pdf) without triggering alerts
  ☆127Dec 23, 2025Updated last month
• ph3n1x007 / EarlyBirdNTDLL

  View on GitHub
  ☆37Feb 11, 2023Updated 3 years ago
• florylsk / ExecIT

  View on GitHub
  Execute shellcode files with rundll32
  ☆216Jan 28, 2024Updated 2 years ago
• root4031 / gmailc2

  View on GitHub
  A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions
  ☆477Sep 17, 2025Updated 4 months ago
• voukatas / Commander

  View on GitHub
  A command and control (C2) server
  ☆58Jul 5, 2024Updated last year
• persistent-security / hermes-the-messenger

  View on GitHub
  A PoC for achieving persistence via push notifications on Windows
  ☆48Jun 9, 2023Updated 2 years ago
• DragoQCC / CrucibleC2

  View on GitHub
  A C# Command & Control framework
  ☆1,026Mar 28, 2024Updated last year
• nettitude / Aladdin

  View on GitHub
  ☆225Oct 22, 2023Updated 2 years ago
• chaitin / mimicry

  View on GitHub
  Mimicry is a dynamic deception tool that actively deceives an attacker during exploitation and post-exploitation.
  ☆60Jun 26, 2023Updated 2 years ago
• bahaabdelwahed / st

  View on GitHub
  ☆13Mar 1, 2024Updated last year
• zimnyaa / beepsyscall

  View on GitHub
  An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.
  ☆16Nov 1, 2023Updated 2 years ago
• ExAndroidDev / rtlo-attack

  View on GitHub
  Right-To-Left Override POC
  ☆36Mar 21, 2022Updated 3 years ago
• mobdk / WinSpoof

  View on GitHub
  Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
  ☆24Mar 13, 2023Updated 2 years ago
• f1zm0 / hades

  View on GitHub
  Go shellcode loader that combines multiple evasion techniques
  ☆387Jun 21, 2023Updated 2 years ago
• WKL-Sec / WMIExec

  View on GitHub
  Set of python scripts which perform different ways of command execution via WMI protocol.
  ☆165Jun 29, 2023Updated 2 years ago
• florylsk / SignatureGate

  View on GitHub
  Weaponized HellsGate/SigFlip
  ☆204Jun 7, 2023Updated 2 years ago
• g0h4n / REC2

  View on GitHub
  REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs…
  ☆163Feb 22, 2024Updated last year
• RixedLabs / IDLE-Abuse

  View on GitHub
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Apr 4, 2023Updated 2 years ago
• nullsection / Discord-DLL-Hijacking

  View on GitHub
  This is a simple example of DLL hijacking enabling proxy execution.
  ☆70Apr 18, 2023Updated 2 years ago
• MMitsuha / Tajimari

  View on GitHub
  the Open Source and Pure C++ Packer for eXecutables
  ☆21Mar 25, 2023Updated 2 years ago
• nullsection / Sneaky-DLL-Stager

  View on GitHub
  Reasonably undetected shellcode stager and executer.
  ☆36May 23, 2025Updated 8 months ago
• ustayready / wnfexec

  View on GitHub
  WNF Code Execution Library Using C#
  ☆110May 18, 2020Updated 5 years ago
• morpheuslord / Startup-SBOM

  View on GitHub
  A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service, versions and C…
  ☆17Feb 8, 2026Updated last week