Alternatives and similar repositories for nrat

Users that are interested in nrat are comparing it to the libraries listed below

• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆46Updated 2 years ago
• SaadAhla / Anti-Sandbox
  ☆45Updated 2 weeks ago
• Ne0nd0g / merlin-cli
  gRPC client for the Merlin Server
  ☆24Updated 7 months ago
• MaorSabag / interactive-execute-shellcode
  A simple PoC of injection shellcode into a remote process and get the output using namepipe
  ☆44Updated last year
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆83Updated 2 years ago
• 7h3w4lk3r / Kill-Floor
  AV/EDR killer using BYOVD technique
  ☆40Updated last year
• c3r3br4t3 / ShadowRDP
  ☆73Updated last year
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆50Updated 6 months ago
• knight0x07 / WinRAR-CVE-2025-8088-PoC-RAR
  WinRAR 0day CVE-2025-8088 PoC RAR Archive
  ☆43Updated 3 months ago
• D00Movenok / goMalleable
  🔎🪲 Malleable C2 profiles parser and assembler written in golang
  ☆67Updated last year
• jm33-m0 / go-lpe
  A collection of weaponized LPE exploits written in Go
  ☆54Updated 10 months ago
• Acucarinho / havoc-obfuscator
  Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.
  ☆47Updated 3 months ago
• rashbx1 / RTO_Aggressor_Script
  Cobalt Strike Aggressor script create for RTO
  ☆16Updated last year
• Arr3stY0u / geacon_plus
  CobaltStrike beacon written in golang
  ☆27Updated 2 years ago
• y00ga-sec / Forensike
  Remotely dump NT hashes through Windows Crash dumps
  ☆34Updated last year
• CodeXTF2 / BusySleepBeacon
  This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built i…
  ☆37Updated 3 years ago
• zer1t0 / keydump
  Dump Linux keyrings
  ☆23Updated last year
• ProcessusT / SharpVenoma
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆50Updated last year
• racoten / CannonLoader
  Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs
  ☆23Updated 5 months ago
• sinsinology / CVE-2024-29855
  PoC for the Veeam Recovery Orchestrator Authentication CVE-2024-29855
  ☆20Updated last year
• weaselsec / GodPotato-Aggressor-Script
  ☆89Updated last year
• l0n3m4n / bin2shell
  Convert binaries to shellcode (C, C#, CPP, ASM, BOF loader, PS to b64)
  ☆16Updated 6 months ago
• watchtowrlabs / CVE-2024-50623
  Cleo Unrestricted file upload and download PoC (CVE-2024-50623)
  ☆24Updated last year
• rasta-mouse / SQL-BOF
  Library of BOFs to interact with SQL servers
  ☆23Updated 8 months ago
• RalfHacker / ExchangeCheckPack
  ☆10Updated last year
• redrays-io / CVE-2025-31324
  CVE-2025-31324, SAP Exploit
  ☆21Updated 7 months ago
• tijme / kernel-mii
  Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
  ☆84Updated 2 years ago
• mrLochness350 / Libload-Reflective
  ☆17Updated 9 months ago
• wolfcod / beacondbg
  Beacon Debugger
  ☆55Updated last year
• almounah / GoDroplets
  Go Shellcode Loader to be Integrated in Exploration C2
  ☆28Updated 10 months ago