CodeXTF2/cobaltstrike-headless external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

CodeXTF2/cobaltstrike-headless

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CodeXTF2/cobaltstrike-headless)

Close

CodeXTF2 / cobaltstrike-headlessView on GitHubMore

• External links
• Readme badge

Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.

☆147Sep 8, 2022Updated 3 years ago

Alternatives and similar repositories for cobaltstrike-headless

Users that are interested in cobaltstrike-headless are comparing it to the libraries listed below

• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• emcghee / PayloadAutomation

  View on GitHub
  ☆121Jun 17, 2022Updated 3 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,006Jun 4, 2024Updated last year
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆102Jan 7, 2022Updated 4 years ago
• CodeXTF2 / Burp2Malleable

  View on GitHub
  Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
  ☆418Apr 6, 2023Updated 2 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• EspressoCake / DLL-Exports-Extraction-BOF

  View on GitHub
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆90Nov 5, 2021Updated 4 years ago
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆714Mar 4, 2023Updated 2 years ago
• m3rcer / Chisel-Strike

  View on GitHub
  A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
  ☆459Mar 25, 2024Updated last year
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆94May 14, 2022Updated 3 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆160Mar 1, 2024Updated 2 years ago
• kyleavery / inject-assembly

  View on GitHub
  Inject .NET assemblies into an existing process
  ☆508Jan 19, 2022Updated 4 years ago
• optiv / Registry-Recon

  View on GitHub
  Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
  ☆342Jun 6, 2022Updated 3 years ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆94Mar 8, 2023Updated 2 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆282Sep 18, 2021Updated 4 years ago
• Sh0ckFR / InlineWhispers2

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆187Jul 21, 2022Updated 3 years ago
• wumb0 / rust_bof

  View on GitHub
  Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
  ☆282Feb 8, 2024Updated 2 years ago
• Tylous / SourcePoint

  View on GitHub
  SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
  ☆1,201Apr 16, 2025Updated 10 months ago
• Yaxser / CobaltStrike-BOF

  View on GitHub
  Collection of beacon BOF written to learn windows and cobaltstrike
  ☆362Feb 24, 2023Updated 3 years ago
• netero1010 / RDPHijack-BOF

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
  ☆312Jul 8, 2022Updated 3 years ago
• NVISOsecurity / pyCobaltHound

  View on GitHub
  pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Blood…
  ☆135May 25, 2023Updated 2 years ago
• naksyn / Pyramid

  View on GitHub
  a tool to help operate in EDRs' blind spots
  ☆767Dec 2, 2024Updated last year
• trustedsec / COFFLoader

  View on GitHub
  ☆615Jul 21, 2025Updated 7 months ago
• SolomonSklash / SleepyCrypt

  View on GitHub
  A shellcode function to encrypt a running process image when sleeping.
  ☆340Sep 11, 2021Updated 4 years ago
• codewhitesec / Lastenzug

  View on GitHub
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆235Oct 18, 2022Updated 3 years ago
• anthemtotheego / Detect-Hooks

  View on GitHub
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆158Jul 22, 2021Updated 4 years ago
• airbus-cert / Invoke-Bof

  View on GitHub
  Load any Beacon Object File using Powershell!
  ☆260Dec 9, 2021Updated 4 years ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆470Mar 8, 2023Updated 2 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆101Oct 7, 2023Updated 2 years ago
• byt3bl33d3r / pyMalleableC2

  View on GitHub
  Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
  ☆284Oct 29, 2024Updated last year
• oXis / GPUSleep

  View on GitHub
  Move CS beacon to GPU memory when sleeping
  ☆251Nov 19, 2021Updated 4 years ago
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago
• RiccardoAncarani / LiquidSnake

  View on GitHub
  LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
  ☆346Sep 1, 2021Updated 4 years ago
• outflanknl / HelpColor

  View on GitHub
  Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
  ☆211Mar 18, 2024Updated last year