Alternatives and similar repositories for GoEvilDocs

Users that are interested in GoEvilDocs are comparing it to the libraries listed below

• EvilBytecode / Powershell-Persistance
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆10Updated 2 months ago
• EvilBytecode / PPID-Spoofing
  Parent Process ID Spoofing, coded in CGo.
  ☆22Updated 2 months ago
• EvilBytecode / ThunderKitty-Ransomware
  Ransomware written in go, encrypt - decrypt.
  ☆25Updated 2 months ago
• RATandC2 / ExecRemoteAssembly
  Execute Remote Assembly with args passing and with AMSI and ETW patching
  ☆11Updated 2 years ago
• EvilBytecode / PS2BAT
  A Documentation for my module PS2BAT, it converts Powershell Scripts to Batchfile ones.
  ☆11Updated 2 months ago
• C5Hackr / ARM64_AmsiPatch
  ☆18Updated 2 months ago
• EvilBytecode / Evil-Go
  A malicous Golang Package
  ☆14Updated 2 months ago
• ELMERIKH / Beryl
  Payload Dropper with Persistance & Privesc & UAC bypass 🐱‍👤
  ☆13Updated last year
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆17Updated last year
• EvilBytecode / Evilbytecode-Gate
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆22Updated 2 months ago
• EvilBytecode / Amsi-Patch-Updated-2025
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆19Updated 2 months ago
• gemini-security / GithubC2
  ☆29Updated last year
• hackforyourentertainment / Misery
  Misery Loader to bypass modern EDR solutions
  ☆11Updated 6 months ago
• EvilBytecode / EByte-Ransomware
  Go ransomware leveraging ChaCha20 and ECIES encryption with a web-based control panel.
  ☆35Updated 2 months ago
• mgeeky / EvilClippy
  A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…
  ☆24Updated 3 years ago
• matro7sh / havoc-gosecdump
  ☆18Updated 7 months ago
• 0xv1n / proc-suspend
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆20Updated 2 years ago
• ricardojoserf / SharpObfuscate
  Obfuscate payloads using IPv4, IPv6, MAC or UUID strings
  ☆20Updated last year
• RedSiege / Delta-Encoder
  ☆16Updated last year
• octopwn / wsnet-dotnet
  ☆13Updated 6 months ago
• 0x11DFE / file-unpumper
  Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.
  ☆27Updated 3 months ago
• ricardojoserf / http-protocol-exfil
  Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)
  ☆23Updated 3 years ago
• scriptchildie / gohellsgate
  Golang Implementation of Hell's gate
  ☆17Updated 2 years ago
• p4p1 / havoc-store
  A simple website to act as a store for havoc modules and extensions
  ☆27Updated 5 months ago
• eversinc33 / UnXorStringsNet
  Deobfuscation of XorStringsNet
  ☆14Updated 8 months ago
• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆24Updated 9 months ago
• duckbillsecurity / pdf-smuggler
  Create PDFs with HTML smuggling attachments that save on opening the document.
  ☆30Updated 2 weeks ago
• Und3rf10w / CobaltStrikeBOFs
  Beacon Object Files used for Cobalt Strike
  ☆19Updated last year
• splexas / TrampHooker
  A mechanism that trampoline hooks functions in x86/x64 systems.
  ☆22Updated 9 months ago
• ProcessusT / EnumSSN
  Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current pr…
  ☆21Updated last year