Alternatives and similar repositories for GoEvilDocs

Users that are interested in GoEvilDocs are comparing it to the libraries listed below

• EvilBytecode / Powershell-Persistance
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆12Updated 9 months ago
• EvilBytecode / PPID-Spoofing
  Parent Process ID Spoofing, coded in CGo.
  ☆24Updated 9 months ago
• EvilBytecode / Evil-Go
  A malicous Golang Package
  ☆15Updated 9 months ago
• EvilBytecode / ThunderKitty-Ransomware
  Ransomware written in go, encrypt - decrypt.
  ☆29Updated 9 months ago
• S12cybersecurity / ETWEvasionToolkit
  Toolkit of Projects to attack and evade Event Trace for Windows
  ☆25Updated 5 months ago
• PL-V / Firefox-WebInject
  Firefox webInjector capable of injecting codes into webpages using a mitmproxy.
  ☆42Updated 3 years ago
• p4p1 / havoc-store
  A simple website to act as a store for havoc modules and extensions
  ☆28Updated last year
• EvilBytecode / Evilbytecode-Gate
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆26Updated 9 months ago
• EvilBytecode / Amsi-Patch-Updated-2025
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆25Updated 9 months ago
• HulkOperator / AuthStager
  ☆59Updated last year
• ricardojoserf / SharpObfuscate
  Obfuscate payloads using IPv4, IPv6, MAC or UUID strings
  ☆22Updated last year
• EvilBytecode / SsnRetrieval
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆15Updated 9 months ago
• ZERODETECTION / Havoc_Demon_API_Hashing
  Rehashing APIs to prevent hash based detection
  ☆14Updated last year
• gemini-security / GithubC2
  ☆27Updated 2 years ago
• EspressoCake / DefenderPathExclusions
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆33Updated 2 years ago
• C5Hackr / ARM64_AmsiPatch
  ☆21Updated 3 weeks ago
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆19Updated 2 years ago
• EvilBytecode / PhantomDelay
  PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …
  ☆18Updated 8 months ago
• KingOfTheNOPs / ChangeWallpaper-BOF
  Cobalt Strike Beacon Object File to to change the user's desktop wallpaper
  ☆14Updated 2 years ago
• 0xEr3bus / ShadowForgeC2
  ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.
  ☆51Updated 2 years ago
• lem0nSec / SkeletonKey
  Reproducing the SkeletonKey malware.
  ☆10Updated last year
• octopwn / wsnet-dotnet
  ☆12Updated last year
• mantvydasb / RdpThief
  Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  ☆18Updated 6 years ago
• ricardojoserf / BOF_Files
  Repository to gather the BOF files I will be developing
  ☆11Updated last year
• zimnyaa / smbsocks
  A simple rpc2socks alternative in pure Go.
  ☆31Updated last year
• EvilBytecode / Ntdll-Unhook
  Unhook Ntdll.dll, Go & C++.
  ☆32Updated 9 months ago
• iDigitalFlame / XrMT
  e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!
  ☆27Updated last year
• Offensive-Panda / .NET_PROFILER_DLL_LOADING
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆46Updated last year
• EvilBytecode / EByte-Ransomware
  Go ransomware leveraging ChaCha20 and ECIES encryption with a web-based control panel.
  ☆46Updated 9 months ago
• kypvas / shellcode-mutator
  shellcode transformation tool for YARA evasion
  ☆50Updated last month