Alternatives and similar repositories for HavocC2-Forensics

Users that are interested in HavocC2-Forensics are comparing it to the libraries listed below

• Acucarinho / havoc-obfuscator

  View on GitHub
  Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.
  ☆46Aug 13, 2025Updated 6 months ago
• p0dalirius / pyDescribeSDDL

  View on GitHub
  A python tool to parse and describe the SDDL string.
  ☆17Jan 5, 2026Updated last month
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• Adaptix-Framework / templates-extender

  View on GitHub
  Templates for developing your own listeners and agents for AdaptixC2.
  ☆44Feb 3, 2026Updated last week
• Trevohack / Venom

  View on GitHub
  A ring0 Loadable Kernel Module (Linux) for latest kernels 6.x
  ☆103Dec 16, 2025Updated last month
• tijme / kong-loader

  View on GitHub
  Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…
  ☆63Apr 2, 2025Updated 10 months ago
• cocomelonc / 2022-04-02-malware-injection-18

  View on GitHub
  Find kernel32 base and API addresses. Simple C++ implementation
  ☆24Apr 7, 2022Updated 3 years ago
• S3N4T0R-0X0 / Malicious-PixelCode

  View on GitHub
  Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and…
  ☆152Feb 2, 2026Updated last week
• cocomelonc / 2022-07-21-malware-tricks-22

  View on GitHub
  Run payload like a Lazarus Group (UuidFromStringA). C++ implementation
  ☆20Jul 24, 2022Updated 3 years ago
• JohnSwiftC / rustdllproxy

  View on GitHub
  Generate Proxy DLLs in Rust
  ☆47Sep 2, 2025Updated 5 months ago
• 0xv1n / proc-suspend

  View on GitHub
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆22Mar 26, 2023Updated 2 years ago
• ANYLNK / NSecSoftBYOVD

  View on GitHub
  NSecSoftBYOVD POC
  ☆55Updated this week
• Nicolas-Arsenault / Havoc-C2-RCE-2024

  View on GitHub
  Abusing SSRF to deliver an authenticated command injection payload
  ☆30Sep 1, 2025Updated 5 months ago
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 7 months ago
• alexlee820 / PatchedCLRLoader

  View on GitHub
  .NET assembly loader with patching AMSI and ETW bypass
  ☆31Apr 16, 2025Updated 9 months ago
• xalicex / Get-DLL-and-Function-Addresses

  View on GitHub
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Feb 7, 2022Updated 4 years ago
• jonny-jhnson / JonMon-Lite

  View on GitHub
  ☆48Jun 6, 2025Updated 8 months ago
• x86byte / Stuxnet-Rootkit

  View on GitHub
  Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis
  ☆85Sep 14, 2024Updated last year
• cocomelonc / 2022-06-05-malware-av-evasion-7

  View on GitHub
  Malware AV evasion via disable Windows Defender (Registry). C++
  ☆35Jun 5, 2022Updated 3 years ago
• OtterHacker / AWSRoundRobin

  View on GitHub
  ☆41Feb 20, 2025Updated 11 months ago
• 4g3nt47 / Obfuscator

  View on GitHub
  A program for obfuscating C strings
  ☆36Feb 26, 2023Updated 2 years ago
• xoreaxlmbdx / die-in-browser

  View on GitHub
  Static binary analysis with Detect It Easy — 100% in your browser, no uploads.
  ☆53Updated this week
• jnaghdi / OsintifyX-InstaForensics

  View on GitHub
  OsintifyX: Powerful Open-source OSINT tool for extracting valuable information from Instagram profiles. OSINT: Instagram Forensics Tool
  ☆11Feb 19, 2024Updated last year
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆165Sep 22, 2025Updated 4 months ago
• LuemmelSec / PMP-Decrypter

  View on GitHub
  ☆41Sep 9, 2023Updated 2 years ago
• net-dawg / SSHniffer

  View on GitHub
  ☆35Dec 6, 2023Updated 2 years ago
• khadafigans / Laravel-RCE-Exploitation-Toolkit

  View on GitHub
  Laravel RCE Exploitation Toolkit
  ☆55Nov 8, 2025Updated 3 months ago
• RayRRT / BOFs

  View on GitHub
  Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
  ☆99Jan 26, 2026Updated 2 weeks ago
• MythicC2Profiles / http

  View on GitHub
  Simple HTTP async comms using standard GET/POST requests
  ☆46Feb 5, 2026Updated last week
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆72Sep 9, 2025Updated 5 months ago
• aristorechina / arnold_decoder

  View on GitHub
  一个用于暴力破解猫变换（Arnold's Cat Map）加密图像的命令行工具。
  ☆26Dec 21, 2025Updated last month
• chr0n1k / Auror-Project

  View on GitHub
  Challenge 1 of The Auror Project - Setup AD Lab automatically
  ☆12Apr 26, 2022Updated 3 years ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• pard0p / Remote-BOF-Runner

  View on GitHub
  Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
  ☆88Jan 2, 2026Updated last month
• eversinc33 / drvtrace

  View on GitHub
  WinDbg plugin to trace module transitions from a debugged driver.
  ☆40Dec 22, 2025Updated last month
• mohamadahmadabdullah / AsurRat

  View on GitHub
  Telegram base free Rat
  ☆11Apr 26, 2025Updated 9 months ago
• Mojo8898 / scripts

  View on GitHub
  This repository contains a collection of scripts I use regularly for offensive security-related tasks.
  ☆15Jan 17, 2026Updated 3 weeks ago
• mrg0ne / kld-rootkit

  View on GitHub
  A collection of FreeBSD rootkit kernel modules and utilities
  ☆13Jun 25, 2025Updated 7 months ago