Alternatives and similar repositories for GunnerC2

Users that are interested in GunnerC2 are comparing it to the libraries listed below

• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆54Jan 1, 2026Updated last month
• JCSteiner / Emperor-Public

  View on GitHub
  Payload Generation Workflow
  ☆40Jul 18, 2025Updated 6 months ago
• Helixo32 / SimpleEDR

  View on GitHub
  Simple EDR that injects a DLL into a process to place a hook on specific Windows API
  ☆97Aug 27, 2023Updated 2 years ago
• JakubStanior / PsExclusionFinder

  View on GitHub
  PowerShell tool to enumerate existing exclusions in Windows Defender as low privileged user
  ☆12Oct 14, 2024Updated last year
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆139Jan 16, 2025Updated last year
• toneemarqus / Shadow-Command-C2-Framework

  View on GitHub
  ☆37Aug 6, 2025Updated 6 months ago
• Mr-Un1k0d3r / DotnetNoVirtualProtectShellcodeLoader

  View on GitHub
  load shellcode without P/D Invoke and VirtualProtect call.
  ☆165Sep 2, 2025Updated 5 months ago
• MITRECND / picaboo

  View on GitHub
  Specialized tool to dump Position Independent Code.
  ☆22Aug 4, 2020Updated 5 years ago
• DarkCoderSc / OptixGate

  View on GitHub
  Open-source multi-purpose remote access tool for Microsoft Windows
  ☆192Updated this week
• rtecCyberSec / SpeechRuntimeMove

  View on GitHub
  Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking
  ☆136Jul 2, 2025Updated 7 months ago
• Logisek / AzureADEnumeration

  View on GitHub
  Microsoft Entra ID (Azure AD) Unauthenticated Enumeration
  ☆60Feb 5, 2026Updated last week
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆190Dec 1, 2024Updated last year
• yehia-mamdouh / ZeroProbe

  View on GitHub
  ZeroProbe is an advanced enumeration and analysis framework designed for exploit developers, security researchers, and red teamers. It pr…
  ☆106Mar 10, 2025Updated 11 months ago
• rkbennett / pybof

  View on GitHub
  Python module for running BOFs
  ☆79Nov 28, 2025Updated 2 months ago
• dis0rder0x00 / stillepost

  View on GitHub
  Using Chromium-based browsers as a proxy for C2 traffic.
  ☆141Dec 6, 2025Updated 2 months ago
• OG-Sadpanda / SharpZippo

  View on GitHub
  List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly
  ☆61May 24, 2022Updated 3 years ago
• obikuro / Sato

  View on GitHub
  SATO is a PowerShell tool focuses on providing flexible, multi-grant type support for obtaining, managing, and analyzing Azure tokens.
  ☆20Nov 24, 2025Updated 2 months ago
• bagelByt3s / ludus_adfs

  View on GitHub
  An Ansible collection that installs an ADFS deployment with optional configurations.
  ☆44Dec 19, 2025Updated last month
• Cobalt-Strike / eden

  View on GitHub
  A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…
  ☆65Jan 21, 2026Updated 3 weeks ago
• VirtualAlllocEx / Create_Thread_Inline_Assembly_x86

  View on GitHub
  This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
  ☆20Apr 17, 2023Updated 2 years ago
• CultCornholio / RedTeamTP

  View on GitHub
  ☆85May 15, 2025Updated 8 months ago
• Macmod / ldapx

  View on GitHub
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆188Dec 23, 2025Updated last month
• 0xTriboulet / ai-postex

  View on GitHub
  Proof-of-concept implementation of AI-enabled postex DLLs
  ☆54Sep 10, 2025Updated 5 months ago
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆162Oct 2, 2025Updated 4 months ago
• cpu0x00 / Ghost

  View on GitHub
  Evasive shellcode loader
  ☆398Oct 17, 2024Updated last year
• OG-Sadpanda / SharpSword

  View on GitHub
  Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
  ☆117Sep 30, 2024Updated last year
• maxDcb / C2TeamServer

  View on GitHub
  TeamServer and Client of Exploration Command and Control Framework
  ☆177Jan 6, 2026Updated last month
• susMdT / clr-thing

  View on GitHub
  rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.
  ☆17Jan 6, 2024Updated 2 years ago
• CompassSecurity / mssqlrelay

  View on GitHub
  Tool for MSSQL relay audit and abuse
  ☆57Dec 17, 2024Updated last year
• 0xG00S3 / Hashbreaker

  View on GitHub
  A modern, web-based GUI for Hashcat that provides an intuitive interface for hash cracking operations, featuring real-time monitoring, pe…
  ☆33Mar 5, 2025Updated 11 months ago
• trustedsec / Titanis

  View on GitHub
  Windows protocol library, including SMB and RPC implementations, among others.
  ☆614Jan 21, 2026Updated 3 weeks ago
• RayRRT / ESC1-unPAC

  View on GitHub
  A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…
  ☆113Dec 21, 2025Updated last month
• ldematte / HostedPumpkin

  View on GitHub
  Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host
  ☆53Jan 29, 2015Updated 11 years ago
• zero2504 / COMouflage

  View on GitHub
  COM-based DLL Surrogate Injection
  ☆140Dec 9, 2025Updated 2 months ago
• arosenmund / defcon33_silence_kill_edr

  View on GitHub
  ☆334Aug 20, 2025Updated 5 months ago
• dmcxblue / WSL-Payloads

  View on GitHub
  A small How-To on creating your own weaponized WSL file
  ☆119Jul 23, 2025Updated 6 months ago
• brosck / L1LKiller

  View on GitHub
  「⚠️」Performing a BYOVD on the truesight.sys driver
  ☆44Dec 7, 2024Updated last year
• brett-fitz / pyMalleableProfileParser

  View on GitHub
  Parses Cobalt Strike malleable C2 profiles.
  ☆60Feb 7, 2026Updated last week