Alternatives and similar repositories for ShellGen

Users that are interested in ShellGen are comparing it to the libraries listed below

• p4p1 / havoc-bloodhound
  A GUI wrapper inside of Havoc to interact with bloodhound CE
  ☆71Updated last year
• tehstoni / tryharder
  C++ Staged Shellcode Loader with Evasion capabilities.
  ☆98Updated last year
• ASP4RUX / bypassEDR-AV
  ☆59Updated last year
• matro7sh / matro7sh_loaders
  this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)
  ☆83Updated last year
• smokeme / ansible-havoc
  Scripts I use to deploy Havoc on Linode and setup categorization and SSL
  ☆42Updated last year
• duck-sec / CVE-2023-28252-Compiled-exe
  A modification to fortra's CVE-2023-28252 exploit, compiled to exe
  ☆54Updated last year
• RWXstoned / GimmeShelter
  Situational Awareness script to identify how and where to run implants
  ☆67Updated 11 months ago
• CICADA8-Research / LogHunter
  Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
  ☆76Updated last year
• OffsecDeer / TargetedTimeroast
  Tamper Active Directory user attributes to collect their hashes with MS-SNTP
  ☆41Updated 9 months ago
• 0xEr3bus / ShadowForgeC2
  ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.
  ☆49Updated 2 years ago
• BC-SECURITY / ScriptBlock-Smuggling
  Example code samples from our ScriptBlock Smuggling Blog post
  ☆91Updated last year
• oh-az / NoArgs
  NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…
  ☆154Updated last year
• Karkas66 / CelestialSpark
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆101Updated 7 months ago
• CultCornholio / RedTeamTP
  ☆85Updated 5 months ago
• EvilBytecode / Lifetime-Amsi-EtwPatch
  Two in one, patch lifetime powershell console, no more etw and amsi!
  ☆98Updated 6 months ago
• HulkOperator / AuthStager
  ☆58Updated last year
• DevBuiHieu / CVE-2025-33053-Proof-Of-Concept
  CVE-2025-33053 Proof Of Concept (PoC)
  ☆60Updated 4 months ago
• Aur3ns / LsassStealer
  Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testin…
  ☆118Updated 4 months ago
• nbaertsch / AutoAppDomainHijack
  Automated .NET AppDomain hijack payload generation
  ☆127Updated 9 months ago
• Diverto / IPPrintC2
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆148Updated last year
• foxlox / hypobrychium
  Duplicate not owned Token from Running Process
  ☆72Updated 2 years ago
• MzHmO / DebugAmsi
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆98Updated 2 years ago
• EvilBytecode / Shellcode-Loader
  This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.
  ☆86Updated 6 months ago
• Cyxow / CVE-2024-3183-POC
  POC for CVE-2024-3183 (FreeIPA Rosting)
  ☆25Updated last year
• SecTheBit / ZoomBotC2
  ☆56Updated 4 months ago
• offalltn / gitC2
  POC of GITHUB simple C2 in rust
  ☆52Updated 3 months ago
• Cipher7 / havoc-PoolParty
  Windows Thread Pool Injection Havoc Implementation
  ☆32Updated last year
• The-Viper-One / Invoke-RDPThief
  Inject RDPThief into memory with PowerShell.
  ☆65Updated 9 months ago
• Primusinterp / PrimusC2
  A C2 framework built for my bachelors thesis
  ☆56Updated last year
• rasta-mouse / SpawnWith
  ☆109Updated 8 months ago