Alternatives and similar repositories for Pantheon

Users that are interested in Pantheon are comparing it to the libraries listed below

• MythicAgents / forge

  View on GitHub
  Command Augmentation support for BOFs and .NET assemblies across agents
  ☆38Jan 12, 2026Updated last month
• Abdelrahme / WinLogHunt

  View on GitHub
  ☆22Aug 16, 2025Updated 5 months ago
• RythmStick / ProxyPunch

  View on GitHub
  Finding SSL Blindspots for Red Teams
  ☆35Jul 28, 2020Updated 5 years ago
• sakkis91 / SandboxPPL

  View on GitHub
  Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted.
  ☆12May 28, 2025Updated 8 months ago
• djackreuter / taskmgr_hooking

  View on GitHub
  Dump LSASS process in Task Manager without triggering Defender.
  ☆18Apr 6, 2023Updated 2 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• Cobalt-Strike / obfuscator-llvm

  View on GitHub
  ☆57Jan 15, 2024Updated 2 years ago
• HaydoW / NerfDefender

  View on GitHub
  BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
  ☆24Jul 5, 2023Updated 2 years ago
• mez-0 / citadel

  View on GitHub
  A Payload Analysis Framework
  ☆116Oct 9, 2025Updated 4 months ago
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated 11 months ago
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆118Aug 21, 2024Updated last year
• Arr3stY0u / geacon_plus

  View on GitHub
  CobaltStrike beacon written in golang
  ☆27Apr 4, 2023Updated 2 years ago
• two06 / SharpShot

  View on GitHub
  Capture screenshots from .NET using .NET methods or Windows API calls
  ☆67Mar 9, 2020Updated 5 years ago
• bitdefender / hypervinject-poc

  View on GitHub
  ☆58Jul 31, 2025Updated 6 months ago
• dru1d-foofus / GetLAPSPassword

  View on GitHub
  A LAPS dumper written using the impacket library.
  ☆32May 22, 2023Updated 2 years ago
• knight0x07 / WinRAR-CVE-2025-8088-PoC-RAR

  View on GitHub
  WinRAR 0day CVE-2025-8088 PoC RAR Archive
  ☆45Aug 12, 2025Updated 6 months ago
• leftp / DPAPISnoop

  View on GitHub
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆140Sep 14, 2024Updated last year
• JJK96 / PIClin

  View on GitHub
  From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…
  ☆53Sep 22, 2025Updated 4 months ago
• Mr-Un1k0d3r / MsGraphFunzy

  View on GitHub
  Scripts to interact with Microsoft Graph APIs
  ☆44Nov 7, 2024Updated last year
• fixgroup21 / Reborn-Stealer-Updated

  View on GitHub
  Cool stealer for Windwos. Cold wallet, VPN, Browsers, File, FileZila and etc Крутой стиллер для Windwos. Крипто кошельки, ВПН, Файлы с ра…
  ☆15May 22, 2022Updated 3 years ago
• EspressoCake / BetterPipename

  View on GitHub
  Example of using Sleep to create better named pipes.
  ☆41Jul 25, 2023Updated 2 years ago
• TheManticoreProject / DescribeNTSecurityDescriptor

  View on GitHub
  A cross-platform tool to parse and describe the contents of a raw ntSecurityDescriptor structure
  ☆47Oct 4, 2025Updated 4 months ago
• nyxgeek / guestlist

  View on GitHub
  tool for identifying guest relationships between companies
  ☆102Jun 27, 2024Updated last year
• praetorian-inc / oauthseeker

  View on GitHub
  A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office3…
  ☆166Jul 31, 2025Updated 6 months ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆271Apr 17, 2023Updated 2 years ago
• theevilbit / vaccination

  View on GitHub
  ☆10Oct 22, 2017Updated 8 years ago
• T0ngF0ngnie / DInvokeFrp

  View on GitHub
  内存加载FRP
  ☆10Sep 11, 2023Updated 2 years ago
• vifreex / AzShell

  View on GitHub
  Azure APIs enumeration and abuse
  ☆13Dec 20, 2024Updated last year
• alexcote1 / Sliverer

  View on GitHub
  runs sliver command on all hosts, partially based on example in sliver repo
  ☆13Mar 23, 2024Updated last year
• redi-git / SCCM_SLAP

  View on GitHub
  Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…
  ☆18Aug 13, 2025Updated 6 months ago
• netero1010 / SCCMVNC

  View on GitHub
  A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…
  ☆115Oct 20, 2024Updated last year
• myexploit / living_off_the_land

  View on GitHub
  ☆44Jul 5, 2024Updated last year
• kyleavery / pendulum

  View on GitHub
  Linux Sleep Obfuscation
  ☆107Jan 7, 2024Updated 2 years ago
• dirkjanm / scepreq

  View on GitHub
  SCEP request tool for AD CS and Intune
  ☆73Oct 24, 2025Updated 3 months ago
• fr4nk3nst1ner / slackattack

  View on GitHub
  Slack post-exploitation script for leaked bot tokens and "d" cookies
  ☆16Nov 18, 2025Updated 2 months ago
• CypElf / Reverse-shell

  View on GitHub
  A proof of concept reverse shell in Rust for Windows and Linux.
  ☆12Jul 6, 2021Updated 4 years ago
• y00ga-sec / Trustify

  View on GitHub
  Attack Active Directory Trusts with a single tool
  ☆14Jan 15, 2025Updated last year
• preludeorg / Regstoration

  View on GitHub
  A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library
  ☆24Nov 13, 2025Updated 3 months ago