NVISOsecurity/pyCobaltHound external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

NVISOsecurity/pyCobaltHound

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/NVISOsecurity/pyCobaltHound)

Close

NVISOsecurity / pyCobaltHoundView on GitHubMore

• External links
• Readme badge

pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.

☆135May 25, 2023Updated 2 years ago

Alternatives and similar repositories for pyCobaltHound

Users that are interested in pyCobaltHound are comparing it to the libraries listed below

• Sh0ckFR / InlineWhispers2

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆186Jul 21, 2022Updated 3 years ago
• m3rcer / Chisel-Strike

  View on GitHub
  A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
  ☆458Mar 25, 2024Updated last year
• CodeXTF2 / cobaltstrike-headless

  View on GitHub
  Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
  ☆147Sep 8, 2022Updated 3 years ago
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆94May 14, 2022Updated 3 years ago
• outflanknl / WdToggle

  View on GitHub
  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  ☆220May 3, 2023Updated 2 years ago
• emcghee / PayloadAutomation

  View on GitHub
  ☆121Jun 17, 2022Updated 3 years ago
• anthemtotheego / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆219Jul 14, 2021Updated 4 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆94Mar 8, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,370Oct 27, 2023Updated 2 years ago
• netero1010 / RDPHijack-BOF

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
  ☆312Jul 8, 2022Updated 3 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 2 years ago
• klezVirus / NimlineWhispers3

  View on GitHub
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆147Jun 2, 2022Updated 3 years ago
• hausec / CobaltStrikeToGhostWriter

  View on GitHub
  Log converter from CS log to Ghostwriter CSV
  ☆31Nov 23, 2020Updated 5 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• whydee86 / SnD_AMSI

  View on GitHub
  Start new PowerShell without etw and amsi in pure nim
  ☆157Feb 14, 2022Updated 4 years ago
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆473Jul 6, 2024Updated last year
• improsec / SharpEventPersist

  View on GitHub
  Persistence by writing/reading shellcode from Event Log
  ☆379May 27, 2022Updated 3 years ago
• EspressoCake / PPLDump_BOF

  View on GitHub
  A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
  ☆143Sep 24, 2021Updated 4 years ago
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• matterpreter / SHAPESHIFTER

  View on GitHub
  Companion PoC for the "Adventures in Dynamic Evasion" blog post
  ☆129May 25, 2021Updated 4 years ago
• tijme / kernel-mii

  View on GitHub
  Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
  ☆85May 7, 2023Updated 2 years ago
• b4rtik / ATPMiniDump

  View on GitHub
  Evading WinDefender ATP credential-theft
  ☆255Dec 2, 2019Updated 6 years ago
• frkngksl / NimicStack

  View on GitHub
  NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
  ☆94Aug 1, 2022Updated 3 years ago
• cube0x0 / BofRoast

  View on GitHub
  Beacon Object Files for roasting Active Directory
  ☆235Feb 21, 2022Updated 4 years ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 2 years ago
• frkngksl / ParallelNimcalls

  View on GitHub
  Nim version of MDSec's Parallel Syscall PoC
  ☆123Jan 14, 2022Updated 4 years ago
• RedSiege / PersistAssist

  View on GitHub
  Fully modular persistence framework
  ☆259Apr 10, 2023Updated 2 years ago
• EncodeGroup / AggressiveGadgetToJScript

  View on GitHub
  A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
  ☆101Sep 30, 2020Updated 5 years ago
• ScriptIdiot / SysmonQuiet

  View on GitHub
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆91Sep 9, 2022Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆175Aug 1, 2022Updated 3 years ago
• FalconForceTeam / SysWhispers2BOF

  View on GitHub
  Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
  ☆125May 24, 2022Updated 3 years ago
• Tylous / SourcePoint

  View on GitHub
  SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
  ☆1,199Apr 16, 2025Updated 10 months ago
• mgeeky / RedWarden

  View on GitHub
  Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
  ☆991Oct 7, 2022Updated 3 years ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆418Jan 27, 2024Updated 2 years ago
• dtmsecurity / bof_helper

  View on GitHub
  Beacon Object File (BOF) Creation Helper
  ☆236May 3, 2022Updated 3 years ago
• adamsvoboda / nim-loader

  View on GitHub
  WIP shellcode loader in nim with EDR evasion techniques
  ☆220Mar 30, 2022Updated 3 years ago
• outflanknl / HelpColor

  View on GitHub
  Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
  ☆211Mar 18, 2024Updated last year
• xforcered / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆244Jul 14, 2021Updated 4 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆282Sep 18, 2021Updated 4 years ago