Alternatives and similar repositories for merlin-cli

Users that are interested in merlin-cli are comparing it to the libraries listed below

• brett-fitz / pyMalleableProfileParser
  Parses Cobalt Strike malleable C2 profiles.
  ☆60Updated last week
• WKL-Sec / Winsocky
  Winsocket for Cobalt Strike.
  ☆102Updated 2 years ago
• MaorSabag / interactive-execute-shellcode
  A simple PoC of injection shellcode into a remote process and get the output using namepipe
  ☆44Updated 2 years ago
• vysecurity / msmailprobe2
  Office 365 and Exchange Enumeration Version 2
  ☆18Updated 2 years ago
• weaselsec / GodPotato-Aggressor-Script
  ☆89Updated 2 years ago
• SySS-Research / MAT
  This tool, programmed in C#, allows for the fast discovery and exploitation of vulnerabilities in MSSQL servers
  ☆53Updated last year
• ProcessusT / HavocHub
  PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…
  ☆44Updated 6 months ago
• magnusstubman / tokenduplicator
  Tool to start processes as SYSTEM using token duplication
  ☆38Updated 5 years ago
• wh0amitz / SharpRODC
  To audit the security of read-only domain controllers
  ☆118Updated 2 years ago
• y00ga-sec / Forensike
  Remotely dump NT hashes through Windows Crash dumps
  ☆34Updated last year
• realstatus / CVE-2024-40711-Exp
  CVE-2024-40711-exp
  ☆42Updated last year
• Yair-Men / Passenger
  ProcExp Driver (Ab)use
  ☆22Updated 3 years ago
• EspressoCake / EntropyFix
  reducing the entropy of your payload
  ☆11Updated 3 years ago
• c3r3br4t3 / ShadowRDP
  ☆75Updated last year
• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆46Updated 2 years ago
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆83Updated 3 years ago
• Mazzy-Stars / lain_c2
  command control framework
  ☆29Updated last week
• Faran-17 / EarlyBird-APC-Injection
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆35Updated 2 years ago
• cybersectroll / SharpPersistSD
  ☆92Updated last year
• dru1d-foofus / GetLAPSPassword
  A LAPS dumper written using the impacket library.
  ☆32Updated 2 years ago
• ZephrFish / DynamicMSBuilder
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆38Updated last month
• 7h3w4lk3r / Kill-Floor
  AV/EDR killer using BYOVD technique
  ☆43Updated last year
• LuxNoBulIshit / Smug_Fu3k
  ☆53Updated 3 years ago
• horizon3ai / CVE-2023-28324
  Ivanti EPM AgentPortal RCE Vulnerability
  ☆20Updated last year
• CodeXTF2 / evasion-adventures-files
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆31Updated 3 years ago
• hyp3rlinx / PSTrojanFile
  Unfixed Windows PowerShell Filename Code Execution POC
  ☆41Updated 2 years ago
• iamagarre / BadExclusionsNWBO
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆75Updated last year
• ProcessusT / SharpVenoma
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆51Updated last year
• decoder-it / DFSCoerce-exe-2
  DFSCoerce exe revisited version with custom authentication
  ☆41Updated 2 years ago
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆102Updated 2 years ago