Alternatives and similar repositories for ThreatCheck

Users that are interested in ThreatCheck are comparing it to the libraries listed below

• Danukeru / llvm-obfs-str-pass-2024

  View on GitHub
  An example of an external LLVM plugin module transform pass for the latest versions.
  ☆14Oct 21, 2025Updated 3 months ago
• redskal / obfuscatxor

  View on GitHub
  Near compile-time string obfuscation for Golang
  ☆13Oct 3, 2023Updated 2 years ago
• linsyking / CanvasHelper2

  View on GitHub
  New generation of Canvas Helper.
  ☆12Jul 15, 2024Updated last year
• filescanio / fsCommunity

  View on GitHub
  Collection of scripts / samples / snippits around the community service at www.filescan.io
  ☆15Nov 6, 2025Updated 3 months ago
• latortuga71 / GoPELoader

  View on GitHub
  ☆14Aug 22, 2022Updated 3 years ago
• MythicAgents / VECTR

  View on GitHub
  A service container for interacting with SRA's VECTR
  ☆16Apr 9, 2025Updated 10 months ago
• githubesson / chrome_abe_poc

  View on GitHub
  golang decryption poc of the new app bound encryption introduced in chrome version 127.
  ☆22Nov 4, 2024Updated last year
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆60Jan 5, 2026Updated last month
• ProcessusT / Venoma

  View on GitHub
  Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
  ☆198May 29, 2025Updated 8 months ago
• rasta-mouse / Crystal-Loaders

  View on GitHub
  A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
  ☆184Oct 29, 2025Updated 3 months ago
• Ap3x / Panoptes

  View on GitHub
  Panoptes Endpoint Detection and Response Solution
  ☆42Jan 19, 2026Updated 3 weeks ago
• kyleavery / Multi-Stage-Mythic

  View on GitHub
  ☆27Aug 8, 2021Updated 4 years ago
• ustayready / tradecraft

  View on GitHub
  Red Teaming Tradecraft
  ☆28Sep 28, 2022Updated 3 years ago
• neox41 / go-smbshell

  View on GitHub
  Proof of concept SMB C2 using named pipes in Golang
  ☆25Sep 8, 2019Updated 6 years ago
• Tylous / Mangle

  View on GitHub
  Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
  ☆105Dec 15, 2022Updated 3 years ago
• EvilBytecode / ThunderKitty-Ransomware

  View on GitHub
  Ransomware written in go, encrypt - decrypt.
  ☆29Apr 27, 2025Updated 9 months ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• rasta-mouse / ThreatCheck

  View on GitHub
  Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
  ☆1,398Jan 14, 2026Updated 3 weeks ago
• S3lrius / Nimalathatep

  View on GitHub
  Nim Payload Generation
  ☆62Oct 9, 2023Updated 2 years ago
• ChrisPritchard / golang-shellcode-runner

  View on GitHub
  A shellcode runner / injector / hollower in Go, for windows
  ☆26May 22, 2022Updated 3 years ago
• dlima04 / thread-pool-injection

  View on GitHub
  PoC for thread pool based process injection in Windows.
  ☆120Mar 29, 2025Updated 10 months ago
• FourCoreLabs / LolDriverScan

  View on GitHub
  Scan vulnerable drivers on Windows with loldrivers.io
  ☆186Sep 11, 2023Updated 2 years ago
• itaymigdal / NimProtect

  View on GitHub
  A tiny macro library for protecting sensitive strings in compiled binaries
  ☆40Oct 8, 2024Updated last year
• ninoseki / iocingestor

  View on GitHub
  An extendable tool to extract and aggregate IoCs from threat feeds
  ☆33Feb 6, 2024Updated 2 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• kohnakagawa / cidre-vm

  View on GitHub
  Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware
  ☆38Jun 26, 2025Updated 7 months ago
• SuperJakov / Chrome-extension-keylogger

  View on GitHub
  Javascript keylogger in a chrome extension that sends keystrokes to discord
  ☆10Jan 5, 2024Updated 2 years ago
• D3Ext / malware-practices

  View on GitHub
  Repo for malware development practices I post on my blog
  ☆35Oct 5, 2024Updated last year
• gnarlyhaze / Kali-Update-Script

  View on GitHub
  ☆10Aug 4, 2020Updated 5 years ago
• JamesCooteUK / BOFs

  View on GitHub
  Collection of BOFs for Cobalt Strike
  ☆33Mar 28, 2023Updated 2 years ago
• dobin / avred-server

  View on GitHub
  The AMSI server for Avred
  ☆33Sep 15, 2023Updated 2 years ago
• rikodot / binja_native_sigscan

  View on GitHub
  Signature scanner and maker plugin for Binary Ninja
  ☆31Aug 12, 2024Updated last year
• AlmondOffSec / LibTPLoadLib

  View on GitHub
  Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
  ☆73Nov 6, 2025Updated 3 months ago
• stairwell-inc / cobalt-strike-stager-parser

  View on GitHub
  ☆36Jan 11, 2023Updated 3 years ago
• dobin / SuperMega

  View on GitHub
  Stealthily inject shellcode into an executable
  ☆445Oct 19, 2025Updated 3 months ago
• Ahaz1701 / EvilWorker

  View on GitHub
  A new AiTM attack framework — based on leveraging service workers — designed to conduct credential phishing campaigns. Thanks to its mini…
  ☆143Aug 5, 2025Updated 6 months ago
• Enelg52 / KittyStager

  View on GitHub
  KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…
  ☆229Jun 6, 2023Updated 2 years ago
• Snifer / GPT

  View on GitHub
  Gadget Pentesting Tool Scripts
  ☆37Nov 29, 2015Updated 10 years ago
• mrexodia / RiscyWorkshop

  View on GitHub
  Payload Obfuscation for Red Teams workshop materials
  ☆78Nov 25, 2025Updated 2 months ago