goLoL is a Windows host scanner with dual support for LOLBAS binaries and LOLDrivers. It lists LOLBAS techniques runnable at your current privilege level (with MITRE ATT&CK mappings) and can scan local .sys files for vulnerable/malicious LOLDrivers hash matches.
☆66Jun 28, 2026Updated 2 weeks ago
Alternatives and similar repositories for goLoL
Users that are interested in goLoL are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- kerberos in rust for fun and profit☆70Mar 13, 2026Updated 4 months ago
- Code and data for our paper "Onelogon: Taking over Active Directory Accounts via Netlogon" (WOOT’26).☆107Jun 22, 2026Updated 3 weeks ago
- ☆78Updated this week
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- Golang Automation Framework for Cobalt Strike using the Rest API☆60Apr 10, 2026Updated 3 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆210Jun 25, 2026Updated 2 weeks ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆139Jan 26, 2026Updated 5 months ago
- Automated DLL Hijacking Discovery, Validation, and Confirmation. Turning local misconfigurations into weaponized, confirmed attack paths.☆394Jun 20, 2026Updated 3 weeks ago
- Technical Reference to multiple relay techniques☆190May 21, 2026Updated last month
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- DriverSentinel is a security tool developed in Go that detects malicious and vulnerable drivers on Windows systems by comparing them agai…☆36May 2, 2026Updated 2 months ago
- Dump TGTs remotely and convert Windows' klist binary output to ccache.☆80Jun 30, 2026Updated 2 weeks ago
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆22May 19, 2026Updated last month
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- A shellcode loader generator with support for multiple injection techniques, built for red team engagements.☆93Jul 1, 2026Updated last week
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆90Oct 20, 2025Updated 8 months ago
- Automated BYOVD driver analysis: import scanning, IOCTL dispatch extraction, Speakeasy emulation☆82Jul 2, 2026Updated last week
- NØW is a word-based shellcode encoding and obfuscation tool that transforms raw shellcode bytes into natural-looking English prose.☆68Jun 24, 2026Updated 2 weeks ago
- Helps defenders find their WSUS configurations in the wake of CVE-2025-59287☆46Oct 28, 2025Updated 8 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆30Dec 20, 2025Updated 6 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Async port scanner BOF. Supports IP/port ranges, CIDR notation and hostnames.☆18Jun 17, 2026Updated 3 weeks ago
- Azure RedOps is a offensive security toolkit for assessing the security posture of Microsoft Entra ID☆176Updated this week
- Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them☆21Updated this week
- Precision call-stack spoofing gadget hunter for x64 DLLs, powered by Iced disassembler☆18Jul 2, 2026Updated last week
- A stealthy and modular Windows loader designed to bypass modern EDR solutions using Module Stomping, Stack Duplication, and Advanced Slee…☆66Updated this week
- A EDR bypassing shellcode loader framework for Windows 10 64bit, featuring ETW/AMSI patching, Tartarus Gate, process protection and more☆57Jun 24, 2026Updated 2 weeks ago
- Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)☆107Apr 4, 2026Updated 3 months ago
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- A vibe-coded port of wiretap☆35Apr 25, 2026Updated 2 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆116Jan 26, 2026Updated 5 months ago
- Ludus roles to deploy ASR rules and MDI auditing settings☆25Aug 5, 2025Updated 11 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 3 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆107Jan 10, 2026Updated 6 months ago
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- A Bloodhound alternative. BloodBash will ingest the same files bloodhound does but no server is required to use this tool. It's great for…☆237Updated this week