Alternatives and similar repositories for SCExec

Users that are interested in SCExec are comparing it to the libraries listed below

• aleenzz / ADExplorerX
  ☆46Updated 11 months ago
• dust-life / Free445-BOF
  ☆24Updated last month
• timwhitez / Doge-DumpMem
  dump lsass
  ☆37Updated 3 years ago
• JDArmy / NO445-lateral-movement
  command execute without 445 port
  ☆52Updated 3 years ago
• Jumbo-WJB / SharpAllowedToAct-Modify
  resource-based constrained delegation RBCD
  ☆45Updated 3 years ago
• XiaoliChan / Invoke-sAMSpoofing
  CVE-2021-42287/CVE-2021-42278 exploits in powershell
  ☆38Updated 3 years ago
• kyxiaxiang / CrackSleeve4.9
  ☆40Updated last year
• Jumbo-WJB / SharpSniper-Modify
  query specific user and login IP from remote machine
  ☆17Updated 2 years ago
• Ridter / MSSQL_CLR
  MSSQL CLR for pentest.
  ☆54Updated last year
• ASkyeye / AB
  Cs-Sleep-Mask-Fiber
  ☆18Updated last month
• timwhitez / memmod
  Fork & modify of Wireguard's Memmod
  ☆32Updated last year
• M0nster3 / ITaskServers
  Bypass EDR Create TaskServers
  ☆37Updated 2 years ago
• XiaoliChan / LDAPShell
  A wrapper of ldap_shell.py module which in ntlmrelayx
  ☆62Updated 2 years ago
• Like0x / AddDefenderExclusions-BOF
  AddDefenderExclusions Beacon Object File
  ☆39Updated last year
• seventeenman / SelfDel-BOF
  Delete file regardless of whether the handle is used via SetFileInformationByHandle
  ☆44Updated last year
• timwhitez / CLR-RWX
  Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间
  ☆22Updated 2 years ago
• JDArmy / Lsass-Shtinkering
  dump lsass tool
  ☆39Updated 2 years ago
• XiaoliChan / CrackMapExec-Extension
  CrackMapExec extension module/protocol support
  ☆42Updated last year
• RowTeam / SharpNBTScan
  ☆23Updated 2 years ago
• StarfireLab / BrowserPivot
  ☆31Updated last year
• FeigongSec / NTLMINFO
  ☆46Updated 4 years ago
• timwhitez / ScareCrow-Common
  ScareCrow loader binary source which easier to read and learn
  ☆25Updated 3 years ago
• m1ddl3w4r3 / ExecRemoteNET
  Execute Remote Assembly with args passing and with AMSI and ETW patching .
  ☆34Updated 2 years ago
• CrossC2 / autoRebind
  Automatically parse Malleable C2 profiled into CrossC2 rebinding library source code
  ☆21Updated 2 years ago
• ASkyeye / Artillery
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆14Updated last year
• apkc / CVE-2024-26229-BOF
  BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel
  ☆26Updated last year
• XiaoliChan / WinRpcTest
  利用RPC服务，内网批量探测Windows出网
  ☆14Updated 2 years ago
• XiaoliChan / winrm-PTH
  Golang implement winrm client with pass the hash
  ☆31Updated last year
• timwhitez / Doge-RecycledGate
  Golang implementation of Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll;
  ☆32Updated 3 years ago
• mabangde / NTDSDumpEx
  ☆34Updated 3 months ago