C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel
☆31Jul 4, 2026Updated last week
Alternatives and similar repositories for c2detect
Users that are interested in c2detect are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver☆49Mar 13, 2026Updated 4 months ago
- Tor transport bridge for Sliver C2 - anonymous command and control☆52Jan 20, 2026Updated 5 months ago
- ☆198Jun 11, 2026Updated last month
- A Crystal Palace shared library to resolve & perform syscalls☆61Oct 29, 2025Updated 8 months ago
- Repository hosting a hypothetical EDR Spoofer, as discovered originally by Nightmare-Eclipse☆41May 27, 2026Updated last month
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A Windows tool that converts LDIF files to BloodHound CE☆30Dec 20, 2025Updated 6 months ago
- Staged DLL injection proof-of-concept built in C using Win32 APIs — developed in an isolated lab environment for red team certification s…☆40Jun 4, 2026Updated last month
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- Polymorphic AV/AMSI bypass toolkit - Donut shellcode runner for offensive .NET/PE tools☆36May 26, 2026Updated last month
- Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)☆69Apr 3, 2026Updated 3 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 10 months ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆17Aug 14, 2023Updated 2 years ago
- This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made …☆62Jun 15, 2026Updated 3 weeks ago
- Extra cmdlets to help with quering security related information from Azure☆15Sep 16, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆16Apr 29, 2026Updated 2 months ago
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆132Jan 21, 2026Updated 5 months ago
- PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads☆257Oct 30, 2025Updated 8 months ago
- Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…☆35Feb 2, 2026Updated 5 months ago
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆19Oct 28, 2023Updated 2 years ago
- CurlWright is a Cloudflare bypass tool that leverages Playwright to execute curl commands with full browser capabilities, allowing you to…☆37Jun 28, 2026Updated 2 weeks ago
- CVE-2026-46242☆15Jul 4, 2026Updated last week
- Janus analyzes C2 telemetry to surface failure patterns, operator friction, and automation opportunities across engagements.☆54Jun 23, 2026Updated 3 weeks ago
- Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130☆55Sep 13, 2025Updated 10 months ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Linux Persistence Detection, Hunting and Artifact Collection script☆24May 21, 2026Updated last month
- Aether is a Windows memory-forensics and threat hunting tool that scans live process memory for malicious pattern, detect injection techn…☆52Jul 5, 2026Updated last week
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…☆247Apr 9, 2026Updated 3 months ago
- Automated BYOVD driver analysis: import scanning, IOCTL dispatch extraction, Speakeasy emulation☆82Jul 2, 2026Updated last week
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 8 months ago
- ☆18May 22, 2024Updated 2 years ago
- Script to chain search parameters for MalwareBazaar☆14Jan 26, 2025Updated last year
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Tiny and fast port scanner (Sliver edition)☆31Feb 17, 2026Updated 4 months ago
- ☆22May 19, 2026Updated last month
- A newly discovered vulnerable driver, pstrip64.sys (CVE-2026-29923) allows an unprivileged user to escalate privileges to SYSTEM via a cr…☆25Apr 11, 2026Updated 3 months ago
- Adaptix C2 service plugin that drives LitterBox payload analysis from the operator UI.☆61May 4, 2026Updated 2 months ago
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- AI-powered malware traffic analysis and network forensics via the Model Context Protocol☆18May 27, 2026Updated last month
- This cheatsheet maps common impacket workflows to their modern alternatives☆299May 30, 2026Updated last month