Alternatives and similar repositories for azbelt

Users that are interested in azbelt are comparing it to the libraries listed below

• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆187Feb 12, 2023Updated 3 years ago
• rkbennett / pybof

  View on GitHub
  Python module for running BOFs
  ☆79Nov 28, 2025Updated 2 months ago
• bohops / DynamicDotNet

  View on GitHub
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆146May 18, 2024Updated last year
• byt3bl33d3r / NimDllSideload

  View on GitHub
  DLL sideloading/proxying with Nim!
  ☆175Dec 4, 2022Updated 3 years ago
• Kudaes / Split

  View on GitHub
  Apply a divide and conquer approach to bypass EDRs
  ☆287Oct 19, 2023Updated 2 years ago
• OccamsXor / Dragnmove

  View on GitHub
  Infect Shared Files In Memory for Lateral Movement
  ☆196Dec 14, 2022Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆176Aug 1, 2022Updated 3 years ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆882Feb 5, 2026Updated last week
• d3lb3 / KeeFarceReborn

  View on GitHub
  A standalone DLL that exports databases in cleartext once injected in the KeePass process.
  ☆302Mar 1, 2023Updated 2 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆160Mar 1, 2024Updated last year
• eversinc33 / SharpStartWebclient

  View on GitHub
  Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
  ☆77Feb 8, 2023Updated 3 years ago
• f-bader / TokenTacticsV2

  View on GitHub
  A fork of the great TokenTactics with support for CAE and token endpoint v2
  ☆385Updated this week
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆259May 10, 2023Updated 2 years ago
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆239Sep 3, 2023Updated 2 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆301Oct 26, 2022Updated 3 years ago
• nheiniger / SnaffPoint

  View on GitHub
  A tool for pointesters to find candies in SharePoint
  ☆277Nov 4, 2022Updated 3 years ago
• jsecu / BOF-pack-1

  View on GitHub
  A care package of useful bofs for red team engagments
  ☆55Dec 6, 2024Updated last year
• deepinstinct / Lsass-Shtinkering

  View on GitHub
  ☆385Jan 19, 2023Updated 3 years ago
• ThePorgs / impacket

  View on GitHub
  Impacket is a collection of Python classes for working with network protocols.
  ☆303Jan 20, 2026Updated 3 weeks ago
• post-cyberlabs / Offensive_tools

  View on GitHub
  ☆413Dec 14, 2023Updated 2 years ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆646Mar 20, 2024Updated last year
• ustayready / ShredHound

  View on GitHub
  Small utility to chunk up a large BloodHound JSON file into smaller files for importing.
  ☆98Apr 13, 2023Updated 2 years ago
• zblurx / dploot

  View on GitHub
  DPAPI looting remotely and locally in Python
  ☆540Oct 7, 2025Updated 4 months ago
• OtterHacker / Cerbere

  View on GitHub
  ☆49Feb 11, 2023Updated 3 years ago
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆186Jun 22, 2022Updated 3 years ago
• rvrsh3ll / Azure-App-Tools

  View on GitHub
  Collection of tools to use with Azure Applications
  ☆112Oct 13, 2023Updated 2 years ago
• synacktiv / GPOddity

  View on GitHub
  The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  ☆358Dec 13, 2025Updated 2 months ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆149Feb 11, 2023Updated 3 years ago
• HackmichNet / AzTokenFinder

  View on GitHub
  ☆107Jan 4, 2023Updated 3 years ago
• zimawhit3 / Bitmancer

  View on GitHub
  Nim Library for Offensive Security Development
  ☆198Sep 4, 2023Updated 2 years ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆417Jan 27, 2024Updated 2 years ago
• RedSiege / What-The-F

  View on GitHub
  This repo hosts a poc of how to execute F# code within an unmanaged process
  ☆70Jun 25, 2024Updated last year
• S3cur3Th1sSh1t / SharpVeeamDecryptor

  View on GitHub
  Decrypt Veeam database passwords
  ☆222Dec 8, 2025Updated 2 months ago
• fortalice / bofhound

  View on GitHub
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆386Feb 23, 2024Updated last year
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆96Dec 24, 2024Updated last year
• Dec0ne / ShadowSpray

  View on GitHub
  A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…
  ☆482Oct 14, 2022Updated 3 years ago
• SySS-Research / ldif2bloodhound

  View on GitHub
  Convert an LDIF file to JSON files ingestible by BloodHound
  ☆45Apr 4, 2025Updated 10 months ago
• MWR-CyberSec / PXEThief

  View on GitHub
  PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configur…
  ☆410May 29, 2024Updated last year
• rvrsh3ll / TokenTactics

  View on GitHub
  Azure JWT Token Manipulation Toolset
  ☆711Dec 6, 2024Updated last year