Alternatives and similar repositories for C2-framework

Users that are interested in C2-framework are comparing it to the libraries listed below

• 7h3w4lk3r / RexLdr
  Rex Shellcode Loader for AV/EDR evasion
  ☆34Updated last year
• Pwn3rzs / SpecterInsightKeygen
  A keygen for Specter Insight C2
  ☆35Updated 7 months ago
• cocomelonc / hack-process-hacker2
  Proof of Concept example for abusing Process Hacker 2 (v2.39.124)
  ☆24Updated 11 months ago
• brosck / Frosty
  「🧊」Ring 3 Rootkit for Windows 10
  ☆57Updated 10 months ago
• The-Z-Labs / cli4bofs
  A swiss army knife tool for running, injecting and organizing your BOFs collection
  ☆65Updated 3 months ago
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆84Updated 2 years ago
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆43Updated 4 months ago
• Malwareman007 / CVE-2023-21768
  Windows_AFD_LPE_CVE-2023-21768
  ☆55Updated 2 years ago
• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆46Updated 2 years ago
• hunters-sec / CVE-2025-55188-7z-exploit
  7z exploit POC versions prior to 25.01
  ☆32Updated 2 months ago
• Maldev-Academy / CodeSearchDemo
  ☆40Updated last year
• mbadanoiu / CVE-2024-22274
  CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server
  ☆39Updated last year
• qwqdanchun / Malware-Note
  https://docs.qwqdanchun.com/
  ☆29Updated 4 years ago
• DarkSpaceSecurity / SSH-Stealer
  Smart keylogging capability to steal SSH Credentials including password & Private Key
  ☆145Updated 6 months ago
• jakabakos / CVE-2023-36884-MS-Office-HTML-RCE
  MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit
  ☆42Updated last year
• almounah / GoDroplets
  Go Shellcode Loader to be Integrated in Exploration C2
  ☆28Updated 8 months ago
• NUL0x4C / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆59Updated 4 months ago
• 7h3w4lk3r / Kill-Floor
  AV/EDR killer using BYOVD technique
  ☆36Updated last year
• CyberSecurityUP / ProcessKiller-BYOVD
  BYOVD Technique Example using viragt64 driver
  ☆55Updated last year
• wolfcod / beacondbg
  Beacon Debugger
  ☆55Updated 11 months ago
• andrecrafts / Dynamic-HTTP-Payload-Stager
  A dynamic HTTP/S stager that lets one shellcode loader be reused for different encrypted payloads - no rebuilds.
  ☆19Updated last week
• ProcessusT / SharpVenoma
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆51Updated last year
• joaoviictorti / coffeeldr
  A COFF Loader written in Rust
  ☆130Updated 3 weeks ago
• qwqdanchun / RainbowSheep
  Change hash for a signed pe
  ☆16Updated 2 years ago
• DeEpinGh0st / sRDI-nim
  A nim implementation of sRDI
  ☆19Updated last year
• ProcessusT / HavocHub
  PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…
  ☆40Updated 3 months ago
• Mazzy-Stars / lain_c2
  command control framework
  ☆25Updated 3 weeks ago
• Pwnd4 / DefenseEvasion
  Bypassing AV, EDR, Application Whitelisting and ASR Rules
  ☆13Updated 2 years ago
• b1-team / phantom
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆17Updated 2 years ago
• trevorsaudi / Zero-Import-Malware
  Small project looking into how we can build malware with zero-imports by dynamically resolving windows APIs using GetProcAddress and GetM…
  ☆40Updated last year