Alternatives and similar repositories for C2-framework

Users that are interested in C2-framework are comparing it to the libraries listed below

• DarkSpaceSecurity / SSH-Stealer
  Smart keylogging capability to steal SSH Credentials including password & Private Key
  ☆151Updated 10 months ago
• jakabakos / CVE-2024-23692-RCE-in-Rejetto-HFS
  Unauthenticated RCE Flaw in Rejetto HTTP File Server (CVE-2024-23692)
  ☆16Updated last year
• dinosn / citrix_cve-2023-4966
  Citrix CVE-2023-4966 from assetnote modified for parallel and file handling
  ☆11Updated 2 years ago
• cocomelonc / hack-process-hacker2
  Proof of Concept example for abusing Process Hacker 2 (v2.39.124)
  ☆23Updated last year
• The-Z-Labs / cli4bofs
  A swiss army knife tool for running, injecting and organizing your BOFs collection
  ☆72Updated this week
• 7h3w4lk3r / Kill-Floor
  AV/EDR killer using BYOVD technique
  ☆43Updated last year
• tykawaii98 / CVE-2024-21338_PoC
  ☆41Updated last year
• wolfcod / beacondbg
  Beacon Debugger
  ☆55Updated last year
• chebuya / CVE-2024-30850-chaos-rat-rce-poc
  CHAOS RAT web panel path RCE PoC
  ☆30Updated last year
• mbadanoiu / CVE-2024-22274
  CVE-2024-22274: Authenticated Remote Code Execution in VMware vCenter Server
  ☆38Updated last year
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆50Updated 8 months ago
• PaddyCahil / windows-api-function-cheatsheets
  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread managem…
  ☆119Updated 2 years ago
• CyberSecurityUP / ProcessKiller-BYOVD
  BYOVD Technique Example using viragt64 driver
  ☆68Updated last year
• PeterGabaldon / CVE-2024-7479_CVE-2024-7481
  TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.
  ☆136Updated last year
• Nero22k / cve-2023-36802
  Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver
  ☆112Updated 2 years ago
• brosck / Frosty
  「🧊」Ring 3 Rootkit for Windows 10
  ☆60Updated last year
• voukatas / Commander
  A command and control (C2) server
  ☆58Updated last year
• joaoviictorti / coffeeldr
  A COFF Loader written in Rust
  ☆135Updated 2 months ago
• SaadAhla / Anti-Sandbox
  ☆48Updated 2 months ago
• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆46Updated 2 years ago
• aahmad097 / Test004
  Persistence via Shell Extensions
  ☆64Updated 2 years ago
• absholi7ly / CVE-2025-0282-Ivanti-exploit
  CVE-2025-0282 is a critical vulnerability found in Ivanti Connect Secure, allowing Remote Command Execution (RCE) through a buffer overfl…
  ☆52Updated last year
• ProcessusT / SharpVenoma
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆51Updated last year
• zer1t0 / keydump
  Dump Linux keyrings
  ☆23Updated last year
• jcrvnx / XenoRAT
  This is the latest version of XenoRAT, updated with configurations and capable of bypassing all system securities. It will be maintained …
  ☆22Updated 9 months ago
• hunters-sec / CVE-2025-55188-7z-exploit
  7z exploit POC versions prior to 25.01
  ☆33Updated 5 months ago
• qwqdanchun / RainbowSheep
  Change hash for a signed pe
  ☆17Updated 2 years ago
• Whitecat18 / static_encrypt
  Static Encrypt is an crate that encrypts string literals at compile time and only decrypted at runtime when needed.
  ☆55Updated 3 weeks ago
• Maldev-Academy / CodeSearchDemo
  ☆41Updated last year
• ProcessusT / HavocHub
  PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…
  ☆44Updated 6 months ago