Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
☆446Oct 26, 2022Updated 3 years ago
Alternatives and similar repositories for imaginaryC2
Users that are interested in imaginaryC2 are comparing it to the libraries listed below
Sorting:
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆265Jan 15, 2022Updated 4 years ago
- Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.☆644Nov 27, 2024Updated last year
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆723Dec 26, 2022Updated 3 years ago
- Various snippets created during malware analysis☆464Oct 3, 2025Updated 4 months ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆356Feb 11, 2026Updated 2 weeks ago
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆279Dec 13, 2021Updated 4 years ago
- Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.☆638Jul 16, 2023Updated 2 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- Obfuscate specific windows apis with different apis☆1,023Feb 21, 2021Updated 5 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,136Oct 19, 2025Updated 4 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆585May 5, 2024Updated last year
- A toolset to make a system look as if it was the victim of an APT attack☆2,715Sep 23, 2025Updated 5 months ago
- Quickly debug shellcode extracted during malware analysis☆626May 23, 2023Updated 2 years ago
- DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2…☆448Aug 7, 2020Updated 5 years ago
- HTA encryption tool for RedTeams☆1,422Nov 9, 2022Updated 3 years ago
- c2 traffic☆194Feb 6, 2023Updated 3 years ago
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,727Jan 16, 2026Updated last month
- Open source pre-operation C2 server based on python and powershell☆762Jul 6, 2021Updated 4 years ago
- Malware Configuration And Payload Extraction☆761Nov 22, 2024Updated last year
- ☆451Aug 4, 2021Updated 4 years ago
- Python tool and library to help analyze files during malware triage and analysis.☆78Jul 2, 2020Updated 5 years ago
- Ps-Tools, an advanced process monitoring toolkit for offensive operations☆355Dec 1, 2020Updated 5 years ago
- FAME Automates Malware Evaluation☆929Dec 16, 2025Updated 2 months ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆169Jan 5, 2021Updated 5 years ago
- Interesting APT Report Collection And Some Special IOCs☆2,915Feb 24, 2026Updated last week
- Windows kernel and user mode emulation.☆1,860Updated this week
- Remote Recon and Collection☆459Nov 23, 2017Updated 8 years ago
- Open Source EDR for Windows☆1,297Feb 25, 2023Updated 3 years ago
- Zerokit/GAPZ rootkit (non buildable and only for researching)☆185Mar 30, 2019Updated 6 years ago
- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)☆1,613Dec 10, 2018Updated 7 years ago
- FCL (Fileless Command Lines) - Known command lines of fileless malicious executions☆477Apr 8, 2021Updated 4 years ago
- A PowerShell based utility for the creation of malicious Office macro documents.☆1,109Nov 3, 2017Updated 8 years ago
- Volatility plugin for extracts configuration data of known malware☆495Dec 22, 2023Updated 2 years ago
- Malicious Macro Generator☆828Apr 17, 2019Updated 6 years ago
- Silencing Sysmon via driver unload☆235Oct 13, 2022Updated 3 years ago
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- Kaspersky's GReAT KLara☆732Jul 24, 2024Updated last year
- Also known by Microsoft as Knifecoat☆1,153Dec 22, 2022Updated 3 years ago
- PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.☆152Jun 3, 2019Updated 6 years ago