Alternatives and similar repositories for SpyAI

Users that are interested in SpyAI are comparing it to the libraries listed below

• LambdaMamba / LenaMalwareAnalysis
  Lena's scripts/code/resources for malware analysis
  ☆27Updated last year
• nafiez / DataBlockNTLMLeak
  Windows Shell Link (LNK) Proof of Concept
  ☆15Updated 3 weeks ago
• FarghlyMal / leaked_src
  some leaked src code for known and unknown malwares
  ☆22Updated 2 months ago
• HulkOperator / AuthStager
  ☆55Updated 8 months ago
• EvilBytecode / Ebyte-AMSI-ProxyInjector
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
  ☆41Updated last month
• ZSECURE / zDocker-cobaltstrike
  Docker container for running CobaltStrike 4.10
  ☆37Updated 9 months ago
• mbanyamer / CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-
  Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397)
  ☆57Updated 3 weeks ago
• xelemental / Mal-LNK-Generator
  ☆34Updated 2 months ago
• iDigitalFlame / XrMT
  e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!
  ☆24Updated 10 months ago
• wetw0rk / wetw0rk.github.io
  ☆18Updated last week
• aaaddress1 / ntkrnlProtectScan
  One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel
  ☆43Updated last year
• gemini-security / GithubC2
  ☆29Updated last year
• winsecurity / AMSI-Bypass-HWBP
  ☆22Updated 3 months ago
• rad9800 / RansomFS
  ☆31Updated 4 months ago
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆17Updated last year
• EvilBytecode / PPID-Spoofing
  Parent Process ID Spoofing, coded in CGo.
  ☆22Updated 2 months ago
• ProcessusT / EnumSSN
  Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current pr…
  ☆21Updated last year
• rbmm / Services
  ☆18Updated 5 months ago
• 0x11DFE / file-unpumper
  Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.
  ☆27Updated 2 months ago
• shalomc / bhasia2025
  BlackHat Asia 2025 code and presentations
  ☆17Updated 2 months ago
• Offensive-Panda / .NET_PROFILER_DLL_LOADING
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆42Updated 10 months ago
• GoSecure / prompt
  AI-based implant feature
  ☆25Updated last month
• CyberSecurityUP / ProcessKiller-BYOVD
  BYOVD Technique Example using viragt64 driver
  ☆40Updated 11 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆44Updated last month
• rad9800 / talks
  ☆57Updated 2 months ago
• mr-r3bot / bof-modules
  BOF for C2 framework
  ☆41Updated 7 months ago
• CyberSecurityUP / Process-Stacking-Injection
  ☆11Updated 3 months ago
• offalltn / gitC2
  POC of GITHUB simple C2 in rust
  ☆53Updated 5 months ago
• atabetnouhaila / API-hashing
  ☆18Updated 8 months ago
• MatheuZSecurity / Imperius
  Make an Linux Kernel rootkit visible again.
  ☆52Updated 4 months ago