Alternatives and similar repositories for pipe-intercept

Users that are interested in pipe-intercept are comparing it to the libraries listed below

• cyberark / PipeViewer

  View on GitHub
  A tool that shows detailed information about named pipes in Windows
  ☆732Nov 15, 2024Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• zeze-zeze / NamedPipeMaster

  View on GitHub
  a tool used to analyze and monitor in named pipes
  ☆193Oct 27, 2024Updated last year
• klezVirus / vortex

  View on GitHub
  VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
  ☆448Nov 2, 2023Updated 2 years ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆886Updated this week
• logangoins / Cable

  View on GitHub
  .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
  ☆400Jul 23, 2025Updated 6 months ago
• CCob / Shwmae

  View on GitHub
  ☆160Jan 27, 2025Updated last year
• MzHmO / WhoIsWho

  View on GitHub
  Amazing whoami alternatives
  ☆141Mar 23, 2024Updated last year
• TwoSevenOneT / WSASS

  View on GitHub
  This is the tool to dump the LSASS process on modern Windows 11
  ☆555Nov 1, 2025Updated 3 months ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,366Oct 27, 2023Updated 2 years ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆106Aug 21, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆524May 15, 2024Updated last year
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆612Jan 2, 2025Updated last year
• trailofbits / RpcInvestigator

  View on GitHub
  Exploring RPC interfaces on Windows
  ☆344Jan 30, 2024Updated 2 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆100Oct 7, 2023Updated 2 years ago
• waldo-irc / YouMayPasser

  View on GitHub
  You shall pass
  ☆271Jul 16, 2022Updated 3 years ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆209Nov 12, 2025Updated 3 months ago
• Mr-Un1k0d3r / SCShell

  View on GitHub
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆1,594Jul 10, 2023Updated 2 years ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆532Nov 19, 2024Updated last year
• GhostPack / Koh

  View on GitHub
  The Token Stealer
  ☆510Jul 13, 2022Updated 3 years ago
• trickster0 / TartarusGate

  View on GitHub
  TartarusGate, Bypassing EDRs
  ☆651Jan 25, 2022Updated 4 years ago
• nettitude / SharpWSUS

  View on GitHub
  ☆477Nov 20, 2022Updated 3 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆579Apr 25, 2023Updated 2 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• S3cur3Th1sSh1t / MultiPotato

  View on GitHub
  ☆539Nov 20, 2021Updated 4 years ago
• S3cur3Th1sSh1t / SharpImpersonation

  View on GitHub
  A User Impersonation tool - via Token or Shellcode injection
  ☆422May 21, 2022Updated 3 years ago
• sensepost / wiresocks

  View on GitHub
  A sock, with a wire, so you can tunnel all you desire.
  ☆295Jan 19, 2024Updated 2 years ago
• rtecCyberSec / RAITrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying
  ☆168Jul 22, 2025Updated 6 months ago
• outflanknl / edr-internals

  View on GitHub
  Tools for analyzing EDR agents
  ☆277Jun 10, 2024Updated last year
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆273Dec 27, 2024Updated last year
• Dec0ne / KrbRelayUp

  View on GitHub
  KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…
  ☆1,628Aug 6, 2022Updated 3 years ago
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• EvanMcBroom / lsa-whisperer

  View on GitHub
  Tools for interacting with authentication packages using their individual message protocols
  ☆368Feb 1, 2026Updated 2 weeks ago
• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆136Dec 14, 2023Updated 2 years ago
• warpnet / MS-RPC-Fuzzer

  View on GitHub
  Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…
  ☆325Oct 20, 2025Updated 3 months ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year