hdbreaker/Nimhawk

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hdbreaker/Nimhawk)

hdbreaker / Nimhawk

A powerful, modular, lightweight and efficient command & control framework written in Nim.

☆221

Alternatives and similar repositories for Nimhawk

Users that are interested in Nimhawk are comparing it to the libraries listed below

Sorting:

jsecu / ModTask
View on GitHub
☆53Sep 23, 2025Updated 5 months ago
NtDallas / MemLoader
View on GitHub
Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
☆270Jun 18, 2025Updated 8 months ago
0xHossam / HuffLoader
View on GitHub
Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
☆283Apr 6, 2025Updated 11 months ago
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆137Apr 18, 2025Updated 10 months ago
MythicAgents / Xenon
View on GitHub
A Mythic agent for Windows written in C
☆158Feb 22, 2026Updated last week
Meowmycks / koneko
View on GitHub
Robust Cobalt Strike shellcode loader with multiple advanced evasion features
☆200Apr 21, 2025Updated 10 months ago
boku7 / StringReaper
View on GitHub
Reaping treasures from strings in remote processes memory
☆285Feb 8, 2025Updated last year
T3nb3w / ComDotNetExploit
View on GitHub
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
☆334Mar 6, 2025Updated last year
Teach2Breach / moonwalk
View on GitHub
find dll base addresses without PEB WALK
☆161Jul 13, 2025Updated 7 months ago
NtDallas / Svartalfheim
View on GitHub
Stage 0
☆169Dec 18, 2024Updated last year
fin3ss3g0d / StoneKeeper
View on GitHub
StoneKeeper C2, an experimental EDR evasion framework for research purposes
☆209Dec 25, 2024Updated last year
logangoins / Cable
View on GitHub
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
☆399Jul 23, 2025Updated 7 months ago
tijme / nimplant-beacon-position-independent-c-code
View on GitHub
A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
☆67Feb 11, 2025Updated last year
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆186Jan 17, 2026Updated last month
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆195Feb 6, 2025Updated last year
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆230Oct 30, 2025Updated 4 months ago
xforcered / RemoteMonologue
View on GitHub
Weaponizing DCOM for NTLM Authentication Coercions
☆275Jul 1, 2025Updated 8 months ago
Faran-17 / Hellshazzard
View on GitHub
Indirect Syscall implementation to bypass userland NTAPIs hooking.
☆85Aug 13, 2024Updated last year
deepinstinct / DCOMUploadExec
View on GitHub
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
☆382Dec 13, 2024Updated last year
grayhatkiller / SharpExShell
View on GitHub
SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
☆75May 1, 2024Updated last year
dmcxblue / PyObscura
View on GitHub
A python script that automates a C2 Profile build
☆48Dec 14, 2025Updated 2 months ago
klezVirus / RAIWhateverTrigger
View on GitHub
Local SYSTEM auth trigger for relaying - X
☆155Jul 23, 2025Updated 7 months ago
trickster0 / NamelessC2
View on GitHub
Nameless C2 - A C2 with all its components written in Rust
☆283Sep 26, 2024Updated last year
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆539May 9, 2025Updated 9 months ago
rtecCyberSec / BitlockMove
View on GitHub
Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
☆438Jun 27, 2025Updated 8 months ago
rasta-mouse / SpawnWith
View on GitHub
☆109Feb 17, 2025Updated last year
0xTriboulet / rdll-rs
View on GitHub
A reflective DLL development template for the Rust programming language
☆115Nov 4, 2025Updated 4 months ago
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆237Nov 7, 2024Updated last year
Teach2Breach / dll2shell
View on GitHub
converts sRDI compatible dlls to shellcode
☆35Jan 20, 2025Updated last year
winsecurity / AMSI-Bypass-HWBP
View on GitHub
☆26Aug 11, 2025Updated 6 months ago
rvrsh3ll / Bolthole
View on GitHub
Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.
☆275May 2, 2025Updated 10 months ago
pwardle / ReflectiveLoader
View on GitHub
A Reflective Loader for macOS
☆147Jul 20, 2025Updated 7 months ago
0xsp-SRD / ZigStrike
View on GitHub
ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.
☆502Jan 23, 2026Updated last month
logangoins / Stifle
View on GitHub
.NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
☆150Feb 10, 2025Updated last year
almounah / superdeye
View on GitHub
Indirect Syscall with TartarusGate Approach in Go
☆135Jul 8, 2025Updated 7 months ago
Whitecat18 / earlycascade-injection
View on GitHub
Early cascade injection PoC based on Outflanks blog post written in Rust
☆68Dec 26, 2025Updated 2 months ago
chvancooten / NimPlant
View on GitHub
A light-weight first-stage C2 implant written in Nim (and Rust).
☆930Updated this week
ricardojoserf / NativeTokenImpersonate
View on GitHub
Impersonate Tokens using only NTAPI functions
☆84Apr 4, 2025Updated 11 months ago
tijme / relocatable
View on GitHub
Boilerplate to develop raw and truly Position Independent Code (PIC).
☆117Jan 20, 2025Updated last year