Alternatives and similar repositories for Phant0m

Users that are interested in Phant0m are comparing it to the libraries listed below

• Mr-Un1k0d3r / PowerLessShell

  View on GitHub
  Run PowerShell command without invoking powershell.exe
  ☆1,530Mar 23, 2023Updated 2 years ago
• p3nt4 / PowerShdll

  View on GitHub
  Run PowerShell with rundll32. Bypass software restrictions.
  ☆1,823Mar 17, 2021Updated 4 years ago
• mdsecactivebreach / SharpShooter

  View on GitHub
  Payload Generation Framework
  ☆1,956Aug 21, 2024Updated last year
• harleyQu1nn / AggressorScripts

  View on GitHub
  Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
  ☆1,529Jun 30, 2023Updated 2 years ago
• Mr-Un1k0d3r / SCShell

  View on GitHub
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆1,594Jul 10, 2023Updated 2 years ago
• 0xbadjuju / Tokenvator

  View on GitHub
  A tool to elevate privilege with Windows Tokens
  ☆1,055Oct 6, 2023Updated 2 years ago
• Kevin-Robertson / Inveigh

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆2,903Nov 19, 2025Updated 2 months ago
• danielbohannon / Invoke-Obfuscation

  View on GitHub
  PowerShell Obfuscator
  ☆4,193Aug 10, 2023Updated 2 years ago
• cobbr / SharpSploit

  View on GitHub
  SharpSploit is a .NET post-exploitation library written in C#
  ☆1,859Aug 12, 2021Updated 4 years ago
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,497Nov 15, 2023Updated 2 years ago
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,577Jan 5, 2021Updated 5 years ago
• antonioCoco / RemotePotato0

  View on GitHub
  Windows Privilege Escalation from User to Domain Admin.
  ☆1,438Dec 18, 2022Updated 3 years ago
• S3cur3Th1sSh1t / WinPwn

  View on GitHub
  Automation for internal Windows Penetrationtest / AD-Security
  ☆3,639Aug 28, 2025Updated 5 months ago
• 0x09AL / RdpThief

  View on GitHub
  Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  ☆1,422Jul 20, 2024Updated last year
• Arvanaghi / SessionGopher

  View on GitHub
  SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, Supe…
  ☆1,308Nov 22, 2022Updated 3 years ago
• sensepost / ruler

  View on GitHub
  A tool to abuse Exchange services
  ☆2,297Jun 10, 2024Updated last year
• Kevin-Robertson / Invoke-TheHash

  View on GitHub
  PowerShell Pass The Hash Utils
  ☆1,716Dec 9, 2018Updated 7 years ago
• GhostPack / SafetyKatz

  View on GitHub
  SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader
  ☆1,306Oct 1, 2019Updated 6 years ago
• GreatSCT / GreatSCT

  View on GitHub
  The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool…
  ☆1,128Feb 10, 2021Updated 5 years ago
• tyranid / DotNetToJScript

  View on GitHub
  A tool to create a JScript file which loads a .NET v2 assembly from memory.
  ☆1,316Jan 18, 2021Updated 5 years ago
• eladshamir / Internal-Monologue

  View on GitHub
  Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
  ☆1,637Oct 11, 2018Updated 7 years ago
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,063Feb 3, 2024Updated 2 years ago
• mdsecactivebreach / CACTUSTORCH

  View on GitHub
  CACTUSTORCH: Payload Generation for Adversary Simulations
  ☆1,013Jul 3, 2018Updated 7 years ago
• RedSiege / WMImplant

  View on GitHub
  This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …
  ☆840Jun 25, 2024Updated last year
• CCob / SweetPotato

  View on GitHub
  Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
  ☆1,808Sep 4, 2024Updated last year
• Cn33liz / p0wnedShell

  View on GitHub
  PowerShell Runspace Post Exploitation Toolkit
  ☆1,547Aug 2, 2019Updated 6 years ago
• FuzzySecurity / PowerShell-Suite

  View on GitHub
  My musings with PowerShell
  ☆2,705Nov 19, 2021Updated 4 years ago
• optiv / ScareCrow

  View on GitHub
  ScareCrow - Payload creation framework designed around EDR bypass.
  ☆2,869Aug 18, 2023Updated 2 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,164Mar 31, 2021Updated 4 years ago
• bluscreenofjeff / Red-Team-Infrastructure-Wiki

  View on GitHub
  Wiki to collect Red Team infrastructure hardening resources
  ☆4,440Oct 1, 2025Updated 4 months ago
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,169Feb 21, 2023Updated 2 years ago
• xorrior / RemoteRecon

  View on GitHub
  Remote Recon and Collection
  ☆459Nov 23, 2017Updated 8 years ago
• curi0usJack / luckystrike

  View on GitHub
  A PowerShell based utility for the creation of malicious Office macro documents.
  ☆1,111Nov 3, 2017Updated 8 years ago
• p3nt4 / Invoke-SocksProxy

  View on GitHub
  Socks proxy, and reverse socks server using powershell.
  ☆802Dec 9, 2025Updated 2 months ago
• dafthack / MailSniper

  View on GitHub
  MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, i…
  ☆3,203Aug 7, 2025Updated 6 months ago
• sevagas / macro_pack

  View on GitHub
  macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other f…
  ☆2,301Aug 15, 2024Updated last year
• danielbohannon / Invoke-CradleCrafter

  View on GitHub
  PowerShell Remote Download Cradle Generator & Obfuscator
  ☆853Mar 23, 2018Updated 7 years ago
• nccgroup / demiguise

  View on GitHub
  HTA encryption tool for RedTeams
  ☆1,425Nov 9, 2022Updated 3 years ago
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,789Sep 3, 2022Updated 3 years ago