Alternatives and similar repositories for ThunderStorm

Users that are interested in ThunderStorm are comparing it to the libraries listed below

• iDigitalFlame / XMT

  View on GitHub
  eXtensiable Malware Toolkit: Full Featured Golang C2 Framework with Awesome Features
  ☆104Dec 17, 2025Updated last month
• pygrum / monarch

  View on GitHub
  Monarch - The Adversary Emulation Toolkit
  ☆63Jan 7, 2025Updated last year
• iDigitalFlame / XrMT

  View on GitHub
  e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!
  ☆27Aug 19, 2024Updated last year
• InjectionSoftwareandSecurityLLC / lupo

  View on GitHub
  Modular C2 server to tame your pack of wolves
  ☆21Jan 7, 2026Updated last month
• Thunter-HackTeam / EvilentCoerce

  View on GitHub
  ☆159May 5, 2025Updated 9 months ago
• Enelg52 / KittyStager

  View on GitHub
  KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…
  ☆229Jun 6, 2023Updated 2 years ago
• mochabyte0x / TrampoLatte

  View on GitHub
  A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
  ☆18Jun 26, 2025Updated 7 months ago
• D3Ext / Nimbus

  View on GitHub
  Shellcode loader with evasion capabilities written in Nim
  ☆14Jan 25, 2025Updated last year
• federella / CVE-2023-41717

  View on GitHub
  This repository is to provide a write-up and PoC for CVE-2023-41717.
  ☆12Aug 31, 2023Updated 2 years ago
• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 3 weeks ago
• maxDcb / C2Implant

  View on GitHub
  Windows C++ Implant for Exploration C2
  ☆44Jan 26, 2026Updated 2 weeks ago
• NUL0x4C / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61May 12, 2025Updated 9 months ago
• ChoiSG / havoc2nginx

  View on GitHub
  havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…
  ☆12May 8, 2023Updated 2 years ago
• 0x4143 / adversaryemulation-gems

  View on GitHub
  A not so awesome list of adversary emulation gems for aspiring red/blue/purple teamers
  ☆16Jul 19, 2022Updated 3 years ago
• RePRGM / Erebus

  View on GitHub
  Erebus is a payload generator written in Nim.
  ☆16Jun 13, 2023Updated 2 years ago
• eversinc33 / JailWhale

  View on GitHub
  Docker container escape enumeration tool.
  ☆12Jan 23, 2021Updated 5 years ago
• CodeXTF2 / HavocNotion

  View on GitHub
  A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …
  ☆91Oct 10, 2022Updated 3 years ago
• chvancooten / NimPlant

  View on GitHub
  A light-weight first-stage C2 implant written in Nim (and Rust).
  ☆933Mar 28, 2025Updated 10 months ago
• itaymigdal / PichichiH0ll0wer

  View on GitHub
  Nim process hollowing loader
  ☆62Jul 22, 2025Updated 6 months ago
• Secidi0t / Titan

  View on GitHub
  ☆15Nov 24, 2022Updated 3 years ago
• zimnyaa / stoplooking

  View on GitHub
  A simple BOF that disables some logging with NtSetInformationProcess
  ☆13Oct 13, 2023Updated 2 years ago
• ricardojoserf / http-protocol-exfil

  View on GitHub
  Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)
  ☆24Oct 23, 2021Updated 4 years ago
• Teach2Breach / byont

  View on GitHub
  bring your own clean ntdll (or other MS dlls)
  ☆28Jul 14, 2025Updated 7 months ago
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• CiscoCXSecurity / sudo-parser

  View on GitHub
  sudo-parser is a tool to audit complex sudoers files
  ☆18Nov 2, 2022Updated 3 years ago
• cybernomad1 / NimJection

  View on GitHub
  Nim Shellcode Injector
  ☆15Jan 24, 2021Updated 5 years ago
• maxDcb / C2TeamServer

  View on GitHub
  TeamServer and Client of Exploration Command and Control Framework
  ☆177Jan 6, 2026Updated last month
• sha0coder / gohack

  View on GitHub
  Hack tools coded in golang
  ☆23Dec 19, 2023Updated 2 years ago
• XRSec / CobaltStrike-Docker

  View on GitHub
  Cobalt Strike Wrapper
  ☆19Aug 13, 2025Updated 6 months ago
• Xobtah / hermes

  View on GitHub
  Self-updatable RAT + C2 server + client.
  ☆16Jun 24, 2024Updated last year
• jcrvnx / XenoRAT

  View on GitHub
  This is the latest version of XenoRAT, updated with configurations and capable of bypassing all system securities. It will be maintained …
  ☆22Apr 16, 2025Updated 9 months ago
• mttaggart / bolus

  View on GitHub
  Library for shellcode injection
  ☆16Mar 21, 2025Updated 10 months ago
• nmantani / PS-MOTW

  View on GitHub
  PS-MOTW: PowerShell scripts to set / show / remove MOTW (Mark of the Web)
  ☆55Nov 16, 2023Updated 2 years ago
• NtDallas / MemLoader

  View on GitHub
  Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
  ☆266Jun 18, 2025Updated 7 months ago
• nopcorn / DuckDuckC2

  View on GitHub
  A proof-of-concept C2 channel through DuckDuckGo's image proxy service
  ☆77Nov 12, 2023Updated 2 years ago
• sidaf / moonshine

  View on GitHub
  ☆70Oct 30, 2023Updated 2 years ago
• x0reaxeax / SilentWrite

  View on GitHub
  PoC arbitrary WPM without a process handle
  ☆21Jul 22, 2023Updated 2 years ago
• BC-SECURITY / DeathStarPlugin

  View on GitHub
  Deathstar is an Empire plugin that automates gaining Domain and/or Enterprise Admin rights in Active Directory environments using common …
  ☆20Mar 24, 2025Updated 10 months ago
• Whitecat18 / PE-Analyzer.rs

  View on GitHub
  Simple Project that Extracts PE Information.
  ☆21Apr 4, 2025Updated 10 months ago