incursi0n/GodPotatoBOF external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

incursi0n/GodPotatoBOF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/incursi0n/GodPotatoBOF)

Close

incursi0n / GodPotatoBOFView on GitHubMore

• External links
• Readme badge

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

☆238Apr 16, 2026Updated last month

Alternatives and similar repositories for GodPotatoBOF

Users that are interested in GodPotatoBOF are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• kozmer / dcsync-bof

  View on GitHub
  dcsync bof
  ☆52Feb 13, 2026Updated 3 months ago
• SpecterOps / SCOMHound

  View on GitHub
  ☆41Dec 4, 2025Updated 5 months ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆86Oct 20, 2025Updated 7 months ago
• garrettfoster13 / CVE-2025-59501

  View on GitHub
  CVE-2025-59501 POC code
  ☆26Nov 20, 2025Updated 6 months ago
• antroguy / GetAccessTokenWithSSOCookie

  View on GitHub
  ☆50Jun 4, 2025Updated 11 months ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• Ghaleb0x317374 / StealthyWMIExec.py

  View on GitHub
  A stealthier approach to WMI-based command execution using Impacket without touching the disk.
  ☆83Mar 15, 2026Updated 2 months ago
• KingOfTheNOPs / ChangeWallpaper-BOF

  View on GitHub
  Cobalt Strike Beacon Object File to to change the user's desktop wallpaper
  ☆17Sep 15, 2023Updated 2 years ago
• Meowmycks / trustme

  View on GitHub
  BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation
  ☆131Mar 27, 2026Updated 2 months ago
• kozmer / aad-bofs

  View on GitHub
  ☆139Nov 17, 2025Updated 6 months ago
• zyn3rgy / RelayInformer

  View on GitHub
  Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
  ☆176May 8, 2026Updated 2 weeks ago
• 0xsh3llf1r3 / ColdWer

  View on GitHub
  Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
  ☆136Jan 29, 2026Updated 3 months ago
• brmkit / toastnotify-bof

  View on GitHub
  abusing windows toast notifications for fun and user manipulation
  ☆101Mar 20, 2026Updated 2 months ago
• zux0x3a / Phantom

  View on GitHub
  Phantom is project created to perform loading and executing unmanaged code in memory within an IIS environment running in full‑trust mode…
  ☆103Apr 27, 2026Updated 3 weeks ago
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆155Nov 23, 2025Updated 6 months ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• wietze / lnk-it-up

  View on GitHub
  Project for generating and identifying deceptive LNK files.
  ☆338Mar 8, 2026Updated 2 months ago
• sensepost / bloatware-pwn

  View on GitHub
  LPE / RCE Exploits for various vulnerable "Bloatware" products
  ☆87Aug 5, 2025Updated 9 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆172Feb 16, 2026Updated 3 months ago
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆126Nov 27, 2024Updated last year
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• sploutchy / Certipy

  View on GitHub
  Tool for Active Directory Certificate Services enumeration and abuse
  ☆16Mar 20, 2025Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• kypvas / LDIFToBloodHound

  View on GitHub
  A Windows tool that converts LDIF files to BloodHound CE
  ☆32Dec 20, 2025Updated 5 months ago
• 0xMohammedHassan / morphkatz

  View on GitHub
  Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants
  ☆170May 9, 2026Updated 2 weeks ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 9 months ago
• emdnaia / OdinLdr

  View on GitHub
  Cobaltstrike UDRL with memory evasion
  ☆15May 16, 2024Updated 2 years ago
• Logisek / AZexec

  View on GitHub
  The Azure Execution Tool
  ☆156Feb 6, 2026Updated 3 months ago
• CodeXTF2 / CustomC2ChannelTemplate

  View on GitHub
  template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
  ☆103Jan 10, 2026Updated 4 months ago
• atomiczsec / Adrenaline

  View on GitHub
  C2-agnostic BOF collection, categorized by attack chain phase. Designed to be small and modular, allowing for quick execution and automat…
  ☆304May 18, 2026Updated last week
• casp3r0x0 / CallWindowProcW-ShellcodeLoader

  View on GitHub
  ☆19Sep 1, 2025Updated 8 months ago
• garrettfoster13 / mssqlkaren

  View on GitHub
  modified mssqlclient from impacket to extract policies from the SCCM database
  ☆47Feb 24, 2026Updated 3 months ago
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆19Mar 19, 2025Updated last year
• SlimeOnSecurity / PrintSpoofer-BOF

  View on GitHub
  ☆52May 4, 2025Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆160Mar 26, 2025Updated last year
• TierZeroSecurity / killerPID-BOF

  View on GitHub
  BOF to terminate a process via PID as argument
  ☆28Sep 7, 2025Updated 8 months ago
• werdhaihai / msi_lateral_mv

  View on GitHub
  Lateral Movement Bof with MSI ODBC Driver Install
  ☆149Sep 30, 2025Updated 7 months ago
• RedTeamPentesting / wspcoerce

  View on GitHub
  wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP
  ☆139Nov 24, 2025Updated 6 months ago
• MrAle98 / Sliver-PortBender

  View on GitHub
  Sliver extension performing TCP redirection tasks without performing cross-process injection.
  ☆68Jan 14, 2025Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆356Nov 19, 2024Updated last year
• REDMED-X / InjectKit

  View on GitHub
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆109Jan 24, 2024Updated 2 years ago