Alternatives and similar repositories for coffeeldr

Users that are interested in coffeeldr are comparing it to the libraries listed below

• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• NetSPI / BOF-PE

  View on GitHub
  An example reference design for a proposed BOF PE
  ☆197Jan 23, 2026Updated 3 weeks ago
• hakaioffsec / coffee

  View on GitHub
  A COFF loader made in Rust
  ☆327Aug 20, 2025Updated 5 months ago
• NoahKirchner / speedloader

  View on GitHub
  Rust template/library for implementing your own COFF loader
  ☆71Jan 27, 2025Updated last year
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆154Updated this week
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 11 months ago
• JayGLXR / RustyMirage

  View on GitHub
  A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆38Mar 6, 2025Updated 11 months ago
• 0xTriboulet / rdll-rs

  View on GitHub
  A reflective DLL development template for the Rust programming language
  ☆113Nov 4, 2025Updated 3 months ago
• joaoviictorti / uwd

  View on GitHub
  Call Stack Spoofing for Rust
  ☆210Jan 28, 2026Updated 3 weeks ago
• safedv / RustVEHSyscalls

  View on GitHub
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆161Oct 31, 2024Updated last year
• affix / rusty-hollow

  View on GitHub
  Unix Process hollowing in rust
  ☆22Dec 16, 2024Updated last year
• KickedDroid / loadstar

  View on GitHub
  A different approach to writing BOFs in rust.
  ☆18Aug 20, 2025Updated 5 months ago
• joaoviictorti / rustclr

  View on GitHub
  Host CLR and run .NET binaries using Rust
  ☆149Dec 23, 2025Updated last month
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆231Feb 12, 2025Updated last year
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆67Jan 11, 2026Updated last month
• joaoviictorti / runas

  View on GitHub
  A runas implementation with extra features in Rust
  ☆53Nov 15, 2025Updated 3 months ago
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆17Jun 18, 2022Updated 3 years ago
• Nariod / RustPacker

  View on GitHub
  Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.
  ☆318Jun 24, 2025Updated 7 months ago
• outflanknl / macho-loader

  View on GitHub
  ☆102Sep 5, 2024Updated last year
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated 11 months ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• yamakadi / ldr

  View on GitHub
  A work in progress BOF/COFF loader in Rust
  ☆50Mar 22, 2023Updated 2 years ago
• safedv / Rustic64

  View on GitHub
  64-bit, position-independent implant template for Windows in Rust.
  ☆172Nov 28, 2025Updated 2 months ago
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 7 months ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• 0xflux / Sanctum

  View on GitHub
  Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…
  ☆500Updated this week
• joaoviictorti / hypnus

  View on GitHub
  Sleep Obfuscation in Rust
  ☆277Dec 1, 2025Updated 2 months ago
• Kudaes / DInvoke_rs

  View on GitHub
  Dynamically invoke arbitrary unmanaged code
  ☆358Nov 20, 2024Updated last year
• joaoviictorti / dinvk

  View on GitHub
  Dynamically invoke arbitrary code in Rust (Dinvoke)
  ☆101Dec 1, 2025Updated 2 months ago
• Kudaes / Unwinder

  View on GitHub
  Call stack spoofing for Rust
  ☆356Feb 7, 2025Updated last year
• Irate-Walrus / stardust-rs

  View on GitHub
  An i686 & x86_64 position independent implant template for Rust 🦀
  ☆33Jul 6, 2025Updated 7 months ago
• 0xTriboulet / Abomination

  View on GitHub
  A synergized Visual Studio and Rust development environment
  ☆19Jan 25, 2025Updated last year
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆157Jul 13, 2025Updated 7 months ago
• safedv / Rustic64Shell

  View on GitHub
  A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.
  ☆85Apr 26, 2025Updated 9 months ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆282Apr 6, 2025Updated 10 months ago
• outflanknl / edr-internals

  View on GitHub
  Tools for analyzing EDR agents
  ☆277Jun 10, 2024Updated last year
• joaoviictorti / shadow

  View on GitHub
  Windows Kernel Rootkit in Rust
  ☆679Oct 10, 2025Updated 4 months ago