Alternatives and similar repositories for seashell

Users that are interested in seashell are comparing it to the libraries listed below

• AdvDebug / BehavEye
  Advanced dynamic malware analysis tool.
  ☆82Updated last year
• li4321 / selfmovingdll
  ☆25Updated last year
• fcccode / Vx-Engines
  Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware
  ☆30Updated 6 years ago
• ZeroMemoryEx / URootkit
  simple user-mode Rootkit
  ☆107Updated 3 years ago
• vmsplit / checkm8
  bypassing intel txt's tboot integrity checks via coreboot shim
  ☆83Updated 9 months ago
• NUL0x4C / GP
  using the gpu to hide your payload
  ☆63Updated 3 years ago
• vmsplit / IceVMM
  minimal hypervisor for aarch64 (WIP)
  ☆30Updated 2 weeks ago
• thalium / vminer
  ☆89Updated 10 months ago
• Internet-2-0 / Malcore-x64dbg
  This x64dbg plugin allows you to upload your sample to Malcore and view the results.
  ☆36Updated 2 years ago
• pygrum / siphon
  A feed of malware samples curated from threat intelligence sources.
  ☆28Updated 2 years ago
• micREsoft / SysCaller
  SysCaller: SDK for WindowsAPI via syscalls. Dynamic Resolution, Obfuscation, Multi-Language Bindings, & more!
  ☆50Updated 3 weeks ago
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆73Updated 6 months ago
• buzzer-re / Shinigami
  A dynamic unpacking tool
  ☆145Updated 2 years ago
• vmsplit / icekit
  I/O Cache-As-Ram + AMD x86_64 cache line locking | Mirror of https://codeberg.org/3itch/icekit
  ☆18Updated 9 months ago
• TheMalwareGuardian / Bentico
  [ARCHIVED] Early work on Benthic (Windows Kernel Rootkit).
  ☆56Updated 4 months ago
• lil-skelly / basilisk
  ☆14Updated 8 months ago
• TheMalwareGuardian / Abismo
  [ARCHIVED] Early work on Abyss (Windows UEFI Bootkit).
  ☆44Updated 4 months ago
• symeonp / Lenovo-CVE-2025-8061
  PoC for popping a system shell against the LnvMSRIO.sys driver
  ☆115Updated 2 months ago
• tanc7 / skidstorm
  ☆26Updated 8 months ago
• zodiacon / Recon2023
  Recon 2023 slides and code
  ☆80Updated 2 years ago
• KingKDot / Exorcism
  The first open source runtime windows batch and command line deobfuscator
  ☆41Updated 3 months ago
• CarlosG13 / Process-Hypnosis-Debugger-assisted-control-flow-hijack
  ☆39Updated last year
• 3intermute / ramiel
  uefi diskless persistence technique + OVMF secureboot bypass
  ☆94Updated last year
• mandiant / poisonplug-scatterbrain
  Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator
  ☆71Updated 9 months ago
• husseinmuhaisen / Hypervisor
  A comprehensive Hypervisor resources repo
  ☆183Updated last month
• TheMalwareGuardian / Awesome-Bootkits-Rootkits-Development
  A curated compilation of extensive resources dedicated to bootkit and rootkit development.
  ☆158Updated 4 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆118Updated last year
• MatheuZSecurity / ElfDoor-gcc
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆132Updated 8 months ago
• lewiswigmore / Virus.xcheck
  Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs…
  ☆57Updated 2 months ago
• xalicex / Get-DLL-and-Function-Addresses
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Updated 3 years ago