Alternatives and similar repositories for PoshC2

Users that are interested in PoshC2 are comparing it to the libraries listed below

• cobbr / Covenant

  View on GitHub
  Covenant is a collaborative .NET C2 framework for red teamers.
  ☆4,606Jul 18, 2024Updated last year
• its-a-feature / Mythic

  View on GitHub
  A collaborative, multi-platform, red teaming framework
  ☆4,296Updated this week
• byt3bl33d3r / SILENTTRINITY

  View on GitHub
  An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
  ☆2,318Dec 6, 2023Updated 2 years ago
• BC-SECURITY / Empire

  View on GitHub
  Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
  ☆5,034Updated this week
• BishopFox / sliver

  View on GitHub
  Adversary Emulation Framework
  ☆10,673Updated this week
• bats3c / shad0w

  View on GitHub
  A post exploitation framework designed to operate covertly on heavily monitored environments
  ☆2,169Sep 29, 2021Updated 4 years ago
• ReversecLabs / C3

  View on GitHub
  Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…
  ☆1,722Jan 16, 2026Updated 3 weeks ago
• cobbr / SharpSploit

  View on GitHub
  SharpSploit is a .NET post-exploitation library written in C#
  ☆1,859Aug 12, 2021Updated 4 years ago
• GhostPack / Seatbelt

  View on GitHub
  Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensi…
  ☆4,475Jan 10, 2025Updated last year
• Ne0nd0g / merlin

  View on GitHub
  Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
  ☆5,497Apr 17, 2025Updated 9 months ago
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,452Jul 8, 2025Updated 7 months ago
• optiv / ScareCrow

  View on GitHub
  ScareCrow - Payload creation framework designed around EDR bypass.
  ☆2,869Aug 18, 2023Updated 2 years ago
• mandiant / SharPersist

  View on GitHub
  ☆1,530Aug 11, 2023Updated 2 years ago
• GhostPack / Rubeus

  View on GitHub
  Trying to tame the three-headed dog.
  ☆4,869Nov 14, 2025Updated 3 months ago
• Mr-Un1k0d3r / SCShell

  View on GitHub
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆1,594Jul 10, 2023Updated 2 years ago
• mdsecactivebreach / SharpShooter

  View on GitHub
  Payload Generation Framework
  ☆1,956Aug 21, 2024Updated last year
• DeimosC2 / DeimosC2

  View on GitHub
  DeimosC2 is a Golang command and control framework for post-exploitation.
  ☆1,151Apr 17, 2025Updated 9 months ago
• tevora-threat / SharpView

  View on GitHub
  C# implementation of harmj0y's PowerView
  ☆1,083Mar 22, 2024Updated last year
• 0xthirteen / MoveKit

  View on GitHub
  Cobalt Strike kit for Lateral Movement
  ☆678Feb 21, 2020Updated 5 years ago
• S3cur3Th1sSh1t / WinPwn

  View on GitHub
  Automation for internal Windows Penetrationtest / AD-Security
  ☆3,639Aug 28, 2025Updated 5 months ago
• BC-SECURITY / Starkiller

  View on GitHub
  Starkiller is a Frontend for PowerShell Empire.
  ☆1,617Dec 12, 2025Updated 2 months ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,364Oct 27, 2023Updated 2 years ago
• skelsec / pypykatz

  View on GitHub
  Mimikatz implementation in pure Python
  ☆3,242Jan 2, 2026Updated last month
• RedSiege / C2concealer

  View on GitHub
  C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
  ☆1,097Jun 25, 2024Updated last year
• login-securite / lsassy

  View on GitHub
  Extract credentials from lsass remotely
  ☆2,176Dec 24, 2025Updated last month
• Kevin-Robertson / Inveigh

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆2,903Nov 19, 2025Updated 2 months ago
• danielbohannon / Invoke-Obfuscation

  View on GitHub
  PowerShell Obfuscator
  ☆4,193Aug 10, 2023Updated 2 years ago
• HavocFramework / Havoc

  View on GitHub
  The Havoc Framework
  ☆8,158Dec 18, 2025Updated last month
• sevagas / macro_pack

  View on GitHub
  macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other f…
  ☆2,301Aug 15, 2024Updated last year
• Hackplayers / evil-winrm

  View on GitHub
  The ultimate WinRM shell for hacking/pentesting
  ☆5,237Jan 9, 2026Updated last month
• mhaskar / Octopus

  View on GitHub
  Open source pre-operation C2 server based on python and powershell
  ☆761Jul 6, 2021Updated 4 years ago
• GhostPack / SafetyKatz

  View on GitHub
  SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader
  ☆1,306Oct 1, 2019Updated 6 years ago
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,577Jan 5, 2021Updated 5 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,164Mar 31, 2021Updated 4 years ago
• sensepost / ruler

  View on GitHub
  A tool to abuse Exchange services
  ☆2,297Jun 10, 2024Updated last year
• p3nt4 / PowerShdll

  View on GitHub
  Run PowerShell with rundll32. Bypass software restrictions.
  ☆1,822Mar 17, 2021Updated 4 years ago
• S3cur3Th1sSh1t / Amsi-Bypass-Powershell

  View on GitHub
  This repo contains some Amsi Bypass methods i found on different Blog Posts.
  ☆2,127Nov 28, 2024Updated last year
• ahmedkhlief / Ninja

  View on GitHub
  Open source C2 server created for stealth red team operations
  ☆838Sep 26, 2022Updated 3 years ago
• byt3bl33d3r / CrackMapExec

  View on GitHub
  A swiss army knife for pentesting networks
  ☆9,050Dec 6, 2023Updated 2 years ago