pandaadir05 / ghostLinks
Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI and TUI interfaces.
☆271Updated last month
Alternatives and similar repositories for ghost
Users that are interested in ghost are comparing it to the libraries listed below
Sorting:
- SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…☆260Updated last week
- Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supporte…☆208Updated 4 months ago
- Keklick - C2 Hunting, Reporting and Visualization Tool☆63Updated 6 months ago
- APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files☆96Updated 10 months ago
- NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.☆93Updated 3 months ago
- This is practice VM for malware development☆179Updated 2 months ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆105Updated 5 months ago
- Ebyte-Go-Morpher is a Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates …☆121Updated 6 months ago
- 🔒 Modern C2 Platform with Cloudflare Tunnel Integration | WinRM & SSH Remote Management | Real-time Terminal & Remote Desktop | Built wi…☆124Updated last month
- Execute shellcode via ASPNET compiler☆60Updated 4 months ago
- Generate backdoored RSA keys using SETUP☆231Updated 2 months ago
- EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.☆180Updated 3 weeks ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆131Updated 9 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆161Updated 5 months ago
- Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.☆220Updated last month
- Phantom Keylogger is an advanced, stealth-enabled keystroke and visual intelligence gathering system.☆74Updated 2 months ago
- AV/EDR processes termination by exploiting a vulnerable driver (BYOVD)☆208Updated 2 weeks ago
- Backdooring VSCode Projects☆124Updated 8 months ago
- .NET tool used to enrich RPC telemetry☆101Updated 2 weeks ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Updated 11 months ago
- A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion.☆65Updated 6 months ago
- SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connecti…☆432Updated 3 months ago
- A YARA rule generator☆61Updated this week
- A professional Red Team / Pentest tool for assessing the external perimeter of a company in a complete "black box" mode (zero knowledge, …☆29Updated 2 months ago
- Share threat intelligence and detect tools about APT "NightEgle" (APT-Q-95)☆41Updated 7 months ago
- Enumerate active EDR's on the system☆150Updated 4 months ago
- A comprehensive modern architecture model is proposed to integrate platform solutions and tooling to support a professional Red Team.☆183Updated 3 weeks ago
- Obex – Blocking unwanted DLLs in user mode☆280Updated 4 months ago
- Vibe Malware Triage - MCP server for static PE analysis.☆74Updated 2 months ago
- Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bo…☆505Updated 2 weeks ago