praetorian-inc/swarmer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/praetorian-inc/swarmer)

praetorian-inc / swarmer

A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN

☆104

Alternatives and similar repositories for swarmer

Users that are interested in swarmer are comparing it to the libraries listed below

Sorting:

SafeBreach-Labs / RPC-Racer
View on GitHub
Toolset to manipulate RPC clients by finding delayed services and masquerading as them
☆108Aug 18, 2025Updated 6 months ago
jhalon / cSessionHop
View on GitHub
Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
☆63Dec 25, 2025Updated 2 months ago
jsecu / ModTask
View on GitHub
☆53Sep 23, 2025Updated 5 months ago
dmcxblue / PyObscura
View on GitHub
A python script that automates a C2 Profile build
☆48Dec 14, 2025Updated 2 months ago
T1erno / bin2shellcode
View on GitHub
C++ tool and library for converting .bin files to shellcode in multiple output formats.
☆33Aug 18, 2025Updated 6 months ago
som3canadian / Mythic_NimSyscallPacker_Wrapper
View on GitHub
Mythic C2 wrapper for NimSyscallPacker
☆25Mar 12, 2025Updated 11 months ago
I3IT / Detect.Remote.ShadowSnapshot.Dump
View on GitHub
Detect Remote Local Credentials Dumping using a Shadow Snapshot
☆32Jan 27, 2025Updated last year
dazzyddos / ClickOnceBlobber
View on GitHub
Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …
☆124Feb 14, 2026Updated last week
Fudgedotdotdot / nimpersonate
View on GitHub
Impersonate Windows tokens in Nim
☆23Aug 4, 2025Updated 6 months ago
mubix / Find-WSUS
View on GitHub
Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
☆46Oct 28, 2025Updated 3 months ago
MythicAgents / Kharon-Mtc
View on GitHub
C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
☆199Dec 30, 2025Updated last month
nbaertsch / nimvoke
View on GitHub
Indirect syscalls + DInvoke made simple.
☆96Dec 24, 2024Updated last year
FalconForceTeam / bof-winrm-plugin-jump
View on GitHub
☆33Jan 23, 2025Updated last year
Hagrid29 / BOF-RemoteRegSave
View on GitHub
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
☆17Mar 4, 2023Updated 2 years ago
silentwarble / Hannibal
View on GitHub
Mythic C2 Agent written in x64 PIC C
☆85Jan 29, 2025Updated last year
0xflagplz / Xll-Payload-Generator
View on GitHub
Excel Add In Payload Generator
☆14Oct 9, 2023Updated 2 years ago
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆185Jan 17, 2026Updated last month
xforcered / ForsHops
View on GitHub
ForsHops
☆152Mar 25, 2025Updated 11 months ago
tijme / kong-loader
View on GitHub
Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…
☆63Apr 2, 2025Updated 10 months ago
kidtronnix / restless-guest
View on GitHub
An offensive toolkit for restless guests #DEFCON33
☆53Aug 11, 2025Updated 6 months ago
hdbreaker / Nimhawk
View on GitHub
A powerful, modular, lightweight and efficient command & control framework written in Nim.
☆221Nov 3, 2025Updated 3 months ago
MWR-CyberSec / AD-CS-Forest-Exploiter
View on GitHub
Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise
☆127Dec 2, 2023Updated 2 years ago
dmcxblue / NtCreateUserProcessBOF
View on GitHub
An Aggressor Script that utilizes NtCreateUserProcess to run binaries
☆30Jan 30, 2025Updated last year
grayhatkiller / wambam-bof
View on GitHub
☆47Dec 5, 2025Updated 2 months ago
seriotonctf / kerberos_aes_key
View on GitHub
Generate AES128 and AES256 Kerberos keys from a given username, password, and realm
☆18Sep 18, 2024Updated last year
0xthirteen / mtprocess
View on GitHub
Python script to leverage MSFT_MTProcess WMI class
☆39Sep 17, 2025Updated 5 months ago
paranoidninja / BRC4-BOF-Artillery
View on GitHub
☆146Nov 6, 2025Updated 3 months ago
smokeme / asar-backdoor
View on GitHub
☆33Mar 19, 2025Updated 11 months ago
0xsch1zo / NullGate
View on GitHub
Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
☆166Jul 30, 2025Updated 6 months ago
MythicC2Profiles / discord
View on GitHub
Discord C2 Profile for Mythic
☆33Feb 18, 2025Updated last year
logangoins / BadTakeover-BOF
View on GitHub
Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
☆85Oct 20, 2025Updated 4 months ago
whokilleddb / ASPxecute
View on GitHub
Execute shellcode via ASPNET compiler
☆62Oct 2, 2025Updated 4 months ago
CodeXTF2 / CustomC2ChannelTemplate
View on GitHub
template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
☆101Jan 10, 2026Updated last month
cocomelonc / bsprishtina-2024-maldev-workshop
View on GitHub
BSides Prishtina 2024 Malware Development and Persistence workshop
☆127Jan 1, 2026Updated last month
JeanBonBeurre34 / cc-agent
View on GitHub
☆28Feb 11, 2026Updated 2 weeks ago
VirtualAlllocEx / CS-EDR-Enumeration
View on GitHub
Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…
☆33Feb 6, 2026Updated 3 weeks ago
nettitude / ElephantPoint
View on GitHub
☆47Feb 12, 2026Updated 2 weeks ago
0xTriboulet / T-70
View on GitHub
A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system
☆40Oct 30, 2024Updated last year
0xsh3llf1r3 / ColdWer
View on GitHub
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
☆113Jan 29, 2026Updated 3 weeks ago