ryhanson/ExternalC2 external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ryhanson/ExternalC2

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ryhanson/ExternalC2)

Close

ryhanson / ExternalC2View on GitHubMore

• External links
• Readme badge

A library for integrating communication channels with the Cobalt Strike External C2 server

☆290Nov 23, 2017Updated 8 years ago

Alternatives and similar repositories for ExternalC2

Users that are interested in ExternalC2 are comparing it to the libraries listed below

• Und3rf10w / external_c2_framework

  View on GitHub
  Python api for usage with cobalt strike's External C2 specification
  ☆241Mar 22, 2023Updated 2 years ago
• SpiderLabs / DoHC2

  View on GitHub
  DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2…
  ☆448Aug 7, 2020Updated 5 years ago
• outflanknl / external_c2

  View on GitHub
  POC for Cobalt Strike external C2
  ☆141Sep 6, 2021Updated 4 years ago
• xorrior / raven

  View on GitHub
  CobaltStrike External C2 for Websockets
  ☆197Jul 16, 2019Updated 6 years ago
• SpiderLabs / SharpCompile

  View on GitHub
  SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…
  ☆290Aug 7, 2020Updated 5 years ago
• bluscreenofjeff / Malleable-C2-Randomizer

  View on GitHub
  A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
  ☆454Sep 9, 2022Updated 3 years ago
• 001SPARTaN / csfm

  View on GitHub
  Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
  ☆65Dec 27, 2017Updated 8 years ago
• killswitch-GUI / CobaltStrike-ToolKit

  View on GitHub
  Some useful scripts for CobaltStrike
  ☆859Dec 17, 2020Updated 5 years ago
• Und3rf10w / Aggressor-scripts

  View on GitHub
  Aggressor scripts I've made for Cobalt Strike
  ☆413Jul 29, 2023Updated 2 years ago
• xorrior / RemoteRecon

  View on GitHub
  Remote Recon and Collection
  ☆459Nov 23, 2017Updated 8 years ago
• codewhitesec / LethalHTA

  View on GitHub
  Lateral Movement technique using DCOM and HTA
  ☆235Oct 18, 2022Updated 3 years ago
• dcsync / pycobalt

  View on GitHub
  Cobalt Strike Python API
  ☆304Jan 27, 2022Updated 4 years ago
• threatexpress / cs2modrewrite

  View on GitHub
  Convert Cobalt Strike profiles to modrewrite scripts
  ☆611Jan 30, 2023Updated 3 years ago
• harleyQu1nn / AggressorScripts

  View on GitHub
  Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
  ☆1,528Jun 30, 2023Updated 2 years ago
• vysecurity / ANGRYPUPPY

  View on GitHub
  Bloodhound Attack Path Automation in CobaltStrike
  ☆325Apr 26, 2020Updated 5 years ago
• vysecurity / morphHTA

  View on GitHub
  morphHTA - Morphing Cobalt Strike's evil.HTA
  ☆526Apr 14, 2023Updated 2 years ago
• outflanknl / Excel4-DCOM

  View on GitHub
  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
  ☆328Mar 26, 2019Updated 6 years ago
• GreatSCT / GreatSCT

  View on GitHub
  The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool…
  ☆1,128Feb 10, 2021Updated 5 years ago
• mdsecactivebreach / CACTUSTORCH

  View on GitHub
  CACTUSTORCH: Payload Generation for Adversary Simulations
  ☆1,012Jul 3, 2018Updated 7 years ago
• nettitude / PoshC2_Old

  View on GitHub
  Powershell C2 Server and Implants
  ☆575Nov 11, 2019Updated 6 years ago
• checkymander / Sharp-WMIExec

  View on GitHub
  ☆208May 1, 2020Updated 5 years ago
• RhinoSecurityLabs / Aggressor-Scripts

  View on GitHub
  Aggregation of Cobalt Strike's aggressor scripts.
  ☆142Mar 31, 2018Updated 7 years ago
• xorrior / Random-CSharpTools

  View on GitHub
  Collection of CSharp Assemblies focused on Post-Exploitation Capabilities
  ☆231May 30, 2019Updated 6 years ago
• rasta-mouse / TikiTorch

  View on GitHub
  Process Injection
  ☆766Oct 24, 2021Updated 4 years ago
• Mr-Un1k0d3r / MaliciousMacroGenerator

  View on GitHub
  Malicious Macro Generator
  ☆828Apr 17, 2019Updated 6 years ago
• 001SPARTaN / aggressor_scripts

  View on GitHub
  A collection of useful scripts for Cobalt Strike
  ☆172Aug 15, 2024Updated last year
• mdsecactivebreach / SharpShooter

  View on GitHub
  Payload Generation Framework
  ☆1,964Aug 21, 2024Updated last year
• RedSiege / AggressorAssessor

  View on GitHub
  Aggressor scripts for phases of a pen test or red team assessment
  ☆184Aug 13, 2024Updated last year
• GoFetchAD / GoFetch

  View on GitHub
  GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
  ☆633Jun 20, 2017Updated 8 years ago
• 0xbadjuju / Tokenvator

  View on GitHub
  A tool to elevate privilege with Windows Tokens
  ☆1,053Oct 6, 2023Updated 2 years ago
• outflanknl / Recon-AD

  View on GitHub
  Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
  ☆331Oct 20, 2019Updated 6 years ago
• bluscreenofjeff / AggressorScripts

  View on GitHub
  Aggressor scripts for use with Cobalt Strike 3.0+
  ☆885Sep 9, 2022Updated 3 years ago
• P1CKLES / SharpBox

  View on GitHub
  SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
  ☆110Jan 20, 2021Updated 5 years ago
• nettitude / Invoke-PowerThIEf

  View on GitHub
  The PowerThIEf, an Internet Explorer Post Exploitation library
  ☆130Feb 27, 2025Updated last year
• GhostPack / SharpRoast

  View on GitHub
  DEPRECATED SharpRoast is a C# port of various PowerView's Kerberoasting functionality.
  ☆251Sep 25, 2018Updated 7 years ago
• rasta-mouse / Aggressor-Script

  View on GitHub
  Collection of Aggressor Scripts for Cobalt Strike
  ☆172Aug 8, 2018Updated 7 years ago
• Cn33liz / StarFighters

  View on GitHub
  A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.
  ☆321Jun 5, 2017Updated 8 years ago
• 0xdeadbeefJERKY / Office-DDE-Payloads

  View on GitHub
  Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
  ☆638Jul 16, 2023Updated 2 years ago
• Kevin-Robertson / InveighZero

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆809Aug 28, 2022Updated 3 years ago