Alternatives and similar repositories for sauron

Users that are interested in sauron are comparing it to the libraries listed below

• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 6 months ago
• CodeXTF2 / cobaltstrike-sleepmask-yara

  View on GitHub
  Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…
  ☆16Jun 4, 2025Updated 8 months ago
• HackingLZ / saas_enum

  View on GitHub
  Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
  ☆35Jul 23, 2025Updated 6 months ago
• bohops / COM-to-the-Darkside

  View on GitHub
  Slides and resources from MCTTP 2025 Talk
  ☆66Oct 26, 2025Updated 3 months ago
• nyxgeek / azure_survey_2025

  View on GitHub
  results of scraping OneDrive from February 2022 - March 2025
  ☆26Apr 29, 2025Updated 9 months ago
• dmcxblue / AzureStrike

  View on GitHub
  An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations
  ☆61Aug 18, 2025Updated 5 months ago
• NocteDefensor / ludus_tailscale

  View on GitHub
  Ansible Role for Ludus to provision or remove a device to/from a Tailnet.
  ☆13Dec 5, 2025Updated 2 months ago
• lum8rjack / caddy-c2

  View on GitHub
  Caddy v2 module to filter requests based on C2 profiles
  ☆46Apr 24, 2025Updated 9 months ago
• dmcxblue / AzureFunctionRedirector

  View on GitHub
  ☆50Apr 9, 2025Updated 10 months ago
• b4r0nd3l4b1rr4 / Teams-CS-Notifier

  View on GitHub
  ☆15Apr 29, 2023Updated 2 years ago
• The-Viper-One / Invoke-PassTheCert

  View on GitHub
  Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆59Apr 13, 2025Updated 10 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆78Aug 25, 2025Updated 5 months ago
• Workday / raw-disk-parser

  View on GitHub
  A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs
  ☆105Sep 4, 2025Updated 5 months ago
• sikumy / spearspray

  View on GitHub
  Enhance Your Active Directory Password Spraying with User Intelligence.
  ☆312Dec 29, 2025Updated last month
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆289Dec 7, 2025Updated 2 months ago
• rtecCyberSec / RAITrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying
  ☆168Jul 22, 2025Updated 6 months ago
• WKL-Sec / docker-cobaltstrike

  View on GitHub
  Docker container for running CobaltStrike 4.7 and above
  ☆24Mar 20, 2025Updated 10 months ago
• ZephrFish / OmniProx

  View on GitHub
  IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare
  ☆268Dec 15, 2025Updated 2 months ago
• MythicMeta / Pantheon

  View on GitHub
  Community Eventing and Scripting examples
  ☆18Aug 11, 2025Updated 6 months ago
• timb-machine / packet-monkey

  View on GitHub
  Packet Monkey is a tool to filter and classify PCAPs using Wireshark filters
  ☆11May 10, 2025Updated 9 months ago
• vifreex / AzShell

  View on GitHub
  Azure APIs enumeration and abuse
  ☆13Dec 20, 2024Updated last year
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆177Jul 4, 2025Updated 7 months ago
• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆137Dec 7, 2025Updated 2 months ago
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• wariv / DarkLnk

  View on GitHub
  Build sneaky & malicious LNK files.
  ☆159Jul 16, 2025Updated 6 months ago
• WJDigby / hashms

  View on GitHub
  Periodically check hashcat cracking progress and notify of success.
  ☆10Dec 18, 2018Updated 7 years ago
• api0cradle / usernamecrafter

  View on GitHub
  A C project that generates usernames based on input lists and format you decide yourself
  ☆11Jan 23, 2025Updated last year
• yehia-mamdouh / Lsassx

  View on GitHub
  Dumping LSASS Evaded Endpoint Security Solutions
  ☆18Feb 15, 2025Updated last year
• tehstoni / cmstp_uac_bypass_bof

  View on GitHub
  ☆15May 30, 2025Updated 8 months ago
• ibaiC / SafeHarbor-BOF

  View on GitHub
  Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…
  ☆75Oct 27, 2025Updated 3 months ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆212Oct 19, 2024Updated last year
• synacktiv / kcmdump

  View on GitHub
  Dump Kerberos tickets from the KCM database of SSSD
  ☆55Dec 31, 2025Updated last month
• MazX0p / PhantomInjector

  View on GitHub
  Advanced In-Memory PowerShell Process Injection Framework
  ☆72Jul 16, 2025Updated 6 months ago
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆99Jul 9, 2025Updated 7 months ago
• zero2504 / FrostLock-Injection

  View on GitHub
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆42Apr 6, 2025Updated 10 months ago
• MorDavid / DCSyncHound

  View on GitHub
  This script analyzes the DCSync output file from several tools (such as Mimikatz, Secretsdump and SharpKatz...)
  ☆66Mar 17, 2025Updated 10 months ago
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• MorDavid / NetworkHound

  View on GitHub
  Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and co…
  ☆655Jan 16, 2026Updated 3 weeks ago
• xyplex3 / RedTeamCoin

  View on GitHub
  Red Team Coin for crypto-mining operations.
  ☆23Jan 12, 2026Updated last month