souzomain/Shaco

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/souzomain/Shaco)

souzomain / Shaco

Shaco is a linux agent for havoc

☆170

Alternatives and similar repositories for Shaco

Users that are interested in Shaco are comparing it to the libraries listed below

Sorting:

0xv1n / Havoc-ProfileGenerator
View on GitHub
malleable profile generator GUI for Havoc
☆55Apr 28, 2023Updated 2 years ago
0xTriboulet / Revenant
View on GitHub
Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
☆387Jul 30, 2024Updated last year
EvanMcBroom / perfect-loader
View on GitHub
Load a dynamic library from memory by modifying the native Windows loader
☆286Jun 18, 2025Updated 9 months ago
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆617Jan 2, 2025Updated last year
icyguider / LatLoader
View on GitHub
PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
☆309Dec 9, 2023Updated 2 years ago
MrAle98 / Sliver-PortBender
View on GitHub
Sliver extension performing TCP redirection tasks without performing cross-process injection.
☆68Jan 14, 2025Updated last year
b1tg / cobaltstrike-beacon-rust
View on GitHub
CobaltStrike beacon in rust
☆207Aug 10, 2024Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆685Oct 23, 2024Updated last year
CodeXTF2 / PyHmmm
View on GitHub
Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …
☆86Nov 8, 2023Updated 2 years ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆681Aug 15, 2025Updated 7 months ago
wavvs / nanorobeus
View on GitHub
COFF file (BOF) for managing Kerberos tickets.
☆320Jul 2, 2023Updated 2 years ago
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆151Apr 18, 2025Updated 11 months ago
fin3ss3g0d / IoDllProxyLoad
View on GitHub
DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
☆65Mar 19, 2024Updated 2 years ago
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆189Jan 17, 2026Updated 2 months ago
OtterHacker / SetProcessInjection
View on GitHub
☆153Oct 2, 2023Updated 2 years ago
georgesotiriadis / Chimera
View on GitHub
Automated DLL Sideloading Tool With EDR Evasion Capabilities
☆505Dec 19, 2023Updated 2 years ago
NetSPI / BOF-PE
View on GitHub
An example reference design for a proposed BOF PE
☆204Jan 23, 2026Updated last month
therealdreg / dregate
View on GitHub
call gates as stable comunication channel for NT x86 and Linux x86_64
☆32Aug 11, 2023Updated 2 years ago
souzomain / Packer
View on GitHub
Packer is a compact, fast and crosss-platform serialization library for store data in a buffer
☆22Aug 5, 2023Updated 2 years ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆374Apr 19, 2023Updated 2 years ago
Ghost53574 / havoc_profile_generator
View on GitHub
Havoc C2 profile generator
☆106Mar 4, 2026Updated 2 weeks ago
WKL-Sec / dcomhijack
View on GitHub
Lateral Movement Using DCOM and DLL Hijacking
☆324Jun 18, 2023Updated 2 years ago
Kudaes / Shelter
View on GitHub
ROP-based sleep obfuscation to evade memory scanners
☆379Jun 22, 2025Updated 9 months ago
ElliotKillick / LdrLockLiberator
View on GitHub
For when DLLMain is the only way
☆424Oct 29, 2024Updated last year
nickvourd / Supernova
View on GitHub
Real fucking shellcode encryptor & obfuscator tool
☆1,013Jan 7, 2026Updated 2 months ago
Dec0ne / DllNotificationInjection
View on GitHub
A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…
☆466Aug 23, 2023Updated 2 years ago
g3tsyst3m / elevationstation
View on GitHub
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
☆384Nov 2, 2023Updated 2 years ago
Ridter / atexec-pro
View on GitHub
Fileless atexec, no more need for port 445
☆406Mar 28, 2024Updated last year
CodeXTF2 / WindowSpy
View on GitHub
WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
☆282Feb 24, 2025Updated last year
Mr-Un1k0d3r / Elevate-System-Trusted-BOF
View on GitHub
☆176Mar 27, 2023Updated 2 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,008Jun 4, 2024Updated last year
3lp4tr0n / RemoteMonologue
View on GitHub
Weaponizing DCOM for NTLM Authentication Coercions
☆201Nov 4, 2025Updated 4 months ago
EricEsquivel / Inline-EA
View on GitHub
Cobalt Strike BOF for evasive .NET assembly execution
☆309Mar 31, 2025Updated 11 months ago
Kudaes / EPI
View on GitHub
Threadless Process Injection through entry point hijacking
☆351Sep 10, 2024Updated last year
BeetleChunks / Obligato
View on GitHub
This project is an implant framework designed for long term persistent access to Windows machines.
☆108Sep 22, 2023Updated 2 years ago
Maldev-Academy / Christmas
View on GitHub
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
☆259Jan 21, 2024Updated 2 years ago
mertdas / PrivKit
View on GitHub
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆574Jan 20, 2026Updated 2 months ago
YOLOP0wn / POSTDump
View on GitHub
☆342Nov 10, 2025Updated 4 months ago
grayhatkiller / SharpExShell
View on GitHub
SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
☆75May 1, 2024Updated last year