Alternatives and similar repositories for RedTeamGrimoire

Users that are interested in RedTeamGrimoire are comparing it to the libraries listed below

• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆38Aug 5, 2025Updated 6 months ago
• logangoins / SOAPy

  View on GitHub
  SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
  ☆160Jan 23, 2026Updated 3 weeks ago
• Ap3x / Panoptes

  View on GitHub
  Panoptes Endpoint Detection and Response Solution
  ☆42Jan 19, 2026Updated 3 weeks ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆72Sep 9, 2025Updated 5 months ago
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆698May 7, 2025Updated 9 months ago
• Teach2Breach / stargate

  View on GitHub
  Locate dlls and function addresses without PEB Walk and EAT parsing
  ☆104Nov 7, 2025Updated 3 months ago
• xforcered / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆275Jul 1, 2025Updated 7 months ago
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• Faran-17 / Hellshazzard

  View on GitHub
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Aug 13, 2024Updated last year
• BlackSnufkin / LitterBox

  View on GitHub
  A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…
  ☆1,301Nov 12, 2025Updated 3 months ago
• wariv / DarkLnk

  View on GitHub
  Build sneaky & malicious LNK files.
  ☆159Jul 16, 2025Updated 6 months ago
• DarkSpaceSecurity / RunAs-Stealer

  View on GitHub
  RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
  ☆203Mar 6, 2025Updated 11 months ago
• grayhatkiller / wambam-bof

  View on GitHub
  ☆47Dec 5, 2025Updated 2 months ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆282Apr 6, 2025Updated 10 months ago
• Karkas66 / CelestialSpark

  View on GitHub
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆103Mar 27, 2025Updated 10 months ago
• Fudgedotdotdot / nimpersonate

  View on GitHub
  Impersonate Windows tokens in Nim
  ☆23Aug 4, 2025Updated 6 months ago
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated 10 months ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• m8sec / Dispatch

  View on GitHub
  Evasive Payload Delivery Server & C2 Redirector
  ☆112Nov 3, 2025Updated 3 months ago
• xforcered / SoaPy

  View on GitHub
  SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
  ☆260Feb 21, 2025Updated 11 months ago
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆534May 9, 2025Updated 9 months ago
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆208Jan 30, 2025Updated last year
• dagowda / PrimeEncryptor

  View on GitHub
  ☆82Apr 28, 2025Updated 9 months ago
• zero2504 / EDR-GhostLocker

  View on GitHub
  AppLocker-Based EDR Neutralization
  ☆289Dec 19, 2025Updated last month
• In3x0rabl3 / Proxywatch

  View on GitHub
  ProxyWatch
  ☆34Updated this week
• dobin / avred

  View on GitHub
  Analyse your malware to surgically obfuscate it
  ☆517Dec 17, 2025Updated last month
• c0nf1den71al / Lodestar-Forge

  View on GitHub
  Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.
  ☆108Jan 19, 2026Updated 3 weeks ago
• netero1010 / EDRSilencer

  View on GitHub
  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
  ☆1,813Nov 3, 2024Updated last year
• Meowmycks / LetMeowIn

  View on GitHub
  A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
  ☆442Jul 8, 2024Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• 0xbad53c / OffSecOps-Arsenal

  View on GitHub
  Aggressor script to automatically download and load an arsenal of open source and private Cobalt Strike tooling.
  ☆45Aug 16, 2024Updated last year
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆139Jan 16, 2025Updated last year
• FalconOpsLLC / goexec

  View on GitHub
  Windows remote execution multitool
  ☆780Oct 1, 2025Updated 4 months ago
• RWXstoned / GimmeShelter

  View on GitHub
  Situational Awareness script to identify how and where to run implants
  ☆67Dec 6, 2024Updated last year
• kozmer / aad-bofs

  View on GitHub
  ☆137Nov 17, 2025Updated 2 months ago
• vxCrypt0r / Voidgate

  View on GitHub
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆591Jun 12, 2024Updated last year
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 5 months ago