xRedCodex/BofArsenal

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xRedCodex/BofArsenal)

xRedCodex / BofArsenal

The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23

☆23

Alternatives and similar repositories for BofArsenal

Users that are interested in BofArsenal are comparing it to the libraries listed below

Sorting:

Yeeb1 / MagicBOFs
View on GitHub
A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.
☆16Jul 15, 2025Updated 7 months ago
MaorSabag / Adaptix-StealthPalace
View on GitHub
Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration
☆65Updated this week
ZERODETECTION / Havoc_Demon_API_Hashing
View on GitHub
Rehashing APIs to prevent hash based detection
☆14Jan 7, 2025Updated last year
buldansec / EnableEFS
View on GitHub
Enable EFS service as low priv user (PE & BOF)
☆21Jul 6, 2025Updated 7 months ago
NetSPI / BOF-PE
View on GitHub
An example reference design for a proposed BOF PE
☆197Jan 23, 2026Updated last month
WKL-Sec / docker-cobaltstrike
View on GitHub
Docker container for running CobaltStrike 4.7 and above
☆24Mar 20, 2025Updated 11 months ago
KingOfTheNOPs / ChangeWallpaper-BOF
View on GitHub
Cobalt Strike Beacon Object File to to change the user's desktop wallpaper
☆17Sep 15, 2023Updated 2 years ago
3as0n / cobaltstrike-bof-toolset
View on GitHub
在cobaltstrike中使用的bof工具集，收集整理验证好用的bof。
☆17Sep 30, 2021Updated 4 years ago
MaorSabag / fileSearcher
View on GitHub
A simple BOF (Beacon Object File) to search files in the system
☆15Dec 2, 2023Updated 2 years ago
Teach2Breach / rpeloader
View on GitHub
use python on windows with full submodule support without installation
☆30Jan 23, 2025Updated last year
0xtengu / Cloak64
View on GitHub
☆48Dec 21, 2025Updated 2 months ago
ibaiC / SafeHarbor-BOF
View on GitHub
Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…
☆75Oct 27, 2025Updated 4 months ago
ibaiC / FriendlyFireBOF
View on GitHub
A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
☆57Apr 14, 2025Updated 10 months ago
EricEsquivel / CobaltStrike-Linux-Beacon
View on GitHub
Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
☆170Feb 11, 2026Updated 2 weeks ago
MythicAgents / Kharon-Mtc
View on GitHub
C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
☆199Dec 30, 2025Updated last month
praetorian-inc / google-redirector
View on GitHub
A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.
☆132Nov 12, 2025Updated 3 months ago
klezVirus / ThreadPoolExecChain
View on GitHub
A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack
☆99Dec 22, 2025Updated 2 months ago
cbrnrd / maliketh
View on GitHub
🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
☆45Feb 6, 2026Updated 3 weeks ago
y-security / stealthguardian
View on GitHub
StealthGuardian is a middleware layer that can be combined with adversary simulation tools to verify the resistance, detection level and…
☆20Aug 7, 2024Updated last year
Shrfnt77 / AmsiBypass
View on GitHub
Bypassing Amsi using LdrLoadDll
☆47Jan 8, 2025Updated last year
susMdT / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆52Dec 4, 2023Updated 2 years ago
Ben-Lichtman / reloader
View on GitHub
Reflective DLL self-loading as a library
☆21May 3, 2025Updated 9 months ago
Hagrid29 / BOF-CredUI
View on GitHub
Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
☆23Nov 23, 2022Updated 3 years ago
ColeHouston / theHandler-BOF
View on GitHub
Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
☆38Aug 5, 2025Updated 6 months ago
passthehashbrowns / BOFMask
View on GitHub
☆126Jun 28, 2023Updated 2 years ago
Hagrid29 / BOF-SprayAD
View on GitHub
Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
☆47Mar 4, 2023Updated 2 years ago
Cracked5pider / kaine-assembly
View on GitHub
a demo module for the kaine agent to execute and inject assembly modules
☆41Aug 28, 2024Updated last year
dobin / ShellcodeObfuscationLab
View on GitHub
Test bench lab for Shellcode Obfuscation
☆35Sep 2, 2025Updated 5 months ago
WJDigby / hashms
View on GitHub
Periodically check hashcat cracking progress and notify of success.
☆10Dec 18, 2018Updated 7 years ago
matro7sh / bof-collection
View on GitHub
collection of beacon object file (Cobalt strike)
☆12Jan 21, 2023Updated 3 years ago
h41th / Simple-Crystal-Palace-RDLL-template-for-Adaptix
View on GitHub
☆36Feb 12, 2026Updated 2 weeks ago
RalfHacker / ExchangeCheckPack
View on GitHub
☆10Jun 26, 2024Updated last year
tharun27102006 / Aether-C2-Framework
View on GitHub
🛠️ Explore custom C2 TTPs with Aether-C2-Framework, focusing on lightweight Rust implants and stealthy transport stacks to reduce forens…
☆18Updated this week
curi0usJack / Ludus-MDE-MDI-Roles
View on GitHub
Ludus roles to deploy ASR rules and MDI auditing settings
☆16Aug 5, 2025Updated 6 months ago
tehstoni / cmstp_uac_bypass_bof
View on GitHub
☆15May 30, 2025Updated 8 months ago
lsecqt / Red-Teaming-Army
View on GitHub
☆14Jul 26, 2025Updated 7 months ago
mammo0 / networkminer-cli
View on GitHub
CLI version of NetworkMiner (https://www.netresec.com/?page=NetworkMiner)
☆13Dec 1, 2025Updated 2 months ago
HulkOperator / Spoof-RetAddr
View on GitHub
☆36Nov 8, 2024Updated last year
rasta-mouse / LibGate
View on GitHub
A Crystal Palace shared library to resolve & perform syscalls
☆56Oct 29, 2025Updated 3 months ago