Alternatives and similar repositories for AITMWorker

Users that are interested in AITMWorker are comparing it to the libraries listed below

• ss23 / evilginx2

  View on GitHub
  Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …
  ☆19Apr 4, 2023Updated 2 years ago
• An0nUD4Y / Evilginx-Phishing-Infra-Setup

  View on GitHub
  Evilginx Phishing Infrastructure Setup Guide - Securing Evilginx and Gophish Infrastructure, Removing IOCs, Phishing TTPs
  ☆534Jun 3, 2025Updated 8 months ago
• Flangvik / Bobber

  View on GitHub
  Bounces when a fish bites - Evilginx database monitoring with exfiltration automation
  ☆183Jun 9, 2024Updated last year
• RedByte1337 / GraphSpy

  View on GitHub
  Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
  ☆1,030Dec 31, 2025Updated last month
• dazzyddos / HSC24RedTeamInfra

  View on GitHub
  Slides and Codes used for the workshop Red Team Infrastructure Automation
  ☆196Apr 14, 2024Updated last year
• fkasler / cuddlephish

  View on GitHub
  Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
  ☆601Dec 9, 2025Updated 2 months ago
• t3hbb / PanGP_Extractor

  View on GitHub
  Tool to extract username and password of current user from PanGPA in plaintext
  ☆89Dec 23, 2024Updated last year
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆244Oct 27, 2025Updated 3 months ago
• Mayyhem / Maestro

  View on GitHub
  Abusing Azure services over C2
  ☆368Jan 20, 2026Updated 3 weeks ago
• JumpsecLabs / TokenSmith

  View on GitHub
  TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …
  ☆376Jan 23, 2025Updated last year
• waelmas / frameless-bitb

  View on GitHub
  A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented b…
  ☆441May 29, 2024Updated last year
• klezVirus / koppeling-p

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Aug 5, 2024Updated last year
• mvelazc0 / msInvader

  View on GitHub
  M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…
  ☆322Oct 12, 2025Updated 4 months ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆772Jan 26, 2026Updated 2 weeks ago
• xpn / CloudInject

  View on GitHub
  ☆118Nov 21, 2024Updated last year
• Malcrove / SeamlessPass

  View on GitHub
  A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
  ☆232Aug 25, 2024Updated last year
• mvelazc0 / BadZure

  View on GitHub
  BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…
  ☆485Updated this week
• RedSiege / SharpCollectionTemplate

  View on GitHub
  ☆14Sep 26, 2023Updated 2 years ago
• 0xTriboulet / ai-postex

  View on GitHub
  Proof-of-concept implementation of AI-enabled postex DLLs
  ☆54Sep 10, 2025Updated 5 months ago
• WKL-Sec / WMIExec

  View on GitHub
  Set of python scripts which perform different ways of command execution via WMI protocol.
  ☆165Jun 29, 2023Updated 2 years ago
• Slowerzs / ThievingFox

  View on GitHub
  ☆567Mar 28, 2024Updated last year
• secureworks / TokenMan

  View on GitHub
  ☆105Oct 27, 2022Updated 3 years ago
• bohops / DynamicDotNet

  View on GitHub
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆146May 18, 2024Updated last year
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆149Feb 11, 2023Updated 3 years ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 5 months ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆646Mar 20, 2024Updated last year
• subat0mik / Misconfiguration-Manager

  View on GitHub
  Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…
  ☆1,086Feb 4, 2026Updated last week
• trustedsec / CS-Remote-OPs-BOF

  View on GitHub
  ☆1,117Jan 6, 2026Updated last month
• NetSPI / silkwasm

  View on GitHub
  HTML Smuggling with Web Assembly
  ☆66Feb 20, 2024Updated last year
• redr0nin / bloudstrike

  View on GitHub
  Linux CS bypass technique
  ☆32Feb 4, 2025Updated last year
• improsec / ImproHound

  View on GitHub
  Identify the attack paths in BloodHound breaking your AD tiering
  ☆326Nov 6, 2022Updated 3 years ago
• logangoins / Krueger

  View on GitHub
  Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC
  ☆419Sep 29, 2025Updated 4 months ago
• trickster0 / NamelessC2

  View on GitHub
  Nameless C2 - A C2 with all its components written in Rust
  ☆282Sep 26, 2024Updated last year
• knavesec / CredMaster

  View on GitHub
  Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
  ☆1,254Mar 19, 2025Updated 10 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• dafthack / GraphRunner

  View on GitHub
  A Post-exploitation Toolset for Interacting with the Microsoft Graph API
  ☆1,249Jul 22, 2025Updated 6 months ago
• a7t0fwa7 / DllDragon

  View on GitHub
  A simple to use single-include Windows API resolver
  ☆23Jul 9, 2024Updated last year
• dsnezhkov / shutter

  View on GitHub
  ☆124May 12, 2021Updated 4 years ago
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 4 months ago