# havocframework/havoc

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/havocframework-havoc).**

8,182 stars · 1,169 forks · Go · gpl-3.0 · archived

## Links

- GitHub: https://github.com/HavocFramework/Havoc
- Homepage: https://havocframework.com
- awesome-repositories: https://awesome-repositories.com/repository/havocframework-havoc.md

## Description

Havoc is a post-exploitation framework used for red team operations. It provides a centralized command and control system for managing remote agents through persistent network connections and customizable communication profiles.

The framework focuses on security evasion and stealth, utilizing indirect syscall execution, return address spoofing, and hardware-breakpoint patching to bypass endpoint detection and response tools. It includes a payload generation workflow to create executable shellcode or DLLs for initial remote access.

The system covers a broad range of operational capabilities, including infrastructure deployment, a post-exploitation command suite for data collection and privilege escalation, and a modular plugin system for integrating custom agents and external controllers.

## Tags

### Security & Cryptography

- [Post-Exploitation Frameworks](https://awesome-repositories.com/f/security-cryptography/post-exploitation-frameworks.md) — Acts as a comprehensive framework for managing access and gathering data on compromised systems after initial breach.
- [C2 Server Hosting](https://awesome-repositories.com/f/security-cryptography/c2-server-hosting.md) — Provides central listeners that manage encrypted connections and command sessions from remote agents.
- [Evasive Payload Generators](https://awesome-repositories.com/f/security-cryptography/evasive-payload-generators.md) — Includes a workflow for generating customized shellcode and DLL payloads designed to bypass endpoint protection.
- [Post-Exploitation Toolkits](https://awesome-repositories.com/f/security-cryptography/post-exploitation-toolkits.md) — Ships a built-in suite of commands for performing data collection and privilege escalation on target systems. ([source](https://cdn.jsdelivr.net/gh/havocframework/havoc@main/README.md))
- [Remote Access Payloads](https://awesome-repositories.com/f/security-cryptography/remote-command-execution-tools/payload-conversion-and-execution/remote-access-payloads.md) — Includes a utility for creating executable, shellcode, or DLL payloads to establish initial remote access. ([source](https://cdn.jsdelivr.net/gh/havocframework/havoc@main/README.md))
- [Security Software Evasion](https://awesome-repositories.com/f/security-cryptography/security-configurations/security-check-bypasses/security-software-evasion.md) — Employs indirect syscalls and stack manipulation to actively evade endpoint protection and security software. ([source](https://cdn.jsdelivr.net/gh/havocframework/havoc@main/README.md))
- [Hardware Breakpoint Patching](https://awesome-repositories.com/f/security-cryptography/hardware-breakpoint-patching.md) — Implements hardware-breakpoint patching to disable endpoint detection by modifying system debug registers.
- [Return Address Spoofing](https://awesome-repositories.com/f/security-cryptography/return-address-spoofing.md) — Hides function call origins by modifying the stack to mislead security software during memory analysis.

### Part of an Awesome List

- [Red Team Operations](https://awesome-repositories.com/f/awesome-lists/security/red-team-operations.md) — Provides professional command and control tooling for simulating advanced cyber attacks in red team exercises.
- [C2 Infrastructure](https://awesome-repositories.com/f/awesome-lists/devops/c2-infrastructure.md) — Facilitates the setup of command and control servers and listeners for agent communication.
- [Command and Control](https://awesome-repositories.com/f/awesome-lists/devops/command-and-control.md) — Modern and malleable post-exploitation framework.
- [Command And Control Frameworks](https://awesome-repositories.com/f/awesome-lists/security/command-and-control-frameworks.md) — Modern post-exploitation framework with malleable C2 and evasion features.

### System Administration & Monitoring

- [Remote Agent Administration](https://awesome-repositories.com/f/system-administration-monitoring/remote-agent-administration.md) — Provides a centralized interface for managing and commanding multiple remote compromised endpoints. ([source](https://cdn.jsdelivr.net/gh/havocframework/havoc@main/README.md))

### Operating Systems & Systems Programming

- [Indirect Syscalls](https://awesome-repositories.com/f/operating-systems-systems-programming/indirect-syscalls.md) — Bypasses security monitoring by invoking system calls through dynamic memory addresses instead of standard API entry points.

### Software Engineering & Architecture

- [Custom Module Implementations](https://awesome-repositories.com/f/software-engineering-architecture/integration-extensibility/extensibility/plugin-architectures/developer-authoring-interfaces/custom-module-implementations.md) — Offers a dedicated application interface for developers to implement and integrate custom agents and modules. ([source](https://cdn.jsdelivr.net/gh/havocframework/havoc@main/README.md))
- [Modular Plugin Systems](https://awesome-repositories.com/f/software-engineering-architecture/modular-plugin-systems.md) — Ships a modular system allowing external controllers and custom plugins to be integrated into the agent runtime.