memN0ps

memN0ps / armory-rs

Public

Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)

beacon-object-files bof cobalt-strike coff common-object-file-format
18
1
100% credibility
Found Mar 16, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

A Rust-based collection of small programs ported from C implementations for simulating adversary tactics in authorized security testing, threat emulation, and detection development.

How It Works

1
🔍 Discover Security Practice Tools

You hear about a helpful collection of pretend 'bad guy' actions to safely practice defending computers during authorized security tests.

2
🧰 Choose a Test Scenario

Pick a simple action like checking who's using the computer or seeing network connections to simulate in your safe test setup.

3
Prepare Your Pretend Tool

With one easy step, ready your chosen tool so it's set up for your practice session.

4
🎯 Run the Simulation

Launch the pretend action on your test computer and watch what information it gathers, just like a real check would.

Learn and Improve Defenses

Review the results to understand how to spot and stop these actions, making your real computers safer.

Sign up to see the full architecture

3 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 18 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is armory-rs?

Armory-rs delivers a Rust-based collection of Beacon Object Files (BOFs) for Cobalt Strike, porting TrustedSec's popular C tools into loadable modules via the rustbof framework. It covers situational awareness like whoami, ipconfig, netstat, and process listing; remote operations such as adding users, enabling privileges, dumping LSASS, or requesting ADCS certs; plus injection techniques including CreateRemoteThread, APC queueing, and thread hijacking. Developers get compact, position-independent executables for in-memory execution during pentests or emulation without dropping binaries.

Why is it gaining traction?

Unlike original C BOFs, armory-rs leverages Rust's memory safety for fewer crashes in high-stakes ops, while matching or shrinking binary sizes for stealthier beacon payloads. The MIT license and clear MITRE ATT&CK mappings make it dead simple to integrate into red team workflows, standing out as a modern drop-in for github rusty bits enthusiasts seeking rustbof-powered alternatives to brittle C code.

Who should use this?

Red teamers running Cobalt Strike beacons for adversary emulation, detection engineers validating EDR alerts on T1055 injections or T1003 dumps, and security researchers scripting remote ops like ghost tasks or Chrome key extraction. Ideal for ops teams tired of recompiling C BOFs or debugging segfaults mid-engagement.

Verdict

Grab it if you're Rust-comfy and need reliable BOFs for authorized testing—builds cleanly with nightly Rust and cargo-make. With just 14 stars and 1.0% credibility score, it's early-stage so test thoroughly before prod engagements, but the TrustedSec port quality shines through.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.