rootkit | Topic | Ecosyste.ms: Repos

Topic: "rootkit"

mrexodia/TitanHide

Hiding kernel-driver for x86/x64.

Language: C - Size: 854 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 2,447 - Forks: 452

Idov31/Nidhogg

Nidhogg is an all-in-one simple to use windows kernel rootkit.

Language: C++ - Size: 811 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 2,079 - Forks: 304

ExpLife0011/awesome-windows-kernel-security-development

windows kernel security development

Size: 3.25 MB - Last synced at: 7 days ago - Pushed at: about 3 years ago - Stars: 2,039 - Forks: 539

m0nad/Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Language: C - Size: 28.3 KB - Last synced at: 3 months ago - Pushed at: almost 2 years ago - Stars: 2,038 - Forks: 458

bytecode77/r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Language: C - Size: 5.1 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 1,968 - Forks: 440

milabs/awesome-linux-rootkits

awesome-linux-rootkits

Size: 74.2 KB - Last synced at: about 13 hours ago - Pushed at: 8 months ago - Stars: 1,936 - Forks: 251

JKornev/hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Language: C - Size: 665 KB - Last synced at: 4 months ago - Pushed at: about 3 years ago - Stars: 1,904 - Forks: 495

xl7dev/WebShell

Webshell && Backdoor Collection

Language: PHP - Size: 23.4 MB - Last synced at: 3 months ago - Pushed at: over 5 years ago - Stars: 1,893 - Forks: 1,036

h3xduck/TripleCross

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Language: C - Size: 86.4 MB - Last synced at: 4 months ago - Pushed at: over 1 year ago - Stars: 1,851 - Forks: 233

jm33-m0/emp3r0r

Linux/Windows post-exploitation framework made by linux user

Language: Go - Size: 144 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1,555 - Forks: 268

skyw4tch3r/RootKits-List-Download

This is the list of all rootkits found so far on github and other sites.

Size: 33.2 KB - Last synced at: about 1 hour ago - Pushed at: 8 days ago - Stars: 1,372 - Forks: 394

ZeroMemoryEx/Chaos-Rootkit

Now You See Me, Now You Don't

Language: C++ - Size: 2.75 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 977 - Forks: 148

mempodippy/vlany

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Language: C - Size: 1.17 MB - Last synced at: 8 days ago - Pushed at: over 4 years ago - Stars: 961 - Forks: 193

XaFF-XaFF/Cronos-Rootkit

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

Language: C++ - Size: 10.6 MB - Last synced at: 4 months ago - Pushed at: over 3 years ago - Stars: 907 - Forks: 187

Gui774ume/ebpfkit

ebpfkit is a rootkit powered by eBPF

Language: C - Size: 7.63 MB - Last synced at: 5 days ago - Pushed at: over 2 years ago - Stars: 808 - Forks: 94

nurupo/rootkit

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

Language: C - Size: 25.4 KB - Last synced at: 4 months ago - Pushed at: over 1 year ago - Stars: 798 - Forks: 202

Cr4sh/s6_pcie_microblaze

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

Language: C - Size: 38.4 MB - Last synced at: 4 months ago - Pushed at: over 1 year ago - Stars: 795 - Forks: 162

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

Language: Shell - Size: 48.8 KB - Last synced at: 4 months ago - Pushed at: about 3 years ago - Stars: 730 - Forks: 164

landhb/HideProcess

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Language: C - Size: 6.85 MB - Last synced at: 3 months ago - Pushed at: over 6 years ago - Stars: 676 - Forks: 116

bitdefender/hvmi

Hypervisor Memory Introspection Core Library

Language: C - Size: 13.5 MB - Last synced at: about 2 months ago - Pushed at: over 1 year ago - Stars: 652 - Forks: 68

joaoviictorti/shadow-rs

Windows Kernel Rootkit in Rust

Language: Rust - Size: 495 KB - Last synced at: 7 days ago - Pushed at: 14 days ago - Stars: 643 - Forks: 71

XaFF-XaFF/Black-Angel-Rootkit

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

Language: C++ - Size: 173 KB - Last synced at: 4 months ago - Pushed at: almost 2 years ago - Stars: 640 - Forks: 110

memN0ps/eagle-rs 📦

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

Language: Rust - Size: 450 KB - Last synced at: 6 days ago - Pushed at: over 2 years ago - Stars: 565 - Forks: 74

eversinc33/Banshee

Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.

Language: C++ - Size: 702 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 546 - Forks: 80

crvvdev/MasterHide

A x64 Windows Rootkit using SSDT or Hypervisor hook

Language: C++ - Size: 814 KB - Last synced at: about 2 months ago - Pushed at: 8 months ago - Stars: 544 - Forks: 117

carloslack/KoviD

Red-Team Linux kernel rootkit

Language: C - Size: 26.8 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 528 - Forks: 78

Cr4sh/WindowsRegistryRootkit 📦

Kernel rootkit, that lives inside the Windows registry values data

Language: C - Size: 969 KB - Last synced at: almost 2 years ago - Pushed at: almost 8 years ago - Stars: 469 - Forks: 160

sudoskys/Root

？什么你说Root？我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓

Size: 54.3 MB - Last synced at: 8 days ago - Pushed at: about 1 year ago - Stars: 446 - Forks: 27

FiYHer/InfinityHookPro

InfinityHookPro Win7 -> Win11 latest

Language: C++ - Size: 1.59 MB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 412 - Forks: 160

daem0nc0re/VectorKernel

PoCs for Kernelmode rootkit techniques research.

Language: C# - Size: 17.5 MB - Last synced at: 6 days ago - Pushed at: 17 days ago - Stars: 378 - Forks: 62

DualHorizon/blackpill 📦

A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs

Language: Rust - Size: 283 KB - Last synced at: 9 days ago - Pushed at: 3 months ago - Stars: 335 - Forks: 42

memN0ps/illusion-rs 📦

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

Language: Rust - Size: 2.85 MB - Last synced at: 6 days ago - Pushed at: about 1 year ago - Stars: 310 - Forks: 39

memN0ps/matrix-rs 📦

Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)

Language: Rust - Size: 2.58 MB - Last synced at: 6 days ago - Pushed at: about 1 year ago - Stars: 297 - Forks: 35

cr0nx/awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

Size: 95.7 KB - Last synced at: 9 days ago - Pushed at: over 2 years ago - Stars: 297 - Forks: 39

MatheuZSecurity/RingReaper

Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.

Language: C - Size: 433 KB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 294 - Forks: 46

theSecHunter/Hades-Windows

Hades HIDS/HIPS for Windows

Language: C++ - Size: 484 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 280 - Forks: 94

ldpreload/Medusa

LD_PRELOAD Rootkit

Language: C - Size: 708 KB - Last synced at: 6 days ago - Pushed at: 5 months ago - Stars: 272 - Forks: 70

hiteshd/Android-Rootkit

A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68

Language: C - Size: 225 KB - Last synced at: about 1 month ago - Pushed at: almost 2 years ago - Stars: 271 - Forks: 103

jivoi/openssh-backdoor-kit

:bomb: just for fun ¯\_(ツ)_/¯

Language: Shell - Size: 15.5 MB - Last synced at: 5 months ago - Pushed at: almost 9 years ago - Stars: 264 - Forks: 101

gmh5225/CallMeWin32kDriver

Load your driver like win32k.sys

Language: C++ - Size: 23.4 KB - Last synced at: about 1 hour ago - Pushed at: about 3 years ago - Stars: 255 - Forks: 75

rwxrob/bonzai

Dashist CLI framework, batteries included

Language: Go - Size: 3.86 MB - Last synced at: 10 days ago - Pushed at: 9 months ago - Stars: 228 - Forks: 21

Idov31/Jormungandr

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

Language: C++ - Size: 48.8 KB - Last synced at: 5 months ago - Pushed at: almost 2 years ago - Stars: 225 - Forks: 27

Paradoxis/PHP-Backdoor

Your interpreter isn’t safe anymore — The PHP module backdoor

Language: C - Size: 6.84 KB - Last synced at: 6 months ago - Pushed at: over 6 years ago - Stars: 221 - Forks: 62

SaadAhla/dark-kill

A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.

Language: C++ - Size: 15.6 KB - Last synced at: 5 days ago - Pushed at: 3 months ago - Stars: 219 - Forks: 47

sad0p/d0zer

Elf binary infector written in Go.

Language: Go - Size: 136 KB - Last synced at: 7 days ago - Pushed at: 8 months ago - Stars: 211 - Forks: 36

XaFF-XaFF/Kernel-Process-Hollowing

Windows x64 kernel mode rootkit process hollowing POC.

Language: C++ - Size: 27.3 KB - Last synced at: 4 months ago - Pushed at: about 2 years ago - Stars: 189 - Forks: 27

kkamagui/shadow-box-for-x86

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

Language: C - Size: 4.91 MB - Last synced at: 6 months ago - Pushed at: about 6 years ago - Stars: 185 - Forks: 46

tkmru/awesome-linux-rootkits

a summary of linux rootkits published on GitHub

Size: 3.91 KB - Last synced at: about 3 hours ago - Pushed at: over 5 years ago - Stars: 180 - Forks: 24

loneicewolf/Stuxnet-Source 📦

stuxnet Source & Binaries. (+PLC ROOTKIT) ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.

Size: 35.6 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 173 - Forks: 48

croemheld/lkm-rootkit

A LKM rootkit for most newer kernel versions.

Language: C - Size: 90.8 KB - Last synced at: about 1 year ago - Pushed at: almost 8 years ago - Stars: 168 - Forks: 34

emcruise/tor-rootkit

A Python 3 standalone Windows 10 / Linux Rootkit using Tor.

Language: Python - Size: 134 KB - Last synced at: almost 2 years ago - Pushed at: almost 3 years ago - Stars: 155 - Forks: 28

MatheuZSecurity/Rootkit

Collection of codes focused on Linux rootkits

Language: C - Size: 74.6 MB - Last synced at: 6 days ago - Pushed at: 24 days ago - Stars: 150 - Forks: 40

AxtMueller/Windows-Batch-Deployment

A programmable and rootkit-like Windows remote access tool.

Size: 94.1 MB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 139 - Forks: 50

HARM4Y/Karlann

It's a kernel-based keylogger for Windows x86/x64.

Language: C - Size: 354 KB - Last synced at: 3 months ago - Pushed at: almost 3 years ago - Stars: 139 - Forks: 50

mav8557/Father

LD_PRELOAD rootkit

Language: C - Size: 47.9 KB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 132 - Forks: 32

3intermute/arm64_silent_syscall_hook

silent syscall hooking without modifying sys_call_table/handlers via patching exception handler

Language: C - Size: 58.6 KB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 131 - Forks: 38

jussihi/SMM-Rootkit

SMM rootkit similar to LoJax or MosaicRegressor

Language: C - Size: 214 KB - Last synced at: 8 days ago - Pushed at: almost 2 years ago - Stars: 131 - Forks: 32

Gui774ume/ebpfkit-monitor

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

Language: C - Size: 168 KB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 128 - Forks: 17

h3xduck/Umbra

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.

Language: C - Size: 190 MB - Last synced at: 3 months ago - Pushed at: almost 4 years ago - Stars: 127 - Forks: 28

MatheuZSecurity/ElfDoor-gcc

ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.

Language: C - Size: 519 KB - Last synced at: 2 months ago - Pushed at: 5 months ago - Stars: 113 - Forks: 16

EgeBalci/WSAAcceptBackdoor

Winsock accept() Backdoor Implant.

Language: C - Size: 481 KB - Last synced at: 4 months ago - Pushed at: over 4 years ago - Stars: 112 - Forks: 23

grisuno/LazyOwn

LazyOwn RedTeam/APT Framework is the first RedTeam Framework with an AI-powered C&C, featuring rootkits to conceal campaigns, undetectable malleable implants compatible with Windows/Linux/Mac OSX, and self-configuring backdoors. With its Web interface and powerful Console Client, it is the best combination for your RedTeam/APT campaigns.

Language: HTML - Size: 260 MB - Last synced at: about 11 hours ago - Pushed at: about 13 hours ago - Stars: 102 - Forks: 32

kkent030315/NtSymbol

Resolve DOS MZ executable symbols at runtime

Language: C++ - Size: 32.2 KB - Last synced at: 5 days ago - Pushed at: almost 4 years ago - Stars: 95 - Forks: 24

QuokkaLight/rkduck

Linux v4.x.x Rootkit

Language: C - Size: 167 KB - Last synced at: 4 months ago - Pushed at: about 1 year ago - Stars: 90 - Forks: 32

0xbitx/DEDSEC_BOTNET

Linux-based botnet builder designed for creating advanced botnet payloads.

Size: 19 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 87 - Forks: 16

therealdreg/enyelkm

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.

Language: C - Size: 51.8 KB - Last synced at: 7 days ago - Pushed at: about 2 years ago - Stars: 86 - Forks: 31

jermeyyy/rooty

Academic project of Linux rootkit made for Bachelor Engineering Thesis.

Language: C - Size: 4.55 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 82 - Forks: 17

MatheuZSecurity/ModTracer

ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.

Language: C - Size: 36.1 KB - Last synced at: 4 months ago - Pushed at: 6 months ago - Stars: 80 - Forks: 10

alfonmga/hiding-cryptominers-linux-rootkit 📦

Linux rootkit POC to hide a crypto miner's process and CPU usage.

Language: C - Size: 19.5 KB - Last synced at: 3 months ago - Pushed at: almost 2 years ago - Stars: 76 - Forks: 39

pentesteracademy/linux-rootkits-red-blue-teams

Linux Rootkits (4.x Kernel)

Language: C - Size: 15.6 KB - Last synced at: over 1 year ago - Pushed at: about 4 years ago - Stars: 76 - Forks: 44

tasket/Qubes-VM-hardening

Fend off malware at Qubes VM startup

Language: Shell - Size: 136 KB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 74 - Forks: 11

Cr4sh/DrvHide-PoC 📦

Hidden kernel mode code execution for bypassing modern anti-rootkits.

Language: C++ - Size: 133 KB - Last synced at: over 2 years ago - Pushed at: over 14 years ago - Stars: 74 - Forks: 51

mephistolist/tito

In-Memory Rootkit For Linux and BSD

Language: Shell - Size: 366 KB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 73 - Forks: 11

therealdreg/cgaty

Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)

Language: C - Size: 253 MB - Last synced at: 2 months ago - Pushed at: about 2 years ago - Stars: 72 - Forks: 14

PinkP4nther/Sutekh

An example rootkit that gives a userland process root permissions

Language: C - Size: 15.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 6 years ago - Stars: 72 - Forks: 26

kkamagui/shadow-box-for-arm

Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)

Language: C - Size: 755 KB - Last synced at: 6 months ago - Pushed at: over 7 years ago - Stars: 72 - Forks: 16

ngn13/shrk

LKM rootkit for modern kernels, with DNS C2 and a simple web interface

Language: C - Size: 956 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 71 - Forks: 10

ZeroMemoryEx/URootkit

user-mode Rootkit

Language: C++ - Size: 25.4 KB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 68 - Forks: 11

nukIeer/stuxnet

Malicious computer worm Stuxnet and drivers

Language: Assembly - Size: 7.35 MB - Last synced at: about 1 month ago - Pushed at: over 3 years ago - Stars: 68 - Forks: 25

NtRaiseHardError/Anti-Delete

Protects deletion of files with a specified extension using a kernel-mode driver.

Language: C - Size: 7.81 KB - Last synced at: over 2 years ago - Pushed at: about 7 years ago - Stars: 66 - Forks: 42

Cr4sh/PTBypass-PoC 📦

Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.

Language: C++ - Size: 234 KB - Last synced at: over 2 years ago - Pushed at: over 14 years ago - Stars: 65 - Forks: 45

x86byte/Stuxnet-Rootkit

Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis

Language: C - Size: 103 KB - Last synced at: 17 days ago - Pushed at: 12 months ago - Stars: 64 - Forks: 17

0xflux/Hells-Hollow

Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls

Language: Rust - Size: 99.6 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 62 - Forks: 8

DanielAvinoam/TheSubZeroProject

A multi-staged malware that contains a kernel mode rootkit and a remote system shell.

Language: C - Size: 18.6 MB - Last synced at: almost 2 years ago - Pushed at: over 4 years ago - Stars: 62 - Forks: 17

therealdreg/lsrootkit

Rootkit Detector for UNIX

Language: C - Size: 121 KB - Last synced at: 5 months ago - Pushed at: about 2 years ago - Stars: 61 - Forks: 20

adamhlt/Basic-Rootkit

POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files

Language: C++ - Size: 788 KB - Last synced at: 6 days ago - Pushed at: about 2 years ago - Stars: 59 - Forks: 19

rickmark/mojo_thor

Research about malware that infects the EFI and SMC of Apple MacBooks.

Language: Assembly - Size: 144 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 57 - Forks: 12

brosck/Frosty

「🧊」Ring 3 Rootkit for Windows 10

Language: C - Size: 425 KB - Last synced at: 3 months ago - Pushed at: 9 months ago - Stars: 57 - Forks: 16

k273811702/NoOne

一款windows64位的ark工具 rootkit

Size: 47.9 KB - Last synced at: about 1 year ago - Pushed at: over 1 year ago - Stars: 56 - Forks: 8

MatheuZSecurity/Imperius

Make an Linux Kernel rootkit visible again.

Language: C - Size: 24.4 KB - Last synced at: 16 days ago - Pushed at: 6 months ago - Stars: 55 - Forks: 5

JReFrameworker/JReFrameworker

A practical tool for bytecode manipulation and creating Managed Code Rootkits (MCRs) in the Java Runtime Environment

Language: Java - Size: 36.8 MB - Last synced at: over 1 year ago - Pushed at: over 5 years ago - Stars: 55 - Forks: 20

rphang/evilBPF

Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP

Language: C - Size: 1.8 MB - Last synced at: 3 months ago - Pushed at: about 1 year ago - Stars: 52 - Forks: 15

AdvDebug/MineRootkit 📦

PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.

Language: C# - Size: 53.7 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 52 - Forks: 12