Projects in Awesome Lists tagged with rootkit
A curated list of projects in awesome lists tagged with rootkit .
https://github.com/mrexodia/titanhide
Hiding kernel-driver for x86/x64.
anti-debugging driver hacktoberfest rootkit windows
Last synced: 14 May 2025
https://github.com/mrexodia/TitanHide
Hiding kernel-driver for x86/x64.
anti-debugging driver hacktoberfest rootkit windows
Last synced: 15 Mar 2025
https://github.com/m0nad/diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
advanced-persistent-threat backdoor c hacking hacking-tool kernel kernel-module linux linux-kernel lkm-rootkit malware pentest pentesting redteam redteaming rootkit security security-audit security-tools stealth
Last synced: 15 May 2025
https://github.com/idov31/nidhogg
Nidhogg is an all-in-one simple to use windows kernel rootkit.
cpp cyber-security cybersecurity driver infosec kernel red-team redteam rootkit windows windows-rootkits
Last synced: 14 May 2025
https://github.com/jkornev/hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
driver kernel malware-analysis rce registry rootkit security windows
Last synced: 15 May 2025
https://github.com/xl7dev/webshell
Webshell && Backdoor Collection
backdoor rootkit shell webshell
Last synced: 15 May 2025
https://github.com/xl7dev/WebShell
Webshell && Backdoor Collection
backdoor rootkit shell webshell
Last synced: 13 Mar 2025
https://github.com/bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
Last synced: 14 May 2025
https://github.com/m0nad/Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
advanced-persistent-threat backdoor c hacking hacking-tool kernel kernel-module linux linux-kernel lkm-rootkit malware pentest pentesting redteam redteaming rootkit security security-audit security-tools stealth
Last synced: 20 Mar 2025
https://github.com/jm33-m0/emp3r0r
Linux/Windows post-exploitation framework made by linux user
c2 cve-2021-4034 emp3r0r hacking-tool linux local-privilege-escalation malware penetration-testing-framework post-exploitation rat redteam redteaming rootkit stealth trojan-malware
Last synced: 13 Feb 2026
https://github.com/skyw4tch3r/rootkits-list-download
This is the list of all rootkits found so far on github and other sites.
offensive-scripts redteam rootkit rootkits
Last synced: 16 May 2025
https://github.com/ZeroMemoryEx/Chaos-Rootkit
Now You See Me, Now You Don't
driver kernel malware-development rootkit
Last synced: 07 Sep 2025
https://github.com/xaff-xaff/cronos-rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
kernel ring0 rootkit windows-10 windows-11 windows-rootkits x64
Last synced: 04 Apr 2025
https://github.com/nurupo/rootkit
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
kernel-module linux-kernel-module linux-rootkit rootkit
Last synced: 12 Apr 2025
https://github.com/gui774ume/ebpfkit
ebpfkit is a rootkit powered by eBPF
ebpf kernel linux linux-kernel linux-kernel-hacking rootkit runtime-security security
Last synced: 04 Apr 2025
https://github.com/Cr4sh/s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
backdoor dma fpga hyper-v hypervisor kernel microblaze pci-e rootkit uefi xilinx
Last synced: 10 Apr 2025
https://github.com/cr4sh/s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
backdoor dma fpga hyper-v hypervisor kernel microblaze pci-e rootkit uefi xilinx
Last synced: 12 Apr 2025
https://github.com/Gui774ume/ebpfkit
ebpfkit is a rootkit powered by eBPF
ebpf kernel linux linux-kernel linux-kernel-hacking rootkit runtime-security security
Last synced: 14 Mar 2025
https://github.com/Screetsec/Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
backdoor ghost indonesia infinite-scroll inject linux metasploit msfvenom post-exploitation postgresql rootkit unlimited
Last synced: 27 Mar 2025
https://github.com/screetsec/vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
backdoor ghost indonesia infinite-scroll inject linux metasploit msfvenom post-exploitation postgresql rootkit unlimited
Last synced: 04 Apr 2025
https://github.com/screetsec/Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
backdoor ghost indonesia infinite-scroll inject linux metasploit msfvenom post-exploitation postgresql rootkit unlimited
Last synced: 16 Jul 2025
https://github.com/landhb/hideprocess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
dkom kernel-driver old-school rootkit
Last synced: 05 Apr 2025
https://github.com/xaff-xaff/black-angel-rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Last synced: 04 Apr 2025
https://github.com/bitdefender/hvmi
Hypervisor Memory Introspection Core Library
exploit hypervisor introspection memory protection rootkit
Last synced: 04 Apr 2025
https://github.com/crvvdev/MasterHide
A x64 Windows Rootkit using SSDT or Hypervisor hook
hypervisor rootkit ssdt windows
Last synced: 11 Jul 2025
https://github.com/sudoskys/root
?什么你说Root?我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓
Last synced: 05 Apr 2025
https://github.com/daem0nc0re/vectorkernel
PoCs for Kernelmode rootkit techniques research.
Last synced: 16 May 2025
https://github.com/sudoskys/Root
?什么你说Root?我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓
Last synced: 14 May 2025
https://github.com/DualHorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
ebpf hypervisor linux-rootkit rootkit
Last synced: 11 Jun 2025
https://github.com/dualhorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
ebpf hypervisor linux-rootkit rootkit
Last synced: 12 Apr 2025
https://github.com/hiteshd/android-rootkit
A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
android android-rootkit rootkit
Last synced: 30 Jul 2025
https://github.com/memN0ps/matrix-rs
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
blue-pill hypervisor intel kernel ring-1 rootkit rust virtualization vt-x windows
Last synced: 08 Apr 2025
https://github.com/jivoi/openssh-backdoor-kit
:bomb: just for fun ¯\_(ツ)_/¯
Last synced: 25 Feb 2026
https://github.com/memN0ps/illusion-rs
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
blue-pill bootkit hypervisor intel ring-1 rootkit rust uefi virtualization vt-x windows
Last synced: 08 Apr 2025
https://github.com/memN0ps/illusion-rs?tab=readme-ov-file
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
blue-pill bootkit hypervisor intel ring-1 rootkit rust uefi virtualization vt-x windows
Last synced: 26 Oct 2025
https://github.com/idov31/jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
cpp cyber-security cybersecurity driver infosec kernel red-team redteam rootkit windows windows-rootkits
Last synced: 13 Apr 2025
https://github.com/rwxrob/bonzai
Dashist CLI framework, batteries included
batteries-included beginner-friendly busybox cli cli-framework commander composition compositor dashist documentation flag-parser getopts golang help rootkit terminal
Last synced: 16 May 2025
https://github.com/Paradoxis/PHP-Backdoor
Your interpreter isn’t safe anymore — The PHP module backdoor
c php php-module php-rootkit rootkit
Last synced: 20 Mar 2025
https://github.com/sad0p/d0zer
Elf binary infector written in Go.
elf-binaries linux rootkit virus
Last synced: 04 Apr 2025
https://github.com/xaff-xaff/kernel-process-hollowing
Windows x64 kernel mode rootkit process hollowing POC.
kernel-driver processhollowing rootkit windows x64
Last synced: 12 May 2025
https://github.com/kkamagui/shadow-box-for-x86
Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
bevx blackhat hitbsecconf hypervisor kernel linux rootkit
Last synced: 25 Mar 2025
https://github.com/axtmueller/windows-batch-deployment
A programmable and rootkit-like Windows remote access tool.
bootkit carberp flame hxdef rootkit rovnix stuxnet zeroaccess
Last synced: 11 Jun 2025
https://github.com/mav8557/father
LD_PRELOAD rootkit
backdoor c ld-preload linux malware redteam rootkit security
Last synced: 17 Sep 2025
https://github.com/gui774ume/ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
ebpf kernel linux linux-kernel linux-kernel-hacking rootkit runtime-security security
Last synced: 30 Oct 2025
https://github.com/h3xduck/umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
backdoor kernel kernel-module linux-kernel linux-kernel-module malware ransomware rootkit
Last synced: 16 Jun 2025
https://github.com/matheuzsecurity/rootkit
Collection of codes focused on Linux rootkits
collection ebpf ftrace hooking kernel ldpreload linux malware persistence rootkit
Last synced: 22 Jun 2025
https://github.com/therealdreg/enyelkm
LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.
hooking kernel-space linux lkm rootkit x86
Last synced: 11 Oct 2025
https://github.com/fuqiuluo/android-wuwa
Android aarch64 kernel rootkit(driver module)
android arm64 driver kernel kernel-module linux-kernel lkm-rootkit rootkit security-audit
Last synced: 11 Oct 2025
https://github.com/QuokkaLight/rkduck
Linux v4.x.x Rootkit
kernel kernel-module keylogger linux rootkit stealth
Last synced: 13 May 2025
https://github.com/jermeyyy/rooty
Academic project of Linux rootkit made for Bachelor Engineering Thesis.
academic bachelor-engineering-thesis kernel kernel-module linux linux-rootkit rootkit security thesis
Last synced: 08 Feb 2026
https://github.com/tasket/Qubes-VM-hardening
Fend off malware at Qubes VM startup
hardening hashing malware qubes qubes-os rootkit templates vm-startup vms
Last synced: 09 Apr 2025
https://github.com/ngn13/shrk
LKM rootkit for modern kernels, with DNS C2 and a simple web interface
linux-rootkit lkm-rootkit malware rootkit
Last synced: 08 Jul 2025
https://github.com/therealdreg/cgaty
Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
call-gates rootikit-arsenal-book rootkit windows x86
Last synced: 24 Jun 2025
https://github.com/0xflux/hells-hollow
Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
alt-syscalls alternative-syscalls exploit kernel kernel-exploit malware rootkit ssdt ssdt-hook ssdt-hooking ssdt-plug syscalls windows-11 windows11
Last synced: 16 Oct 2025
https://github.com/uraninite/stuxnet
Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs but to cause real-world physical effects. Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear weapons and reactors.
bootkit carberp flame hxdef rootkit rovnix stuxnet zeroaccess
Last synced: 10 Apr 2025
https://github.com/therealdreg/lsrootkit
Rootkit Detector for UNIX
antirootkit forensic-analysis forensics linux rootkit rootkits unix
Last synced: 21 Mar 2025
https://github.com/rickmark/mojo_thor
Research about malware that infects the EFI and SMC of Apple MacBooks.
Last synced: 13 Apr 2025
https://github.com/x86byte/Stuxnet-Rootkit
Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis
driver kernel malware malware-analysis malware-development malware-research reverse-engineering rootkit rootkit-kernel stuxnet stuxnet-memory-analysis stuxnet-report stuxnet-source zero-day
Last synced: 10 May 2025
https://github.com/x86byte/stuxnet-rootkit
Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis
driver kernel malware malware-analysis malware-development malware-research reverse-engineering rootkit rootkit-kernel stuxnet stuxnet-memory-analysis stuxnet-report stuxnet-source zero-day
Last synced: 21 Aug 2025
https://github.com/rphang/evilbpf
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP
ebpf kernel linux-kernel-hacking offensive-security rootkit security sshd xdp
Last synced: 10 Apr 2025
https://github.com/idov31/nidhoggscript
NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
cpp cyber-security cybersecurity driver infosec kernel red-team redteam rootkit windows windows-rootkits
Last synced: 10 Jul 2025
https://github.com/loneicewolf/fanny.bmp
fanny.bmp cleaned MALWARE - ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! (incl Metasploit detection Module)
bmp-malware brutal-kangaroo dementiawheel duqu equationgroup fanny firmware-hacking keylogger malware malware-analysis malware-research malware-researchers metasploit metasploit-framework rootkit stuxnet usb-backdoor william-martens windows
Last synced: 05 Oct 2025
https://github.com/3intermute/linux_syscall_hook
system call hooking on arm64 linux via a variety of methods
Last synced: 14 Mar 2025
https://github.com/yasindce1998/kubedagger
Kubernetes offensive framework built in eBPF
containers ebpf kubernetes linux linux-kernel linux-kernel-hacking malware rootkit runtime-security
Last synced: 15 Aug 2025
https://github.com/black-hell-team/sppen
Malware and malicious applications database
backdoor c covid-19-locker csharp hacking horus-eye java jdk kernel-module keylogger malware malware-analysis malware-development rat reverse-engineering reverse-shell rootkit visual-basic wannacry-ransomware
Last synced: 10 Apr 2025
https://github.com/0xbitx/dedsec_botnet
Linux-based botnet builder designed for creating advanced botnet payloads.
botnet builder malware persistent rootkit trojan
Last synced: 19 Jan 2026
https://github.com/0xN3utr0n/Kanis
Advanced threat detection solution for Linux.
antivirus container-security containers docker endpoint-security ids linux malware rootkit threat-detection yara yara-scanner
Last synced: 30 Mar 2025
https://github.com/g1f1/blasty-vs-pkexec.c
🐧MAJOR BUG GRANTS ROOT FOR ALL MAJOR LINUX DISTRIBUTIONS
cloud ctf linux pwned rootkit vulnerability
Last synced: 17 Jul 2025
https://github.com/loneicewolf/lojax
LOJAX ROOTKIT (UEFI) +PDF Included[x]
bootkit lojax malware rootkit uefi uefi-rootkit
Last synced: 24 Jan 2026
https://github.com/loneicewolf/LOJAX
LOJAX ROOTKIT (UEFI) +PDF Included[x]
bootkit lojax malware rootkit uefi uefi-rootkit
Last synced: 13 May 2025
https://github.com/buffermet/sewers
Modular rootkit framework.
botnets framework interpreters modular relays rootkit
Last synced: 24 Mar 2025
https://github.com/vkobel/linux-syscall-hook-rootkit
Simple kernel module that hooks the `execve` syscall and waits for `date` to be executed with the `backd00r` argument followed by a PID number, elevating it to root credentials.
fun hook kernel-module linux-kernel rootkit syscall
Last synced: 28 Aug 2025
https://github.com/linuxthor/rkspotter
Rootkit spotter - experimental Linux rootkit finder LKM
linux-kernel linux-kernel-module malware malware-detection rootkit rootkit-hunter
Last synced: 05 Oct 2025
https://github.com/ngn13/cerez
Cerez 😈 userland LD_PRELOAD rootkit
ld-preload ld-preload-rootkit linux-rootkit rootkit rootkit-development rootkit-kernel rootkits
Last synced: 09 Jul 2025
https://github.com/idov31/nidhoggcsharpapi
C# API for Nidhogg rootkit
csharp cyber-security cybersecurity driver infosec kernel red-team redteam rootkit windows windows-rootkits
Last synced: 14 Apr 2025
https://github.com/rafael-santiago/kook
A syscall hooking system for FreeBSD, NetBSD and also Linux.
capture-the-flag freebsd-kld hackathon hacking hacking-tool hooking kernel linux-kernel-module netbsd-kernel-module rootkit
Last synced: 18 Jul 2025
https://github.com/ait-testbed/attackmate
AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
api attack automation automation-framework cybersecurity exploit metasploit orchestration pentest python redteam rootkit security sliver testbed training
Last synced: 22 Apr 2025
https://github.com/loneicewolf/exec_lkm
A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.
bootkit linux lkm lkm-rootkit loneicewolf malware rootkit rootkits venomrootkit
Last synced: 09 Apr 2025
https://github.com/ait-aecid/caraxes
Academic research rootkit using ftrace-hooking to hide files and processes via magic word or user/group. Tested until Linux 6.11.
file-hiding ftrace-hooking kernel-module linux linux-kernel rootkit stealthkit
Last synced: 12 May 2025
https://github.com/loneicewolf/agent.btz
agent.btz download MALWARE BINARY PROVIDED + POC video
agentbtz apt loneicewolf malware rootkit
Last synced: 09 Apr 2025