rootkit
There are 269 repositories under rootkit topic.
mrexodia/TitanHide
Hiding kernel-driver for x86/x64.
ExpLife0011/awesome-windows-kernel-security-development
windows kernel security development
xl7dev/WebShell
Webshell && Backdoor Collection
h3xduck/TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
m0nad/Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Idov31/Nidhogg
Nidhogg is an all-in-one simple to use rootkit.
JKornev/hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
milabs/awesome-linux-rootkits
awesome-linux-rootkits
bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
d30sa1/RootKits-List-Download
This is the list of all rootkits found so far on github and other sites.
jm33-m0/emp3r0r
Linux/Windows post-exploitation framework made by linux user
mempodippy/vlany
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
XaFF-XaFF/Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
nurupo/rootkit
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
Cr4sh/s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
screetsec/Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
ZeroMemoryEx/Chaos-Rootkit
Now You See Me, Now You Don't
Gui774ume/ebpfkit
ebpfkit is a rootkit powered by eBPF
bitdefender/hvmi
Hypervisor Memory Introspection Core Library
landhb/HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
XaFF-XaFF/Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
memN0ps/eagle-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
Cr4sh/WindowsRegistryRootkit
Kernel rootkit, that lives inside the Windows registry values data
FiYHer/InfinityHookPro
InfinityHookPro Win7 -> Win11 latest
eversinc33/Banshee
Experimental Windows x64 Kernel Rootkit.
crvvdev/MasterHide
A x64 Windows Rootkit using SSDT or Hypervisor hook
sudoskys/Root
?什么你说Root?我不到啊 | 致力于编写全面详细的Root教程文档 | 刷机 | 安卓
daem0nc0re/VectorKernel
PoCs for Kernelmode rootkit techniques research.
jivoi/openssh-backdoor-kit
:bomb: just for fun ¯\_(ツ)_/¯
gmh5225/CallMeWin32kDriver
Load your driver like win32k.sys
hiteshd/Android-Rootkit
A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
carloslack/KoviD
Linux kernel rootkit
Paradoxis/PHP-Backdoor
Your interpreter isn’t safe anymore — The PHP module backdoor
Idov31/Jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
memN0ps/matrix-rs
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
sad0p/d0zer
Elf binary infector written in Go.