rootkit
There are 67 repositories under rootkit topic.
- Language:C 2007
ExpLife0011 / awesome-windows-kernel-security-development
windows kernel security development
- Language:PHP 1766
h3xduck / TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Language:C 1730m0nad / Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Language:C 1727- Language:C++ 1651
milabs / awesome-linux-rootkits
awesome-linux-rootkits
JKornev / hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
Language:C 1630bytecode77 / r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
Language:C 1543- Language:Go 1241
d30sa1 / RootKits-List-Download
This is the list of all rootkits found so far on github and other sites.
mempodippy / vlany
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
Language:C 929XaFF-XaFF / Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Language:C++ 823nurupo / rootkit
Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
Language:C 769Cr4sh / s6_pcie_microblaze
PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info
Language:C 703screetsec / Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
Language:Shell 703- Language:C++ 699
- Language:C 694
- hvmi
bitdefender / hvmi
Hypervisor Memory Introspection Core Library
Language:C 620 landhb / HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
Language:C 606Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Language:C++ 584- Language:Rust 506
Kernel rootkit, that lives inside the Windows registry values data
Language:C 479FiYHer / InfinityHookPro
InfinityHookPro Win7 -> Win11 latest
Language:C++ 467eversinc33 / Banshee
Experimental Windows x64 Kernel Rootkit.
Language:C++ 457- Language:C++ 443
- Root
- Language:C# 310
- Language:Shell 258
gmh5225 / CallMeWin32kDriver
Load your driver like win32k.sys
Language:C++ 249hiteshd / Android-Rootkit
A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
Language:C 248memN0ps / matrix-rs
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
Language:Rust 228carloslack / KoviD
Linux kernel rootkit
Language:C 227Paradoxis / PHP-Backdoor
Your interpreter isn’t safe anymore — The PHP module backdoor
Language:C 218Idov31 / Jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
Language:C++ 214- Language:Go 203
