Top 23 rootkit Open-Source Projects

• TitanHide

  1 1,948 2.5 C

  Hiding kernel-driver for x86/x64.

• TripleCross

  11 1,677 0.7 C

  A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Diamorphine

  1 1,664 3.0 C

  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

• Nidhogg

  9 1,601 8.1 C++

  Nidhogg is an all-in-one simple to use rootkit.

Project mention: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. | /r/netsec | 2023-06-24

This is not an exploit nor an example about how to write a driver and I didn't write anywhere about an exploit or how to write an driver. If you are looking for these kind of resources, feel free to check out my driver programming blog series "Lord of the Ring0" (and a talk that will be released soon! :) ): https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html

• r77-rootkit

  1 1,499 5.6 C

  Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

• RootKits-List-Download

  1 1,219 0.0

  This is the list of all rootkits found so far on github and other sites.

• emp3r0r

  3 1,209 9.3 Go

  Linux/Windows post-exploitation framework made by linux user

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• Cronos-Rootkit

  2 793 1.8 C++

  Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

• Chaos-Rootkit

  1 687 7.6 C++

  Now You See Me, Now You Don't

• ebpfkit

  2 660 0.7 C

  ebpfkit is a rootkit powered by eBPF

• Black-Angel-Rootkit

  2 565 4.4 C++

  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

• VectorKernel

  2 291 8.8 C#

  PoCs for Kernelmode rootkit techniques research.

Project mention: Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection | /r/blueteamsec | 2023-12-10

• Jormungandr

  5 210 4.5 C++

  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. (by Idov31)

Project mention: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. | /r/RedSec | 2023-06-27

• Kernel-Process-Hollowing

  1 176 5.2 C++

  Windows x64 kernel mode rootkit process hollowing POC.

Project mention: Kernel-Process-Hollowing: Windows x64 kernel mode rootkit process hollowing POC. | /r/blueteamsec | 2023-06-29

• awesome-linux-rootkits

  1 159 0.0

  a summary of linux rootkits published on GitHub

• tor-rootkit

  2 156 0.0 Python

  A Python 3 standalone Windows 10 / Linux Rootkit using Tor.

• Stuxnet-Source

  2 151 8.0 C

  stuxnet Source & Binaries. ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.

• WSAAcceptBackdoor

  1 111 0.0 C

  Winsock accept() Backdoor Implant.

• ebpfkit-monitor

  1 110 0.6 C

  ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

• arm64_silent_syscall_hook

  1 95 0.0 C

  silent syscall hooking without modifying sys_call_table/handlers via patching exception handler

• NtSymbol

  1 94 0.0 C++

  Resolve DOS MZ executable symbols at runtime

• Qubes-VM-hardening

  2 71 2.2 Shell

  Fend off malware at Qubes VM startup

• Solaris

  2 53 0.0 Go

  A local LKM rootkit loader/dropper that lists available security mechanisms (by redcode-labs)

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

rootkit related posts

• Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection

  1 project | /r/blueteamsec | 10 Dec 2023

• Black-Angel-Rootkit: Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

  1 project | /r/blueteamsec | 22 Mar 2023

• TripleCross – Linux eBPF Rootkit

  1 project | news.ycombinator.com | 10 Jul 2022

• GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

  1 project | /r/devopsish | 7 Jul 2022

• Show HN: TripleCross – A Linux eBPF rootkit with a C2 system and more

  1 project | news.ycombinator.com | 6 Jul 2022

• Show HN: Credentials dumper for Linux using eBPF

  5 projects | news.ycombinator.com | 5 Jul 2022

• TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

  1 project | /r/linux | 5 Jul 2022
• A note from our sponsor - InfluxDB
  www.influxdata.com | 5 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com