Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 rootkit Open-Source Projects
-
TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
-
Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
-
Jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. (by Idov31)
-
Stuxnet-Source
stuxnet Source & Binaries. ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES! Includes: Source files, Binaries, PLC Samples,Fanny Added in another repo.
-
arm64_silent_syscall_hook
silent syscall hooking without modifying sys_call_table/handlers via patching exception handler
-
Solaris
A local LKM rootkit loader/dropper that lists available security mechanisms (by redcode-labs)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. | /r/netsec | 2023-06-24This is not an exploit nor an example about how to write a driver and I didn't write anywhere about an exploit or how to write an driver. If you are looking for these kind of resources, feel free to check out my driver programming blog series "Lord of the Ring0" (and a talk that will be released soon! :) ): https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Project mention: Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection | /r/blueteamsec | 2023-12-10
Project mention: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. | /r/RedSec | 2023-06-27
Project mention: Kernel-Process-Hollowing: Windows x64 kernel mode rootkit process hollowing POC. | /r/blueteamsec | 2023-06-29
rootkit related posts
-
Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection
-
Black-Angel-Rootkit: Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
-
TripleCross – Linux eBPF Rootkit
-
GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
-
Show HN: TripleCross – A Linux eBPF rootkit with a C2 system and more
-
Show HN: Credentials dumper for Linux using eBPF
-
TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
-
A note from our sponsor - InfluxDB
www.influxdata.com | 5 May 2024
Index
What are some of the best open-source rootkit projects? This list will help you:
Project | Stars | |
---|---|---|
1 | TitanHide | 1,948 |
2 | TripleCross | 1,677 |
3 | Diamorphine | 1,664 |
4 | Nidhogg | 1,601 |
5 | r77-rootkit | 1,499 |
6 | RootKits-List-Download | 1,219 |
7 | emp3r0r | 1,209 |
8 | Cronos-Rootkit | 793 |
9 | Chaos-Rootkit | 687 |
10 | ebpfkit | 660 |
11 | Black-Angel-Rootkit | 565 |
12 | VectorKernel | 291 |
13 | Jormungandr | 210 |
14 | Kernel-Process-Hollowing | 176 |
15 | awesome-linux-rootkits | 159 |
16 | tor-rootkit | 156 |
17 | Stuxnet-Source | 151 |
18 | WSAAcceptBackdoor | 111 |
19 | ebpfkit-monitor | 110 |
20 | arm64_silent_syscall_hook | 95 |
21 | NtSymbol | 94 |
22 | Qubes-VM-hardening | 71 |
23 | Solaris | 53 |
Sponsored