BdvlLD_PRELOAD Linux rootkit (x86 & ARM)
Php BackdoorYour interpreter isn’t safe anymore — The PHP module backdoor
HiddenwallTool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, functions to protect etc)
Shadow Box For X86Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
Android RootkitA rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
MalwareRootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools
Www.rootkit.comwww.rootkit.com users section mirror, sql database dump, and a few other files/rootkits.
SpacecowWindows Rootkit written in Python
Shadow Box For ArmShadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)
SutekhAn example rootkit that gives a userland process root permissions
VlanyLinux LD_PRELOAD rootkit (x86 and x86_64 architectures)
HiddenWindows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
RootkitLinux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
VegileThis tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
HvmiHypervisor Memory Introspection Core Library
Emp3r0rlinux post-exploitation framework made by linux user
HideprocessA basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
superhideExample of hooking a linux systemcall
raisinReverse shell and rootkit
SMM-RootkitSMM rootkit similar to LoJax or MosaicRegressor
NtSymbolResolve DOS MZ executable symbols at runtime
SolarisA local LKM rootkit loader/dropper that lists available security mechanisms
tor-rootkitA Python 3 standalone Windows 10 / Linux Rootkit using Tor.
satan🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)
VegileThis tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
ebpfkit-monitorebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
ebpfkitebpfkit is a rootkit powered by eBPF
UmbraA LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.