ebpfkit-monitorebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Stars: ✭ 80 (-83.05%)
bpfbox🐝 BPFBox 📦 Exploring process confinement in eBPF
Stars: ✭ 93 (-80.3%)
DiamorphineLKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+53.6%)
Ebpf exporter Prometheus exporter for custom eBPF metrics
Stars: ✭ 829 (+75.64%)
SutekhAn example rootkit that gives a userland process root permissions
Stars: ✭ 62 (-86.86%)
portablebpfYou came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.
Stars: ✭ 32 (-93.22%)
kernel new features一个深挖 Linux 内核的新功能特性,以 io_uring, cgroup, ebpf, llvm 为代表,包含开源项目,代码案例,文章,视频,架构脑图等
Stars: ✭ 1,094 (+131.78%)
satan🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)
Stars: ✭ 31 (-93.43%)
ipftrace[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.
Stars: ✭ 60 (-87.29%)
UmbraA LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
Stars: ✭ 98 (-79.24%)
lkm-sandboxCollection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development
Stars: ✭ 36 (-92.37%)
Ipftrace2A packet oriented Linux kernel function call tracer
Stars: ✭ 193 (-59.11%)
PolycubeeBPF/XDP-based software framework for fast network services running in the Linux kernel.
Stars: ✭ 217 (-54.03%)
devheartListen to Tux's heartbeat with this awesome Linux Kernel Module ❤️
Stars: ✭ 58 (-87.71%)
Shadow Box For ArmShadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)
Stars: ✭ 64 (-86.44%)
Rootkits List DownloadThis is the list of all rootkits found so far on github and other sites.
Stars: ✭ 815 (+72.67%)
rkduckLinux v4.x.x Rootkit
Stars: ✭ 83 (-82.42%)
virtblkiosimVirtual Linux block device driver for simulating and performing I/O.
Stars: ✭ 30 (-93.64%)
HiddenWindows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
Stars: ✭ 768 (+62.71%)
RootkitLinux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
Stars: ✭ 601 (+27.33%)
VegileThis tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
Stars: ✭ 478 (+1.27%)
Emp3r0rlinux post-exploitation framework made by linux user
Stars: ✭ 419 (-11.23%)
SpacecowWindows Rootkit written in Python
Stars: ✭ 81 (-82.84%)
libbpf-sysRust bindings to libbpf from the Linux kernel
Stars: ✭ 103 (-78.18%)
qinstDraft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code
Stars: ✭ 17 (-96.4%)
kube-knarkOpen Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster
Stars: ✭ 32 (-93.22%)
WebshellWebshell && Backdoor Collection
Stars: ✭ 1,056 (+123.73%)
VlanyLinux LD_PRELOAD rootkit (x86 and x86_64 architectures)
Stars: ✭ 804 (+70.34%)
naticknatickOS - A minimal, lightweight, research Linux Distribution
Stars: ✭ 33 (-93.01%)
perf-monitorKernel profiler based on perf_event and ebpf
Stars: ✭ 28 (-94.07%)
FatherLD_PRELOAD rootkit
Stars: ✭ 59 (-87.5%)
HvmiHypervisor Memory Introspection Core Library
Stars: ✭ 438 (-7.2%)
BdvlLD_PRELOAD Linux rootkit (x86 & ARM)
Stars: ✭ 232 (-50.85%)
HideprocessA basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
Stars: ✭ 329 (-30.3%)
Simple-Antirootkit-SST-UnhookerThis is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks
Stars: ✭ 31 (-93.43%)
Php BackdoorYour interpreter isn’t safe anymore — The PHP module backdoor
Stars: ✭ 211 (-55.3%)
ebpfElastic's eBPF
Stars: ✭ 45 (-90.47%)
lsrootkitRootkit Detector for UNIX
Stars: ✭ 53 (-88.77%)
HiddenwallTool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, functions to protect etc)
Stars: ✭ 187 (-60.38%)
superhideExample of hooking a linux systemcall
Stars: ✭ 48 (-89.83%)
rkorovald_preload userland rootkit
Stars: ✭ 34 (-92.8%)
Shadow Box For X86Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)
Stars: ✭ 178 (-62.29%)
raisinReverse shell and rootkit
Stars: ✭ 18 (-96.19%)
SMM-RootkitSMM rootkit similar to LoJax or MosaicRegressor
Stars: ✭ 44 (-90.68%)
kernel pendulum sdm845Pendulum Kernel (old Rebirth) based on LE.UM.3.2.2.r1.1 CAF with google-common merged in for Xiaomi Poco F1 and Mi 8 with LTO, CFI and SCS enabled.
Stars: ✭ 9 (-98.09%)
novabootA tool that automates booting of operating systems on target hardware or in qemu
Stars: ✭ 32 (-93.22%)
Android RootkitA rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68
Stars: ✭ 167 (-64.62%)
NtSymbolResolve DOS MZ executable symbols at runtime
Stars: ✭ 78 (-83.47%)
SolarisA local LKM rootkit loader/dropper that lists available security mechanisms
Stars: ✭ 47 (-90.04%)
MalwareRootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools
Stars: ✭ 156 (-66.95%)
tor-rootkitA Python 3 standalone Windows 10 / Linux Rootkit using Tor.
Stars: ✭ 142 (-69.92%)
rbbccBCC port for MRI - this is unofficial bonsai project.
Stars: ✭ 45 (-90.47%)