150 Open source projects that are alternatives of or similar to rkduck

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.

Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Your interpreter isn’t safe anymore  —  The PHP module backdoor

Linux Rootkits (4.x Kernel)

Webshell && Backdoor Collection

Learn Linux Kernel Step by Step, including the Modules, FS, Device Driver etc. --- Linux内核学习，包括Linux各模块，文件系统，设备驱动文件等。

Hypervisor Memory Introspection Core Library

📝 Kernel module that can be used as a replacement for syslog, logger or logwrapper

ld_preload userland rootkit

Resolve DOS MZ executable symbols at runtime

A local LKM rootkit loader/dropper that lists available security mechanisms

Shadow-Box: Lightweight and Practical Kernel Protector for ARM (Presented at BlackHat Asia 2018)

Linux kernel module to fight against police terror

Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

Advanced process execution monitoring utility for linux (procmon like)

awesome-linux-rootkits

LD_PRELOAD Linux rootkit (x86 & ARM)

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Install the CDC ACM and USB to Serial Modules for the Jetson TX1 or Jetson TX2 Development Kit

Rootkit Detector for UNIX

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (Presented at BlackHat Asia 2017/2018, beVX 2018 and HITBSecConf 2017)

SMM rootkit similar to LoJax or MosaicRegressor

Linux kernel Netlink examples inspired by "Why and How to Use Netlink Socket"

🔓 x86 Linux Kernel rootkit for Debian 9 (4.9.0-11-686-pae)

www.rootkit.com users section mirror, sql database dump, and a few other files/rootkits.

First Steps in Ubuntu (Server) / Hardening and Config With Docker

windows kernel security development

A kernel module able to run as many WS2812 strips as there are GPIO pins on Raspberry Pi Zero

An example rootkit that gives a userland process root permissions

Yocto Layer which provides basic support for Quectel wireless modules

This is the list of all rootkits found so far on github and other sites.

Demos for instruction and exploration of the Linux C/C++ API

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

iptables target that uwu's outgoing packets

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

Another method to anti ThreadHideFromDebugger

linux post-exploitation framework made by linux user

💣 just for fun ¯\_(ツ)_/¯

PCI Express DIY hacking toolkit for Xilinx SP605

sudo almost as fake as your ma

LD_PRELOAD rootkit

Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, functions to protect etc)

Example of hooking a linux systemcall

This is a port of the original WireGuard UI bits as implemented by Netgate in pfSense 2.5.0 to a package suitable for rapid iteration and more frequent updating on future releases of pfSense.

Reverse shell and rootkit

A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68

📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.

A simple rootkit to hide a process

A Python 3 standalone Windows 10 / Linux Rootkit using Tor.

awesome-windows-security-development

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel

a summary of linux rootkits published on GitHub

🇮🇳 🤖 It's easy to use android botnet work without port forwarding, vps and android studio

nrf24l01 linux device driver

Allows safer access to model specific registers (MSRs)

Not the device we need, but the one we deserve

Windows Rootkit written in Python