Need help with awesome-linux-rootkits?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

milabs
532 Stars 98 Forks Creative Commons Zero v1.0 Universal 91 Commits 1 Opened issues

Description

awesome-linux-rootkits

Services available

!
?

Need anything else?

Contributors list

No Data

awesome-linux-rootkits
Awesome

:key: feature table

Environment: - CPU architecture - Kernel/User mode (or mixed)

Core capabilities: - Persistency - Management interface - Altering system (library) behavior

Stealth capabilities: - Detection evasion - System logs cleaning (filtering)

Hiding stuff capabilities: - Hiding of files and directories - Hiding (tampering) of file contents - Hiding of processes and process trees - Hiding of network connections and activity - Hiding of process accounting information (like CPU usage)

Additional functions: - Keylogger - Backdoor/shell - Gaining priveleges

:seenoevil: user mode rootkits

  • https://github.com/mempodippy/vlany

Linux LDPRELOAD rootkit (x86 and x8664 architectures)

  • https://github.com/unix-thrust/beurk

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection.

  • https://github.com/chokepoint/azazel

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit.

  • https://github.com/chokepoint/Jynx2

JynxKit2 is an LD_PRELOAD userland rootkit based on the original JynxKit.

  • https://github.com/chokepoint/jynxkit

JynxKit is an LD_PRELOAD userland rootkit for Linux systems with reverse connection SSL backdoor

  • https://github.com/NexusBots/Umbreon-Rootkit

LD_PRELOAD based

  • https://github.com/ChristianPapathanasiou/apache-rootkit

A malicious Apache module with rootkit functionality

:hearnoevil: kernel mode rootkits

  • https://github.com/jermeyyy/rooty

Academic project of Linux rootkit made for Bachelor Engineering Thesis.

  • https://github.com/trailofbits/krf

A kernelspace randomized syscall faulter for Linux 4.15+

  • https://github.com/f0rb1dd3n/Reptile :zap: details :zap:

Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x

  • https://github.com/QuokkaLight/rkduck :zap: details :zap:

rkduck - Rootkit for Linux v4

  • https://github.com/croemheld/lkm-rootkit

A LKM rootkit for most newer kernel versions.

  • https://github.com/mncoppola/suterusu

An LKM rootkit targeting Linux 2.6.x/3.x on x86, and ARM

  • https://github.com/romeroperezabel/ARP-RootKit

An open source rootkit for the Linux Kernel to develop new ways of infection/detection.

  • https://github.com/nurupo/rootkit

Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

  • https://github.com/m0nad/Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)

  • https://github.com/ivyl/rootkit

Sample Rootkit for Linux

  • https://github.com/deb0ch/toorkit

A simple useless rootkit for the linux kernel

  • https://github.com/vrasneur/randkit

Random number rootkit for the Linux kernel

  • https://github.com/Eterna1/puszek-rootkit

Yet another LKM rootkit for Linux. It hooks syscall table.

  • https://github.com/trimpsyw/adore-ng

linux rootkit adapted for 2.6 and 3.x

  • https://github.com/bones-codes/the_colonel

An experimental linux kernel module (rootkit) with a keylogger and built-in IRC bot

  • https://github.com/David-Reguera-Garcia-Dreg/enyelkm

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside systemcall and sysenterentry.

  • https://github.com/falk3n/subversive

x86_64 linux rootkit using debug registers

  • https://github.com/jiayy/lkm-rootkit

An lkm rootkit support x86/64,arm,mips

  • https://github.com/a7vinx/liinux

A linux rootkit works on kernel 4.0.X or higher

  • https://github.com/hanj4096/wukong

Wukong: a LKM rootkit for Linux kernel 2.6.x, 3.x and 4.x

  • https://github.com/varshapaidi/Kernel_Rootkit

Linux Kernel Rootkit - To hide modules and ssh service

  • https://github.com/kacheo/KernelRootkit

Linux kernel rootkit to hide certain files and processes.

  • https://github.com/dsmatter/brootus

bROOTus is a Linux kernel rootkit that comes as a single LKM (Loadable Kernel Module) and it is totally restricted to kernel 2.6.32.

  • https://github.com/jarun/keysniffer

A Linux kernel module to grab keys pressed in the keyboard.

  • https://github.com/PinkP4nther/Sutekh

An example rootkit that gives a userland process root permissions (x86, 4.x)

  • https://github.com/En14c/LilyOfTheValley

LilyOfTheValley is a simple LKM linux kernel rootkit for v4.x that works on (x86 and x86_64)

  • https://github.com/NoviceLive/research-rootkit

This is LibZeroEvil & the Research Rootkit project, in which there are step-by-step, experiment-based courses that help to get you started and keep your hands dirty with offensive or defensive development in the Linux kernel (LibZeroEvil).

  • https://github.com/NinnOgTonic/Out-of-Sight-Out-of-Mind-Rootkit :zap: writeup :zap:

Out of Sight, Out of Mind is a study and implementation of Linux rootkit methods. In addition a new covert network channel using additional Domain Name System (DNS) is implemented.

:speaknoevil: related stuff

  • https://github.com/landhb/DrawBridge

A layer 4 Single Packet Authentication (SPA) Module, used to conceal TCP ports on public facing machines and add an extra layer of security.

  • https://github.com/gianlucaborello/libprocesshider

Hide a process under Linux using the ld preloader

  • https://github.com/spiderpig1297/kprochide

LKM for hiding processes from the userland. The module is able to hide multiple processes and is able to dynamically receive new processes to hide.

  • https://github.com/spiderpig1297/kfile-over-icmp

kfile-over-icmp is a loadable kernel module for stealth sending of files over ICMP communication.

  • https://github.com/spiderpig1297/kunkillable

LKM (loadable kernel module) that makes userland processes unkillable.

Contributing

Please refer the guidelines at contributing.md for details

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.