Alternatives and similar repositories for linux-rootkit

Users that are interested in linux-rootkit are comparing it to the libraries listed below

• jbaines-r7 / overkill
  QNAP N-Day (Probably not CVE-2020-2509)
  ☆13Updated 2 years ago
• ihack4falafel / Dell-Driver-EoP-CVE-2021-21551
  Dell Driver EoP (CVE-2021-21551)
  ☆32Updated 3 years ago
• MrTiz / CVE-2020-0688
  Remote Code Execution on Microsoft Exchange Server through fixed cryptographic keys
  ☆20Updated 4 years ago
• dobin / avred-server
  The AMSI server for Avred
  ☆29Updated last year
• 0xballistics / inject2pe
  inject or convert shellcode to PE
  ☆39Updated 5 years ago
• corelight / cve-2022-26809
  Detects attempts and successful exploitation of CVE-2022-26809
  ☆33Updated 9 months ago
• ASkyeye / CobaltPatch
  Cobalt Strike Malleable Profile Inline Patch Template: A Position Independent Code (PIC) Code Template For Creating Shellcode That Can Be…
  ☆40Updated 4 years ago
• ethereal-vx / Persistence
  Recreating and reviewing the Windows persistence methods
  ☆38Updated 3 years ago
• MatheuZSecurity / UnhookingLinuxEdr
  Attacking the cleanup_module function of a kernel module
  ☆36Updated 2 months ago
• dosxuz / ProcessGhosting
  Small POC for process ghosting
  ☆39Updated 3 years ago
• johneiser / MalleableC2Parser
  A library to parse, modify, and implement Malleable C2 profiles
  ☆26Updated 6 years ago
• jakabakos / CVE-2023-36884-MS-Office-HTML-RCE
  MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit
  ☆40Updated last year
• MurryPuppins / Parasite
  Linux Kernel Module Rootkit with module hiding, RCE/reverse shell, and persistence capabilities
  ☆15Updated 2 years ago
• hacefresko / CVE-2025-40634
  Exploit for stack-based buffer overflow found in the conn-indicator binary in the TP-Link Archer AX50 router
  ☆25Updated 3 weeks ago
• thefLink / Memfiddler
  Executes shellcode from a remote server and aims to evade in-memory scanners
  ☆31Updated 5 years ago
• timwhitez / JmpUnhook
  Ntdll Unhooking POC
  ☆19Updated 2 years ago
• tothi / PowerLessShell
  Run PowerShell command without invoking powershell.exe
  ☆35Updated 3 years ago
• deepinstinct / VSTO-POC
  A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously
  ☆31Updated 2 years ago
• mantvydasb / RdpThief
  Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  ☆16Updated 5 years ago
• f0wl / zipExec_unpack
  Unpacking tool for the zipExec Crypter
  ☆14Updated 3 years ago
• h3xduck / Umbra
  A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…
  ☆127Updated 3 years ago
• scriptchildie / MaliciousVBA
  Reverse shell macro using Word VBA
  ☆14Updated 4 years ago
• HuskyHacks / CobaltNotion
  A spin-off research project. Cobalt Strike x Notion collab 2022
  ☆53Updated 3 years ago
• 5h3r10ck / antivirus-evasion
  Applying some AV evasion techniques on a metasploit reverse shell
  ☆18Updated 4 years ago
• GetRektBoy724 / Breaking-Detecting-Direct-Syscall-Techniques
  A repository filled with ideas to break/detect direct syscall techniques
  ☆27Updated 3 years ago
• V3ded / Blog-Lab
  Source files for my posts
  ☆16Updated 2 years ago
• GetRektBoy724 / SysGate
  One gate to all syscalls!
  ☆23Updated 3 years ago
• infobyte / Exploit-CVE-2021-21086
  ☆27Updated 3 years ago
• OccamsXor / sim-ba
  (Sim)ulate (Ba)zar Loader
  ☆29Updated 4 years ago
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆71Updated 3 years ago