Linux Kernel hooking engine (x86)
☆392Oct 14, 2025Updated 6 months ago
Alternatives and similar repositories for khook
Users that are interested in khook are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Matryoshka - stacked LKM loader☆55Oct 8, 2023Updated 2 years ago
- awesome-linux-rootkits☆2,063Feb 15, 2026Updated 2 months ago
- Code injection from Linux kernel to a process☆24May 19, 2023Updated 2 years ago
- Using ftrace for function hooking in Linux kernel☆299Mar 21, 2021Updated 5 years ago
- Linux Kernel Hacking☆757Apr 10, 2024Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- In line function hooking LKM rootkit☆54Mar 5, 2020Updated 6 years ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,313Updated this week
- Red-Team LKM☆633Apr 20, 2026Updated last week
- A small kernel module that can hook arbitrary syscalls on x86_64☆52Oct 12, 2019Updated 6 years ago
- Linux Kernel module-less implant (backdoor)☆73Mar 11, 2021Updated 5 years ago
- A LKM rootkit for most newer kernel versions.☆178Sep 17, 2017Updated 8 years ago
- LibZeroEvil & the Research Rootkit project.☆600Dec 1, 2021Updated 4 years ago
- hook or replace arbitary linux/FreeBSD kernel functions in runtime, supporting arm32, arm64, x86, x86_64, riscv☆222Mar 6, 2026Updated last month
- Kernel function hooking using exception tables☆28Jun 15, 2018Updated 7 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,959Apr 7, 2024Updated 2 years ago
- linux rootkit adapted for 2.6 and 3.x☆222Dec 30, 2015Updated 10 years ago
- Kernel mode to user mode so injection☆95Nov 6, 2020Updated 5 years ago
- An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM☆678Nov 21, 2017Updated 8 years ago
- Rootkit spotter - experimental Linux rootkit finder LKM☆30Oct 11, 2020Updated 5 years ago
- ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)☆141Mar 14, 2018Updated 8 years ago
- Reverse engineered source code of the autochk rootkit☆212Nov 1, 2019Updated 6 years ago
- Dectect syscall hooking using eBPF☆170Apr 28, 2023Updated 3 years ago
- silent syscall hooking without modifying sys_call_table/handlers via patching exception handler☆153Apr 22, 2024Updated 2 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆267Dec 6, 2025Updated 4 months ago
- Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64☆820Apr 7, 2024Updated 2 years ago
- A stealthy ELF loader - no files, no execve, no RWX☆174Dec 31, 2023Updated 2 years ago
- ebpfkit is a rootkit powered by eBPF☆846Feb 28, 2023Updated 3 years ago
- Companion Worm research☆17Nov 8, 2021Updated 4 years ago
- Library for injecting a shared library into a Linux or Windows process☆613Sep 27, 2025Updated 7 months ago
- AES-encrypted TCP/IP swiss army knife.☆11Nov 6, 2022Updated 3 years ago
- A syscall hooking system for FreeBSD, NetBSD and also Linux.☆16Nov 14, 2021Updated 4 years ago
- out-of-tree kernel {module, exploit} development tool☆230Dec 2, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Linux based inter-process code injection without ptrace(2)☆259Aug 24, 2017Updated 8 years ago
- ELF Virus infection techniques that work with SCOP (Secure code partitioned) executables☆15May 13, 2019Updated 6 years ago
- Hide processes as a normal user in Linux.☆261Jul 10, 2024Updated last year
- A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)☆1,723Apr 6, 2026Updated 3 weeks ago
- Kernel-Mode Rootkit Hunter☆375Nov 13, 2021Updated 4 years ago
- Tool for injecting a shared object into a Linux process☆1,228Feb 23, 2022Updated 4 years ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x☆39May 23, 2019Updated 6 years ago