Linux Kernel hooking engine (x86)
☆387Oct 14, 2025Updated 4 months ago
Alternatives and similar repositories for khook
Users that are interested in khook are comparing it to the libraries listed below
Sorting:
- Matryoshka - stacked LKM loader☆54Oct 8, 2023Updated 2 years ago
- awesome-linux-rootkits☆2,032Feb 15, 2026Updated 2 weeks ago
- Code injection from Linux kernel to a process☆24May 19, 2023Updated 2 years ago
- In line function hooking LKM rootkit☆52Mar 5, 2020Updated 5 years ago
- Linux Kernel Hacking☆750Apr 10, 2024Updated last year
- Using ftrace for function hooking in Linux kernel☆295Mar 21, 2021Updated 4 years ago
- LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)☆2,264Jan 24, 2026Updated last month
- Red-Team LKM☆637Dec 16, 2025Updated 2 months ago
- Linux Kernel module-less implant (backdoor)☆73Mar 11, 2021Updated 4 years ago
- LibZeroEvil & the Research Rootkit project.☆600Dec 1, 2021Updated 4 years ago
- A LKM rootkit for most newer kernel versions.☆180Sep 17, 2017Updated 8 years ago
- Reverse engineered source code of the autochk rootkit☆210Nov 1, 2019Updated 6 years ago
- linux rootkit adapted for 2.6 and 3.x☆220Dec 30, 2015Updated 10 years ago
- ANBU (Automatic New Binary Unpacker) a tool for me to learn about PIN and about algorithms for generic unpacking.☆91May 23, 2019Updated 6 years ago
- A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.☆1,942Apr 7, 2024Updated last year
- hook or replace arbitary linux/FreeBSD kernel functions in runtime, supporting arm32, arm64, x86, x86_64, riscv☆218Updated this week
- A small kernel module that can hook arbitrary syscalls on x86_64☆53Oct 12, 2019Updated 6 years ago
- Kernel mode to user mode so injection☆93Nov 6, 2020Updated 5 years ago
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆267Dec 6, 2025Updated 2 months ago
- ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)☆138Mar 14, 2018Updated 7 years ago
- ELF Virus infection techniques that work with SCOP (Secure code partitioned) executables☆15May 13, 2019Updated 6 years ago
- out-of-tree kernel {module, exploit} development tool☆230Dec 2, 2024Updated last year
- An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM☆674Nov 21, 2017Updated 8 years ago
- ebpfkit is a rootkit powered by eBPF☆837Feb 28, 2023Updated 3 years ago
- break link between dll and it file on disk☆12Sep 2, 2024Updated last year
- A syscall hooking system for FreeBSD, NetBSD and also Linux.☆16Nov 14, 2021Updated 4 years ago
- Companion Worm research☆16Nov 8, 2021Updated 4 years ago
- A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)☆1,686Feb 24, 2026Updated last week
- silent syscall hooking without modifying sys_call_table/handlers via patching exception handler☆152Apr 22, 2024Updated last year
- Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64☆818Apr 7, 2024Updated last year
- A working version of this tutorial: https://docs.microsoft.com/en-us/windows/desktop/rpc/tutorial☆16Jun 22, 2019Updated 6 years ago
- A stealthy ELF loader - no files, no execve, no RWX☆174Dec 31, 2023Updated 2 years ago
- Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.☆2,101Feb 19, 2026Updated last week
- linux elf injector for x86 x86_64 arm arm64☆346May 31, 2018Updated 7 years ago
- Hide processes as a normal user in Linux.☆261Jul 10, 2024Updated last year
- Dectect syscall hooking using eBPF☆169Apr 28, 2023Updated 2 years ago
- Hook function calls by replacing PLT(Procedure Linkage Table) entries.☆874Oct 5, 2025Updated 4 months ago
- Пример руткита для ядра линукс 5☆19Dec 4, 2020Updated 5 years ago
- A Simple Linux ELF Runtime Crypter☆271Feb 25, 2025Updated last year