milabs/khook external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

milabs/khook

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/milabs/khook)

Close

milabs / khookView on GitHubMore

• External links
• Readme badge

Linux Kernel hooking engine (x86)

☆392Oct 14, 2025Updated 5 months ago

Alternatives and similar repositories for khook

Users that are interested in khook are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• milabs / kmatryoshka

  View on GitHub
  Matryoshka - stacked LKM loader
  ☆54Oct 8, 2023Updated 2 years ago
• milabs / awesome-linux-rootkits

  View on GitHub
  awesome-linux-rootkits
  ☆2,055Feb 15, 2026Updated last month
• milabs / kjector

  View on GitHub
  Code injection from Linux kernel to a process
  ☆24May 19, 2023Updated 2 years ago
• xcellerator / linux_kernel_hacking

  View on GitHub
  Linux Kernel Hacking
  ☆753Apr 10, 2024Updated 2 years ago
• ilammy / ftrace-hook

  View on GitHub
  Using ftrace for function hooking in Linux kernel
  ☆299Mar 21, 2021Updated 5 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• RITRedteam / goofkit

  View on GitHub
  In line function hooking LKM rootkit
  ☆53Mar 5, 2020Updated 6 years ago
• m0nad / Diamorphine

  View on GitHub
  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
  ☆2,288Mar 10, 2026Updated last month
• carloslack / KoviD

  View on GitHub
  Red-Team LKM
  ☆634Dec 16, 2025Updated 3 months ago
• jha / linux-kernel-hook

  View on GitHub
  A small kernel module that can hook arbitrary syscalls on x86_64
  ☆52Oct 12, 2019Updated 6 years ago
• milabs / kopycat

  View on GitHub
  Linux Kernel module-less implant (backdoor)
  ☆73Mar 11, 2021Updated 5 years ago
• croemheld / lkm-rootkit

  View on GitHub
  A LKM rootkit for most newer kernel versions.
  ☆178Sep 17, 2017Updated 8 years ago
• NoviceLive / research-rootkit

  View on GitHub
  LibZeroEvil & the Research Rootkit project.
  ☆599Dec 1, 2021Updated 4 years ago
• WeiJiLab / kernel-inline-hook-framework

  View on GitHub
  hook or replace arbitary linux/FreeBSD kernel functions in runtime, supporting arm32, arm64, x86, x86_64, riscv
  ☆221Mar 6, 2026Updated last month
• milabs / kmod_hooking

  View on GitHub
  Kernel function hooking using exception tables
  ☆28Jun 15, 2018Updated 7 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• h3xduck / TripleCross

  View on GitHub
  A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
  ☆1,953Apr 7, 2024Updated 2 years ago
• yaoyumeng / adore-ng

  View on GitHub
  linux rootkit adapted for 2.6 and 3.x
  ☆222Dec 30, 2015Updated 10 years ago
• Rhydon1337 / linux-kernel-so-injector

  View on GitHub
  Kernel mode to user mode so injection
  ☆95Nov 6, 2020Updated 5 years ago
• mncoppola / suterusu

  View on GitHub
  An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM
  ☆676Nov 21, 2017Updated 8 years ago
• linuxthor / rkspotter

  View on GitHub
  Rootkit spotter - experimental Linux rootkit finder LKM
  ☆30Oct 11, 2020Updated 5 years ago
• elfmaster / saruman

  View on GitHub
  ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
  ☆140Mar 14, 2018Updated 8 years ago
• repnz / autochk-rootkit

  View on GitHub
  Reverse engineered source code of the autochk rootkit
  ☆211Nov 1, 2019Updated 6 years ago
• pathtofile / bpf-hookdetect

  View on GitHub
  Dectect syscall hooking using eBPF
  ☆169Apr 28, 2023Updated 2 years ago
• 3intermute / arm64_silent_syscall_hook

  View on GitHub
  silent syscall hooking without modifying sys_call_table/handlers via patching exception handler
  ☆153Apr 22, 2024Updated last year
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• reveng007 / reveng_rtkit

  View on GitHub
  Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…
  ☆266Dec 6, 2025Updated 4 months ago
• DavidBuchanan314 / stelf-loader

  View on GitHub
  A stealthy ELF loader - no files, no execve, no RWX
  ☆173Dec 31, 2023Updated 2 years ago
• nurupo / rootkit

  View on GitHub
  Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64
  ☆818Apr 7, 2024Updated 2 years ago
• Gui774ume / ebpfkit

  View on GitHub
  ebpfkit is a rootkit powered by eBPF
  ☆839Feb 28, 2023Updated 3 years ago
• stealth / devpops

  View on GitHub
  Companion Worm research
  ☆17Nov 8, 2021Updated 4 years ago
• kubo / injector

  View on GitHub
  Library for injecting a shared library into a Linux or Windows process
  ☆614Sep 27, 2025Updated 6 months ago
• hiatus / snc

  View on GitHub
  AES-encrypted TCP/IP swiss army knife.
  ☆11Nov 6, 2022Updated 3 years ago
• rafael-santiago / kook

  View on GitHub
  A syscall hooking system for FreeBSD, NetBSD and also Linux.
  ☆16Nov 14, 2021Updated 4 years ago
• out-of-tree / out-of-tree

  View on GitHub
  out-of-tree kernel {module, exploit} development tool
  ☆230Dec 2, 2024Updated last year
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• strozfriedberg / Cexigua

  View on GitHub
  Linux based inter-process code injection without ptrace(2)
  ☆259Aug 24, 2017Updated 8 years ago
• emptymonkey / mimic

  View on GitHub
  Hide processes as a normal user in Linux.
  ☆261Jul 10, 2024Updated last year
• elfmaster / scop_virus_paper

  View on GitHub
  ELF Virus infection techniques that work with SCOP (Secure code partitioned) executables
  ☆15May 13, 2019Updated 6 years ago
• marin-m / vmlinux-to-elf

  View on GitHub
  A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
  ☆1,709Updated this week
• nbulischeck / tyton

  View on GitHub
  Kernel-Mode Rootkit Hunter
  ☆375Nov 13, 2021Updated 4 years ago
• gaffe23 / linux-inject

  View on GitHub
  Tool for injecting a shared object into a Linux process
  ☆1,223Feb 23, 2022Updated 4 years ago
• alex91ar / Diamorphine

  View on GitHub
  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x
  ☆39May 23, 2019Updated 6 years ago