Alternatives and similar repositories for linux-rootkits:

Users that are interested in linux-rootkits are comparing it to the libraries listed below

• milabs / kmatryoshka
  Matryoshka - stacked LKM loader
  ☆50Updated last year
• perturbed-platypus / LinooxMalware
  ☆27Updated 5 years ago
• NexusBots / Umbreon-Rootkit
  ☆65Updated 8 years ago
• narhen / procjack
  PoC of injecting code into a running Linux process
  ☆23Updated 5 years ago
• dsnezhkov / exclave
  ☆16Updated 3 years ago
• t57root / amcsh
  A More Comfortable (remote) SHell with full pty support and both reverse / bindport connection mode.
  ☆30Updated 11 years ago
• linuxthor / rkspotter
  Rootkit spotter - experimental Linux rootkit finder LKM
  ☆27Updated 4 years ago
• nnedkov / swiss_army_rootkit
  ☆33Updated 8 years ago
• mponcet / subversive
  x86_64 linux rootkit using debug registers
  ☆52Updated 3 years ago
• therealdreg / lsrootkit
  Rootkit Detector for UNIX
  ☆62Updated last year
• jthuraisamy / av-fingerprints
  Antivirus Emulator Fingerprints
  ☆27Updated 6 years ago
• vyrus001 / needle
  Shellcode process injector
  ☆27Updated 4 years ago
• magisterquis / pcapknock
  Watches for trigger packets, runs commands or spawns a shell
  ☆24Updated 5 years ago
• Microwave89 / syscalltest
  PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls
  ☆39Updated 9 years ago
• MortenSchenk / Token-Stealing-Shellcode
  ☆51Updated 7 years ago
• jcramb / revshell
  reverse shell with tty emulation, openssl encryption and support for multiple tcp proxies
  ☆28Updated 8 years ago
• m0nad / PSG
  "Polymorphic" shellcode generator (x86)
  ☆23Updated 10 years ago
• ulexec / SHELF-Loading
  Evasive ELF Static PIE User-Land-Exec featured in Tmpout Vol 1.
  ☆25Updated 3 years ago
• jackson5sec / ShimDB
  Shim database persistence (Fin7 TTP)
  ☆36Updated 4 years ago
• rogue-kdc / CVE-2019-1253
  ☆49Updated 5 years ago
• xpn / BlockchainC2
  A POC C2 server and agent to explore just if/how the Ethereum blockchain can be used for C2
  ☆71Updated 5 years ago
• elfmaster / kprobe_rootkit
  Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)
  ☆38Updated 9 years ago
• maaaaz / mimicertz
  A minimal safe version of mimikatz to only allow the export of non-exportable Windows certificates
  ☆25Updated 6 years ago
• alexmgr / pybleach
  A library to facilitate the exploitation of padding oracle attacks
  ☆14Updated 9 years ago
• therealdreg / enyelkm
  LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.
  ☆84Updated last year
• asuar078 / raisin
  Reverse shell and rootkit
  ☆19Updated 7 years ago
• vyrus001 / ebowla-2
  reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support
  ☆22Updated 3 years ago
• ThunderGunExpress / Reflective_PSExec
  ☆45Updated 6 years ago
• vletoux / DetectPasswordViaNTLMInFlow
  Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …
  ☆58Updated 5 years ago
• wumb0 / watershell
  Run commands on linux through those pesky firewalls
  ☆26Updated 9 years ago