Alternatives and similar repositories for linux-rootkits:

Users that are interested in linux-rootkits are comparing it to the libraries listed below

• milabs / kmatryoshka
  Matryoshka - stacked LKM loader
  ☆52Updated last year
• t57root / amcsh
  A More Comfortable (remote) SHell with full pty support and both reverse / bindport connection mode.
  ☆30Updated 11 years ago
• dsnezhkov / exclave
  ☆16Updated 3 years ago
• perturbed-platypus / LinooxMalware
  ☆27Updated 5 years ago
• c0decave / Shellcode-Lab
  Training material for the Shellcode-Lab, including Slides and Codes
  ☆18Updated 5 years ago
• NexusBots / Umbreon-Rootkit
  ☆65Updated 8 years ago
• elfmaster / kprobe_rootkit
  Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)
  ☆39Updated 10 years ago
• therealdreg / lsrootkit
  Rootkit Detector for UNIX
  ☆61Updated last year
• En14c / LilyOfTheValley
  Simple LKM linux kernel rootkit (x86 / x86_64)
  ☆23Updated 4 years ago
• ThunderGunExpress / Reflective_PSExec
  ☆45Updated 6 years ago
• kost / scexec
  Portable utility to execute in memory a sequence of opcodes
  ☆18Updated 8 years ago
• maaaaz / mimicertz
  A minimal safe version of mimikatz to only allow the export of non-exportable Windows certificates
  ☆25Updated 6 years ago
• mortychannel / lnkexploit
  ☆42Updated 5 years ago
• Microwave89 / syscalltest
  PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls
  ☆39Updated 9 years ago
• CyberPoint / LEAP
  ☆24Updated 9 years ago
• rastating / slae
  The source code of the SLAE assignments documented at https://rastating.github.io/
  ☆23Updated 6 years ago
• Iamgublin / CVE-2019-0803
  Win32k Elevation of Privilege Poc
  Updated 5 years ago
• vulnwarex / bin2sc
  Binary to shellcode from an object/executable format 32 & 64-bit PE , ELF
  ☆72Updated 4 years ago
• fox-it / signed-phishing-email
  ☆11Updated 6 years ago
• oneNutW0nder / CatTails
  Raw socket library/framework for red team events
  ☆34Updated 2 years ago
• decoder-it / whoami-priv
  Slides from my talk "whoami /priv" at Romhack 2018
  ☆39Updated 6 years ago
• hatRiot / bugs
  public bugs/proof of concepts
  ☆48Updated 4 years ago
• djhohnstein / wlbsctrl_poc
  C++ POC code for the wlbsctrl.dll hijack on IKEEXT
  ☆53Updated 6 years ago
• jackson5sec / ShimDB
  Shim database persistence (Fin7 TTP)
  ☆37Updated 5 years ago
• rogue-kdc / CVE-2019-1253
  ☆50Updated 5 years ago
• michaelbadichi / RunAsSystem
  ☆32Updated 10 years ago
• 3gstudent / bitsadminexec
  Use bitsadmin to maintain persistence and bypass Autoruns
  ☆66Updated 7 years ago
• vletoux / DetectPasswordViaNTLMInFlow
  Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …
  ☆59Updated 6 years ago
• outflanknl / DoH_c2_Trigger
  Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
  ☆52Updated 6 years ago
• BorjaMerino / reflectPatcher
  Python script to patch the reflective stub in a DLL
  ☆24Updated 8 years ago