pathtofile/bpf-hookdetect

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pathtofile/bpf-hookdetect)

pathtofile / bpf-hookdetect

Dectect syscall hooking using eBPF

☆170

Alternatives and similar repositories for bpf-hookdetect

Users that are interested in bpf-hookdetect are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

linuxthor / rkbreaker
View on GitHub
Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes
☆12Sep 30, 2020Updated 5 years ago
CDuPlooy / arm64tracer
View on GitHub
☆15Jun 24, 2021Updated 4 years ago
lumontec / lsmtrace
View on GitHub
Trace deep kernel events through eBPF and lsm hooks
☆43Feb 9, 2021Updated 5 years ago
citronneur / blindssl
View on GitHub
Disable SSL certificate verification for all binaries that use libssl
☆48Jul 15, 2022Updated 3 years ago
0xjacklove / xflower
View on GitHub
deobfuscation BR
☆56Mar 4, 2024Updated 2 years ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
redcanaryco / redcanary-ebpf-sensor
View on GitHub
Red Canary's eBPF Sensor
☆115Apr 15, 2026Updated last month
linuxthor / rkspotter
View on GitHub
Rootkit spotter - experimental Linux rootkit finder LKM
☆30Oct 11, 2020Updated 5 years ago
linux-lock / bpflock
View on GitHub
bpflock - eBPF driven security for locking and auditing Linux machines
☆153Feb 16, 2022Updated 4 years ago
carloslack / KoviD
View on GitHub
Red-Team LKM
☆641May 13, 2026Updated last week
tiann / ebpf-jnitrace
View on GitHub
Trace jni calls with eBPF on Android
☆24Jun 21, 2022Updated 3 years ago
gojue / ehids-agent
View on GitHub
A Linux Host-based Intrusion Detection System based on eBPF.
☆456Dec 20, 2023Updated 2 years ago
pathtofile / bad-bpf
View on GitHub
A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29
☆683Jul 7, 2024Updated last year
SsageParuders / Android_SVC_Edu
View on GitHub
A Project for people to study android svc.
☆26Aug 12, 2022Updated 3 years ago
NinnOgTonic / Out-of-Sight-Out-of-Mind-Rootkit
View on GitHub
Rootkit
☆24Nov 15, 2014Updated 11 years ago
Bare Metal GPUs on DigitalOcean Gradient AI • Ad
Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
h3xduck / TripleCross
View on GitHub
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
☆1,960Apr 7, 2024Updated 2 years ago
krisnova / boopkit
View on GitHub
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.
☆1,668Oct 19, 2023Updated 2 years ago
5ec1cff / IntentTracker
View on GitHub
☆30May 13, 2025Updated last year
Gui774ume / ebpfkit
View on GitHub
ebpfkit is a rootkit powered by eBPF
☆844Feb 28, 2023Updated 3 years ago
kiosk404 / openssl_tracer
View on GitHub
openssl tracer using eBPF
☆16Jan 4, 2026Updated 4 months ago
nullhook / ollvm-14.x
View on GitHub
WIP
☆15Jan 13, 2022Updated 4 years ago
gojue / ebpfmanager
View on GitHub
A golang ebpf libary based on cilium/ebpf and datadog/ebpf.
☆351May 18, 2025Updated last year
m0nad / Diamorphine
View on GitHub
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
☆2,325Apr 27, 2026Updated 3 weeks ago
BassamGraini / CVE-2022-2588
View on GitHub
☆12Dec 16, 2022Updated 3 years ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
gojue / rootkit-sample
View on GitHub
☆48Mar 19, 2022Updated 4 years ago
gagalin95 / FART_repairdex
View on GitHub
修复通过FART dump下来的dex
☆28Aug 1, 2020Updated 5 years ago
lockedbyte / so_loader
View on GitHub
In-memory ELF shared library loading
☆45Dec 18, 2022Updated 3 years ago
huaerxiela / frida-script
View on GitHub
☆58Nov 10, 2021Updated 4 years ago
3intermute / arm64_silent_syscall_hook
View on GitHub
silent syscall hooking without modifying sys_call_table/handlers via patching exception handler
☆154Apr 22, 2024Updated 2 years ago
AkaAny / proc_injector
View on GitHub
Inject remote process without using ptrace on linux based system
☆19Apr 26, 2022Updated 4 years ago
SsageParuders / Android_Anti-Hcak_Inotify
View on GitHub
Inotify监听测试
☆35Apr 17, 2022Updated 4 years ago
reveny / Android-Library-Remap-Hide
View on GitHub
Remap a library to avoid detection
☆133Feb 1, 2024Updated 2 years ago
wuyr / agent-injector-for-android
View on GitHub
基于JVMTI实现的Android端动态代码注入工具
☆41May 10, 2024Updated 2 years ago
GPUs on demand by Runpod - Special Offer Available • Ad
Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
FrenchYeti / interruptor
View on GitHub
Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
☆355Jul 21, 2023Updated 2 years ago
tr3ee / CVE-2022-23222
View on GitHub
CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
☆578Jun 7, 2022Updated 3 years ago
SeeFlowerX / frida-smali-trace
View on GitHub
smali trace
☆209May 22, 2022Updated 4 years ago
VerSprite / engage
View on GitHub
Tools and Materials for the Frida Engage Blog Series
☆45Mar 28, 2018Updated 8 years ago
binarly-io / idapcode
View on GitHub
IDA plugin that displays the P-code for the current function
☆72Nov 18, 2025Updated 6 months ago
KKGanguly / DataCentricFuzzJS
View on GitHub
☆16Feb 27, 2026Updated 2 months ago
hardenedvault / ved-ebpf
View on GitHub
VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF
☆171Sep 7, 2024Updated last year