Alternatives and similar repositories for rootkit:

Users that are interested in rootkit are comparing it to the libraries listed below

• croemheld / lkm-rootkit
  A LKM rootkit for most newer kernel versions.
  ☆174Updated 7 years ago
• xpn / ssh-inject
  A ptrace POC by hooking SSH to reveal provided passwords
  ☆181Updated 8 years ago
• W3ndige / linux-process-injection
  Proof of concept for injecting simple shellcode via ptrace into a running process.
  ☆69Updated 2 years ago
• Error996 / bdvl
  bdvl
  ☆113Updated 3 years ago
• maK- / reverse-shell-access-kernel-module
  This is a kernel module invoked reverse shell proof of concept.
  ☆72Updated 5 years ago
• elfmaster / saruman
  ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
  ☆135Updated 7 years ago
• PinkP4nther / Sutekh
  An example rootkit that gives a userland process root permissions
  ☆77Updated 5 years ago
• sandflysecurity / sandfly-processdecloak
  Sandfly Linux Stealth Rootkit Decloaking Utility
  ☆99Updated 2 years ago
• therealdreg / enyelkm
  LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry.
  ☆86Updated last year
• Andromeda1957 / Reversing-Challenges
  Reverse engineering challenges
  ☆50Updated 5 years ago
• makomk / aeskeyfind
  Fork of aeskeyfind that knows more formats of AES key schedule
  ☆64Updated 7 years ago
• Plazmaz / CVE-2019-18634
  A functional exploit for CVE-2019-18634, a BSS overflow in sudo's pwfeedback feature that allows for for privesc
  ☆58Updated 5 years ago
• guitmz / memrun
  Small tool to run ELF binaries from memory with a given process name
  ☆165Updated 3 years ago
• QuokkaLight / rkduck
  Linux v4.x.x Rootkit
  ☆90Updated 8 months ago
• tsarpaul / GLORYHook
  The first Linux hooking framework to allow merging two binary files into one!
  ☆94Updated 4 years ago
• hacksysteam / WpadEscape
  Sandbox escape using WinHTTP Web Proxy Auto-Discovery Service
  ☆85Updated 5 years ago
• chokepoint / Jynx2
  JynxKit2 is an LD_PRELOAD userland rootkit based on the original JynxKit. The backdoor has been replaced with an "accept()" system hook.
  ☆170Updated 12 years ago
• vulnwarex / bin2sc
  Binary to shellcode from an object/executable format 32 & 64-bit PE , ELF
  ☆72Updated 4 years ago
• dsnezhkov / zombieant
  Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
  ☆225Updated 5 years ago
• tkmru / awesome-linux-rootkits
  a summary of linux rootkits published on GitHub
  ☆176Updated 4 years ago
• AonCyberLabs / Cexigua
  Linux based inter-process code injection without ptrace(2)
  ☆247Updated 7 years ago
• milabs / lkrg-bypass
  LKRG bypass methods
  ☆72Updated 5 years ago
• sad0p / d0zer
  Elf binary infector written in Go.
  ☆208Updated 3 months ago
• redtimmy / golden-frieza
  ELF launcher for encrypted binaries decrypted on-the-fly and executed in memory
  ☆26Updated 5 years ago
• milabs / kmatryoshka
  Matryoshka - stacked LKM loader
  ☆52Updated last year
• naivenom / exploiting
  Exploiting challenges in Linux and Windows
  ☆122Updated 5 years ago
• therealdreg / lsrootkit
  Rootkit Detector for UNIX
  ☆61Updated last year
• RITRedteam / goofkit
  In line function hooking LKM rootkit
  ☆51Updated 5 years ago
• h0mbre / busychild
  a pstree mod that prints other helpful information and with added functionality
  ☆24Updated 4 years ago
• ivision-research / gostringsr2
  Find strings in Go binaries
  ☆53Updated 5 years ago