rootkit-io/awesome-malware-development external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

rootkit-io/awesome-malware-development

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rootkit-io/awesome-malware-development)

Close

rootkit-io / awesome-malware-developmentView on GitHubMore

• External links
• Readme badge

Organized list of my malware development resources

☆1,706Apr 1, 2026Updated last week

Alternatives and similar repositories for awesome-malware-development

Users that are interested in awesome-malware-development are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• chvancooten / maldev-for-dummies

  View on GitHub
  A workshop about Malware Development
  ☆1,776Jun 2, 2023Updated 2 years ago
• vxunderground / VX-API

  View on GitHub
  Collection of various malicious functionality to aid in malware development
  ☆1,868Feb 28, 2024Updated 2 years ago
• CodeXTF2 / maldev-links

  View on GitHub
  My collection of malware dev links
  ☆313Feb 9, 2026Updated 2 months ago
• rootkit-io / malware-and-exploitdev-resources

  View on GitHub
  ☆69Jul 26, 2021Updated 4 years ago
• Idov31 / Nidhogg

  View on GitHub
  Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
  ☆2,295Feb 15, 2026Updated last month
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• cr-0w / maldev

  View on GitHub
  ⚠️ malware development
  ☆693May 27, 2024Updated last year
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,183Mar 28, 2025Updated last year
• vxunderground / VXUG-Papers

  View on GitHub
  Research code & papers from members of vx-underground.
  ☆1,365Dec 7, 2021Updated 4 years ago
• redcode-labs / Coldfire

  View on GitHub
  Golang malware development library
  ☆977Dec 13, 2024Updated last year
• Whitecat18 / Rust-for-Malware-Development

  View on GitHub
  Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀
  ☆3,375Mar 4, 2026Updated last month
• trickster0 / OffensiveRust

  View on GitHub
  Rust Weaponization for Red Team Engagements.
  ☆2,995Apr 25, 2024Updated last year
• klezVirus / inceptor

  View on GitHub
  Template-Driven AV/EDR Evasion Framework
  ☆1,787Nov 3, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,376Oct 27, 2023Updated 2 years ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆978Sep 3, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• vxunderground / MalwareSourceCode

  View on GitHub
  Collection of malware source code for a variety of platforms in an array of different programming languages.
  ☆17,953Sep 10, 2025Updated 7 months ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,313Mar 21, 2025Updated last year
• lsecqt / OffensiveCpp

  View on GitHub
  This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
  ☆764Jan 26, 2025Updated last year
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,610Jul 31, 2024Updated last year
• packing-box / awesome-executable-packing

  View on GitHub
  A curated list of awesome resources related to executable packing
  ☆1,559Feb 14, 2026Updated last month
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,803Aug 30, 2024Updated last year
• FULLSHADE / WindowsExploitationResources

  View on GitHub
  Resources for Windows exploit development
  ☆1,650Dec 20, 2021Updated 4 years ago
• HavocFramework / Havoc

  View on GitHub
  The Havoc Framework
  ☆8,266Dec 18, 2025Updated 3 months ago
• VirtualAlllocEx / DEFCON-31-Syscalls-Workshop

  View on GitHub
  Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
  ☆751May 23, 2025Updated 10 months ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,198Oct 16, 2023Updated 2 years ago
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,524Jul 8, 2025Updated 9 months ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆607Apr 19, 2023Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,009Jun 4, 2024Updated last year
• optiv / Freeze

  View on GitHub
  Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  ☆1,473Aug 18, 2023Updated 2 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,704Nov 11, 2022Updated 3 years ago
• CheckPointSW / Evasions

  View on GitHub
  Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into ca…
  ☆444Mar 31, 2026Updated last week
• MalwareApiLib / MalwareApiLibrary

  View on GitHub
  collection of apis used in malware development
  ☆231Aug 2, 2022Updated 3 years ago
• optiv / ScareCrow

  View on GitHub
  ScareCrow - Payload creation framework designed around EDR bypass.
  ☆2,879Aug 18, 2023Updated 2 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆682Nov 9, 2023Updated 2 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆362Mar 2, 2024Updated 2 years ago
• tkmru / awesome-edr-bypass

  View on GitHub
  Awesome EDR Bypass Resources For Ethical Hacking
  ☆1,507Jan 26, 2026Updated 2 months ago
• Xacone / BestEdrOfTheMarket

  View on GitHub
  EDR Lab for Experimentation Purposes
  ☆1,430Mar 1, 2026Updated last month
• RedTeamOperations / Advanced-Process-Injection-Workshop

  View on GitHub
  ☆779Oct 17, 2023Updated 2 years ago
• BishopFox / sliver

  View on GitHub
  Adversary Emulation Framework
  ☆10,958Apr 2, 2026Updated last week
• Orange-Cyberdefense / GOAD

  View on GitHub
  game of active directory
  ☆7,669Mar 12, 2026Updated 3 weeks ago