rootkit-io/awesome-malware-development external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

rootkit-io/awesome-malware-development

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rootkit-io/awesome-malware-development)

Close

rootkit-io / awesome-malware-developmentView on GitHubMore

• External links
• Readme badge

Organized list of my malware development resources

☆1,703May 16, 2022Updated 3 years ago

Alternatives and similar repositories for awesome-malware-development

Users that are interested in awesome-malware-development are comparing it to the libraries listed below

• chvancooten / maldev-for-dummies

  View on GitHub
  A workshop about Malware Development
  ☆1,771Jun 2, 2023Updated 2 years ago
• vxunderground / VX-API

  View on GitHub
  Collection of various malicious functionality to aid in malware development
  ☆1,854Feb 28, 2024Updated 2 years ago
• CodeXTF2 / maldev-links

  View on GitHub
  My collection of malware dev links
  ☆312Feb 9, 2026Updated last month
• rootkit-io / malware-and-exploitdev-resources

  View on GitHub
  ☆69Jul 26, 2021Updated 4 years ago
• Idov31 / Nidhogg

  View on GitHub
  Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
  ☆2,280Feb 15, 2026Updated last month
• cr-0w / maldev

  View on GitHub
  ⚠️ malware development
  ☆690May 27, 2024Updated last year
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,173Mar 28, 2025Updated 11 months ago
• vxunderground / VXUG-Papers

  View on GitHub
  Research code & papers from members of vx-underground.
  ☆1,359Dec 7, 2021Updated 4 years ago
• Whitecat18 / Rust-for-Malware-Development

  View on GitHub
  Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀
  ☆3,342Mar 4, 2026Updated 2 weeks ago
• redcode-labs / Coldfire

  View on GitHub
  Golang malware development library
  ☆977Dec 13, 2024Updated last year
• trickster0 / OffensiveRust

  View on GitHub
  Rust Weaponization for Red Team Engagements.
  ☆2,991Apr 25, 2024Updated last year
• klezVirus / inceptor

  View on GitHub
  Template-Driven AV/EDR Evasion Framework
  ☆1,786Nov 3, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,374Oct 27, 2023Updated 2 years ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆976Sep 3, 2023Updated 2 years ago
• vxunderground / MalwareSourceCode

  View on GitHub
  Collection of malware source code for a variety of platforms in an array of different programming languages.
  ☆17,891Sep 10, 2025Updated 6 months ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,307Mar 21, 2025Updated last year
• lsecqt / OffensiveCpp

  View on GitHub
  This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
  ☆762Jan 26, 2025Updated last year
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,601Jul 31, 2024Updated last year
• packing-box / awesome-executable-packing

  View on GitHub
  A curated list of awesome resources related to executable packing
  ☆1,548Feb 14, 2026Updated last month
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,793Aug 30, 2024Updated last year
• HavocFramework / Havoc

  View on GitHub
  The Havoc Framework
  ☆8,245Dec 18, 2025Updated 3 months ago
• FULLSHADE / WindowsExploitationResources

  View on GitHub
  Resources for Windows exploit development
  ☆1,652Dec 20, 2021Updated 4 years ago
• VirtualAlllocEx / DEFCON-31-Syscalls-Workshop

  View on GitHub
  Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
  ☆750May 23, 2025Updated 9 months ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,198Oct 16, 2023Updated 2 years ago
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,491Jul 8, 2025Updated 8 months ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆605Apr 19, 2023Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,008Jun 4, 2024Updated last year
• optiv / Freeze

  View on GitHub
  Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  ☆1,472Aug 18, 2023Updated 2 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,699Nov 11, 2022Updated 3 years ago
• CheckPointSW / Evasions

  View on GitHub
  Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into ca…
  ☆444Jul 10, 2024Updated last year
• MalwareApiLib / MalwareApiLibrary

  View on GitHub
  collection of apis used in malware development
  ☆229Aug 2, 2022Updated 3 years ago
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆680Nov 9, 2023Updated 2 years ago
• optiv / ScareCrow

  View on GitHub
  ScareCrow - Payload creation framework designed around EDR bypass.
  ☆2,880Aug 18, 2023Updated 2 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆359Mar 2, 2024Updated 2 years ago
• tkmru / awesome-edr-bypass

  View on GitHub
  Awesome EDR Bypass Resources For Ethical Hacking
  ☆1,497Jan 26, 2026Updated last month
• Xacone / BestEdrOfTheMarket

  View on GitHub
  EDR Lab for Experimentation Purposes
  ☆1,422Mar 1, 2026Updated 2 weeks ago
• BishopFox / sliver

  View on GitHub
  Adversary Emulation Framework
  ☆10,838Mar 15, 2026Updated last week
• RedTeamOperations / Advanced-Process-Injection-Workshop

  View on GitHub
  ☆777Oct 17, 2023Updated 2 years ago
• Orange-Cyberdefense / GOAD

  View on GitHub
  game of active directory
  ☆7,581Mar 12, 2026Updated last week