rootkit-io/awesome-malware-development external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

rootkit-io/awesome-malware-development

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rootkit-io/awesome-malware-development)

Close

rootkit-io / awesome-malware-developmentView on GitHubMore

• External links
• Readme badge

Curated resources for malware dev, reverse engineering, and defensive security research.

☆1,741Apr 1, 2026Updated 2 months ago

Alternatives and similar repositories for awesome-malware-development

Users that are interested in awesome-malware-development are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• chvancooten / maldev-for-dummies

  View on GitHub
  A workshop about Malware Development
  ☆1,790Jun 2, 2023Updated 3 years ago
• vxunderground / VX-API

  View on GitHub
  Collection of various malicious functionality to aid in malware development
  ☆1,898Feb 28, 2024Updated 2 years ago
• CodeXTF2 / maldev-links

  View on GitHub
  My collection of malware dev links
  ☆316Feb 9, 2026Updated 4 months ago
• rootkit-io / malware-and-exploitdev-resources

  View on GitHub
  ☆69Jul 26, 2021Updated 4 years ago
• Idov31 / Nidhogg

  View on GitHub
  Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
  ☆2,400Feb 15, 2026Updated 3 months ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• cr-0w / maldev

  View on GitHub
  ⚠️ malware development
  ☆706May 15, 2026Updated 3 weeks ago
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,277Mar 28, 2025Updated last year
• vxunderground / VXUG-Papers

  View on GitHub
  Research code & papers from members of vx-underground.
  ☆1,385Dec 7, 2021Updated 4 years ago
• redcode-labs / Coldfire

  View on GitHub
  Golang malware development library
  ☆977Dec 13, 2024Updated last year
• trickster0 / OffensiveRust

  View on GitHub
  Rust Weaponization for Red Team Engagements.
  ☆3,012Apr 25, 2024Updated 2 years ago
• klezVirus / inceptor

  View on GitHub
  Template-Driven AV/EDR Evasion Framework
  ☆1,801Nov 3, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,391Oct 27, 2023Updated 2 years ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆980Sep 3, 2023Updated 2 years ago
• vxunderground / MalwareSourceCode

  View on GitHub
  Collection of malware source code for a variety of platforms in an array of different programming languages.
  ☆18,371May 30, 2026Updated last week
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,344Jun 1, 2026Updated last week
• lsecqt / OffensiveCpp

  View on GitHub
  This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
  ☆766Jan 26, 2025Updated last year
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,642Jul 31, 2024Updated last year
• packing-box / awesome-executable-packing

  View on GitHub
  A curated list of awesome resources related to executable packing
  ☆1,591May 31, 2026Updated last week
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,817Aug 30, 2024Updated last year
• FULLSHADE / WindowsExploitationResources

  View on GitHub
  Resources for Windows exploit development
  ☆1,659Dec 20, 2021Updated 4 years ago
• HavocFramework / Havoc

  View on GitHub
  The Havoc Framework
  ☆8,409Dec 18, 2025Updated 5 months ago
• VirtualAlllocEx / DEFCON-31-Syscalls-Workshop

  View on GitHub
  Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
  ☆762May 23, 2025Updated last year
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,198Oct 16, 2023Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,620Jul 8, 2025Updated 11 months ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆610May 2, 2026Updated last month
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,020Jun 4, 2024Updated 2 years ago
• optiv / Freeze

  View on GitHub
  Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  ☆1,474Aug 18, 2023Updated 2 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,727Nov 11, 2022Updated 3 years ago
• MalwareApiLib / MalwareApiLibrary

  View on GitHub
  collection of apis used in malware development
  ☆232Aug 2, 2022Updated 3 years ago
• optiv / ScareCrow

  View on GitHub
  ScareCrow - Payload creation framework designed around EDR bypass.
  ☆2,882Aug 18, 2023Updated 2 years ago
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆683Nov 9, 2023Updated 2 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆367Mar 2, 2024Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• paranoidninja / 0xdarkvortex-MalwareDevelopment

  View on GitHub
  This repo will contain code snippets for blogs: Malware on Steroids written by me at https://scriptdotsh.com/index.php/category/malware-d…
  ☆201Jul 21, 2020Updated 5 years ago
• BishopFox / sliver

  View on GitHub
  Adversary Emulation Framework
  ☆11,330Jun 3, 2026Updated last week
• tkmru / awesome-edr-bypass

  View on GitHub
  Awesome EDR Bypass Resources For Ethical Hacking
  ☆1,528Jan 26, 2026Updated 4 months ago
• Orange-Cyberdefense / GOAD

  View on GitHub
  game of active directory
  ☆7,878Mar 12, 2026Updated 2 months ago
• Xacone / BestEdrOfTheMarket

  View on GitHub
  EDR Lab for Experimentation Purposes
  ☆1,453Mar 1, 2026Updated 3 months ago
• daem0nc0re / TangledWinExec

  View on GitHub
  PoCs and tools for investigation of Windows process execution techniques
  ☆960Feb 2, 2026Updated 4 months ago
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆959Jul 20, 2024Updated last year