Statistics for topic rootkit

RepositoryStats tracks 518,325 Github repositories, of these 70 are tagged with the rootkit topic. The most common primary language for repositories using this topic is C (28). Other languages include: C++ (17)

Stargazers over time for topic rootkit

Most starred repositories for topic rootkit (view more)

mrexodia
TitanHide mrexodia
411
2.0k
mit
77
Hiding kernel-driver for x86/x64.
driver rootkit windows hacktoberfest anti-debugging
Created 2016-10-21
218 commits to master branch, last one 11 months ago
ExpLife0011
awesome-windows-kernel-security-development ExpLife0011
538
1.9k
unknown
134
windows kernel security development
driver bootkit rootkit antivirus framework shellcode antirootkit
Created 2018-03-19
986 commits to master branch, last one 2 years ago
xl7dev
WebShell xl7dev
1.0k
1.8k
gpl-2.0
60
Webshell && Backdoor Collection
shell rootkit backdoor webshell
Created 2015-10-16
25 commits to master branch, last one 7 years ago
h3xduck
TripleCross h3xduck
213
1.7k
gpl-3.0
40
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
ebpf kernel libbpf rootkit backdoor security
Created 2021-10-27
232 commits to master branch, last one about a year ago
m0nad
Diamorphine m0nad
407
1.7k
other
56
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
c linux kernel hacking malware pentest redteam rootkit stealth backdoor security pentesting redteaming lkm-rootkit hacking-tool linux-kernel kernel-module security-audit security-tools advanced-persistent-threat
Created 2013-11-06
50 commits to master branch, last one 7 months ago
Idov31
Nidhogg Idov31
253
1.6k
gpl-3.0
32
Nidhogg is an all-in-one simple to use rootkit.
cpp driver kernel infosec redteam rootkit windows red-team cybersecurity cyber-security windows-rootkits
Created 2022-05-29
166 commits to master branch, last one 3 months ago

Trending repositories for topic rootkit (view more)

Last 3 days (new repositories)
no newly created repositories trending in the last 3 days
Last 3 days (absolute gain)
XaFF-XaFF
XaFF-XaFF/Black-Angel-Rootkit

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

573 (+4)
gpl-3.0
Idov31
Idov31/Nidhogg

Nidhogg is an all-in-one simple to use rootkit.

1,620 (+4)
gpl-3.0
mrexodia
mrexodia/TitanHide

Hiding kernel-driver for x86/x64.

1,961 (+4)
mit
daem0nc0re
daem0nc0re/VectorKernel

PoCs for Kernelmode rootkit techniques research.

291 (+3)
bsd-3-clause
milabs
milabs/awesome-linux-rootkits

awesome-linux-rootkits

1,601 (+3)
cc0-1.0
Last 3 days (relative gain)
memN0ps
memN0ps/illusion-rs

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

84 (+1%)
mit
ZeroMemoryEx
ZeroMemoryEx/URootkit

user-mode Rootkit

94 (+1%)
daem0nc0re
daem0nc0re/VectorKernel

PoCs for Kernelmode rootkit techniques research.

291 (+1%)
bsd-3-clause
carloslack
carloslack/KoviD

Linux kernel rootkit

206 (+1.0%)
gmh5225
gmh5225/CallMeWin32kDriver

Load your driver like win32k.sys

240 (+0.8%)
mit
Last week (new repositories)
no newly created repositories trending in the last week
Last week (absolute gain)
bytecode77
bytecode77/r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

1,509 (+8)
bsd-2-clause
mrexodia
mrexodia/TitanHide

Hiding kernel-driver for x86/x64.

1,961 (+8)
mit
milabs
milabs/awesome-linux-rootkits

awesome-linux-rootkits

1,601 (+7)
cc0-1.0
Idov31
Idov31/Nidhogg

Nidhogg is an all-in-one simple to use rootkit.

1,620 (+7)
gpl-3.0
carloslack
carloslack/KoviD

Linux kernel rootkit

206 (+6)
Last week (relative gain)
memN0ps
memN0ps/illusion-rs

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

84 (+4%)
mit
carloslack
carloslack/KoviD

Linux kernel rootkit

206 (+3%)
magojohnji
magojohnji/KernelSU_Action_template

Plus Edition of KernelSU_Action. Use Github Action to build kernels with KernelSU. Supports all kernel versions theoretically.

35 (+3%)
mit
Idov31
Idov31/Jormungandr

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

214 (+1%)
gpl-3.0
ZeroMemoryEx
ZeroMemoryEx/URootkit

user-mode Rootkit

94 (+1%)
Last month (new repositories)
no newly created repositories trending in the last month
Last month (absolute gain)
bytecode77
bytecode77/r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

1,509 (+31)
bsd-2-clause
Idov31
Idov31/Nidhogg

Nidhogg is an all-in-one simple to use rootkit.

1,620 (+25)
gpl-3.0
mrexodia
mrexodia/TitanHide

Hiding kernel-driver for x86/x64.

1,961 (+25)
mit
m0nad
m0nad/Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

1,675 (+24)
milabs
milabs/awesome-linux-rootkits

awesome-linux-rootkits

1,601 (+23)
cc0-1.0
Last month (relative gain)
rphang
rphang/evilBPF

Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP

30 (+200%)
memN0ps
memN0ps/illusion-rs

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

84 (+33%)
mit
magojohnji
magojohnji/KernelSU_Action_template

Plus Edition of KernelSU_Action. Use Github Action to build kernels with KernelSU. Supports all kernel versions theoretically.

35 (+13%)
mit
adamhlt
adamhlt/Basic-Rootkit

POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files

46 (+7%)
gpl-3.0
carloslack
carloslack/KoviD

Linux kernel rootkit

206 (+7%)
Last 12-months (new repositories)
eversinc33
eversinc33/Banshee

Experimental Windows x64 Kernel Rootkit.

422
daem0nc0re
daem0nc0re/VectorKernel

PoCs for Kernelmode rootkit techniques research.

291
bsd-3-clause
Idov31
Idov31/Jormungandr

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

214
gpl-3.0
XaFF-XaFF
XaFF-XaFF/Kernel-Process-Hollowing

Windows x64 kernel mode rootkit process hollowing POC.

176
mit
memN0ps
memN0ps/illusion-rs

Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)

84
mit
Last 12-months (absolute gain)
Idov31
Idov31/Nidhogg

Nidhogg is an all-in-one simple to use rootkit.

1,620 (+673)
gpl-3.0
bytecode77
bytecode77/r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

1,509 (+453)
bsd-2-clause
eversinc33
eversinc33/Banshee

Experimental Windows x64 Kernel Rootkit.

422 (+413)
m0nad
m0nad/Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

1,675 (+357)
ZeroMemoryEx
ZeroMemoryEx/Chaos-Rootkit

Now You See Me, Now You Don't

689 (+351)
Last 12-months (relative gain)
eversinc33
eversinc33/Banshee

Experimental Windows x64 Kernel Rootkit.

422 (+4,589%)
XaFF-XaFF
XaFF-XaFF/Kernel-Process-Hollowing

Windows x64 kernel mode rootkit process hollowing POC.

176 (+2,414%)
mit
daem0nc0re
daem0nc0re/VectorKernel

PoCs for Kernelmode rootkit techniques research.

291 (+533%)
bsd-3-clause
ldpreload
ldpreload/Medusa

LD_PRELOAD Rootkit

164 (+356%)
MrEmpy
MrEmpy/Frosty

「🧊」Ring 3 Rootkit for Windows 10

52 (+333%)
gpl-3.0