awesome-linux-rootkits

Post-exploitation agent for Merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Obfuscate Go binaries and packages

Adversary Emulation Framework

Automation for grabbing keys from a Linux host. Useful during red team exercises to quickly help assess what access to a Linux host can lead to.

Proxy Unix applications in the terminal

🚫💾 Run binaries straight from memory in Linux

Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

Clone of svn repository of http://insecurety.net/projects/web-malware/ project

A Linux Ransomware

Sysmon for Linux

Darwin/macOS emulation layer for Linux

Universal Shared Library User-space Loader

Tracking interesting Linux (and UNIX) malware. Send PRs

Symbol hash for ELF files

Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.

Mythic C2 agent targeting Linux and Windows hosts written in Rust

A collection of projects demonstrating various commandline cloaking techniques on Linux

Linux audit userspace repository

Quickly migrate from using snap packages to flatpaks

Linux Process Discovery. C Library, Go bindings, Runtime.

Academic project of Linux rootkit made for Bachelor Engineering Thesis.

Linux Baseline and Forensic Triage Tool - BETA

Bash post exploitation toolkit

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg…

✨Spark is a web-based, cross-platform and full-featured Remote Administration Tool (RAT) written in Go that allows you control all your devices anywhere. Spark是一个Go编写的，网页UI、跨平台以及多功能的远程控制和监控工具，你可以随时…

Shell script compiler