LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

awesome-linux-rootkits

Utility to find hidden Linux kernel modules

An example rootkit that gives a userland process root permissions

LKM rootkit for modern kernels, with DNS C2 and a simple web interface

A rootkit for Android.

A quick LKM rootkit that executes a reverse TCP netcat shell with root privileges.

64-bit LKM Rootkit builder based on yaml prescription. Working on 5.15.5 kernel

Ftrace Based Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation

A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on how to compile) reverse shell provided in C.

Author of Project Adrishya a rootkit which use ftrace mechanism to hook syscall; (write this because God commanded me); work for both x86_64 and arm; CREDIT-(Oleksii Lozovskyi{ilammy})FOUNDER OF FTRACE HOOKING

A ring0 Loadable Kernel Module (Linux) to log all commnds run on the system.

Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & reverse shell port, privilege escalation, cleans up logs and bash history during installation

Examples on Linux Kernel Modules Hacking

HiddenGhost is an new solution for find system call table with support for 5.7x kernels +

Rootkit for x64 Linux leveraging only native kernel features.