A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

GNU General Public License v3.0

TripleCross

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

phpsploit

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.

poisontap

Kippo configured to be a backdoored netscreen

Kippo_JunOS

Scans for accessibility tools backdoors via RDP

TripleCross

phpsploit

poisontap

Kippo_JunOS

Sticky-Keys-Slayer