Packages that exploit or open backdoors on already vulnerable systems.

Tool count: 40

BlackArch backdoor
Name Version Description Homepage
aesshell 0.7 A backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport.
azazel 14.e6a12a2 A userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit.
backcookie 51.6dabc38 Small backdoor using cookie.
backdoor-factory 3.4.2 Patch win32/64 binaries with shellcode.
backdoorme 308.f9755ca A powerful utility capable of backdooring Unix machines with a slew of backdoors.
backdoorppt 86.b044ccf Transform your payload.exe into one fake word doc (.ppt).
cymothoa 1 A stealth backdooring tool, that inject backdoor's shellcode into an existing process.
debinject 40.88b7824 Inject malicious code into *.debs.
dr0p1t-framework 44.db9bc2d A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks.
dragon-backdoor 7.c7416b7 A sniffing, non binding, reverse down/exec, portknocking service Based on cd00r.c.
eggshell 157.eaeeea7 iOS/macOS/Linux Remote Administration Tool.
enyelkm 1.2 Rootkit for Linux x86 kernels v2.6.
exe2image 1.1 A simple utility to convert EXE files to JPEG images and vice versa.
gobd 81.e64b5a5 A Golang covert backdoor.
harness 19.ed2a6aa Interactive remote PowerShell Payload.
hotpatch 0.2 Hot patches executables on Linux using .so file injection.
icmpsh 12.82caf34 Simple reverse ICMP shell.
jynx2 2.0 An expansion of the original Jynx LD_PRELOAD rootkit
kimi 23.1d7a5e6 Script to generate malicious debian packages (debain trojans).
ld-shatner 4.5c215c4 ld-linux code injector.
meterssh 18.9a5ed19 A way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection.
ms-sys 2.5.3 A tool to write Win9x-.. master boot records (mbr) under linux - RTM!
phishery 14.5743953 An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector.
pyrasite 2.0 Code injection and introspection of running Python processes.
revsh 215.174e309 A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities.
rrs 1.70 A reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). With tty support and more.
rubilyn 0.0.1 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion & below. It uses a combination of syscall hooking and DKOM to hide activity on a host.
shellinabox 428.98e6eeb Implements a web server that can export arbitrary command line tools to a web based terminal emulator.
shootback 71.da302da A reverse TCP tunnel let you access target behind NAT or firewall.
syringe 12.79a703e A General Purpose DLL & Code Injection Utility.
trixd00r 0.0.1 An advanced and invisible userland backdoor based on TCP/IP for UNIX systems.
tsh 0.6 An open-source UNIX backdoor that compiles on all variants, has full pty support, and uses strong crypto for communication.
tsh-sctp 2.850a2da An open-source UNIX backdoor.
u3-pwn 2.0 A tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install.
unicorn-powershell 130.045ab41 A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
vlany 252.31b557c Linux LD_PRELOAD rootkit (x86 and x86_64 architectures).
webacoo 0.2.3 Web Backdoor Cookie Script-Kit.
webshells 23.f081f1e Web Backdoors.
webspa 0.8 A web knocking tool, sending a single HTTP/S to run O/S commands.
weevely 828.0b93e71 Weaponized web shell.