Packages that exploit or open backdoors on already vulnerable systems.


Tool count: 45

BlackArch backdoor
Name Version Description Homepage
aesshell 0.7 A backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport.
azazel 14.e6a12a2 A userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit.
backcookie 51.6dabc38 Small backdoor using cookie.
backdoor-factory 200.14b87fa Patch win32/64 binaries with shellcode.
backdoorme 308.f9755ca A powerful utility capable of backdooring Unix machines with a slew of backdoors.
backdoorppt 87.6886fd6 Transform your payload.exe into one fake word doc (.ppt).
cymothoa 1 A stealth backdooring tool, that inject backdoor's shellcode into an existing process.
debinject 40.88b7824 Inject malicious code into *.debs.
donut 161.2207e89 Generates x86, x64 or AMD64+x86 P.I. shellcode loading .NET Assemblies from memory.
dr0p1t-framework 44.db9bc2d A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks.
dragon-backdoor 7.c7416b7 A sniffing, non binding, reverse down/exec, portknocking service Based on cd00r.c.
eggshell 157.eaeeea7 iOS/macOS/Linux Remote Administration Tool.
enyelkm 1.2 Rootkit for Linux x86 kernels v2.6.
exe2image 1.1 A simple utility to convert EXE files to JPEG images and vice versa.
gobd 82.3bbd17c A Golang covert backdoor.
harness 19.ed2a6aa Interactive remote PowerShell Payload.
hotpatch 89.4b65e3f Hot patches executables on Linux using .so file injection.
icmpsh 12.82caf34 Simple reverse ICMP shell.
jynx2 2.0 An expansion of the original Jynx LD_PRELOAD rootkit
kimi 28.e7cafda Script to generate malicious debian packages (debain trojans).
kwetza 26.0e50272 Python script to inject existing Android applications with a Meterpreter payload.
ld-shatner 4.5c215c4 ld-linux code injector.
linux-inject 100.268d4e4 Tool for injecting a shared object into a Linux process.
meterssh 18.9a5ed19 A way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection.
microsploit 9.441e132 Fast and easy create backdoor office exploitation using module metasploit packet, Microsoft Office, Open Office, Macro attack, Buffer Overflow.
ms-sys 2.6.0 A tool to write Win9x-.. master boot records (mbr) under linux - RTM!
nxcrypt 32.6ae06b5 NXcrypt - python backdoor framework.
phishery 14.5743953 An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector.
pyrasite 2.0 Code injection and introspection of running Python processes.
revsh 215.174e309 A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities.
rrs 1.70 A reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). With tty support and more.
rubilyn 0.0.1 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion & below. It uses a combination of syscall hooking and DKOM to hide activity on a host.
shellinabox 428.98e6eeb Implements a web server that can export arbitrary command line tools to a web based terminal emulator.
shootback 80.6ce0173 A reverse TCP tunnel let you access target behind NAT or firewall.
silenttrinity 170.4766ba3 An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR.
syringe 12.79a703e A General Purpose DLL & Code Injection Utility.
trixd00r 0.0.1 An advanced and invisible userland backdoor based on TCP/IP for UNIX systems.
tsh 0.6 An open-source UNIX backdoor that compiles on all variants, has full pty support, and uses strong crypto for communication.
tsh-sctp 2.850a2da An open-source UNIX backdoor.
u3-pwn 2.0 A tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install.
unicorn-powershell 162.8c9dd39 A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
vlany 255.9ef014a Linux LD_PRELOAD rootkit (x86 and x86_64 architectures).
webacoo 0.2.3 Web Backdoor Cookie Script-Kit.
webshells 32.8ab02aa Web Backdoors.
webspa 0.8 A web knocking tool, sending a single HTTP/S to run O/S commands.