2018-06-30 05:13:25 -04:00
|
|
|
# `awesome-linux-rootkits`
|
|
|
|
|
|
2018-06-30 05:48:34 -04:00
|
|
|
## :key: feature table
|
2018-06-30 05:13:25 -04:00
|
|
|
|
2018-06-30 05:46:39 -04:00
|
|
|
- Operational environment (`OE-*`)
|
|
|
|
|
- Hiding of files and directories (`HIDE-fs-*`)
|
|
|
|
|
- Hiding of processes and process trees (`HIDE-proc-*`)
|
|
|
|
|
- Hiding of network connections and activity (`HIDE-net-*`)
|
2018-06-30 06:09:49 -04:00
|
|
|
- Keylogger (`X-keylogger`)
|
2018-06-30 05:16:23 -04:00
|
|
|
|
2018-06-30 05:46:39 -04:00
|
|
|
## :see_no_evil: user mode rootkits :shit:
|
2018-06-30 05:16:23 -04:00
|
|
|
|
|
|
|
|
- https://github.com/mempodippy/vlany
|
|
|
|
|
|
|
|
|
|
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
|
|
|
|
|
|
2018-06-30 05:46:39 -04:00
|
|
|
:point_up: `OE-user`
|
|
|
|
|
|
|
|
|
|
## :hear_no_evil: kernel mode rootkits :heart:
|
|
|
|
|
|
|
|
|
|
- https://github.com/f0rb1dd3n/Reptile
|
|
|
|
|
|
|
|
|
|
Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x
|
|
|
|
|
|
2018-06-30 09:26:13 -04:00
|
|
|
:point_up: `OE-kernel` `HIDE-fs-{getdents,getdents64}`
|
2018-06-30 06:09:49 -04:00
|
|
|
|
|
|
|
|
- https://github.com/QuokkaLight/rkduck
|
|
|
|
|
|
|
|
|
|
rkduck - Rootkit for Linux v4
|
|
|
|
|
|
2018-06-30 09:26:13 -04:00
|
|
|
:point_up: `OE-kernel` `X-keylogger` `HIDE-fs-{filldir}`
|
|
|
|
|
|
