awesome-linux-rootkits/README.md

# `awesome-linux-rootkits`

## :key: feature table

Environment:
 - CPU architecture
 - Kernel/User mode (or mixed)

Core capabilities:
 - Persistency
 - Management interface
 
Stealth capabilities:
 - Detection evasion
 - System logs cleaning (filtering) 

Hiding stuff capabilities:
 - Hiding of files and directories
 - Hiding of processes and process trees
 - Hiding of network connections and activity
 - Hiding of process accounting information (like CPU usage)

Additional functions:
 - Keylogger
 - Backdoor/shell

## :see_no_evil: user mode rootkits :shit: 

- https://github.com/mempodippy/vlany

  Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
  
  :point_up:

## :hear_no_evil: kernel mode rootkits :heart:

- https://github.com/f0rb1dd3n/Reptile

  Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x

  :point_up: `backdoor`
  
- https://github.com/QuokkaLight/rkduck

  rkduck - Rootkit for Linux v4
  
  :point_up: `keylogger` `backdoor`

- https://github.com/mncoppola/suterusu

  An LKM rootkit targeting Linux 2.6/3.x on x86, and ARM

- https://github.com/m0nad/Diamorphine

  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
Update README.md 2018-06-30 09:13:25 +00:00			# `awesome-linux-rootkits`

Update README.md 2018-06-30 09:48:34 +00:00			`## :key: feature table`
Update README.md 2018-06-30 09:13:25 +00:00
Update README.md 2018-06-30 19:01:40 +00:00			`Environment:`
Update README.md 2018-06-30 21:16:57 +00:00			`- CPU architecture`
Update README.md 2018-06-30 19:01:40 +00:00			`- Kernel/User mode (or mixed)`

			`Core capabilities:`
			`- Persistency`
Update README.md 2018-06-30 19:20:34 +00:00			`- Management interface`
Update README.md 2018-06-30 19:14:49 +00:00
			`Stealth capabilities:`
Update README.md 2018-06-30 19:24:42 +00:00			`- Detection evasion`
Update README.md 2018-06-30 19:14:49 +00:00			`- System logs cleaning (filtering)`
Update README.md 2018-06-30 19:01:40 +00:00
			`Hiding stuff capabilities:`
			`- Hiding of files and directories`
			`- Hiding of processes and process trees`
			`- Hiding of network connections and activity`
			`- Hiding of process accounting information (like CPU usage)`

			`Additional functions:`
			`- Keylogger`
			`- Backdoor/shell`
Update README.md 2018-06-30 09:16:23 +00:00
Update README.md 2018-06-30 09:46:39 +00:00			`## :see_no_evil: user mode rootkits :shit:`
Update README.md 2018-06-30 09:16:23 +00:00
			`- https://github.com/mempodippy/vlany`

			`Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)`

Update README.md 2018-06-30 17:23:52 +00:00			`:point_up:`
Update README.md 2018-06-30 09:46:39 +00:00
			`## :hear_no_evil: kernel mode rootkits :heart:`

			`- https://github.com/f0rb1dd3n/Reptile`

			`Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x`

Update README.md 2018-06-30 17:23:52 +00:00			:point_up: `backdoor`
Update README.md 2018-06-30 21:12:39 +00:00
Update README.md 2018-06-30 10:09:49 +00:00			`- https://github.com/QuokkaLight/rkduck`

			`rkduck - Rootkit for Linux v4`

Update README.md 2018-06-30 17:23:52 +00:00			:point_up: `keylogger` `backdoor`
Update README.md 2018-06-30 13:26:13 +00:00
Update README.md 2018-06-30 21:16:57 +00:00			`- https://github.com/mncoppola/suterusu`

			`An LKM rootkit targeting Linux 2.6/3.x on x86, and ARM`

Update README.md 2018-06-30 21:12:39 +00:00			`- https://github.com/m0nad/Diamorphine`

			`LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)`