awesome-linux-rootkits/README.md

# `awesome-linux-rootkits`

## :key: feature table

Environment:
 - CPU architecture
 - Kernel/User mode (or mixed)

Core capabilities:
 - Persistency
 - Management interface
 
Stealth capabilities:
 - Detection evasion
 - System logs cleaning (filtering) 

Hiding stuff capabilities:
 - Hiding of files and directories
 - Hiding of processes and process trees
 - Hiding of network connections and activity
 - Hiding of process accounting information (like CPU usage)

Additional functions:
 - Keylogger
 - Backdoor/shell

## :see_no_evil: user mode rootkits

- https://github.com/mempodippy/vlany

  Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

## :hear_no_evil: kernel mode rootkits

- https://github.com/f0rb1dd3n/Reptile

  Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x
  
- https://github.com/QuokkaLight/rkduck

  rkduck - Rootkit for Linux v4

- https://github.com/mncoppola/suterusu

  An LKM rootkit targeting Linux 2.6.x/3.x on x86, and ARM
  
- https://github.com/nurupo/rootkit

  Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64

- https://github.com/m0nad/Diamorphine :shit: 

  LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)
  
- https://github.com/ivyl/rootkit :shit:

  Sample Rootkit for Linux
Update README.md 2018-06-30 05:13:25 -04:00			# `awesome-linux-rootkits`

Update README.md 2018-06-30 05:48:34 -04:00			`## :key: feature table`
Update README.md 2018-06-30 05:13:25 -04:00
Update README.md 2018-06-30 15:01:40 -04:00			`Environment:`
Update README.md 2018-06-30 17:16:57 -04:00			`- CPU architecture`
Update README.md 2018-06-30 15:01:40 -04:00			`- Kernel/User mode (or mixed)`

			`Core capabilities:`
			`- Persistency`
Update README.md 2018-06-30 15:20:34 -04:00			`- Management interface`
Update README.md 2018-06-30 15:14:49 -04:00
			`Stealth capabilities:`
Update README.md 2018-06-30 15:24:42 -04:00			`- Detection evasion`
Update README.md 2018-06-30 15:14:49 -04:00			`- System logs cleaning (filtering)`
Update README.md 2018-06-30 15:01:40 -04:00
			`Hiding stuff capabilities:`
			`- Hiding of files and directories`
			`- Hiding of processes and process trees`
			`- Hiding of network connections and activity`
			`- Hiding of process accounting information (like CPU usage)`

			`Additional functions:`
			`- Keylogger`
			`- Backdoor/shell`
Update README.md 2018-06-30 05:16:23 -04:00
Update README.md 2018-06-30 17:18:03 -04:00			`## :see_no_evil: user mode rootkits`
Update README.md 2018-06-30 05:16:23 -04:00
			`- https://github.com/mempodippy/vlany`

			`Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)`
Update README.md 2018-06-30 05:46:39 -04:00
Update README.md 2018-06-30 17:18:03 -04:00			`## :hear_no_evil: kernel mode rootkits`
Update README.md 2018-06-30 05:46:39 -04:00
			`- https://github.com/f0rb1dd3n/Reptile`

			`Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x`
Update README.md 2018-06-30 17:12:39 -04:00
Update README.md 2018-06-30 06:09:49 -04:00			`- https://github.com/QuokkaLight/rkduck`

			`rkduck - Rootkit for Linux v4`
Update README.md 2018-06-30 09:26:13 -04:00
Update README.md 2018-06-30 17:16:57 -04:00			`- https://github.com/mncoppola/suterusu`

Update README.md 2018-06-30 17:27:30 -04:00			`An LKM rootkit targeting Linux 2.6.x/3.x on x86, and ARM`
Update README.md 2018-06-30 17:37:59 -04:00
			`- https://github.com/nurupo/rootkit`

			`Linux rootkit for Ubuntu 16.04 and 10.04 (Linux Kernels 4.4.0 and 2.6.32), both i386 and amd64`
Update README.md 2018-06-30 17:16:57 -04:00
Update README.md 2018-06-30 17:18:03 -04:00			`- https://github.com/m0nad/Diamorphine :shit:`
Update README.md 2018-06-30 17:12:39 -04:00
			`LKM rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)`
Update README.md 2018-06-30 17:32:07 -04:00
			`- https://github.com/ivyl/rootkit :shit:`

			`Sample Rootkit for Linux`