# `awesome-linux-rootkits`

## :key: feature table

Environment:
 - Kernel/User mode (or mixed)

Core capabilities:
 - Persistency
 
Stealth capabilities:
 - System logs cleaning (filtering) 

Hiding stuff capabilities:
 - Hiding of files and directories
 - Hiding of processes and process trees
 - Hiding of network connections and activity
 - Hiding of process accounting information (like CPU usage)

Additional functions:
 - Keylogger
 - Backdoor/shell

## :see_no_evil: user mode rootkits :shit: 

- https://github.com/mempodippy/vlany

  Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
  
  :point_up:

## :hear_no_evil: kernel mode rootkits :heart:

- https://github.com/f0rb1dd3n/Reptile

  Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x

  :point_up: `backdoor`

- https://github.com/QuokkaLight/rkduck

  rkduck - Rootkit for Linux v4
  
  :point_up: `keylogger` `backdoor`