mirror of
https://github.com/milabs/awesome-linux-rootkits.git
synced 2024-09-21 05:35:43 +00:00
48 lines
982 B
Markdown
48 lines
982 B
Markdown
# `awesome-linux-rootkits`
|
|
|
|
## :key: feature table
|
|
|
|
Environment:
|
|
- Kernel/User mode (or mixed)
|
|
|
|
Core capabilities:
|
|
- Persistency
|
|
- Management interface
|
|
|
|
Stealth capabilities:
|
|
- Detection evasion
|
|
- System logs cleaning (filtering)
|
|
|
|
Hiding stuff capabilities:
|
|
- Hiding of files and directories
|
|
- Hiding of processes and process trees
|
|
- Hiding of network connections and activity
|
|
- Hiding of process accounting information (like CPU usage)
|
|
|
|
Additional functions:
|
|
- Keylogger
|
|
- Backdoor/shell
|
|
|
|
## :see_no_evil: user mode rootkits :shit:
|
|
|
|
- https://github.com/mempodippy/vlany
|
|
|
|
Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
|
|
|
|
:point_up:
|
|
|
|
## :hear_no_evil: kernel mode rootkits :heart:
|
|
|
|
- https://github.com/f0rb1dd3n/Reptile
|
|
|
|
Reptile is a LKM rootkit written for evil purposes that runs on Linux kernel 2.6.x/3.x/4.x
|
|
|
|
:point_up: `backdoor`
|
|
|
|
- https://github.com/QuokkaLight/rkduck
|
|
|
|
rkduck - Rootkit for Linux v4
|
|
|
|
:point_up: `keylogger` `backdoor`
|
|
|