rootkiticide

rootkiticide is a project for dynamic revealing linux rootkits.

Currently is a proof of concept (prototype) rather than ready for usage software.

Usage

localhost $ git clone git://github.com/jollheef/rootkiticide
localhost $ cd rootkiticide
localhost $ make KERNEL=/path/to/kernel/headers
localhost $ scp {rkcd.ko,rkcdcli} compromisedhost:
localhost $ ssh compromisedhost
compromisedhost $ sudo insmod ./rkcd.ko

Wait some time for collect data and run user-space cli util

compromisedhost $ ./rkcdcli

Name		Name	Last commit message	Last commit date
Latest commit History 42 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
.out-of-tree.toml		.out-of-tree.toml
.travis.yml		.travis.yml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
fd_hook.c		fd_hook.c
hw_breakpoint.c		hw_breakpoint.c
proc.c		proc.c
ringbuf.c		ringbuf.c
ringbuf.h		ringbuf.h
ringbuf_internal.h		ringbuf_internal.h
rkcdcli.go		rkcdcli.go
rootkiticide.c		rootkiticide.c
rootkiticide.h		rootkiticide.h
scheduler_hook.c		scheduler_hook.c
test.sh		test.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

rootkiticide

Usage

About

Releases

Packages

Contributors 2

Languages

License

jollheef/rootkiticide

Folders and files

Latest commit

History

Repository files navigation

rootkiticide

Usage

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages