jollheef / rootkiticide

0-ring rootkit revealer for Linux

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Build Status

rootkiticide

rootkiticide is a project for dynamic revealing linux rootkits.

Currently is a proof of concept (prototype) rather than ready for usage software.

Usage

localhost $ git clone git://github.com/jollheef/rootkiticide
localhost $ cd rootkiticide
localhost $ make KERNEL=/path/to/kernel/headers
localhost $ scp {rkcd.ko,rkcdcli} compromisedhost:
localhost $ ssh compromisedhost
compromisedhost $ sudo insmod ./rkcd.ko

Wait some time for collect data and run user-space cli util

compromisedhost $ ./rkcdcli

About

0-ring rootkit revealer for Linux

License:GNU General Public License v3.0


Languages

Language:C 70.2%Language:C++ 14.7%Language:Go 11.6%Language:Makefile 2.4%Language:Shell 1.1%