Rootkit.nl Logo - By Henry
   Home | Projects | Articles | Security Net | Contributors | Contact | Wishlist  

Home » Projects » Rootkit Hunter

Rootkit Hunter

Description
Rootkit scanner
Project information
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer
System requirements:
- Compatible operating system (see 'Supported operating systems')
- Bourne Again Shell (BASH)

Supported operating systems
Supported:
- Most Linux distributions
- Most *BSD distributions

Currently unsupported:
- NetBSD

Tested on:
- AIX 4.1.5 / 4.3.3
- ALT Linux
- Aurora Linux
- CentOS 3.1 / 4.0
- Conectiva Linux 6.0
- Debian 3.x
- FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
- FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
- Fedora Core 1 / Core 2 / Core 3
- Gentoo 1.4, 2004.0, 2004.1
- Macintosh OS 10.3.4-10.3.8
- Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
- OpenBSD 3.4 / 3.5
- Red Hat Linux 7.0-7.3 / 8 / 9
- Red Hat Enterprise Linux 2.1 / 3.0
- Slackware 9.0 / 9.1 / 10.0 / 10.1
- SME 6.0
- Solaris (SunOS)
- SuSE 7.3 / 8.0-8.2 / 9.0-9.2
- Ubuntu
- Yellow Dog Linux 3.0 / 3.01

Confirmed to work also on:
- CLFS
- DaNix (Debian clone)
- PCLinuxOS
- VectorLinux SOHO 3.2 / 4.0
- CPUBuilders Linux
- Virtuozzo (VPS)


Extra information

'Supported' rootkits/backdoors/LKM's/worms:

55808 Trojan - Variant A
ADM W0rm
AjaKit
aPa Kit
Apache Worm
Ambient (ark) Rootkit
Balaur Rootkit
BeastKit
beX2
BOBKit
CiNIK Worm (Slapper.B variant)
Danny-Boy's Abuse Kit
Devil RootKit
Dica
Dreams Rootkit
Duarawkz Rootkit
Flea Linux Rootkit
FreeBSD Rootkit
Fuck`it Rootkit
GasKit
Heroin LKM
HjC Rootkit
ignoKit
ImperalsS-FBRK
Irix Rootkit
Kitko
Knark
Li0n Worm
Lockit / LJK2
mod_rootme (Apache backdoor)
MRK
Ni0 Rootkit
NSDAP (RootKit for SunOS)
Optic Kit (Tux)
Oz Rootkit
Portacelo
R3dstorm Toolkit
RH-Sharpe's rootkit
RSHA's rootkit
Scalper Worm
Shutdown
SHV4 Rootkit
SHV5 Rootkit
Sin Rootkit
Slapper
Sneakin Rootkit
Suckit
SunOS Rootkit
Superkit
TBD (Telnet BackDoor)
TeLeKiT
T0rn Rootkit
Trojanit Kit
URK (Universal RootKit)
VcKit
Volc Rootkit
X-Org SunOS Rootkit
zaRwT.KiT Rootkit

and... some known/unknown sniffers, backdoors like:
Anti Anti-sniffer
LuCe LKM
THC Backdoor



Project related documentation
- Scanning techniques
- Rootkit Hunter Changelog
- Documentation

Tags: rootkit trojan backdoor

Page last updated at 28 Mar 2014



Quick links



Project members

Michael Boelen - Project founder
Rootkit Hunter team -

Related links

- Rootkit Hunter FAQ
- Announce mailinglist and project page


Rootkit Hunter Details
Latest version1.4.2
LanguageShell script
LicenseGPL


Lynis Enterprise Suite

This website is also part of our mission to help individuals and companies to secure their systems and comply with regulations. As such, this website is additional guide for the open source community and our users of the Lynis Enterprise Suite:

Complete solution to audit, harden and secure your Linux/Unix environment.

Benefits:
  • Perform audits within a few minutes
  • Central management
  • Powerful reporting
  • Additional plugins and more tests

Lynis Enterprise screenshot
Lynis Enterprise Screenshot: Output of a customized implementation plan

Tell me more »


Testimonials

"A master piece of software and a must for every server admin." - Jose

"Happy installing Lynis on every server I install. Also made some changes for automation and having regular scans of the system. For several customers I made some custom checks on integrity." - Rick Voormolen


About
» About

Thanks to
» Contributors
» Sponsors








Valid XHTML 1.0!


[PHPips enabled]
 
Copyright 2003-2014 Rootkit.nl and Michael Boelen, supported by CISOfy
All rights reserved
Hosted by Shock Media