Skip to content

linux-rootkits/rkduck

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
crumbs
crumbs
 
 
rkduck
rkduck
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
bck_ssh.sh
bck_ssh.sh
 
 
forever.sh
forever.sh
 
 

Repository files navigation

rkduck - Rootkit for Linux v4 Build Status

rkduck is a Loadable Kernel Module rootkit for the latest Linux Kernels v4. This is still a work in progress.

Features

  • Stealth
    • Hide files, directories, processes
  • Communication
    • SSH
    • Direct shell (unencrypted)
    • Reverse shell (unencrypted)
  • Keylogger
    • Recording of the keystrokes of every user.
    • Information sent periodically
  • Crumbs
    • A user space CLI program allowing the user to control the rootkit configuration during its execution
    • Requires an authentication to be used (hardcoded key stored in rduck, the configuration section has more information about it)

Tests

At the moment we didn't get the chance to test our rootkit on different versions of Linux to make sure everything is working as intended. If you want to report a bug feel free to create an issue or send us an email at [email protected].

Contributors

  • mpgn - Twitter

  • RainbowLyte - Twitter

                   _.._
              /   a\__,
              \  -.___/
               \  \
          (\____)  \
      |\_(         ))
 _____|   (_        /________
      _\____(______/__
           ______

About

Linux v4.x.x Rootkit

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 96.6%
  • Shell 2.4%
  • Other 1.0%