A modern, Rust-powered Linux scanner that unmasks hidden rootkits, stealthy eBPF tricks, and ghost processes in one fast sweep (50+ scanners)
Small scripts to help with Linux forensics and incident response.
Scripts to decloak Linux Loadable Kernel Module (LKM) stealth rootkits.
Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.
Kernel-based rootkit detection tool with modules for detecting hidden processes, files, and kernel anomalies.
Windows Kernel-Mode implementation for process protection, TPM-backed encryption, and ETW logging.
A tool that detects files and directories that may be hidden by trojan and rootkits on Unix platforms
Lightning-fast Linux security scanner finds real threats in seconds, not hours. Cryptominers, CVEs, rootkits, memory threats, network attacks. Single binary, 100% local.
Detect Linux rootkits which use signals to elevate process privileges.
Scan to oblivion—protect, cleanse, secure.
🔍 Conduct a fast, one-shot sweep for Linux incident response, collecting actionable leads from various system components with ease.
Device-Security-Audit is a Python-based security audit tool that helps assess and enhance the security of your systems. It includes checks for Docker container vulnerabilities, rootkit detection, network traffic monitoring, and cloud and Kubernetes security. With customizable options and parallel task execution, it's simply the best.
Ontological process authentication — rootkit detection through simulacra theory. Process forensics, network honeypot detection, SUID auditing.
Scheduled Task Shadow Scanner-detects attacker persistence across all 14 Linux hiding locations
A simple tool to uncover files, directories, and connections hidden by malware.
RKHUNTER LIVE is an immersive, interactive training platform for learning rootkit detection and malware forensics on Linux systems. Featuring a fully simulated rkhunter, chkrootkit, AIDE, and Lynis environment, this platform allows security professionals and students to practice identifying kernel rootkits, rootkits, userland rootkits🕵🏿.
⚔️ Cross-platform malware & rootkit removal tool with GUI, online threat intelligence and real-time scanning — built in Python
Cabbage is a simple python-based wrapper designed to automate and simplify post-mortem analysis of Solaris 10 kernel crash dumps and uncover evidence of rootkits and malicious activity.
A rootkit detector for Linux systems along with documentation to assist users to learn about rootkits and how they work.
Add a description, image, and links to the rootkit-detection topic page so that developers can more easily learn about it.
To associate your repository with the rootkit-detection topic, visit your repo's landing page and select "manage topics."