Rootkit Hunter
Rootkit scanner is scanning tool to ensure you for about 99.9% you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
System requirements:
- Compatible operating system (see 'Supported operating systems')
- Bourne Again Shell (BASH)
Supported operating systems
Supported:
- Most Linux distributions
- Most *BSD distributions
Currently unsupported:
- AIX (will be fixed in RC2)
Tested on:
- Debian
- Red Hat Linux 7.1/7.2/7.3/8
- FreeBSD 4.3/4.4/4.7/4.8
- FreeBSD 5.0/5.1
(did it work on your operating system? Let it know me!)
Extra information
'Supported' rootkits/backdoors/LKM's/worms:
55808 Trojan (Variant A)
Anti Anti-sniffer
Ambient / ARK (rootkit)
BeastKit (rootkit)
BOBKit (rootkit)
CiNIK worm (Slapper.B variant)
Devil Kit (rootkit)
Dica (rootkit)
FreeBSD (rootkit)
****`it (rootkit)
GasKit (rootkit)
ImperalsS (FreeBSD Rootkit)
Li0n worm
LuCe LKM
MRK (MiCrobul RK, Devil kit variant)
NSDAP
Optic Kit
Oz Rootkit
Portacelo
Sebek LKM (no rootkit, tool for honeypots!)
Scalper Worm
Suckit (rootkit)
THC Backdoor
and... some known/unknown sniffers, backdoors