Linux Systems Rootkits

• 4553-invader-2.1.1: Invader v2.1.1 is source code which can append parasitic executable code.
• ark-1.0.1: Ambient's Rootkit for Linux. Binaries only.
• ark-1.0: Ambient's Rootkit for Linux. Binaries only.
• cb-r00tkit: cb-r00tkit.tgz is a rootkit which backdoors quite a few things.
• darkside-0.2.3: Rootkit for unix which hides processes and their children, etc.
• defuserootkit: This utility removes LKM rootkits that normally are undetectable.
• DevNull-rootkit-v0.9: DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su.
• dica: Dica is a rootkit found in the wild.
• dnsscan: Description unavaliable.
• doorman-0.7: Port-knocking listener daemon which helps users secure private servers.
• doorman-0.8: The Doorman is a port-knocking listener daemon which helps users secure private servers.
• doorman-0.81: The Doorman is a port-knocking listener daemon which helps users secure private servers.
• ES-Malaria: ES-Malaria is a ptrace() injector.
• firedoor-0.2: Firedoor forwards any TCP connection behind a firewall using techniques similar to reverse telneting.
• fk: Fuck`it RootKit. Uses a ssh daemon.
• flea: FLEA is a linux rootkit for all distributions.
• hacking_unix: Description unavaliable.
• hhp-SSH_TROSNIFF: Complete package of patches to modify ssh, ssh2, sshd, ssh2d...
• kbdis: Disables the keyboard on most x86 systems.
• kbdv2: Backdoor that allows root access by modifing the SYS_stat and SYS_getuid system calls.
• kernel.keylogger: Kernel Based Keystroke Loggers for Linux.
• kis-0.9: Kernel Intrusion System.
• knark-0.50: Kernel-based rootkit for Linux 2.2.
• knark-0.59: Kernel based rootkit for Linux 2.2.
• knark-2.4.3: Knark v2.4.3 port is a usable kernel-based rootkit for Linux.
• last1: The Balaur Rootkit v2.0 is a rootkit for Red Hat 6.1.
• linspy2beta2: Keystroke logger for linux kernels v2.2 and 2.4.
• lrk-4.1: Linux Rootkit v4.1 is based on Lord Somers LRK4 but several things are fixed.
• lrk4.shad: Linux Rootkit 4 - Precompiled Shadowed Distribution.
• lrk4.src: Linux Rootkit - Source Distribution.
• lrk4.unshad: Linux Rootkit 4 - Precompiled Unshadowed Distribution.
• lrk5.src: Linux Rootkit 5 - Recent release of the famous linux rootkit.
• lrkn: Linux rootkit 3.0.
• Mr-Lynd0v1.1: Log clener and an instrument to hide user or to change user and host.
• Mr-Lynd0v1.2: Log cleaner and an instrument to hide user or to change user and host.
• psf: Process Stack Faker attempts hide UNIX processes.
• mybindshell: Bindshell which has a password.
• mybindshell2: Bindshell which has a password.
• netstat: Shell script which compiles a C wrapper around /bin/netstat.
• maxty: Small kernel-space tty sniffer.
• openssh-2.9p2: Openssh-2.9p2 patch which logs the username, remote host, etc.
• rsh-v2: Unix log cleaner that also checks to see if root is logged in.
• superkit: Extremely user-friendly rootkit that hides files, processes, and connections.
• ssh-2.3.0: SSH-2.3.0 client patch to log outgoing usernames, passwords, and hostnames.
• ssh0wn: Patch for openssh-3.4p1 that will grant login access to any user with the "secret" pass.
• sshd.c.diff-1.2.27: A small patch to sshd v1.2.27 which accepts a magic password to authenticate.
• taskigt: A lkm that gives root to a process that read a special file in /proc.
• tcpd-byp: Modified tcp wrappers which bypass restrictions in hosts.deny and hosts.allow.
• tk: Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation.
• Raditz: Hacked replacement for the tripwire binary.
• root-logine: Description unavailable.
• rootkit: Description unavailable.
• toolkit: Rootkit like utility which hides processes and files.
• trNkitv1.0r: Patched versions of du, locate, netstat, ps, pstree, top, w, and who.