chkrootkit alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

89

Alternative: ClamAV

ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.

ClamAV is a popular scan engine to detect malicious software (malware).

Project details

ClamAV is written in C.

Strengths

  • + Many maintainers
  • + The source code of this software is available

Typical usage

  • malware scan

ClamAV project page

83

Alternative: Rootkit Hunter (rkhunter)

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix

Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

Project details

Rootkit Hunter is written in shell script.

Strengths

  • + Used language is shell script
  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • malware scan

Rootkit Hunter project page

56

Alternative: bingrep

Bingrep is a utility that can be described as the 'grep for binaries'. It runs on Linux and helps with reverse engineering and malware analysis.

Searches through binaries and highlights the most important areas with colors.

Supported binary formats:

  • ELF 32/64, arm, x86, openrisc
  • Mach 32/64, arm, x86
  • PE

96

Alternative: Cuckoo Sandbox (cuckoo)

Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.

In a matter of seconds, Cuckoo Sandbox provides detailed results on what a file does within an isolated environment. This helps with malware analysis and understanding what it exactly tries to achieve. Further analysis can be done, based on the previous actions that were done.

Cuckoo Sandbox was created by Claudio Guarnieri as part of the Google Summer of Code project in 2010.

Project details

Cuckoo Sandbox is written in Python.

Strengths

  • + More than 2000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Many provided pull requests are still open
  • - Many reported issues are still open

Typical usage

  • digital forensics
  • malware analysis

Cuckoo Sandbox project page

64

Alternative: Diamorphine

Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.

Project details

Diamorphine is written in C.

Strengths

  • + The source code of this software is available

Typical usage

  • learning

Diamorphine project page

97

Alternative: LMD

Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

LMD uses MD5 file hashes and HEX pattern matches to define the malware signatures. These are used to detect malware.

Project details

LMD is written in shell script.

Strengths

  • + The source code of this software is available

Typical usage

  • malware scan

LMD project page

78

Alternative: Malscan

Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.

Malscan has multiple sources for its malware signatures:

  • RFX Networks Signatures
  • Metasploit Signatures
  • Malscan Signatures
  • ClamAV Main Signatures

Detection methods include HEX or MD5 matches, string length (e.g. base64), and MimeType mismatches.

Project details

Malscan is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • malware scan

Malscan project page

70

Alternative: Viper

Viper is a binary analysis and management framework for security researchers. It provides a way to organization your collection of malware samples and exploits.

Viper organizes the malware samples and exploits you found over time. It calls itself "Metasploit for malware researchers". Viper has a terminal interface to store, search and analyze files. As it is a framework, is also allows you to create your plugins.

93

Alternative: Loki

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

Project details

Loki is written in Python.

Strengths

  • + Commercial support available
  • + More than 10 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • digital forensics
  • intrusion detection
  • security monitoring

Loki project page

68

Alternative: PHP Malware Finder

PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

Project details

PHP Malware Finder is written in shell script.

Strengths

  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • malware scan

PHP Malware Finder project page