Rootkit Hunter (rkhunter)

LSE toolsLSE toolsRootkit Hunter (215)Rootkit Hunter (215)

Tool and Usage

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix

Introduction

Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

Background information

The rkhunter project was originally created by Michael Boelen in 2003. Michael agreed to hand over development in 2006 to a project team so development could continue.

Usage and audience

Rootkit Hunter is commonly used for malware detection or malware scanning. Target users for this tool are system administrators.

Features

  • Rootkit Hunter is written in shell script
  • Command line interface

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + Used language is shell script
  • + Project is mature (10+ years)
  • + The source code of this software is available

History and highlights

YearEvent
2006Project development was handed over to project team
2003Project was started by Michael Boelen

Author and Maintainers

Rootkit Hunter was created by Michael Boelen. Currently the project is managed by John Horne.

Installation

Supported operating systems

Rootkit Hunter is known to work on AIX, FreeBSD, Linux, macOS, NetBSD, OpenBSD, and Solaris.

Rootkit Hunter alternatives

Similar tools to Rootkit Hunter:

63

chkrootkit

chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.

74

ClamAV

ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.

81

LMD

Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

See all alternatives tools for Rootkit Hunter »

This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest release1.4.4 [2017-06-29]
LicenseGPLv3
Last updatedApril 18, 2018

Project health

67
This score is calculated by different factors, like project age, last release date, etc.

Links

 Rootkit Hunter website

Categories

This tool is categorized as a Linux malware detection tool and Linux rootkit scanner.

Compare Rootkit Hunter with other tools

Related terms