Rootkit Hunter (rkhunter)

LSE toolsLSE toolsRootkit Hunter (117)Rootkit Hunter (117)

Tool and Usage

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix


Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

Usage and audience

This tool is categorized as a Linux malware detection tool.

Rootkit Hunter is commonly used for malware scan. Target users for this tool are system administrators.


  • Rootkit Hunter is written in shell script
  • Command line interface

Tool review

The review and analysis of this project resulted in the following remarks for this security tool:


  • + Used language is shell script
  • + Project is mature (10+ years)
  • + The source code of this software is available

Author and Maintainers

Rootkit Hunter was created by Michael Boelen. Currently the project is managed by John Horne.


Support operating systems

Rootkit Hunter is known to work on AIX, FreeBSD, Linux, macOS, NetBSD, OpenBSD, and Solaris.

This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest release1.4.4 [2017-06-29]
Last updatedSept. 27, 2017

Project health

This score is calculated by different factors, like project age, last release date, etc.


 Rootkit Hunter website

Compare Rootkit Hunter with other tools

Related terms