Rootkit Hunter (rkhunter)

LSE toolsLSE toolsRootkit Hunter (470)Rootkit Hunter (470)

Tool and Usage

Project details

Programming language
shell script
Michael Boelen
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.


Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

Background information

The rkhunter project was originally created by Michael Boelen in 2003. Michael agreed to hand over development in 2006 to a project team so development could continue.

Usage and audience

Rootkit Hunter is commonly used for malware detection or malware scanning. Target users for this tool are system administrators.


  • Command line interface

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + Used language is shell script
  • + Project is mature (10+ years)
  • + The source code of this software is available

History and highlights

2006Project development was handed over to project team
2003Project was started by Michael Boelen

Author and Maintainers

Rootkit Hunter was created by Michael Boelen. Currently the project is managed by John Horne.


Supported operating systems

Rootkit Hunter is known to work on AIX, FreeBSD, Linux, NetBSD, OpenBSD, Solaris, and macOS.

Rootkit Hunter alternatives

Similar tools to Rootkit Hunter:



chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.



ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.



Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

All Rootkit Hunter alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Compare Rootkit Hunter with other tools


This tool is categorized as a Linux malware detection tool and Linux rootkit scanner.