Skip to content

QuokkaLight/rkduck

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

rkduck - Rootkit for Linux v4 Build Status

rkduck is a Loadable Kernel Module rootkit for the latest Linux Kernels v4. This is still a work in progress.

Features

  • Stealth
    • Hide files, directories, processes
  • Communication
    • SSH
    • Direct shell (unencrypted)
    • Reverse shell (unencrypted)
  • Keylogger
    • Recording of the keystrokes of every user.
    • Information sent periodically
  • Crumbs
    • A user space CLI program allowing the user to control the rootkit configuration during its execution
    • Requires an authentication to be used (hardcoded key stored in rduck, the configuration section has more information about it)

Tests

At the moment we didn't get the chance to test our rootkit on different versions of Linux to make sure everything is working as intended. If you want to report a bug feel free to create an issue or send us an email at [email protected].

Contributors

  • mpgn - Twitter

  • RainbowLyte - Twitter

                   _.._
                  /   a\__,
                  \  -.___/
                   \  \
              (\____)  \
          |\_(         ))
     _____|   (_        /________
          _\____(______/__
               ______