Skip to content
/ rootkit Public

This Linux rootkit project comprises Commander and Victim programs facilitating covert communication through encrypted channels. Leveraging features like keylogging, file transfer, and remote program execution, it provides a controlled and secure means of interacting with a Linux system.

License

GPL-3.0 license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

YashsviG/rootkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.gitignore

.gitignore

 
 

LEARN.md

LEARN.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

commander.py

commander.py

 
 

covertChannel.py

covertChannel.py

 
 

encryption.py

encryption.py

 
 

keylogger.py

keylogger.py

 
 

portknocker.py

portknocker.py

 
 

processname.py

processname.py

 
 

requirements.txt

requirements.txt

 
 

utils.py

utils.py

 
 

victim.py

victim.py

 
 

watcher.py

watcher.py

 
 

Repository files navigation

Linux Rootkit

Overview

This repository contains two Python programs, Commander and Victim, designed for covert communication and control over a network. The Commander initiates a session by port knocking on the Victim, allowing the two programs to communicate through covert channels. The Victim responds to the Commander's commands, which include various actions like starting/stopping a keylogger, transferring files, watching files or directories, running programs, and more.

Key Points

  • All communication between the Commander and Victim is done through covert channels.
  • Communication is encrypted to ensure secure data transfer.
  • The session initiated by port knocking continues until the Commander selects the Disconnect option.
  • Output from programs run on the Victim is displayed on the Commander.

Dependencies

  • Both programs use Python and various libraries such as multiprocessing, inotify, and psutil.
  • Install all these dependencies using: pip install -r requirements.txt

Commander Program

Usage

Run the Commander program with the following command: python commander.py -ip <victim_ip_addr> -p <port_number> (Replace <victim_ip_addr> with the victim's IP address, <port_number> with the desired port number for communication.)

Follow the on-screen menu to interact with the Victim.

Menu Options

  • Disconnect from the Victim: End the current session and disconnect from the Victim.
  • Uninstall from the Victim: Uninstall the program from the Victim.
  • Start Keylogger on the Victim: Initiate the keylogger on the Victim.
  • Stop Keylogger on the Victim: Stop the keylogger on the Victim.
  • Transfer Keylog File from the Victim: Retrieve the keylog file from the Victim.
  • Transfer a File to the Victim: Send a file to the Victim.
  • Transfer a File from the Victim: Receive a file from the Victim.
  • Watch a File on the Victim: Monitor changes to a specific file on the Victim.
  • Watch a Directory on the Victim: Monitor changes to files within a directory on the Victim.
  • Run a Program on the Victim: Execute a command on the Victim, and view the output on the Commander.

Victim Program

Usage

Run the Victim program with the following command: python victim.py -p <port_number> (Replace <port_number> with the port number used by the Commander for communication.)

Wait for the Commander to initiate a session through port knocking.

Screenshot of the Rootkit running

Commander

image

Victim

image

Demo

final-video.mp4

About

This Linux rootkit project comprises Commander and Victim programs facilitating covert communication through encrypted channels. Leveraging features like keylogging, file transfer, and remote program execution, it provides a controlled and secure means of interacting with a Linux system.

Topics

linux github-pages rootkit python3 learn cnc-controller cnc-programming directorywatcher fileware keylogger-python github-codespaces student-vscode

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages