Skip to content

owlsecx/OGuard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
OGuard
OGuard
 
 
README.md
README.md
 
 

Repository files navigation

🛡️ OGuard

OGuard is a Linux system scanner focused on malware detection, rootkit hunting, suspicious processes, persistence mechanisms, and startup entries. It performs read-only scans with hash comparison, entropy analysis, and pattern matching.

📌 Overview

OGuard scans critical system locations for indicators of compromise:

  • Known malware hashes and suspicious strings
  • Packed ELF binaries and high-entropy files
  • Crypto miners and reverse shells
  • SUID/SGID binaries
  • Crontab, systemd services, rc files, and kernel modules
  • Processes running from unusual locations (/tmp, /dev/shm, etc.)

All operations are read-only for forensic safety.

🖥️ Modules

# Module Description
[1] Quick Scan Scan high-risk locations (/tmp, /var/tmp, /home, cron…)
[2] Full Scan Scan entire / filesystem
[3] Custom Scan Scan a specific file or directory
[4] Process Inspector Detect miners, hacking tools, suspicious processes
[5] Crontab Check Cron jobs, systemd services, ld.so.preload
[6] Startup Audit Init files, shell RC files, at jobs, kernel modules

📊 Key Features

  • Malware Signature Database — Known hashes and behavioral patterns
  • ELF Analysis — Detects UPX packing, suspicious symbols, and rootkit indicators
  • Process Inspection — Miners, reverse shells, deleted executables
  • Persistence Hunting — Crontab, systemd, rc.local, ld.so.preload
  • High-Entropy Detection — Flags likely packed or encrypted binaries
  • Suspicious Location Check — Processes running from /tmp, /dev/shm, etc.
  • Forensic Logging — All actions logged to oguard_forensic.log
  • JSON Export — Structured reports for further analysis

⚙️ Requirements

  • Linux
  • Root privileges (required for full system access)

🚀 Usage

sudo ./OGuard

📁 Output

Live Results — Color-coded threats with severity and details
Threat Details — Type, severity, hash, path, and suspicious indicators
Process Analysis — Miners, hacking tools, suspicious ports
Persistence Report — Cron jobs, services, rc files
JSON Export — Full structured report with all findings


📦 Part of OwlSec Toolkit
This tool is part of the OwlSec suite — a collection of 300+ security and privacy tools.
🔗 owlsec.org

©️ License
Proprietary — © Khaled S. Haddad
Tools are distributed as pre-built executables. Source code is proprietary.

AUTHORISED FORENSIC SYSTEM SCANNING USE ONLY

About

OGuard is a Linux system scanner focused on malware detection, rootkit hunting, suspicious processes, persistence mechanisms, and startup entries. It performs read-only scans with hash comparison, entropy analysis, and pattern matching.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors