Skip to content
/ lkm_unhide Public

LKM unhide is a LKM Rootkits Detection Tool for Linux Kernels 5.x/6.x.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sapellaniz/lkm_unhide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Makefile
Makefile
 
 
README.md
README.md
 
 
lkm_unhide.c
lkm_unhide.c
 
 

Repository files navigation

lkm_unhide

lkm_unhide is a LKM Rootkits Detection Tool for Linux Kernels 5.x/6.x.

It can find hidden LKM Rootkits scanning memory regions between unhidden modules.

Usage

Verify if the kernel is 5.x/6.x

uname -r

Clone the repository

git clone https://github.com/sapellaniz/lkm_unhide

Enter the folder

cd lkm_unhide

Compile

make

Load the module(as root)

insmod lkm_unhide.ko

Unload the module(as root)

rmmod lkm_unhide.ko

Check if it has detected any hidden module

dmesg | grep lkm_unhide

Unload any hidden module

rmmod <hidden_module_name>

About

LKM unhide is a LKM Rootkits Detection Tool for Linux Kernels 5.x/6.x.

Topics

security kernel rootkit forensics

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages