Twitter icon Facebook icon Google+ icon

Rootkit Hunter

Download Rootkit Hunter  Download

Rootkit scanner
Project information
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer
System requirements:
- Compatible operating system (see 'Supported operating systems')
- Bourne Again Shell (BASH)

Supported operating systems
- Most Linux distributions
- Most *BSD distributions

Currently unsupported:
- NetBSD

Tested on:
- AIX 4.1.5 / 4.3.3
- ALT Linux
- Aurora Linux
- CentOS 3.1 / 4.0
- Conectiva Linux 6.0
- Debian 3.x
- FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
- FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
- Fedora Core 1 / Core 2 / Core 3
- Gentoo 1.4, 2004.0, 2004.1
- Macintosh OS 10.3.4-10.3.8
- Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
- OpenBSD 3.4 / 3.5
- Red Hat Linux 7.0-7.3 / 8 / 9
- Red Hat Enterprise Linux 2.1 / 3.0
- Slackware 9.0 / 9.1 / 10.0 / 10.1
- SME 6.0
- Solaris (SunOS)
- SuSE 7.3 / 8.0-8.2 / 9.0-9.2
- Ubuntu
- Yellow Dog Linux 3.0 / 3.01

Confirmed to work also on:
- DaNix (Debian clone)
- PCLinuxOS
- VectorLinux SOHO 3.2 / 4.0
- CPUBuilders Linux
- Virtuozzo (VPS)

Extra information

'Supported' rootkits/backdoors/LKM's/worms:

55808 Trojan - Variant A
ADM W0rm
aPa Kit
Apache Worm
Ambient (ark) Rootkit
Balaur Rootkit
CiNIK Worm (Slapper.B variant)
Danny-Boy's Abuse Kit
Devil RootKit
Dreams Rootkit
Duarawkz Rootkit
Flea Linux Rootkit
FreeBSD Rootkit
Fuck`it Rootkit
Heroin LKM
HjC Rootkit
Irix Rootkit
Li0n Worm
Lockit / LJK2
mod_rootme (Apache backdoor)
Ni0 Rootkit
NSDAP (RootKit for SunOS)
Optic Kit (Tux)
Oz Rootkit
R3dstorm Toolkit
RH-Sharpe's rootkit
RSHA's rootkit
Scalper Worm
SHV4 Rootkit
SHV5 Rootkit
Sin Rootkit
Sneakin Rootkit
SunOS Rootkit
TBD (Telnet BackDoor)
T0rn Rootkit
Trojanit Kit
URK (Universal RootKit)
Volc Rootkit
X-Org SunOS Rootkit
zaRwT.KiT Rootkit

and... some known/unknown sniffers, backdoors like:
Anti Anti-sniffer
THC Backdoor

Project related documentation
- Scanning techniques
- Rootkit Hunter Changelog
- Documentation

Tags: rootkit trojan backdoor

Quick links

Project members

Michael Boelen - Project founder
Rootkit Hunter team -

Related links

- Rootkit Hunter FAQ

Lynis Enterprise Suite


Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence and helps with auditing your systems. So you can verify yourself and trust!

How it works
Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings. To provide you with initial guidance, a link is shared to the related Lynis control.

Example output:
Example output of a Linux security scan with Lynis

The primary goal of Lynis is to perform a quick scan on your systems and determine room for improvement. Our Lynis Enterprise Suite is also using Lynis as a core component, however with much more functionality on top. Lynis Enterprise focuses on companies serious about their information security policy. Main audience is system administrators, security professionals and auditors working for these kind of companies.

Fact sheet
» Open Source (GPLv3)
» Free to use
» Well-known and mature
» Big community of users
» Packages/ports available
» Used by individuals, businesses,
government departments and multinationals

Quick links
» Downloads
» Lynis documentation

Download Lynis

(Open Source and Free)

Lynis Enterprise

Example output of Lynis Enterprise

Lynis Enterprise begins, where Lynis stops. The Enterprise Suite also includes central management, reporting, action plans and security measurements.


Central management

No more custom scripting or deploying systems without hardening going undetected.

Reporting / Implementation Plan

The reporting capabilities are powerful. For example including an overview of the quick wins, or the group of systems with the highest risk rating. This makes it easy for you to determine your priorities. Just check the most important areas first and save a lot of time and efforts!

Lynis Plugins

The software functionality can be extended with the help of plugins. Examples:
  • Malware detection
  • Forensics
  • Heuristics
  • System statistics
  • Software


Centralized data can be exported and linked to existing systems. The bigger plans also include the use of an API, to easily export data.

Integration possibilities:
  • SIEM solutions (event/incident logging)
  • Configuration management and automation tools
  • CMDB or other ITIL based tooling

Lynis Collector

The Enterprise solution includes Lynis Collector, a piece of software to handle central collection of data from all systems. Even if your systems do not have direct access to a WAN or internet link, the Collector can act as a proxy.


Get implementation advice, guidance on hardening and see feature requests.


Last, but not least, the proven auditing client Lynis. One of the core components in our solution and already used by thousands of companies and users. You don't want unstable software in your environment and we understand that!

Lynis remains open source and freely available. This way we give back to the community and people can audit their systems for free. At the same time everyone can audit our software. We are confident about our product offering. Join us!

Discover Pricing
(Good can be affordable!)

Find weaknesses in your defenses has become easy with Lynis Enterprise Suite. Do you know yours?

Our Lynis tour below will provide you with more benefits.


If you want to audit your environment, have a look at the features of the full suite.

Complete solution
One solution for:

Configuration management
Perform in-depth technical audits to check if systems are really compliant.

System hardening
Tired of reading long benchmarks? Just run a security scan with Lynis and know your weaknesses. These findings are great input for your system hardening steps.

Technical auditing
With focus on Linux and Unix based systems, the Lynis suite includes a powerful security auditing tool. Check how well your patch management strategy is executed. Also determine if your systems are really configured like you had intended during installation time.

Security incident detection and monitoring
With the right configuration and plugins, Lynis perform a really deep investigation. Almost like a forensics team! Traces of malware and malformed files can be detected.

New functionality
But we don't stop there. New functionality is continuously being added. Stay tuned!

Enterprise ready
Users of the Lynis Enterprise version will have additional tools and guidance. This includes additional explanations, scripts and examples on solving findings. For some of the plans this also includes additional code snippets. This way you can make optimal use of your existing configuration management solutions (e.g. Cfengine, Puppet).


Compliance and regulations
Dealing with compliance and regulations? Lynis helps you with taking the right measures. Check the related controls and define your improvement plan. Support is available to audit controls from standards like:

  • Basel II
  • GLBA
  • ISO27001/ISO27002
  • SOx (Sarbanes-Oxley)

Request Demo
(Audit our promises!)

Technical auditing

Lynis does more than simple baseline or compliance checking. Configuring a specific setting is simply not enough. That's why our software will also audit proper functioning of software. Don't just trust on compliance checks alone!

Examples of audit tests:
  • Available authentication methods
  • Expired SSL certificates
  • Outdated or vulnerable software packages
  • Time configuration and proper functioning of NTP daemon
  • User accounts without password
  • Incorrect file permissions
  • Configuration errors
  • Firewall rules

Low requirements

We all know those software "solutions" with high requirements. Starting with a specific database engine, reporting software, a lot of storage and enough CPU cores... To make things worse, licenses for every single component. Not for Lynis!

Lynis is written in shell script. Therefore it runs on most systems, without any adjustments. No alterations, no installation and no third party tools needed. But.. if you still prefer to use software packages, that's completely fine with us!

Low requirements

Operating systems supported
More is actually better!

Most security solutions only provide support for the common Linux versions. We simply love all Unix derived systems. Therefore we can support (almost) all of them. We are confident that Lynis run on systems which have the common GNU tools available. Feel free to test our promises!

Operatings systems which are confirmed to work:
Operating systems
  • AIX
  • Arch Linux
  • BackTrack Linux
  • CentOS, ClearOS
  • Debian, DragonFlyBSD
  • Fedora Core, FreeBSD
  • Gentoo
  • HPUX
  • Kali, Knoppix
  • Linux Mint
  • MacOS X, Mageia, Mandriva
  • NetBSD
  • OpenBSD, OpenSolaris, openSUSE, Oracle Linux
  • PcBSD, PCLinuxOS
  • Red Hat Enterprise Linux (RHEL) and derivatives
  • Sabayon, Scientific Linux, Slackware, Solaris 10, SuSE
  • TrueOS
  • Ubuntu and derivatives

Lynis is already included in most software repositories. Also security, vulnerability and pentesting distributions include Lynis. For example Kali Linux, ArchAssault and BlackArch have Lynis available.

  • Checkpoint GAiA
Some areas which can be audited, including examples of software:
  • Database servers: MySQL, Oracle, PostgreSQL
  • E-mail servers: Postfix, Sendmail
  • Identity management: OpenLDAP
  • Proxy servers: Squid
  • Time daemons: dntpd, ntpd, timed
  • Web services: Apache, Nginx, PHP

Security budgets
Regulations are increasing, security incidents show up in the news almost daily. It's no wonder companies start to invest in security programs.

Affordable pricing
You like to be secured, we like to help! Our goal is to spread our technology to as much companies and individuals as possible. We keep Lynis open source, so individuals and small companies can freely use the software.

Passion for Information Security
For companies who would like the full Lynis Enterprise suite, with additional options and support, we have very affordable pricing. We aren't in for the money. We are here to help your business and improve the information security field!

Did we already mention we are passionate about our services?

Discover Pricing »
(Good can be very affordable)

Competitive pricing

Still have questions or like to know more? Check the contact page and ask!