Open In App

How to Install Rkhunter Tool in Kali Linux ?

Last Updated : 17 Jun, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Rkhunter (Rootkit Hunter) is a good fit for POSIX systems and can aid in the discovery of rootkits and other security flaws. Rkhunter fully examines files (both hidden and visible), default directories, kernel modules, and permissions that have been mishandled.

RootKit Hunter is another alternative to chkrootkit. It’s also a good complement since if you find rootkits using one of them, you’ll need to use the other to avoid false positives. It is used to keep a Linux system safe from viruses. It is a Linux operating system anti-virus and anti-malware program. It runs a number of tests to see if the server has been infected with rootkits, such as looking for rootkit-specific files, incorrect file permissions for executable binaries, and identifying kernel modules, among other things.

Hidden files, incorrect binary permissions, suspicious strings in kernel backdoors, and potentially local vulnerabilities are all scanned by RootKit Hunter. It accomplishes this by comparing the SHA-1 hashes of critical files to well-known hashes in Internet databases. The rootkit is highly attackable and severely damaging to the system. It employs a series of tools to establish backdoors and conceal tracks, allowing the attacker to keep access to the system and login as root at any moment.

RKHunter Features:

  • The MD5 checksum test determines if a file has been modified.
  • The trojan that detects signatures
  • Locate files that have been hidden.
  • LKM Detection of Suspicious Core Modules
  • Identify the monitoring port on which the system has been turned on.
  • the test for the detecting system

Rootkits are divided into two categories:

  • file-level
  • kernel-level

File-level Rootkit

Typically, after infiltrating the system via application or system vulnerabilities, the system’s critical files are updated to disguise themselves. The normal files were replaced by Trojan horse programs and transformed into shell programs when the system was infected by a rootkit, and the concealed backdoor applications were within.

Kernel-level Rootkit

This type of infiltration is more sophisticated than a file-level rootkit. It can allow an attacker to take total control of the system’s bottom layer. The attacker can now change the system kernel to intercept the commands sent to the kernel by the executing software. And then point it to the intruder’s chosen software, which you should launch.

Installation

Step 1: In Linux, install Rootkit Hunter Scanner Tool. If you’re using Kali Linux, use this terminal command to install it.

sudo apt-get install rkhunter -y

Step 2: Then update this tool.

rkhunter –update

Usage

You may use the following command to see if your computer has been infected with a rootkit:

rkhunter –check

As you can see, RkHunter, like chkrootkit, starts by analyzing the system binaries, as well as libraries and strings:

As you can see, unlike chkrootkit, RkHunter will ask you to hit ENTER to proceed to the next phase. Whereas RootKit Hunter previously searched for the system binaries and libraries, it will now check for known rootkits:

To allow RkHunter to continue searching for rootkits, press ENTER:

Then, similar to chkrootkit, it will scan your network interfaces as well as ports known to be used by backdoors and trojans:

Finally, a summary of the results will be printed.

 Rkhunter runs various well-known checks on the system by default. However, you may also use ‘–scan-knownbad-files’ to discover unknown errors:

rkhunter -c -scan-knownbad-Files

The rootkit vulnerabilities database system is used to identify Rkhunter; the database is updated often, thus it’s critical to maintain your database up to date.

Results recorded in /var/log/rkhunter.log are always accessible:


Similar Reads

Detecting and Checking Rootkits with Chkrootkit and rkhunter Tool in Kali Linux
In this article, we are going to see how to Detect and Check Rootkits with Chkrootkit and rkhunter in Kali Linux. Method 1: Using chkrootkit chkrootkit: It is a free and open-source antivirus tool available on GitHub. This tool checks locally in the binary system of your machine and scans your Linux server for a trojan. chkrootkit is a shell script
2 min read
Webkiller v2.0 - Tool Information Gathering tool in Kali Linux
Webkiller is a free and open-source tool available on GitHub. Webkiller is used as an information-gathering tool. Webkiller is used to scan websites for information gathering and finding vulnerabilities in websites and webapps. The whois data collection gives us information about Geoip lookup, Banner grabbing, DNS lookup, port scanning, sub-domain
3 min read
Cewl Tool - Creating Custom Wordlists Tool in Kali Linux
In this article, we will see how to create a wordlist with the Kali Linux tool Cewl and what options are available in this post. Cewl is a Ruby program that crawls a URL to a defined depth, optionally following external links, and produces a list of keywords that password crackers such as John the Ripper can use to crack passwords. can. FAB (Files
4 min read
Tool-X - Hacking Tool Installer in Kali Linux
Tool-X is a free and open-source tool written in python that is available on GitHub. Tool-X is used by security researchers and pen-testers in the early stages of reconnaissance and pen-testing. It is an installer framework for Kali Linux that has approximately 300 tools available on its menu. It will provide a command-line user interface that you
2 min read
How to Install FatRat Tool in Kali Linux?
The FatRat is a free and open-source tool used as an exploiting tool. The FatRat tool adds malware with a payload and after that, the malware that you have developed can be executed on different types of operating systems such as android, windows, mac, Linux. The FatRat is a powerful tool that can bypass most of the Antivirus easily and can maintai
5 min read
How to Install KaliTorify Tool in Kali Linux?
Kalitorify is a free and open-source tool to become anonymous on the Internet while testing the security of a web browser. kalitorify uses ip-tables to create a Transparent Proxy through the Tor Network. kalitorify can move the network of your Kali Linux operating system through the Tor Network using ip-tables. When you run the tool it starts the t
3 min read
How to Install Chkrootkit Tool in Kali Linux ?
The chkrootkit security scanner is a popular security tool that allows administrators to check the local system for evidence of a rootkit infection. A rootkit is a malicious application that may get access to a computer system without the user's knowledge. This implies that the rootkit may execute files and change system configurations on the targe
3 min read
How to Install Nipe tool in Kali Linux?
Nipe is a program that uses the Tor network as the user's default gateway, routing all traffic on the Tor network, which is often used to provide privacy and anonymity. It should be emphasized that hiding an IP address alone will not provide anonymity when using a tool for privacy and anonymity, as DNS information may still be exposed. Both IP and
3 min read
How to Install Ghost_Eye Tool in Kali Linux ?
GhostEye is an information gathering, footprinting, scanner, and Reconnaissance tool built with Python 3. It captures information about the target and gives us detailed information about our objectives. It only requires a domain or IP address. GhostEye is compatible with all Linux distributions. Features:It is a user-friendly tool.Provide an option
5 min read
Kali-Whoami - Stay anonymous on Kali Linux
In today's life, we are surrounded by a lot of cyber security tools and we talk about our online anonymity, but are we really anonymous? A single mistake can reveal our anonymity, so here is a tool that can help us to make anonymity possible and it is called WHOAMI. It is very useful and has a very simple UI. Note: if you are a parrot user then you
3 min read