SkillAgentSearch skills...

PANIX

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

GenerateConvertImprove

Install / Use

/learn @Aegrah/PANIX
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<p align="center"> <img src="https://github.com/user-attachments/assets/92536790-efb0-44c0-8d53-fc8b0d1e8683" alt="PANIX logo"width="1010" height="750"> <h1 align="center"><a href="https://github.com/Aegrah/PANIX/">PANIX - Persistence Against *NIX</a></h1> </p>

PANIX is a powerful, modular, and highly customizable Linux persistence framework designed for security researchers, detection engineers, penetration testers, CTF enthusiasts, and more. Built with versatility in mind, PANIX emphasizes functionality, making it an essential tool for understanding and implementing a wide range of persistence techniques.

Features

PANIX provides a versatile suite of features for simulating and researching Linux persistence mechanisms.

| Feature | Description |Root|User| |----------------------------------|-----------------------------------------------------------------------------------------|--------|--------| | At Job Persistence | Implements persistence by adding entries to system jobs. | ✅ | ✅ | | Authorized Keys | Adds a public key to the authorized_keys file for SSH access. | ✅ | ✅ | | Backdoor User | Creates a backdoor user with UID=0 (root privileges). | ✅ | ❌ | | Backdoor System User | Backdoor a system user (SSH access to news/nobody). | ✅ | ❌ | | Backdoored /etc/passwd | Directly adds a malicious user entry to /etc/passwd. | ✅ | ❌ | | Backdoored /etc/init.d | Establishes persistence via SysVinit (/etc/init.d). | ✅ | ❌ | | Backdoored /etc/rc.local | Establishes persistence via run control (/etc/rc.local). | ✅ | ❌ | | Bind Shell | Runs a pre-compiled/LOLBin bind shell for remote access. | ✅ | ✅ | | Capabilities Backdoor | Adds specific capabilities to binaries to maintain persistence. | ✅ | ❌ | | Cron Job Persistence | Sets up cron jobs to ensure persistence across reboots. | ✅ | ✅ | | Create User | Creates a new user account on the system. | ✅ | ❌ | | D-Bus Backdoor | Creates a D-Bus service for root reverse shell access. | ✅ | ❌ | | Diamorphine Rootkit | Installs the Diamorphine Loadable Kernel Module Rootkit. | ✅ | ❌ | | Initramfs Persistence | Injects a UID=0 backdoor user into initramfs on reboot. | ✅ | ❌ | | Git Persistence | Utilizes Git hooks or pagers to persist within Git repositories. | ✅ | ✅ | | Generator Persistence | Leverages systemd generators to create persistent services. | ✅ | ❌ | | GRUB Backdoor | Manipulates GRUB to execute a backdoor at boot. | ✅ | ❌ | | Malicious Container | Deploys a Docker container designed to host escape. | ✅ | ✅ | | Malicious Package | Installs a DPKG/RPM package to achieve persistence. | ✅ | ❌ | | NetworkManager | Installs a dispatcher script to persist upon network actions. | ✅ | ❌ | | LD_PRELOAD Backdoor | Uses LD_PRELOAD to inject malicious libraries for persistence. | ✅ | ❌ | | LKM Backdoor | Loads a Loadable Kernel Module to maintain persistence. | ✅ | ❌ | | MOTD Backdoor | Alters Message of the Day (MOTD) to establish persistence. | ✅ | ❌ | | Package Manager | Manipulates APT/YUM/DNF to establish persistence on usage. | ✅ | ❌ | | PAM Persistence | Installs a PAM backdoor using a rogue module or pam_exec. | ✅ | ❌ | | Password Change | Changes user passwords to secure backdoor accounts. | ✅ | ❌ | | Polkit Backdoor | Creates an overly permissive Polkit configuration backdoor. | ✅ | ❌ | | Reverse Shell | Establishes a reverse shell (supporting multiple LOLBins). | ✅ | ✅ | | Shell Profile Persistence | Modifies shell profiles to execute scripts upon user login. | ✅ | ✅ | | SSH Key Persistence | Manipulates SSH keys to maintain persistent access via SSH. | ✅ | ✅ | | Sudoers Backdoor | Alters the /etc/sudoers file to grant elevated privileges. | ✅ | ❌ | | SUID Backdoor | Backdoors binaries by setting the SUID bit. | ✅ | ❌ | | System Binary Backdoor | Wraps system binaries to include backdoor functionality. | ✅ | ❌ | | Systemd Service | Creates systemd services that ensure persistence on reboot. | ✅ | ✅ | | Udev Persistence | Utilizes drivers to persist at the hardware interaction level. | ✅ | ❌ | | Web Shell Persistence | Deploys web servers for remote access via web interfaces. | ✅ | ✅ | | XDG Autostart | Employs XDG autostart directories to persist upon user login. | ✅ | ✅ |

Support

PANIX offers comprehensive support across various Linux distributions.

| Distribution | Support | Tested Version | |------------------|-----------|------------------------------------------------------------------| | Debian | ✅ | Debian 11 & 12 | | Ubuntu | ✅ | Ubuntu 22.04 (Diamorphine unavailable) | | RHEL | ✅ | RHEL 9 (MOTD & Pre-OS Boot techniques unavailable) | | CentOS | ✅ | CentOS Stream 9 & 7 (MOTD & Pre-OS Boot techniques unavailable) | | Fedora | ✅ | Not fully tested | | Arch Linux | ✅ | Not fully tested | | OpenSUSE | ✅ | Not fully tested |

Custom or outdated Linux distributions may have different configurations or lack specific features, causing mechanisms to fail on untested versions. If a default command fails, use the --custom flag available in most features to adjust paths and commands for your environment. Review and modify the script to suit your needs if that doesn't resolve the issue.

Contributions via pull requests or issues for new features, updates, or ideas are always welcome!

Repository Structure

The PANIX repository is designed for modularity, maintainability, and ease of extension. Each persistence mechanism includes setup and revert scripts, simplifying management, and removal.

PANIX/
├── main.sh           # Core logic and argument parsing.
├── modules/          # Persistence mechanism scripts.
│   ├── common.sh     # Shared functions.
│   ├── setup_*.sh    # Setup scripts.
│   └── revert/       # Revert scripts.
├── build.sh          # Builds the distributable script.
├── panix.sh          # Final distributable script.
└── README.md         # Documentation.

Key Benefits

  • Paired Setup & Revert: Every setup_*.sh has a corresponding revert_*.sh, ensuring easy removal of persistence mechanisms.
  • Modular Design: Easily modify existing modules or add new ones without affecting the core script.
  • Simple Expansion: To add new functionality:
    1. Create a new setup_*.sh in modules/.
    2. Add a corresponding revert_*.sh in modules/revert/.
    3. Update main.sh to include the new scripts.
    4. Update common.sh to include the module in the help menu.
    5. Run build.sh to generate the updated panix.sh.

Getting Started

Getting PANIX up and running is as simple as downloading the script from the release page and executing it:

curl -sL https://github.com/Aegrah/PANIX/releases/download/panix-v2.1.0/panix.sh | bash

Or download it and execute it manually:

# Download through curl or wget
curl -sL https://github.com/Aegrah/PANIX/releases/download/panix-v2.1.0/panix.sh -o panix.sh
wget https://github.com/Aegrah/PANIX/releases/download/panix-v2.1.0/panix.sh -O panix.sh

# Grant execution permissions and execute the script.
chmod +x panix.sh
./panix.sh

Executing the script will either show the root or user help menu, depending on the privileges the current user has.

panix@panix-demo:~$ sudo ./panix.sh
 __
|__)  /\  |\ | | \_/
|    /~~\ | \| | / \

@RFGroenewoud

Root User Options:

  --at

Aegrah

View profile

View on GitHub
GitHub Stars858
CategoryEducation
Updated1d ago
Forks98
Aegrah/PANIX

Languages

Shell

Security Score

100/100

Audited on Apr 2, 2026

No findings