Amap is an application mapping tool that we can use to read banners from network services running on remote ports. In our this detailed article we are going to learn hot we can use Amap on Kali Linux to acquire service banners in order to identify the services running with open ports on a target system.

To use Amap to gather service banners, we will need to have a remote system running network services that discloses information when a client device connects to them. In our article we are going to use a Metasploitable2 instance for example. We already have an article about installing Metasploitable2.

Amap is comes preloaded with our Kali Linux system so we don’t need to install it on our system, we can directly run the following command on our terminal to see the help/options of Amap:

amap --h

The output of command shown in the following screenshot:

In the screenshot we can see that -B flag in Amap can be used to run Amap in banner mode. This have it collect banners for the specified IP and service port(s). This application can be used to collect the banner from a single service by specifying the remote IP address and port number.

For an example we run following command on our terminal:

amap -B 172.20.10.10 21

This command will scan our Metaspoitable2 IP to grab the banner of port 21. The result shown in the following screenshot:

On the above screenshot, we can see that Amap has grabbed the service banner from port 21 on the Metasploitable2 system. We can also run this command to perform a scan of all the possible TCP ports, all the possible ports must need to scanned. The portions of the TCP headers that define the source & destination port address are both 16 bits in length, also each bit can retain a value of 1 or 0. So there are 2¹⁶ or 65536 possible TCP port addresses. To scan all the TCP ports all we need to specify the range of 1 to 65535. We can do this by using following command on our terminal:

amap -B 172.20.10.10 1-65535

In the following screenshot we can see the output of the applied command.

In the above screenshot we can see that we got the opened ports and their banners. Sometimes the normal output of the command shows lots of unnecessary & redundant information that can be extracted from the output. Like the IP address & metadata is there without any logic. We can filter the output using following command:

amap -B 172.20.10.10 1-65535 | grep "on" | cut -d ":" -f 2-5

Now in the following screenshot we can see that the output is to the point.

This shows the principal that tells how Amap can accomplish the task of banner grabbing is same as some other tools like Nmap. Amap cycles through the list of destination port address, attempts to establish a connection with each port, and then receives every returned banner that is sent upon connection to the service running on the port.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

In today’s article we are going to discuss about how we can be anonymous on the internet, because we all love privacy. Sometimes we need to do some private jobs on the internet. So anonymity is important. We can say we can use Tor, VPN to be anonymous. But that’s totally not true.

The perfect say is “Privacy is a myth“. We can use the Tor, VPN, Proxychains etc to increase our privacy, but those methods are not totally bulletproof. But in this article we are going to discuss about some techniques that will be really helpful to be more anonymous on the internet. This is going to be another level of anonymity if we didn’t do any mistake from our side.

Before going further we need to have a clear idea about Tor and VPN like stuffs. After that we are good to go. As we know that Tor a very good way to be anonymous on internet, but some services detects that we are using Tor and restricts us to use the services. A good example is Google.

Google catch Tor network

Also the VPN providers may keep our activity logs on their database (Paid VPN providers told that, they don’t keep logs. But can we trust them? let us know in the comment section below). Then what to do?

Be Anonymous Online

So, in this article we are going to talk about a easy, fast and effective way to be anonymous online. By following this real IP address will be very very hard to detect by anyone on the world, we just need to finish the article totally to get the pro idea.

The idea is easy yet powerful. We are going to use Tor and Proxychains together. First we run Tor then we run our proxychains. By doing this services like Google TorCheck etc will get the IP address of our proxy servers and those proxyservers also don’t have our real IP address, they have the IP address of our Tor. Let’s practically do it. For the first time we need to do some proxychains configurations and need to learn basics of it.

Configuring ProxyChains

Proxychains comes pre-installed with Kali Linux, also we can install it using following command:

sudo apt install proxychains

After that we need to configure it as we want to use. Let we open the configuration file by using following command:

sudo nano /etc/proxychains.conf

The above command will open the proxychains configuration file as we can see in the following screenshot:

If we scroll down to the end of the file we can see the list of proxies.

We can add our proxy servers here. First is proxy type then IP address then port number. We also can add username and password of the proxy server (If required). Everything is shown in the following screenshot:

Proxy list explained

Now we can add proxies list here.

Just not only proxies list we can configure many more things here, like if the proxy server is taking to much time then we can set timeout for them.

Proxy timeout settings

We also can configure various type of chains (proxychains) here, like dynamic chain, random chain, strict chain. The works of the chains is well written here.

But in easy language we can explain them as following. Suppose we have a list of proxies in this configuration file.

• Dynamic Chain:- In this chain our proxy server’s list will maintain the order we have set, but if one or more proxy server is not working it will skip it to get the connection.
• Strict Chain:- In this type of chain our proxy server’s order will maintained and also every proxy server must need to work otherwise it will not make the connection.
• Random Chain:- In this type it will use random proxies from our proxy server’s list. It will not maintain any order.

Here we are going to set multiple proxy servers in our proxy list. Where to get free proxies? well there are some websites that provides us free and paid proxies. HidemyName, Genode and Proxy-List etc.We can Google “free proxy server” for more.

We can see the IP address and port of proxy servers, also we can see country/city, speed, type, anonymity etc in the list. We just need the Type, IP and port to add them on our proxychains.conf file. Here we had add two proxies on the configuration file.

Here for example we are going to use dynamic proxy chains. So we remove the ‘#’ before the dynamic chain and put a ‘#’ before the strict chain to disable it. Shown in the following screenshot:

Now we can save and close the proxy chains configuration file by pressing CTRL+X then Y, Then Enter ⤶.

Using Tor with Proxychains

We can install Tor services on our Kali Linux system by using following command:

sudo apt install tor

In the following screenshot we can see that tor is installing on our system:

Installing Tor on Kali Linux

After the installation is complete we can start the Tor services by using following command:

sudo service tor start

Then our Tor services will start, we can check the status of the services by using following command:

sudo service tor status

Yes, our Tor services is running successfully, we can see it in the following screenshot:

Now we can check this on our browser. We open our browser and navigate to torchecker. In the following screenshot we can see that we are using Tor and it detects it. Now all websites or services on the internet can catch us that we are using Tor network. Here we runs our proxychains.

If we want to run proxychains with our browser we need to type following command on our terminal:

proxychains firefox

Now our firefox browser will open in front of us. Lets have a look at TorChecker.

It detects the IP of Proxyservers

As the above screenshot we can see that it can’t detect us that we are using Tor. But Tor services is running. Then why it can’t detect it? Our connection is going through the Tor nodes to the proxy servers by doing proxy servers didn’t getting our real IP. If they keep logs they can, but our real IP will remain hidden for Tor. We can see it on the following screenshot:

Here we can directly use Tor Tor is good for anonymity but as we told some websites and services didn’t allow Tor network IP’s. Now they can’t detect us and we can do all the things online remain anonymous.

By using this method not only web surfing we can do almost every task. Like by using the following command we can use it for nmap scanning:

proxychains nmap -Pn google.com

Now in the above screenshot we can see that we are scanning using Nmap with the help of Tor and Proxychains.

Things We Should Aware

• We need to remember that after sometimes we need to check if our tor services are running properly by using sudo service tor status command.
• Here we had used dynamic chain for an example but in this dynamic chain if we got any issue with one proxy sever it will skip it. So if we want a better result we need to use strict chain.
• Here for an example we have used only two proxy servers but for better anonymity we need to use as much as proxy server we can. But one thing, increasing amount of proxy servers will decrease the internet speed.
• We need to check if the proxy we got for free is working or not. In real life scenario they mostly found dead. We can use some proxy checker tools to check if they are working or not. It the proxy is not working then we might get “socket error or timeout!” error.
• Proxychains configuration file uses Tor because of it’s default Tor proxychains configuration. We shouldn’t remove Tor’s proxy from here. If we removed Tor’s proxy from here then proxychain will not work with Tor.

 

Default proxy for Tor Should not remove

This is all about smart way to be anonymous in the internet world. Here we had used Tor, but Tor checkers didn’t catch us. Internet will got our Proxy server’s IP and the Proxy server will get our Tor network’s IP. By that way we can browse the Internet anonymously.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

VIN number is a significant number that helps you know a lot of information about any vehicle. There are a number of VIN decoders available online. You can use any decoder, but the Mercedes VIN decoder is the best option to go for.

What is a VIN Number?

VIN is the short form to Vehicle Identification Number. It is an identifying code that is unique to each and every vehicle. VIN number defines a lot of details about the particular vehicle.

The code is 17 characters long which involves numerical digits and letters. What if the code is not 17 characters long? You can cross-check it several times from several places. If the correct code is, then definitely the vehicle has been manufactured before 1981 and has limited information.

VIN is termed the DNA of vehicles. As DNA tells the traits of a human, VIN reveals essential information about the car.

How To Decode The VIN?

Analysing the VIN Number itself is sufficient to know a number of details about the vehicle. This 17 character code is a combination of codes that represents many different things about the vehicle.

How Can You Identify or Decode the VIN Number?

Each character of VIN represents something or the other. You can understand what each character means.

• The 1st character specifies where the vehicle is manufactured. It is the country code where the manufacturing unit is located.
• 2nd character tells about the manufacturer of the vehicle.
• 3rd character represents the vehicle type or division.
• The 4th to 8th characters represents the portrait of the vehicles that is vehicle’s brand, body style, engine size and type, model, series, etc.
• The 9th character is a security code that identifies the VIN as being authorised by the manufacturer.
• The 10th character is a representation of the model year of the car.
• The 11th character indicates which plant assembled the vehicle.
• The last six characters are the serial number or production number of the vehicle.

How is VIN Decoder Useful?

A VIN number decoder is straightforward yet effective. It uses enormous data culled from sources just like the National Highway Traffic Safety Administration (NHTSA) to extract vehicle info stored within the VIN.

A VIN decoder will provide accurate information related to a vehicle. It will help you verify the information provided manually to you. The VIN has in it several details about your car. And you might need that information while you are trying to purchase a car or get a spare for your vehicle.

How to Decode VIN Numbers for Identification of Vehicle?

Now that you know you can get a big piece of information about the vehicle through its VIN, the question arises of how anyone can decode it. VIN decoders are available to ease out your process.

Here are some quick, simple steps through which you can decode any VIN

1. Get VIN Number

The foremost step is to get the VIN number. You can get this on different locations of the car, insurance card or vehicle title.

2. Go to the Mercedes VIN Decoder

Once you get the VIN number, now you look for a VIN decoder. You will get an ample amount of options to choose from. Or a simpler and much convenient option is to go for Mercedes VIN Decoder. This is the best VIN decoder you can have.

3. Search Your VIN Number

On the homepage, you will see a tab named ‘VIN Decoder ’. Click on that tab to get the VIN decoder search bar.

Now next step is to type the VIN number and press search. You will get all the desired results within a couple of seconds.

The VIN number has now been successfully decoded for the identification of the vehicle.

VIN Decoder Results

Now that you have searched the VIN number and got your desired results. You should know beforehand that what can you expect from a VIN decoder.

You can run a VIN decoder to figure the full vehicle history report in one go.

Theft history

With the help of a VIN decoder, you will get to know if the car has ever been stolen or there has been a theft record of this car.

Accident history

Nobody’s going to tell you that the car had met an accident ever in past. This reduces the value of the vehicle. There may be some hidden damages to the vehicle that you are unable to identify.

VIN number helps you with the full accidental history of the vehicle.

Year of production

You will be able to know in which year the vehicle was manufactured.

Safety information related

Mercedes VIN decoder provides you with all the safety-related information associated with the vehicle.

Location of vehicle registration

The registration details of the vehicle, along with the location of registration, can also be obtained through the VIN decoder.

Other Vital information

VIN decoder lets you know all other vital information about the car.

With these search results, you will get to know all the above-mentioned information that you use and how you need it.

End Notes

VIN number is truly an identification code of any vehicle. You can decode a large piece of information through the VIN. Mercedes VIN decoder is a really useful tool that helps to decode the VIN numbers for vehicle identification.

You will not just be able to identify the vehicle but also get in-depth knowledge about the minute details of any vehicle.

There are many VIN decoders in the market. You can try those decoders by yourself. Although, the Mercedes VIN decoder is the most recommended VIN decoder ever. It has been highly reviewed and liked by users across different countries. When you have an option, why not go for the best.

Try the Mercedes VIN decoder now, use all its features, and you will definitely like it. All the information provided is very useful and must be known. You can use the features and results of the tool to your utmost benefit.

Today students have to deal with written assignments regularly. Writing papers for college starts when you complete an admission essay or a personal statement and finish after getting the desired degree. Moreover, people proceed with writing emails, work documents, and other professional papers after college too. That is why learning how to write papers on different topics is essential when you are a student. Choosing the correct topic for any paper is significant.

For example, if you are studying subjects in cybersecurity, you have to concentrate on the topic and research to create a meaningful paper. However, writing about cybersecurity has many other aspects, and the teacher’s impression of your work would depend on various criteria. There are many vital elements to consider in terms of writing, and not all students can meet the requirements for papers. Thanks to writing services, there is an ability to purchase affordable essays, speeches, and reviews. At a reliable homework help website, you could find cheap term papers and get help with other types of tasks.

What is cybersecurity?

The area of cybersecurity learns the processes and innovations in PC systems and projects to ensure and protect them from assaults and cybercrimes. Many fields involve cybersecurity: from healthcare and sales to finances and banking.

How to write a paper on a cybersecurity topic?

There are many aspects in the cybersecurity field, so following the advice would help you navigate through the process.

Define the subject

Choosing a subject is significant for any type of paper on cybersecurity. If you are interested in some areas of cybersecurity or liked the topic you discussed in class, ask your professor about the possibility of dedicating your research to this area. If the subject inspired you, the motivation to create a meaningful paper would be high, and your teacher would appreciate your efforts. If you are new to an area of cybersecurity, then choose one of the topics suggested in the manuals for your paper.

Read the requirements

Before you proceed with writing, you need to define the type of paper, word count, style of formatting, grading criteria, and other vital aspects of your future paper. The main thing to define is the aim of writing a paper on cybersecurity, as the structure of a paper would depend on it. For example, if you need to write an argumentative essay, you have to state your opinion and prove it right. If you are assigned to write a research paper, you need to collect information from various sources and expose the results properly.

Research the topic

Now it is time to collect all the information you may find on a chosen topic. You need to consider the list of sources suggested by your teacher first and add some materials you find relevant. Depending on the type of paper, you would require to use online materials, websites, blogs, science literature, and books. Note that if you use quotations from sources, you have to put references in the text.

Outline your paper

Dedicate enough time to outline your paper properly and make sure you included all vital sections in its structure. The number of sections would depend on the type of assignment. For example, for a standard 5-paragraph essay, you would require an introduction, the main body, and a conclusion. Each section must be added by description and quotations. The detailed outline would result in the first draft of your paper on cybersecurity and save your time.

Format your paper

Depending on the type of paper, you would require applying the correct formatting style and make your work correctly arranged. Usually, the requirements on formatting are in the manuals from the teacher. There are three main types of formatting for college papers: APA, MLA, and Chicago/Turabian. Each of these formatting styles has its peculiarities and elements to consider.

Edit properly

When your paper on cybersecurity is ready, you need to proofread it. Check the relevance of dates, numbers, and facts to make sure you used reliable sources. Proceed with checking on grammar, spelling, style, and punctuation, reduce repeated words and mistypes. For professional proofreading, you can involve some online tools that help effectively check words and sentences in the process. For example, you might use Grammarly or other similar tools.

Wrap up

Now you know how to cope with a paper on a cybersecurity topic. The main pieces of advice are choosing the correct topic and reading instructions from your professor correctly. Do not forget to collect enough relevant materials if you are about to write a meaningful paper. Outlining is a key to success if you want to save your precious time and make the paper structures, correct formatting would bring you high grades. The editing stage is vital and allows polishing your paper effectively.

Kali Linux is an open-source Debian based Linux distribution which mostly used for offensive security. Previously known as Backtrack Linux this Linux distribution is a symbol of security itself. Kali Linux used by penetration testers around the world. It also used by cybersecurity students to practicing penetration testing and stuff. But to run Kali Linux with the default settings may be a bad idea.

Why? Because default settings are easy to crack and Kali Linux is not a privacy focused distribution (like Tails OS), Kali is created for attacking not for defending. Security is a huge concept. Most people use Kali to test security, but it’s also very important to secure the Kali itself. Because it is based on Debian we got good security. But what if we need more security?

In this article we are going to discuss how we can improve the security of our Kali Linux system. Running Kali Linux with the default settings is not be a good idea.

Change the Default Password

If we are using older Kali Linux versions (older then 2020.1) then our default credential is “root” “toor“. If we have newer Kali Linux versions then the default credential is “Kali” “Kali“. We need to change it ASAP. It’s easy. We need to run following command on our Kali Linux terminal:

passwd

This simple command will ask us the current user’s password (default if we don’t change it already). Then it will prompt for a new password and again it will verify it. A good password should contain both uppercase and lowercase letters with scrambles of symbols and numbers. After verifying the password our password will be changed. We can see it on the following screenshot:

We need to remember that our typed password will not displayed for security reasons.

Unprivileged User Account

Previously root user was Kali’s default user. Now things are changed after Kali Linux 2020.1 update. Now Kali’s default user is non-root user account.

An unprivileged user stands directly below the main admin user which have all the root permissions. Similarly to family and parental accounts.

We can even use a root user directly on our system, but it will not good for security reasons. We must not use root user always.

Updating Kali Linux Frequently

There are lots of versions of Kali Linux. Kali Developers releases a new version in every quarter. Updated versions of Kali comes with upgraded kernels. For being a rolling distro Kali Linux doesn’t need to be download ISO image and again install it during update. We just need to apply some commands to install the update. Follow us to get notified when the update comes.

Also we must update and upgrade our Kali Linux after some days by using following command:

sudo apt update -y && sudo apt upgrade -y

The conclusion is we need to update & upgrade Kali Linux frequently and update the distribution whenever it release.

Changing the Default SSH Keys

Secure Shell or SSH is a network protocol. It uses to communicate computers securely. As we’re on this page via web, we are already using some kind of SSH. There are no way around it but to fix present or upcoming security issues. Even for distros we use, there are SSH keys that let us verify authentic files from a source.

It may looks everything is fine and cool but the problem is for everyone there are the same keys. Let’s understand it on this way. If we download a software from a website, it is the same distribution copy that everyone downloads it. Later we use our accounts with the software for a personalized way, and the service provider gives adequate power according to the subscription under those accounts. SSH keys have quite same fundamentals but those are used to verify files.

If a bad guy did a Man-in-the-middle (MITM) attack or a social engineering campaign it may drain our security.

SSH gives us capability to authenticate without inputting passwords every single time. There are two types of SSH keys. One is public and the other one is private. We need to change the our public SSH keys, because every distro have the same, and generate a private key will make sure only authenticated users can access it.

SSH keys are located in /etc/ssh directory by default. This list view will shows all the keys inside. Instead of deleting them from the database, we are going to store them some secure place. We use following commands to do this:

cd /etc/ssh

sudo mkdir old_keys

sudo mv ssh_host_* old_keys

Now our all old SSH keys moved to a directory named old_keys.

 Now we generate new keys by using following command:

sudo dpkg-reconfigure openssh-server

This command will generate new SSH keys for us. As we can see in the following screenshot.

If we faced any problem then we can use our backed up SSH keys.

Save our Identity

During surfing the internet with a Kali Linux machine, we can use the “NIPE” or “kalitorify” tools to browse safely and anonymously. Even though “macchanger” is recommended to spoof our Mac address. We also advice to change our hostname from Kali to a nameserver, and add a host similar to 8.8.8.8.

Monitoring Logs

Analyzing the logcheck program can be a real life saver. It can send logged messages directly to admin’s email. Log files are locally stored inside “/var/log” by default.

Using top (built right into the system) or htop (sudo apt install htop) tool shows us real-time monitoring activity. Even the xfce4-taskmanager graphical tool can perform similar actions.

Scanning for Malware and Rootkits

We also need to scan our system frequently for malwares and rootkits. We can run the scan by using “Chkrootkit” or “Rkhunter” tool kits. We have discussed about this topic some days ago in details (Find & remove rootkits from Linux). So we don’t think we have to repeat it. These tools are like anti-malwares for Linux systems.

Extra Talks

Although Kali Linux is created for attacking purpose it is quite secure environment itself. But advanced users goes above and beyond for daily tasks and it is necessary to follow proper procedures. New users coming from other operating systems like Windows may think just running Kali Linux inside VMWare or VirtualBox is the safest process. It is quite true but certain steps must be taken.

Hope this article helps our fellow Kali Linux users. Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Linux is powerful and open-source and build for customization. It means we can change everything on Linux as per our need. In this article we are going to change our Kali Linux (XFCE4) lock screen background and give it a personal touch. This will be very interesting so stay with us to the end.

First we need to know what is our display resolution. Various PC have various resolutions. We can easily find ours by navigating in the App Menu > Settings > Display.

After opening the display settings we can easily see resolution of our display. As we can see in the following screenshot:

We can see that our display resolution is 1366×768 pixels. So our background screen also need to be in the same resolution.

Here we need to create an image with 1366×768 size. Or We can find it on Google, or other websites.

We can choose one from them as our lock screen background. We always check the property of image by right clicking on it and check it’s resolution.

For making it more attractive and personalized we added a text on the image by using GIMP image editor (Photoshop alternative for Linux, sudo apt install gimp), Shown in the following screenshot:

All set now we need to set this 1366×768 image as our Kali Linux background. Here we need to know the location of this image, means the full path of the image. We can see it on image properties again.

We can see the location of the image is /home/kali/Desktop (We stored it on Desktop for example we can choose any location to save it). So the images full path will be /home/kali/Desktop/custom-bg.jpg . Now we need to open our terminal window and type following command to save our previous background image in a different name:

sudo mv /usr/share/desktop-base/kali-theme/login/background /usr/share/desktop-base/kali-theme/login/backgroundcopy

This command will rename our current lock screen background. Then we can set our customized image as a lock screen image by applying following command:

sudo ln -s <image_full_path> /usr/share/desktop-base/kali-theme/login/background

In our case our <image_full_path> is /home/kali/Desktop/custom-bg.jpg, so we use this on our terminal, as we can see in the following screenshot:

That’s it ?. We had successfully changed our lockscreen image or locj screen background on our Kali Linux system, we can do the same for any XFCE based Linux distro. To see the effect we just need a reboot or log out. In the lock screen we can see our edited and customized login screen image in the background.

Here we got our customized login screen. We can do anything if we have a little image editing knowledge, we just need to keep in mind that our background screen must need to be in our Display Size (1366×768 in our case).

Here if we want then we can change the user image (Kali Linux logo on above screenshot). To do this we need to go to Kali Linux settings.

Then we need to navigate into LightDM GTK+ Greeter Settings options (marked in above screenshot). Then in the next window we can change our user image, shown in the following screenshot:

For better results we should use a square PNG image

This is how we can change the login screen background on our Kali Linux or any other XFCE based Linux Distro.

This article is written by Koushik Pal.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

What is Rootkit ?

Rootkit is a malicious software that allows an unauthorized user (read attacker) to get access to a system and to its restricted software. Basically, rootkits are a type of malware that designed to be hidden on our computer. We didn’t notice it, but it will be active. Rootkits give the ability to remotely control our computer to cyber criminals.

Rootkits may contain a number of tools, malicious programs that allow attackers to steal our passwords to modules that make it easy for them to get our credit card information or online banking information or even our secretly stored data. It also contain keyloggers, credential stealers etc.

“Rootkit” is combined from of two words – “root” and “kit”. Here “root” refers to the administrative account with full privileges on the computer system and “kit” refers to the program/code that allows the attacker to obtain unauthorized access.

In our Kali Linux, we can install various open-source tools to avert our systems from rootkits. Here we talk about two most famous open-source software “chkrootkit” and “rkhunter”. We can install them our our Kali Linux or any other Linux distro and checks for rootkits on our computer (If we are working on Virtual environment on Linux then it only can detect rootkits only in the virtual system).

Chkrootkit

Chkrootkit can be run on Linux systems to determine if rootkits exist on the system, based on signatures and processes. Think of it as antivirus or anti-malware for Linux systems.

Chkrootkit is a simple program that can ensure our Kali Linux has not been infected. We can also run chkrootkit on other Linux distributions by installing it on those systems, it usually comes with almost every Linux distributions including Kali Linux. On our Kali Linux system we need to run following command to start the chkrootkit and scan for rootkits.

sudo chkrootkit

It will prompt for our sudo password then will start scan on our system, as we can see in the following screenshot:

We can see it scans permissions of programs (most specifically third party programs), and we can see the infection status on the left table.

Rkhunter (Rootkit Hunter)

Rkhunter (Rootkit Hunter) is a Linux/Unix based tool to scan possible rootkits, backdoors and local exploits.

It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux. (Wikipedia).

According to our team members “rkhunter” is the best open-source rootkit checker for Linux, because of it’s additional functionality and also the other tools like chkrootkit is an old tool so there are many known exploits for that.

It doesn’t comes pre-installed with Kali Linux but we can install it by applying simple following command:

sudo apt install rkhunter -y

The following screenshot shows the output of the above command;

After the installation process is complete we can run it to scan our entire system by using following command:

sudo rkhunter -c

After this it will scan our entire system in some categories, like various malware scan, known rootkit scan, suspicious port scans etc. Also, it will go through all the system files as well as third party programs in order to look for the rootkits, we can see following screenshot:

We need to type “Enter”⤶ to scan next category. It will also summarize the report at the end of scanning. Also saves the output log file in /var/log/rkhunter.log.

We can see the log file by entering following command:

sudo mousepad /var/log/rkhunter.log

In the following screenshot we can see the log file on mousepad text editor (we can use cat, nano, vim also to view/edit this file).

This is how we can check for rootkits on our Linux system. It is very easier to scan for it.

How to Remove Rootkits / Security Warings from Linux

Well, we know that how we can check for rootkits on our Linux (Kali Linux) system. But what if we got a rootkit inside our system? How we can remove it?

There are different methods to fix different warnings. So it is impossible cover all in one place. Here search engines can easily help us. In the following screenshot we got an warning we had copied the line.

We just select the line and copy it. Then just press it on search engine and search it. In the following screenshot we can see that we need got some articles and forums we got about our warning. This will help us to improve our security on Linux system.

That’s it for today. Hope our Linux system will be more stronger now.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.