Free Root-kit Detection Using Chkroot-kit & Rkhunter: Memory Forensics in 2024

Do you want to check if you local devise is running some Root-kit unknown software or is someone spying over you? It’s crucial to ensure your system is secure, not just from external threats but also from potential root kits. In this article, we’ll explore the practical steps to detect root kits on Kali Linux using two powerful tools: chkrootkit and rkhunter.

Understanding Root-kits

What are root-kits ?

Before learning how to use the tools, let’s briefly understand what root kits are. These are malicious tools designed to hide or protect unauthorized access to your system, making them particularly elusive and challenging to detect.

chkroot-kit on Kali Linux

Kali Linux comes with chkroot-kit pre-installed, making it a convenient choice for initial root kit checks. Chroot-kit is a Root kit detector that is very handy and beginner friendly

To ensure you have chkroot-kit installed or to update it, use the following command:

Root-kit Detection Using Chkroot-kit & Rkhunter? Memory Forensics in 2024
sudo apt-get update
sudo apt-get install chkroot-kit

Now, let’s run chkroot-kit:

sudo chkroot-kit

This command will initiate the root kit checking process, scanning through your system files and third-party programs. The results will indicate whether any infections are detected and provide with a verbosed output .

rkhunter on Kali Linux

rkhunter (Root kit Hunter) is a more advanced tool for root kit detection. If it’s not pre-installed, you can install it with the following commands:

sudo apt-get update
sudo apt-get install rkhunter

Once installed, run a basic root kit check:

sudo rkhunter -c

This command checks your local system for root kits and provides a detailed summary of the scan.

Important Commands:(for using rkhunter)

Update rkhunter’s database for the latest root kit definitions:

sudo rkhunter --update

Check rkhunter configuration files:

sudo rkhunter -C

Perform a more thorough check, including file hash comparisons:

sudo rkhunter -c --enable all --disable none

Remember, regularly updating the databases is crucial to detect the latest root kits as hackers keep on coming with new ways to spy and run malicious codes on system.


Securing your Kali Linux system goes beyond offensive measures. Understanding how to detect and remove root kits is fundamental for overall system security. With chkroot kit and rkhunter, you now have powerful tools to perform Memory Forensics and keep your system safe.

By incorporating these commands into your regular maintenance routine, you’ll be well-equipped to identify and eliminate potential threats. So that is it for this article and i will be seeing you in an another interesting Blog, also keep checking new blogs that come on this site and Keep Learning Keep Hacking.

Frequently Asked Questions

  1. What is RKHunter and how is it used?
    RKHunter, or Rootkit Hunter, is a security tool that scans Linux systems for known rootkits, backdoors, and exploits. It helps users detect any unauthorized changes made to the system.
  2. How often should I run RKHunter scans on my system?
    It is recommended to run RKHunter scans regularly, at least once a week, to ensure your system is free from any malicious software or unauthorized changes.
  3. Can RKHunter detect all types of malware?
    While RKHunter is effective at detecting rootkits and some common malware, it may not detect all types of malware. It is still important to use other security tools in combination with RKHunter to ensure comprehensive protection.
  4. What should I do if RKHunter detects a rootkit on my system?
    If RKHunter detects a rootkit on your system, it is important to take immediate action to remove it. Follow the instructions provided by RKHunter or consult with a security expert for assistance in removing the rootkit.
  5. Can RKHunter be used on any Linux distribution?
    RKHunter is compatible with most Linux distributions, including Ubuntu, CentOS, Debian, and Red Hat. However, it is always recommended to check the compatibility of the tool with your specific distribution before using it.
  6. What is chkrootkit and how does it work?
    Chkrootkit is a security tool that scans your system for known rootkits, malicious software that can give an attacker full control over your system. It works by looking for specific signs of a rootkit infection, such as hidden processes and files.
  7. How do I install chkrootkit on my system?
    Chkrootkit is typically installed using your distribution’s package manager. For example, on Debian-based systems, you can use the command “sudo apt-get install chkrootkit”.
  8. How often should I run chkrootkit on my system?
    It is recommended to run chkrootkit regularly, ideally at least once a week, to ensure that your system is free of rootkit infections. You can set up a cron job to automatically run chkrootkit at a scheduled time.
  9. What should I do if chkrootkit detects a rootkit on my system?
    If chkrootkit detects a rootkit on your system, it is important to take action immediately to remove the infection. You can use other security tools or consult with a cybersecurity professional to help you eliminate the rootkit.
  10. Can chkrootkit prevent rootkit infections?
    Chkrootkit is a detection tool and not a preventive tool, so it cannot stop rootkit infections from occurring. However, regular scans with chkrootkit can help you catch rootkits early before they can cause serious damage to your system.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top