Rootkit Detectors & Software

Discovering what’s inside your Operating System is vital. Increasingly we are seeing state-sponsored hardcoded vulnerabilities being placed within hardware so this skill has become very much in demand.

Need Help? Ask A Question

Posted by Henry Dalziel  |  December 16, 2019  |   Questions / Comments 0

Rootkit Detectors & Software

Recommended Tools  5
Henry Dalziel
Henry Dalziel | December 16, 2019

- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker

Detecting Rootkits can be very challenging.

The hacker wants to insert a (preferably) hidden Rootkit on the victims machine whilst the competent programmer will think of ways to prevent the hacker from doing so.

The Rootkit Software tools that we list here we hope will be of use to you.

If you are interested in becoming a programmer or a Cybersecurity Pro then learning how Rootkits work will only benefit your career.

Join Our Mailing List & Get Tool Updates / Tutorial Info

Please Share This Resource! [HINT: We'll LOVE YOU for it!]

5 Recommended Tools

Rootkit Detectors & Software


Advanced Intrusion Detection Environment (simply abbreviated to AIDE) is takes a “snapshot” of the state of the system, modification times, register hashes and other data. The “image” is then used to create a database that is saved and may be stored on an external device. Features of this tool include supported messages digest algorithms (md5, sha1, tiger, rmd160, crc32, sha256, etc.), supported file attributes, plain text configurations files, powerful regular expression support and many more.

Is Advanced Intrusion Detection Environment Free?
Yes. AIDE is free.

Does Advanced Intrusion Detection Environment Work on all Operating Systems?
AIDE works on Linux, MAC OS X, and Windows Operating systems.

What are the Typical Uses for Advanced Intrusion Detection Environment?
AIDE is used to build a database from the regular expression rules that it will find from the config files. Once initialized, this database can be used to authenticate the integrity of the files. It has several message digest algorithms that are being used to check the integrity of this file. All the common file attributes can also be verified for inconsistencies. It can read databases from newer or older versions.


Dumpsec is a security program created for Microsoft Windows. It can dump the DACLs and SACLs for the file system, printer, registry and share it in a detailed and readable format. This tool can also dump user, group and replication data.

Is DumpSec Free?
DumpSec is now free to use!

Does DumpSec Work on all Operating Systems?
It only works for Microsoft Windows operating systems.

What are the Typical Uses for DumpSec?
DumpSec is used to identify and fix weaknesses or security holes in systems. This tool can assist people who work for legitimate businesses who are trying to create security into established IT systems against different hackers.


HijackThis is an open source tool to detect adware and malware on Microsoft Windows. This tool is known for quickly scanning a computer to display the common location of a malware. HijackThis is for the diagnosis of malware and adware and not to remove it. Uninformed use of these tools’ removal facilities can lead to software damage to a computer. Doing a browser hijack can also cause malware to be installed on a computer.

Is HijackThis Free?
Yes. This tool is free.

Does HijackThis Work on all Operating Systems?
It only works for Microsoft Windows operating systems.

What are the Typical Uses for HijackThis?
HijackThis is used to inspect the browser and operating system settings of a computer to generate a log file of its current state. It can also be used to remove unwanted files and settings. It focuses on web browser hijacking.


Sysinternals Live is one service that lets you execute Sysinternals tools directly from the internet without hunting for and manually downloading the tools. Simply enter a tool’s Sysinternal Live path into command prompt or windows explorer.

Is Sysinternals Free?
Yes! This tool is free.

Does Sysinternals Work on all Operating Systems?
It only works for Microsoft Windows operating systems.

What are the Typical Uses for Sysinternals?
Sysintenals is primarily used for ProcessExplorer – monitor directories and files opened by any process. PsTools – Managing local and remote processes. Autoruns – Discover what executables are set to run during log in or boot up. RootkitRevealer – Detect file system and registry API discrepancies that that may indicate presence of a kernel-mode or user-mode rootkit and TCPView – View UDP and TCP traffic endpoints used by each process.


Tripwire is a directory and file integrity checker. This tool helps system administrators and users in checking a designated set of files for changes. This tool can notify administrators if there are tampered or corrupted files so damage control measures can be taken.

Is Tripwire Free?
Open source Linux version of this tool can still be found at SourceForge but the company Tripwire Corp is now focused on their paid enterprise configuration control offerings.

Does Tripwire Work on all Operating Systems?
It works on Linux, MAC OS X and Windows operating systems.

What are the Typical Uses for Tripwire?
Tripwire products are useful for detecting intrusions after an event. It can can serve other purposes such as assurance, integrity, policy compliance and change management.

Hacker Tools Categories

Rootkit Detectors & Software

Some Of Our Other Content

You may also like...

USB Keyloggers
USB Keyloggers

Some of these USB Keyloggers work over WiFi and others even email you the keystrokes! Require NO drivers. Just plant and forget.

Blog Post

N00b Hacking
WiFi Hacking Hardware Devices
WiFi Hacking Hardware Devices

We take a look at hardware used by the pro's to hack into Wireless Networks! (Keyloggers, Deauth Tools, Alfa Scanner etc.)

Blog Post

WiFi Hacking
Mobile Encryption Apps
Mobile Encryption Apps

Is WhatsApp safe? What about Telegram? There are dozens of mobile encryption apps...

List Review

Cyber Hacking
Password Cracking Tools
Password Cracking Tools

John The Ripper, Crowbar, L0phtcrack, Medusa, Rainbowcrack, THC Hydra and more!

List Review

Cyber Hacking
Kali Linux Developers
Meet The Kali Linux Developers

Meet the folks behind the Hacking Tools that make Kali Linux so damn awesome

Blog Post

N00b Hacking
OSCP Advice
How Difficult is OSCP? Get expert advice from those that passed!

We've interviewed over 25 Cybersecurity Professionals to ask them that exact question...

Blog Post

N00b Hacking
How To Hack WordPress 2020
How To Hack WordPress 2020

In this (constantly updated) resource we investigate ways to Hack WordPress

Blog Post

N00b Hacking
Pass CEH First Time
Pass CEH First Time: we ask experts in the field

Are you interested in passing CEH? If yes, read on, we have a ton of advice to share

Blog Post

N00b Hacking


Previously Asked Questions (with Answers)

A rootkit is a nefarious hacking manner is malicious software that allows an unauthorized user (hacker) to have privileged access to a computer system and to restricted areas of the operating system. A rootkit typically contains a number of malicious hacking tools such as keyloggers, banking credential stealers, password crackers, antivirus disablers, and for example bot activations for DoS attacks.

A rookit scanning tool works by comparing the files of known “clean” code against a set of differences. Should a difference be found by the tool or software then you can assume that there may have been a compromise of the Operating System.

A rootkit scan is performed by a hacking tool (penetration testing tool) to seek indications of the insertion of malicious software by hackers.

Malicious or illegal rootkits used by hackers to infiltrate and breach systems are certainly illegal. However the interesting thing about a rootkit is that on its’ own it is not defined as being specifically “malware”.

Rootkits is dangerous software that has the ability to gain root access to your computer and/or network. Whilst there are ways to remove the rootkit from your system, we here at Concise Courses would recommend that you just simply reinstall the Operating System to a known clean version or do a factory reinstall.

Typical characteristics of a rootkit are that they are inserted by a computer hacker against your will and that they can be “persistent”. A persistent rootkit is a typical characteristic in the sense that it will be activated every time the system boots up. The easiest and most effective way of fixing this hack is to simply reinstall the operating system.

The danger of a rootkit does not come from the code itself because the purpose of the malicious code is to hide files and processes from other applications as well as the operating system virus scanning tools.

The easiest way would be to have physical access to the victims machine. The second easiest way is to send a phishing attack. In reality there are a dozen different ways for a hacker to get their victim to inadvertently install a rootkit but they all, for the most part, require the victim to inadvertently “help” the hacker by taking an action, for example – by installing an app that looks legitimate but actually contains the rootkit virus.

Each time your (Windows) computer boots the “Windows Defender” application will start and by default starts to scan your system automatically which also includes the root architecture of your machine. If any rootkit or virus is detected, the antivirus tool will attempt to remove it automatically.

A BIOS-level rootkit attack, also known in the Cybersecurity industry as a persistent BIOS attack, is an exploit in which the BIOS of a machine is flashed (which really means updated) with malicious code. A BIOS rootkit is programming that would allow the hacker to have remote administration. The BIOS (basic input/output system) is firmware that every machine has (cross-platform) that resides in memory and is executed each time a computer boots up.

Operating system startup routines are most likely to be written in C, so drivers are inevitably written in C as well (not C++) meaning that rootkits would also need to be written in the same language. So, the answer is “C”.

Leave a Question or Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.