Rootkit Detectors

Recommended Rootkit Discovery Software For 2017

Home / Hacker Tools / Top Ten / Rootkit Detectors

What Is This Resource?
Detecting Rootkits can be very challenging.

The hacker wants to insert a (preferably) hidden Rootkit on the victims machine whilst the competent programmer will think of ways to prevent the hacker from doing so.

The Rootkit Software tools that we list here we hope will be of use to you.

If you are interested in becoming a programmer or a Cybersecurity Pro then learning how Rootkits work will only benefit your career.

Quick Links (Tools Listed In This Resource):

To submit a tool please click here or for further information on the range of hacking tools and software that we list please follow this link.

Check Out The Hardware!

It's all well and good knowing the tools, but what about using Rootkit Detectors on laptops, raspbery pi's and mobiles!

Click here for more information.

Last Updated: September 23rd, 2017

Advanced Intrusion Detection Environment

Advanced Intrusion Detection Environment

Tool Category: Rootkit Detectors

Cost of Tool: Free


What is Advanced Intrusion Detection Environment?
Advanced Intrusion Detection Environment (simply abbreviated to AIDE) is takes a “snapshot” of the state of the system, modification times, register hashes and other data regarding the files that is defined by the administrator. The “image” is then used to create a database that is saved and may be stored on an external device. Features of this tool includes supported messages digest algorithms (md5, sha1, tiger, rmd160, crc32, sha256 etc.), supported file attributes, plain text configurations files, powerful regular expression support and many more.

Is Advanced Intrusion Detection Environment Free?
Yes. AIDE is free.

Does Advanced Intrusion Detection Environment Work on all Operating Systems?
AIDE works on Linux, MAC OS X and Windows Operating systems.

What are the Typical Uses for Advanced Intrusion Detection Environment?
AIDE is used to build a database from the regular expression rules that it will find from the config files. Once initialized, this database can be used to authenticate the integrity of the files. It has several message digest algorthms that are being used to check the integrity of this file. All the common file attributes can also be verified for inconsistencies. It can read databases from newer or older versions.


DumpSec

DumpSec

Tool Category: Rootkit Detectors

Cost of Tool: Free


What is DumpSec?
Dumpsec is a security program created for Microst Windows. It can dump the DACLs and SACLs for the file system, printer, registry and share it in a detailed and readable format. It can also dump user, group and replication data.

Is DumpSec Free?
DumpSec is now free to use!

Does DumpSec Work on all Operating Systems?
It only works for Microst Windows operating systems.

What are the Typical Uses for DumpSec?
DumpSec is used to identify and fix weaknesses or security holes in systems. This tool can assist people who work for legitimate businesses who are trying to create security into established IT systems against different hackers.


HijackThis

HijackThis

Tool Category: Rootkit Detectors

Cost of Tool: Free


What is HijackThis?
HijackThis is an open source tool to detect adware and malware on Microsoft Windows. This tool is known for quickly scanning a computer to display the common location of a malware. HijackThis is for diagnosis of a malware and adware and not to remove it. Uninformed use of this tools’ removal facilities can lead to software damage to a computer. Doing a browser hijack can also cause malware to be installed on a computer.

Is HijackThis Free?
Yes. This tool is free.

Does HijackThis Work on all Operating Systems?
It only works for Microsoft Windows operating systems.

What are the Typical Uses for HijackThis?
HijackThis is used to inspect the browser and operating system settings of a computer to generate a log file of its current state. It can also be used to remove unwanted files and settings. It focuses on web browser hijacking.


Sysinternals

Sysinternals

Tool Category: Rootkit Detectors

Cost of Tool: Free


What is Sysinternals?
Sysinternals Live is one service that lets you execute Sysinternals tools directly from the internet without hunting for and manually downloading the tools. Simply enter a tool’s Sysinternal Live path into command prompt or windows explorer.

Is Sysinternals Free?
Yes! This tool is free.

Does Sysinternals Work on all Operating Systems?
It only works for Microsoft Windows operating systems.

What are the Typical Uses for Sysinternals?
Sysintenals is primarily used for ProcessExplorer – monitor directories and files opened by any process. PsTools – Managing local and remote processes. Autoruns – Discover what executables are set to run during log in or boot up. RootkitRevealer – Detect file system and registry API discrepancies that that may indicate presence of a kernel-mode or user-mode rootkit and TCPView – View UDP and TCP traffic endpoints used by each process.


Tripwire

Tripwire

Tool Category: Rootkit Detectors

Cost of Tool: Free


What is Tripwire?
Tripwire is a directory and file integrity checker. This tool helps system administrators and users in checking a designated set of files for changes. This tool can notify administrators if there are tampered or corrupted files so damage control measures can be taken.

Is Tripwire Free?
Open source Linux version of this tool can still be found at SourceForge but the company Tripwire Corp is now focused on their paid enterprise configuration control offerings.

Does Tripwire Work on all Operating Systems?
It works on Linux, MAC OS X and Windows operating systems.

What are the Typical Uses for Tripwire?
Tripwire products are useful for detecting intrusions after an event. It can can serve other purposes such as assurance, integrity, policy compliance and change management.


[continued from top of page]