RCLocals – Linux Startup Analyzer

Inspired by ‘Autoruns’ from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more

Things covered:

·List GPG keys trusted by the system

·Installed Packages

·File integrity

·Process integrity (process and libraries loaded in a process that not belongs to any installed package)

·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)

·CRON entries

·RC files

·X system startup files

·Active Systemd Units

·Systemd Timer Units

·tmpfiles.d

·linger users

USAGE

For only suspicious information:

#python3 rclocals.py –triage

For detailed information:

#python3 rclocals.py –all

Screenshots

RCLocals 1 1 710961

RCLocals 2 2 712209

RCLocals 3 3 713220

RCLocals 4 4 714244

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: