Beurk – Experimental Unix Rootkit

BEURK is a userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. the tool can be used during a penetration testing to hide files and directories on targeted system, it will also allow to detect user login and access on the system and collect credentials,  This beside use it as a backdoor on the system to remotely open a remote session and take control on the system.

Some of the features are:

  • Hide attacker files and directories
  • Realtime log cleanup (on utmp/wtmp )
  • Anti process and login detection
  • Bypass unhide, lsof, ps, ldd, netstat analysis
  • Furtive PTY backdoor client

Author is planning to add more features for the upcoming releases:

  • ptrace hooking for anti-debugging
  • libpcap hooking undermines local sniffers
  • PAM backdoor for local privilege escalation

Usage and to Compile the package do the following:

git clone
cd beurk
make Install

You can download this tool over this link:

Notify of
Inline Feedbacks
View all comments