X99874
/ RootKit_Scanner.py
Last active
October 11, 2025 12:28
A lightweight, auditable Python script for detecting user-space rootkit indicators on Linux systems. Designed for forensic analysts, system administrators, and security engineers operating in constrained or high-assurance environments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import subprocess | |
| import datetime | |
| LOG_FILE = "rootkit_scan.log" | |
| def log(message): | |
| timestamp = datetime.datetime.now().strftime("[%Y-%m-%d %H:%M:%S]") | |
| with open(LOG_FILE, "a") as f: | |
| f.write(f"{timestamp} {message}\n") |