RCLocals – Linux Startup Analyzer

Click the icon to Follow me:- twitterTelegramRedditDiscord

RCLocals 1 1 710961

Inspired by ‘Autoruns’ from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more

Things covered:

·List GPG keys trusted by the system

·Installed Packages

·File integrity

·Process integrity (process and libraries loaded in a process that not belongs to any installed package)

·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)

·CRON entries

·RC files

·X system startup files

·Active Systemd Units

·Systemd Timer Units

·tmpfiles.d

·linger users

USAGE

For only suspicious information:

#python3 rclocals.py –triage

For detailed information:

#python3 rclocals.py –all

Screenshots

RCLocals 1 1 710961

RCLocals 2 2 712209

RCLocals 3 3 713220

RCLocals 4 4 714244

Download RCLocals

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Available for Amazon Prime