Security scanner for Ubuntu — runs rootkit checks and makes sense of the results.
Runs two rootkit scanners and classifies findings by severity:
- rkhunter — rootkit and malware scan
- chkrootkit — additional rootkit detection
Then it:
- Filters known false positives (safe dotfiles, legitimate WiFi services)
- Classifies findings: Critical → Warning → Info
- Shows remediation steps where needed
- Logs everything with timestamps
Running rkhunter and chkrootkit is easy. Interpreting their output is not. A raw scan full of "WARNING" on known-safe files isn't useful. This tool shows only what matters.
- Ubuntu (tested on 22.04+)
sudoaccessrkhunterandchkrootkitinstalled
sudo apt install rkhunter chkrootkit# Clone
git clone https://github.com/AhmadMWaddah/SecScan.git
cd SecScan
# Make executable
chmod +x SecScan.sh
# Run
./SecScan.sh./SecScan.sh help| Level | Color | Meaning |
|---|---|---|
| CRITICAL | Red | Immediate action required |
| WARNING | Yellow | Review and take action |
| INFO | Cyan | Informational — no action needed |
SecScan/
├── SecScan.sh # Main entry point
├── lib/
│ ├── colors.sh # Terminal colors
│ ├── runner.sh # Module loader
│ ├── state.sh # State tracking (severity levels)
│ ├── ui.sh # Print functions
│ └── utils.sh # Utility functions
└── modules/
└── secscan.sh # rkhunter + chkrootkit scanning
MIT