Home > Repository > base > unhide
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
Unhide (ps) - Detecting hidden processes. Implements six main techniques
1. Compare /proc vs /bin/ps output
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4. Full PIDs space ocupation (PIDs bruteforcing).
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.
Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
unhide: Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.Unhide (ps) - Detecting hidden processes. Implements six main techniques
1. Compare /proc vs /bin/ps output
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4. Full PIDs space ocupation (PIDs bruteforcing).
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.
Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
| Nome: | unhide |
| Versione: | 20220611-1mamba |
| Gruppo: | Applications/Security |
| Manutentore: | silvan |
| Licenza: | GPL |
| Dimensione: | 74,67 kB |
| URL di origine: | https://www.unhide-forensics.info/ |
| Data di compilazione: | 2022-11-26 17:48:40 |
Pacchetti binari e dipendenze
| x86_64 | i586 | |
|---|---|---|
| RPM creati | unhide | unhide |
| Dipendenze di compilazione |
Cronologia delle modifiche
| Data | Packager | Versione | Descrizione |
|---|---|---|---|
| 2022-11-26 | silvan | 20220611-1mamba | - update to 20220611 |
| 2013-05-27 | autodist | 20130526-1mamba | - automatic version update by autodist |
| 2013-01-31 | autodist | 20121229-1mamba | - automatic version update by autodist |
| 2011-12-13 | davide | 20110113-1mamba | - package created by autospec |
