Home > Repository > base > unhide (x86_64)
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
Unhide (ps) - Detecting hidden processes. Implements six main techniques
1. Compare /proc vs /bin/ps output
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4. Full PIDs space ocupation (PIDs bruteforcing).
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.
Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
File forniti
unhide: Forensic tool to find hidden processes and ports
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.Unhide (ps) - Detecting hidden processes. Implements six main techniques
1. Compare /proc vs /bin/ps output
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4. Full PIDs space ocupation (PIDs bruteforcing).
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.
Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
| Nome: | unhide |
| Versione: | 20240510-1mamba |
| Architettura: | x86_64 |
| Gruppo: | Applications/Security |
| Dimensione: | 1.17 MB |
| URL di origine: | https://www.unhide-forensics.info/ |
| RPM sorgente: | unhide |
| Collegati | Fornisce | Rende obsoleti | Richiede | Raccomanda |
|---|---|---|---|---|
| unhide-debug | unhide = 0:20240510-1mamba unhide(x86-64) = 0:20240510-1mamba |
