unhide

Not Rated
Description
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.

unhide detects hidden processes using three techniques:
* comparing the output of /proc and /bin/ps
* comparing the information gathered from /bin/ps with the one gathered from
system calls (syscall scanning)
* full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

This package can be used by rkhunter in its daily scans.
Associated Programs
Rootkit Hunter rootkit, backdoor, sniffer and exploit scanner
Available deb Repositories (how-to add a respository)
Debian 32-bit 64-bit
stable 20100201-1 20100201-1
testing 20110113-4 20110113-4
sid 20110113-4 20110113-4

Ubuntu 32-bit 64-bit
hardy 20071102-2 20071102-2
lucid 20080519-6 20080519-6
oneiric 20110113-2 20110113-2
precise 20110113-4 20110113-4

InstallInstall Now (what is this?)
Rating: Not Rated (0 votes)


Login or Register to rate unhide, add a Tag, or designate as an alternative to a Windows app

Upload Screenshots
Images must be in GIF, JPG, or PNG formats and can be no larger than 2 MB. Only one file can be uploaded at a time. A description can be included, but it is optional.
Desc:
File:
You must login or register to upload a screenshot.
Submit Web Links
Submit the title and link (including http://) to an article pertaining to unhide and it will appear in the Web Links section of the right banner. Contact us here if an entry needs to be removed.
Title:
Link:
You must login or register to post links.

Write a Review

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
More information about formatting options