Filewatcher File Search File Search
Catalog
Content Search
» » » » »

unhide

Forensic tool to find hidden processes and ports

Variants:
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.

unhide detects hidden processes using three techniques: * comparing the output of /proc and /bin/ps * comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) * full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

This package can be used by rkhunter in its daily scans.

Homepage:
Package version:20100201-1
Architecture:ia64
Distribution:Debian
Filename:unhide_20100201-1_ia64.deb

/usr/share/doc/unhide/README.Debian

unhide for Debian
-----------------

These utilities are meant to be run as root, otherwise, they will miss certain
things or report false positives.

False positives
---------------

Grsecurity kernels seem to reserver PIDs 300 to 499. They will be reported when
using unhide's brute-forcing method.

Some applications can start listening on a port between the time that unhide
gets the list of open
more»

/usr/share/man/man8/unhide-tcp.8.gz

UNHIDE-TCP(8)                                          UNHIDE-TCP(8)



NAME
       unhide-tcp — forensic tool to find hidden TCP/UDP ports

SYNOPSIS
       unhide-tcp

DESCRIPTION
       unhide-tcp  is  a forensic tool that identifies TCP/UDP ports
       that are listening but are not listed in /bin/netstat through
       brute forcing of all TCP/UDP ports available.

SEE ALSO
       unhide (8
more»

/usr/share/man/man8/unhide.8.gz

UNHIDE(8)                                                  UNHIDE(8)



NAME
       unhide — forensic tool to find hidden processes

SYNOPSIS
       unhide-linux26 proc | sys | brute

       unhide-posix  proc | sys

DESCRIPTION
       unhide  is a forensic tool to find processes hidden by rootk‐
       its, Linux kernel modules or by other techniques.  It detects
       hidden processes using
more»

/usr/share/doc/unhide/changelog.Debian.gz

unhide (20100201-1) unstable; urgency=low

  [ Christophe Monniez ]
  * Merging upstream version 201
more»

/usr/share/doc/unhide/copyright

Author: Yago Jesus <yjesus@security-projects.com>
Download: http://www.security-projects.com/?Unhide
more»

Browse inside unhide_20100201-1_ia64.deb

         [DIR]DEBIAN/ (4)  65535+ mirrors
         [DIR]usr/ (2)  65535+ mirrors

Download unhide_20100201-1_ia64.deb

Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017 FileWatcher.com