Filewatcher File Search File Search
Catalog
Content Search
» » » » » »

unhide

Tool to find hidden processes and TCP/UDP ports from rootkits

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.

Unhide detects hidden processes using three techniques:

- comparing the output of /proc and /bin/ps - comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) - full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

Homepage:
Package version:0.0.20080519
Architecture:ppc
Distribution:RPMForge
Filename:unhide-0.0.20080519-1.el5.rf.ppc.rpm

/usr/share/doc/unhide-0.0.20080519/README.txt

**-Unhide-**   yjesus@security-projects.com

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs 
or by another hidden technique.

//Unhide (ps)

Detecting hidden processes. Implements three techniques

* Compare /proc vs /bin/ps output

* Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).

* Full PIDs space ocupation (PIDs b
more»

/usr/share/man/man8/unhide-tcp.8.gz

UNHIDE-TCP(8)                                          UNHIDE-TCP(8)



NAME
       unhide-tcp — forensic tool to find hidden TCP/UDP ports

SYNOPSIS
       unhide-tcp

DESCRIPTION
       unhide-tcp  is  a forensic tool that identifies TCP/UDP ports
       that are listening but are not listed in /bin/netstat through
       brute forcing of all TCP/UDP ports available.

SEE ALSO
       unhide (8
more»

/usr/share/man/man8/unhide.8.gz

UNHIDE(8)                                                  UNHIDE(8)



NAME
       unhide — forensic tool to find hidden processes

SYNOPSIS
       unhide proc | sys | brute

DESCRIPTION
       unhide  is a forensic tool to find processes hidden by rootk‐
       its, Linux kernel modules or by other techniques.  It detects
       hidden processes using three techniques:

       The  proc tech
more»

/usr/share/doc/unhide-0.0.20080519/COPYING

                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

 Copy
more»

Browse inside unhide-0.0.20080519-1.el5.rf.ppc.rpm

1.23 KB2014-11-27HEADER  view  63 mirrors
         [DIR]usr/ (2)  65535+ mirrors

Download unhide-0.0.20080519-1.el5.rf.ppc.rpm

Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017 FileWatcher.com