unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
| Website: | http://www.security-projects.com/?Unhide |
|---|---|
| License: | GPLv3 |
| Vendor: | Fedora Project |
- Description:
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp. Unhide detects hidden processes using three techniques: - comparing the output of /proc and /bin/ps - comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) - full scan of the process ID space (PIDs bruteforcing) unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
Packages
| unhide-1.0-3.fc11.20080519.ppc [26 KiB] |
Changelog
by Fedora Release Engineering (2009-02-25):
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |