Unhide
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
// Unhide (ps)
Detecting hidden processes. Implements six techniques
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
* Quick compare /proc, procfs walking and syscall vs /bin/ps output.
// Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
// Unhide (ps)
Detecting hidden processes. Implements six techniques
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
* Quick compare /proc, procfs walking and syscall vs /bin/ps output.
// Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
Rating
0 vote
Favoured:
0
Listing Details
Vendor
Yago Jesus and Patrick Gouin
Website
Pricing Model
Open Source
Modified
Owner
Created
We use cookies and similar technologies to improve your experience on our website. Read our Privacy Policy.