| Name | unhide |
| Version | 20210124 |
| Category | security |
| Description | Forensic tool to find hidden processes and TCP/UDP ports. |
| Maintainer | pascal.bellard@slitaz.org |
| License | GPL3 |
| Website | https://www.unhide-forensics.info/?Linux |
| Sizes | |
| Depends on |  iproute2 procps |
| Download package |
|
| Show receipt | |
| Show files list | |
| Show cooking log | |
| Install package Remove package |
Description
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits, LKMs or by another hiding technique. Detecting hidden processes. Implements six main techniques 1- Compare /proc vs /bin/ps output 2- Compare info gathered from /bin/ps with info gathered by walking through the procfs. 3- Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). 4- Full PIDs space occupation (PIDs bruteforcing). 5- Compare /bin/ps output vs /proc, procfs walking and syscall. Reverse search, verify that all threads seen by ps are also seen in the kernel. 6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. It's about 20 times faster than tests 1, 2 and 3 but maybe give more false positives. |