unhide - Tool to find hidden processes and TCP/UDP ports from rootkits

Distribution: OpenMandriva Cooker
Repository: OpenMandriva Contrib x86_64
Package name: unhide
Package version: 20110113
Package release: 2-omv2015.0
Package architecture: x86_64
Package type: rpm
Installed size: 55.24 KB
Download size: 23.48 KB
Official Mirror: abf-downloads.openmandriva.org
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. It includes two utilities: unhide and unhide-tcp. Unhide detects hidden processes using six techniques: - Compare /proc vs /bin/ps output - Compare info gathered from /bin/ps with info gathered by walking through the procfs. - Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). - Full PIDs space occupation (PIDs bruteforcing) - Reverse search, verify that all thread seen by ps are also seen by the kernel ( /bin/ps output vs /proc, procfs walking and syscall ) - Quick compare /proc, procfs walking and syscall vs /bin/ps output. Unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.



  • unhide == 20110113-2:2015.0


    Install Howto

    1. Enable OpenMandriva Contrib repository on Install and Remove Software"
    2. Update packages list:
      # urpmi.update -a
    3. Install unhide rpm package:
      # urpmi unhide


    • /usr/sbin/unhide
    • /usr/sbin/unhide-linux26
    • /usr/sbin/unhide-tcp
    • /usr/share/doc/unhide/LEEME.txt
    • /usr/share/doc/unhide/README.txt
    • /usr/share/doc/unhide/changelog
    • /usr/share/man/man8/unhide-linux26.8.xz
    • /usr/share/man/man8/unhide-tcp.8.xz
    • /usr/share/man/man8/unhide.8.xz