[repositories] devel: [groups] [packages] [maintainers] [changelog]

 unhide: Forensic tool to find hidden processes and ports (source)

Name:unhide
Release:20130526-1mamba
Group:Applications/Security
Maintainer:davide
Description:Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.

Unhide (ps) - Detecting hidden processes. Implements six main techniques
1. Compare /proc vs /bin/ps output
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4. Full PIDs space ocupation (PIDs bruteforcing).
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.

Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
License:GPL
Size:60.93 KB
Download:unhide-20130526-1mamba.src.rpm
URL:http://www.unhide-forensics.info/
Specfile:unhide.spec
Sources:unhide-20130526.tgz
Build time:Mon May 27 2013
Built RPMS:unhide(i586)
Build requirements:
Changelog:Mon May 27 2013 - autodist (20130526-1mamba)
- automatic version update by autodist
Thu Jan 31 2013 - autodist (20121229-1mamba)
- automatic version update by autodist

[repositories] devel: [groups] [packages] [maintainers] [changelog]

Automatically generated by distromatic.