| Name : unhide
| |
| Version : 1.0
| Vendor : GhettoForge
|
| Release : 11.gf.el6.20121229
| Date : 2013-11-01 13:38:13
|
| Group : Applications/System
| Source RPM : unhide-1.0-11.gf.el6.20121229.src.rpm
|
| Size : 0.12 MB
| |
| Packager : builder_ghettoforge_org
| |
| Summary : Tool to find hidden processes and TCP/UDP ports from rootkits
|
Description :
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.
|
RPM found in directory: /packages/linux-pbone/archive/mirror.symnds.com/distributions/gf/el/6Server/gf/i386 |
