UNHIDE FORENSIC TOOL

Unhide...

..is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques.


 It detects hidden processes using six techniques:

1-Compare /proc vs /bin/ps output

2-Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version

3-Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).

4-Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version

Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version

5-Reverse search, verify that all thread seen by ps are also seen in the kernel.

6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.


                              

Unhide-TCP

Unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.






How to Use ?

-f    Write a log file (unhide.log) in the current directory.
-h    Display help
-m  Do more checks. As of 2010-11-21 version, this option has only effect for the procfs, procall, checkopendir and checkchdir tests.
-r   Use alternate version of sysinfo check in standard tests
-V  Show version and exit
-v   Be verbose, display warning message (default : don't display). This option may be repeated more than once.

Compiling :

gcc –static unhide.c -o unhide
gcc -Wall -O2 –static unhide-tcp.c -o unhide-tcp
gcc -Wall -O2 –static -pthread unhide-linux26.c -o unhide-linux26
gcc -Wall -O2 -static -o unhide_rb unhide_rb.c

Available for Windows & Linux Platform.

Download latest Version : Windows or Linux

Windows

Linux

Saludos ...  

PD: Por qué en Inglés? ... Tenemos que llegar al máximo posible de personas .. y quien no sepa en Inglés en "hacking", no se que hace "hackeando" ...!!! Eso lo tengo claro, porque muy limitadito si está si ... !!!


Entradas populares de este blog

SHELLCODES por un tubo ....

Proteger ASP.NET de inyecciones SQL How T0? BEST PRACTICES

CERTIFICACIONES DE SEGURIDAD