UNHIDE FORENSIC TOOL
Unhide...
..is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques.
It detects hidden processes using six techniques:
1-Compare /proc vs /bin/ps output
2-Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
3-Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4-Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
5-Reverse search, verify that all thread seen by ps are also seen in the kernel.
6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
Unhide-TCP
Unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
How to Use ?
-f Write a log file (unhide.log) in the current directory.
-h Display help
-m Do more checks. As of 2010-11-21 version, this option has only effect for the procfs, procall, checkopendir and checkchdir tests.
-r Use alternate version of sysinfo check in standard tests
-V Show version and exit
-v Be verbose, display warning message (default : don't display). This option may be repeated more than once.
Compiling :
gcc –static unhide.c -o unhide
gcc -Wall -O2 –static unhide-tcp.c -o unhide-tcp
gcc -Wall -O2 –static -pthread unhide-linux26.c -o unhide-linux26
gcc -Wall -O2 -static -o unhide_rb unhide_rb.c
Available for Windows & Linux Platform.
Download latest Version : Windows or Linux
Windows
Linux
Saludos ...
PD: Por qué en Inglés? ... Tenemos que llegar al máximo posible de personas .. y quien no sepa en Inglés en "hacking", no se que hace "hackeando" ...!!! Eso lo tengo claro, porque muy limitadito si está si ... !!!
..is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques.
It detects hidden processes using six techniques:
1-Compare /proc vs /bin/ps output
2-Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
3-Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4-Full PIDs space ocupation (PIDs bruteforcing). ONLY for Linux 2.6 version
Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for Linux 2.6 version
5-Reverse search, verify that all thread seen by ps are also seen in the kernel.
6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for Linux 2.6 version.
Unhide-TCP
Unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.
How to Use ?
-f Write a log file (unhide.log) in the current directory.
-h Display help
-m Do more checks. As of 2010-11-21 version, this option has only effect for the procfs, procall, checkopendir and checkchdir tests.
-r Use alternate version of sysinfo check in standard tests
-V Show version and exit
-v Be verbose, display warning message (default : don't display). This option may be repeated more than once.
Compiling :
gcc –static unhide.c -o unhide
gcc -Wall -O2 –static unhide-tcp.c -o unhide-tcp
gcc -Wall -O2 –static -pthread unhide-linux26.c -o unhide-linux26
gcc -Wall -O2 -static -o unhide_rb unhide_rb.c
Available for Windows & Linux Platform.
Download latest Version : Windows or Linux
Windows
Linux
Saludos ...
PD: Por qué en Inglés? ... Tenemos que llegar al máximo posible de personas .. y quien no sepa en Inglés en "hacking", no se que hace "hackeando" ...!!! Eso lo tengo claro, porque muy limitadito si está si ... !!!
