---
name: unhide
version: 20121229
origin: security/unhide
comment: A forensic tool to find hidden processes and TCP/UDP ports
arch: freebsd:9:x86:64
www: http://www.unhide-forensics.info/
maintainer: ntarmos@ceid.upatras.gr
prefix: /usr/local
licenselogic: single
flatsize: 544998
desc: |
  Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
  rootkits / LKMs or by another hidden technique. It consists of two
  programs: unhide and unhide-tcp.

  unhide detects hidden processes through:
     * Comparison of /proc vs /bin/ps output.
     * Comparison of info gathered from /bin/ps with info gathered from.
     * Syscalls (syscall scanning).
     * Full PIDs space ocupation (PIDs bruteforcing).

  unhide-tcp identifies TCP/UDP ports that are listening but not listed in
  /bin/netstat by doing brute forcing of all TCP/UDP ports availables.


  WWW: http://www.unhide-forensics.info/
categories: [security]
files:
  /usr/local/man/man8/unhide-tcp.8.gz: 9db76ccb6faa39c2527b821c87906164910da3da93c4e5ebca15a491b28b4cac
  /usr/local/man/man8/unhide.8.gz: 378c64e83da0dbea66d6ec44cda738f7160afb1b723714cf4ae46029e482be0d
  /usr/local/sbin/unhide: 1351cbb153673a63ccb7f18c934c31522fdac0b43628b415f6151c081423cd60
  /usr/local/sbin/unhide-tcp: 18df884702c5693759d70c5b3ecb6d6db5f539422645888adec9113d0065f470
scripts: {}
