unhide - Unhide is a forensic tool to find hidden processes and TCP/UDP ports

Property Value
Distribution CentOS 5
Repository Atomic i386
Package name unhide
Package version 20130428
Package release 3.el5.art
Package architecture i386
Package type rpm
Installed size 1.10 MB
Download size 523.99 KB
Official Mirror www6.atomicorp.com
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.


Package Version Architecture Repository
unhide-20130526-4.el5.art.i386.rpm 20130526 i386 Atomic
unhide-20130526-4.el5.art.x86_64.rpm 20130526 x86_64 Atomic
unhide-20100201-1.el5.i386.rpm 20100201 i386 FlexBox
unhide-20100201-1.el5.x86_64.rpm 20100201 x86_64 FlexBox
unhide-1.0-11.gf.el5.20121229.i386.rpm 1.0 i386 Ghettoforge
unhide-1.0-11.gf.el5.20121229.x86_64.rpm 1.0 x86_64 Ghettoforge
unhide-0.0.20110113-1.el5.rf.i386.rpm 0.0.20110113 i386 Repoforge (RPMforge)
unhide-0.0.20110113-1.el5.rf.x86_64.rpm 0.0.20110113 x86_64 Repoforge (RPMforge)
unhide-0.0.20080519-1.el5.rf.i386.rpm 0.0.20080519 i386 Repoforge (RPMforge)
unhide-0.0.20080519-1.el5.rf.x86_64.rpm 0.0.20080519 x86_64 Repoforge (RPMforge)
unhide - - -


Name Value
unhide = 20130428-3.el5.art


Type URL
Binary Package unhide-20130428-3.el5.art.i386.rpm
Source Package unhide-20130428-3.el5.art.src.rpm

Install Howto

  1. Download latest atomic-release rpm from
  2. Install atomic-release rpm:
    # rpm -Uvh atomic-release*rpm
  3. Install unhide rpm package:
    # yum install unhide




2013-03-28 - Support <support@atomicorp.com> - 20130428-3
- Update to 20130428
2012-11-19 - Support <support@atomicorp.com> - 20120905-2
- Update to 20120905
- Rebuild packages --static, and add unhide.rb
- Add post event to symlink to alternately used names (unhide-linux26, etc)
2011-02-18 - Support <support@atomicorp.com> - 20110113-1
- Update to 20110113

See Also

Package Description
uni2ascii-4.18-1.el5.art.i386.rpm Convert between UTF-8 Unicode and 7-bit ASCII equivalents
unrealircd-3.2.7-1.el5.art.i386.rpm UnrealIRCd is an IRC server
uriparser-0.7.1-6.el5.art.i386.rpm URI parsing library - RFC 3986
uriparser-devel-0.7.1-6.el5.art.i386.rpm Development files for uriparser
voikko-tools-2.3.1-1.el5.art.noarch.rpm Test tools for libvoikko
w3af- Web Application Attack and Audit Framework
w3af-doc- Web Application Attack and Audit Framework - documentation
wapiti-2.2.1-3.el5.art.noarch.rpm Web application vulnerability scanner
wdiff-0.5-1.el5.art.i386.rpm Word-based diff front end
wmi-1.3.14-3.el5.art.i386.rpm wmi
wmi-1.3.14-4.el5.art.i386.rpm wmi
wordnet-3.0-13.el5.art.i386.rpm A lexical database for the English language
wordnet-devel-3.0-13.el5.art.i386.rpm The development libraries and header files for WordNet
wxGTK-2.8.9-1.el5.el5.art.i386.rpm GTK2 port of the wxWidgets GUI library
wxGTK-devel-2.8.9-1.el5.el5.art.i386.rpm Development files for the wxGTK2 library