unhide - Unhide is a forensic tool to find hidden processes and TCP/UDP ports

Property Value
Distribution CentOS 6
Repository Atomic i386
Package name unhide
Package version 20130526
Package release 4.el6.art
Package architecture i686
Package type rpm
Installed size 1.32 MB
Download size 562.05 KB
Official Mirror www6.atomicorp.com
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.


Package Version Architecture Repository
unhide-20130526-4.el6.art.x86_64.rpm 20130526 x86_64 Atomic
unhide-20130526-3.el6.psychotic.i386.rpm 20130526 i386 Psychotic Ninja
unhide-20130526-3.el6.psychotic.x86_64.rpm 20130526 x86_64 Psychotic Ninja
unhide-20130526-1.el6.x86_64.rpm 20130526 x86_64 EPEL
unhide-20130526-1.el6.i686.rpm 20130526 i686 EPEL
unhide-20130428-3.el6.art.i686.rpm 20130428 i686 Atomic
unhide-20130428-3.el6.art.x86_64.rpm 20130428 x86_64 Atomic
unhide-0.0.20110113-1.el6.rf.i686.rpm 0.0.20110113 i686 Repoforge (RPMforge)
unhide - - -


Name Value
unhide = 20130526-4.el6.art
unhide(x86-32) = 20130526-4.el6.art


Type URL
Binary Package unhide-20130526-4.el6.art.i686.rpm
Source Package unhide-20130526-4.el6.art.src.rpm

Install Howto

  1. Download latest atomic-release rpm from
  2. Install atomic-release rpm:
    # rpm -Uvh atomic-release*rpm
  3. Install unhide rpm package:
    # yum install unhide




2013-06-18 - Support <support@atomicorp.com> - 20130526-4
- Update to 20130526
2013-03-28 - Support <support@atomicorp.com> - 20130428-3
- Update to 20130428
2012-11-19 - Support <support@atomicorp.com> - 20120905-2
- Update to 20120905
- Rebuild packages --static, and add unhide.rb
- Add post event to symlink to alternately used names (unhide-linux26, etc)

See Also

Package Description
uni2ascii-4.18-1.el6.art.i686.rpm Convert between UTF-8 Unicode and 7-bit ASCII equivalents
v8- JavaScript Engine
v8- JavaScript Engine
v8-devel- Development headers and libraries for v8
v8-devel- Development headers and libraries for v8
w3af- Web Application Attack and Audit Framework
w3af- Web Application Attack and Audit Framework
w3af-doc- Web Application Attack and Audit Framework - documentation
w3af-doc- Web Application Attack and Audit Framework - documentation
wapiti-2.2.1-4.el6.art.noarch.rpm Web application vulnerability scanner
wapiti-2.3.0-5.el6.art.noarch.rpm Web application vulnerability scanner
wmi-1.3.14-3.el6.art.i686.rpm wmi
wmi-1.3.14-4.el6.art.i686.rpm wmi
xalan-c-1.10.0-7.el6.1.art.i686.rpm Xalan XSLT processor for C
xalan-c-devel-1.10.0-7.el6.1.art.i686.rpm Header files, libraries and development documentation for xalan-c