unhide - Unhide is a forensic tool to find hidden processes and TCP/UDP ports

Property Value
Distribution CentOS 6
Repository Atomic x86_64
Package name unhide
Package version 20130428
Package release 3.el6.art
Package architecture x86_64
Package type rpm
Installed size 1.53 MB
Download size 578.27 KB
Official Mirror www6.atomicorp.com
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using three techniques:
- comparing the output of /proc and /bin/ps
- comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
- full scan of the process ID space (PIDs bruteforcing)
unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.


Package Version Architecture Repository
unhide-20130526-4.el6.art.i686.rpm 20130526 i686 Atomic
unhide-20130526-4.el6.art.x86_64.rpm 20130526 x86_64 Atomic
unhide-20130526-3.el6.psychotic.i386.rpm 20130526 i386 Psychotic Ninja
unhide-20130526-3.el6.psychotic.x86_64.rpm 20130526 x86_64 Psychotic Ninja
unhide-20130526-1.el6.x86_64.rpm 20130526 x86_64 EPEL
unhide-20130526-1.el6.i686.rpm 20130526 i686 EPEL
unhide-20130428-3.el6.art.i686.rpm 20130428 i686 Atomic
unhide-0.0.20110113-1.el6.rf.i686.rpm 0.0.20110113 i686 Repoforge (RPMforge)
unhide - - -


Name Value
unhide = 20130428-3.el6.art
unhide(x86-64) = 20130428-3.el6.art


Type URL
Binary Package unhide-20130428-3.el6.art.x86_64.rpm
Source Package unhide-20130428-3.el6.art.src.rpm

Install Howto

  1. Download latest atomic-release rpm from
  2. Install atomic-release rpm:
    # rpm -Uvh atomic-release*rpm
  3. Install unhide rpm package:
    # yum install unhide




2013-03-28 - Support <support@atomicorp.com> - 20130428-3
- Update to 20130428
2012-11-19 - Support <support@atomicorp.com> - 20120905-2
- Update to 20120905
- Rebuild packages --static, and add unhide.rb
- Add post event to symlink to alternately used names (unhide-linux26, etc)
2011-02-18 - Support <support@atomicorp.com> - 20110113-1
- Update to 20110113

See Also

Package Description
uni2ascii-4.18-1.el6.art.x86_64.rpm Convert between UTF-8 Unicode and 7-bit ASCII equivalents
v8- JavaScript Engine
v8- JavaScript Engine
v8-devel- Development headers and libraries for v8
v8-devel- Development headers and libraries for v8
w3af- Web Application Attack and Audit Framework
w3af- Web Application Attack and Audit Framework
w3af-doc- Web Application Attack and Audit Framework - documentation
w3af-doc- Web Application Attack and Audit Framework - documentation
wapiti-2.2.1-4.el6.art.noarch.rpm Web application vulnerability scanner
wapiti-2.3.0-5.el6.art.noarch.rpm Web application vulnerability scanner
wmi-1.3.14-3.el6.art.x86_64.rpm wmi
wmi-1.3.14-4.el6.art.x86_64.rpm wmi
xalan-c-1.10.0-7.el6.1.art.x86_64.rpm Xalan XSLT processor for C
xalan-c-devel-1.10.0-7.el6.1.art.x86_64.rpm Header files, libraries and development documentation for xalan-c