How to Install and Uninstall unhide Package on Kali Linux
Last updated: May 14,2024
1. Install "unhide" package
This guide covers the steps necessary to install unhide on Kali Linux
$
sudo apt update
Copied
$
sudo apt install
unhide
Copied
2. Uninstall "unhide" package
Please follow the guidelines below to uninstall unhide on Kali Linux:
$
sudo apt remove
unhide
Copied
$
sudo apt autoclean && sudo apt autoremove
Copied
3. Information about the unhide package on Kali Linux
Package: unhide
Version: 20220611-1
Installed-Size: 167
Maintainer: Debian Security Tools
Architecture: amd64
Depends: libc6 (>= 2.34), iproute2, net-tools, lsof, psmisc, procps
Suggests: rkhunter
Size: 58136
SHA256: 14b757747c270f9cca9d0e506e3fa462c25bb1be03637f92a49829b9ec30ba1d
SHA1: b16fa88701f30c579b01df331444a8fc81f48a20
MD5sum: 305b79a5095af2b937b7da166b4c2329
Description: forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
.
This package is useful for network security checks, in addition to forensics
investigations.
Description-md5:
Homepage: https://www.unhide-forensics.info
Tag: implemented-in::c, interface::commandline, role::program,
scope::utility, security::forensics, security::ids
Section: admin
Priority: optional
Filename: pool/main/u/unhide/unhide_20220611-1_amd64.deb
Version: 20220611-1
Installed-Size: 167
Maintainer: Debian Security Tools
Architecture: amd64
Depends: libc6 (>= 2.34), iproute2, net-tools, lsof, psmisc, procps
Suggests: rkhunter
Size: 58136
SHA256: 14b757747c270f9cca9d0e506e3fa462c25bb1be03637f92a49829b9ec30ba1d
SHA1: b16fa88701f30c579b01df331444a8fc81f48a20
MD5sum: 305b79a5095af2b937b7da166b4c2329
Description: forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
.
This package is useful for network security checks, in addition to forensics
investigations.
Description-md5:
Homepage: https://www.unhide-forensics.info
Tag: implemented-in::c, interface::commandline, role::program,
scope::utility, security::forensics, security::ids
Section: admin
Priority: optional
Filename: pool/main/u/unhide/unhide_20220611-1_amd64.deb
4. References on Kali Linux
5. The same packages on other Linux Distributions
Popular Linux Distros
Ubuntu
Arch
Linux Mint
Fedora
Kali Linux
Debian
openSuSE
CentOS
Oracle Linux
Rocky Linux
Manjaro
AlmaLinux
Amazon Linux
Red Hat Enterprise Linux