How to Install and Uninstall unhide Package on Kali Linux
Last updated: December 24,2024
1. Install "unhide" package
This guide covers the steps necessary to install unhide on Kali Linux
$
sudo apt update
Copied
$
sudo apt install
unhide
Copied
2. Uninstall "unhide" package
Please follow the guidelines below to uninstall unhide on Kali Linux:
$
sudo apt remove
unhide
Copied
$
sudo apt autoclean && sudo apt autoremove
Copied
3. Information about the unhide package on Kali Linux
Package: unhide
Version: 20220611-1
Installed-Size: 167
Maintainer: Debian Security Tools
Architecture: amd64
Depends: libc6 (>= 2.34), iproute2, net-tools, lsof, psmisc, procps
Suggests: rkhunter
Size: 58136
SHA256: 14b757747c270f9cca9d0e506e3fa462c25bb1be03637f92a49829b9ec30ba1d
SHA1: b16fa88701f30c579b01df331444a8fc81f48a20
MD5sum: 305b79a5095af2b937b7da166b4c2329
Description: forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
.
This package is useful for network security checks, in addition to forensics
investigations.
Description-md5:
Homepage: https://www.unhide-forensics.info
Tag: implemented-in::c, interface::commandline, role::program,
scope::utility, security::forensics, security::ids
Section: admin
Priority: optional
Filename: pool/main/u/unhide/unhide_20220611-1_amd64.deb
Version: 20220611-1
Installed-Size: 167
Maintainer: Debian Security Tools
Architecture: amd64
Depends: libc6 (>= 2.34), iproute2, net-tools, lsof, psmisc, procps
Suggests: rkhunter
Size: 58136
SHA256: 14b757747c270f9cca9d0e506e3fa462c25bb1be03637f92a49829b9ec30ba1d
SHA1: b16fa88701f30c579b01df331444a8fc81f48a20
MD5sum: 305b79a5095af2b937b7da166b4c2329
Description: forensic tool to find hidden processes and ports
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
.
unhide detects hidden processes using the following six techniques:
* Compare /proc vs /bin/ps output
* Compare info gathered from /bin/ps with info gathered by walking thru the
procfs.
* Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
* Full PIDs space occupation (PIDs bruteforcing)
* Reverse search, verify that all thread seen by ps are also seen by the
kernel (/bin/ps output vs /proc, procfs walking and syscall)
* Quick compare /proc, procfs walking and syscall vs /bin/ps output
.
unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
.
This package can be used by rkhunter in its daily scans.
.
This package is useful for network security checks, in addition to forensics
investigations.
Description-md5:
Homepage: https://www.unhide-forensics.info
Tag: implemented-in::c, interface::commandline, role::program,
scope::utility, security::forensics, security::ids
Section: admin
Priority: optional
Filename: pool/main/u/unhide/unhide_20220611-1_amd64.deb