**-Unhide-**   yjesus@security-projects.com

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs 
or by another hidden technique.

//Unhide (ps)

Detecting hidden processes. Implements three techniques

Compare /proc vs /bin/ps output

Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).

Full PIDs space ocupation (PIDs bruteforcing)

// Unhide-TCP

Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing
of all TCP/UDP ports availables.


// Files

unhide.c --> Hidden processes, for generic Unix systems (*BSD, Solaris, linux 2.2 / 2.4) 
             It doesn't implement PIDs brute forcing check yet. Needs more testing

unhide-linux26.c --> Hidden processes, Linux 2.6.x

unhide-tcp.c --> Hidden TCP/UDP Ports

// License

GPL V.3 (http://www.gnu.org/licenses/gpl-3.0.html)

// Greets

A. Ramos (aramosf@unsec.net) for some regexps

unspawn (unspawn@rootshell.be) CentOS support

Martin Bowers (Martin.Bowers@freescale.com) CentOS support

Lorenzo Martinez (lorenzo@lorenzomartinez.homeip.net) Some ideas to improve and betatesting
