Unhide-tcp forensic tool to find hidden tcp/udp ports
unhide-tcp [options]
unhide-tcp is a forensic tool that identifies TCP/UDP ports that are listening but are not listed by /sbin/ss (or alternatively by /bin/netstat) through brute forcing of all TCP/UDP ports available.
Note : If iproute2 is not available on the system, option -n or -s SHOULD be given on the command line.
-h --help
Display help
--brief
Don't display warning messages, that's the default behavior.
-f --fuser
Display fuser output (if available) for the hidden port
-l --lsof
Display lsof output (if available) for the hidden port
-n --netstat
Use /bin/netstat instead of /sbin/ss. On system with many opened ports, this can slow down the test dramatically.
-s --server
Use a very quick strategy of scanning. On system with a lot of opened ports, it is hundreds times faster than ss method and ten thousands times faster than netstat method.
-o --log
Write a log file (unhide-tcp-AAAA-MM-DD.log) in the current directory.
-V --version
Show version and exit
-v --verbose
Be verbose, display warning message (default : don't display). This option may be repeated more than once.
0
if no hidden port is found,
4
if one or more hidden TCP port(s) is(are) found,
8
if one or more hidden UDP port(s) is(are) found,
12
if one or more hidden TCP and UDP ports are found.
unhide (8).
This manual page was written by Francois Marier [email protected] and Patrick Gouin. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 or any later version published by the Free Software Foundation.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.