Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It consists of two
programs: unhide and unhide-tcp.
unhide detects hidden processes through:
* Comparison of /proc vs /bin/ps output.
* Comparison of info gathered from /bin/ps with info gathered from.
* Syscalls (syscall scanning).
* Full PIDs space ocupation (PIDs bruteforcing).
unhide-tcp identifies TCP/UDP ports that are listening but not listed in
/bin/netstat by doing brute forcing of all TCP/UDP ports availables.
XML Security Library is the latest stable of a C library based on
LibXML2 and OpenSSL. The library was created with a goal to support
major XML security standards:
- XML Signature
- XML Encryption
- Canonical XML (was included in libxml2)
- Exclusive Canonical XML (was included in libxml2)
areca-cli is a Command Line Interface to query and manipulate the Areca
ARC-xxx SATA RAID controllers.
The Sleuth Kit (TSK) is a library and collection of command line tools that
allow you to investigate volume and file system data. The library can be
incorporated into larger digital forensics tools and the command line tools
can be directly used to find evidence.
The media management tools allow you to examine the layout of disks and
other media. The Sleuth Kit supports DOS partitions, BSD partitions (disk
labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT
disks. With these tools, you can identify where partitions are located and
extract them so that they can be analyzed with file system analysis tools.
'di' is a disk information utility, displaying everything
(and more) that your 'df' command does. It features the
ability to display your disk usage in whatever format you
desire/prefer/are used to. It is designed to be portable
across many platforms.
Dateutils are a collection of tools that revolve around manipulating
dates and times on the command line. Commands included in the suite
offer ways of converting dates between calendars, computing durations
between dates, and finding dates in input streams.
Dmidecode is a tool or dumping a computer's DMI (some say SMBIOS) table
contents in a human-readable format. The output contains a description of the
system's hardware components, as well as other useful pieces of information
such as serial numbers and BIOS revision.
Dunst is a lightweight replacement for the notification-daemons provided
by most desktop environments. It's very customizable, doesn't depend on
any toolkits, and therefore fits in those window manager centric setups
we all love to customize to perfection.
Fanout and fanterm are two utilities that allow you to run commands on
multiple machines. The difference is that fanout only runs non-interactive
commands (like dd, cat, adduser, uname -a, etc.) and pipelines built of
these. The output is collected into a single display that can be viewed by
less or redirected to a file.
Fanterm, on the other hand, allows you to run interactive text mode
commands on multiple machines at the same time. Your keystrokes are sent
to a shell or application running on each of the target systems. The
output from each system is shown in a separate xterm.
DownTime is a GTK-based graphical utility for scheduling shutdowns,
reboots, et cetera.