Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.

Unhide detects hidden processes using six techniques:

- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.

Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.