How To Install unhide-gui on Debian 12

Introduction

In this tutorial we learn how to install unhide-gui on Debian 12.

What is unhide-gui

unhide-gui is:

This package unhide-gui provides a graphical user interface for unhide.

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp.

unhide detects hidden processes using the following six techniques:

• Compare /proc vs /bin/ps output
• Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
• Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
• Full PIDs space occupation (PIDs bruteforcing)
• Reverse search, verify that all thread seen by ps are also seen by the kernel (/bin/ps output vs /proc, procfs walking and syscall)
• Quick compare /proc, procfs walking and syscall vs /bin/ps output

unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

This package is useful for network security checks, in addition to forensics investigations.

There are three methods to install unhide-gui on Debian 12. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install unhide-gui Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install unhide-gui using apt-get by running the following command:

sudo apt-get -y install unhide-gui

Install unhide-gui Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install unhide-gui using apt by running the following command:

sudo apt -y install unhide-gui

Install unhide-gui Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install unhide-gui using aptitude by running the following command:

sudo aptitude -y install unhide-gui

How To Uninstall unhide-gui on Debian 12

To uninstall only the unhide-gui package we can use the following command:

sudo apt-get remove unhide-gui

Uninstall unhide-gui And Its Dependencies

To uninstall unhide-gui and its dependencies that are no longer needed by Debian 12, we can use the command below:

sudo apt-get -y autoremove unhide-gui

Remove unhide-gui Configurations and Data

To remove unhide-gui configuration and data from Debian 12 we can use the following command:

sudo apt-get -y purge unhide-gui

Remove unhide-gui configuration, data, and all of its dependencies

We can use the following command to remove unhide-gui configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge unhide-gui

Dependencies

unhide-gui have the following dependencies:

• python3
• python3-tk
• unhide

References

• unhide-gui website
• unhide-gui on packages.debian.org

Summary

In this tutorial we learn how to install unhide-gui package on Debian 12 using different package management tools: apt, apt-get and aptitude.