ZeppooZeppoo makes it possible to detect if a rootkit is installed on your system. | |
Download |
Zeppoo Ranking & Summary
Advertisement
- License:
- GPL
- Price:
- FREE
- Publisher Name:
- Zeppoo Team
- Publisher web site:
- http://www.zeppoo.net/index.php?p=index.en
Zeppoo Tags
Zeppoo Description
Zeppoo makes it possible to detect if a rootkit is installed on your system. Zeppoo makes it possible to detect if a rootkit is installed on your system.Zeppoo also makes it possible to detect hidden tasks, syscalls, some corrupted symbols, modules, and also hidden connections.For that, it mainly uses /dev/kmem to directly inspect the memory of the kernel, and when possible, /dev/mem.Installation:Zeppoo uses a micro lib(pico ?) in order to obtain the interrupt descriptor table with an assembler instruction, but we provide a version directly compiled, called ulibzeppo.soIf you wish to compile your own version, you need to have the package python-devel installed, then compile with :python setup.py buildVisualization: ** Tasks : ./zeppoo.py -v tasks ** Syscalls : ./zeppoo.py -v syscalls ** Networks : ./zeppoo.py -v networksChecking: ** Tasks : ./zeppoo.py -c tasks ** Networks : ./zeppoo.py -c networksFingerprint: ** Create : ./zeppoo.py -f FICHIER create ** Checking : ./zeppoo.py -f FICHIER checkOthers: ** To change device by default(/dev/kmem) : -d PERIPH ** To use mmap to seek symbols(faster) : -mExamples: ** Visualization of tasks by /dev/mem using mmap : ./zeppoo.py -v tasks -d /dev/mem -m ** Make fingerprint using /dev/mem : ./zeppoo.py -f FILE create -d /dev/mem ** Check fingerprint using /dev/mem : ./zeppoo.py -f FILE check -d /dev/memWhat's New in This Release:· check execution of a binary(execve, binfmt)· add symbols verification(only execve)
Zeppoo Related Software