Zeppoo Zeppoo makes it possible to detect if a rootkit is installed on your system.
Download

Zeppoo Ranking & Summary

Zeppoo Tags

tasks detect detect hidden tasks detect rootkit detect syscalls Zeppoo

Zeppoo Description

Zeppoo makes it possible to detect if a rootkit is installed on your system. Zeppoo makes it possible to detect if a rootkit is installed on your system.Zeppoo also makes it possible to detect hidden tasks, syscalls, some corrupted symbols, modules, and also hidden connections.For that, it mainly uses /dev/kmem to directly inspect the memory of the kernel, and when possible, /dev/mem.Installation:Zeppoo uses a micro lib(pico ?) in order to obtain the interrupt descriptor table with an assembler instruction, but we provide a version directly compiled, called ulibzeppo.soIf you wish to compile your own version, you need to have the package python-devel installed, then compile with :python setup.py buildVisualization: ** Tasks : ./zeppoo.py -v tasks ** Syscalls : ./zeppoo.py -v syscalls ** Networks : ./zeppoo.py -v networksChecking: ** Tasks : ./zeppoo.py -c tasks ** Networks : ./zeppoo.py -c networksFingerprint: ** Create : ./zeppoo.py -f FICHIER create ** Checking : ./zeppoo.py -f FICHIER checkOthers: ** To change device by default(/dev/kmem) : -d PERIPH ** To use mmap to seek symbols(faster) : -mExamples: ** Visualization of tasks by /dev/mem using mmap : ./zeppoo.py -v tasks -d /dev/mem -m ** Make fingerprint using /dev/mem : ./zeppoo.py -f FILE create -d /dev/mem ** Check fingerprint using /dev/mem : ./zeppoo.py -f FILE check -d /dev/memWhat's New in This Release:· check execution of a binary(execve, binfmt)· add symbols verification(only execve)

Zeppoo Related Software