Zeppoo 0.0.3d

Zeppoo makes it possible to detect if a rootkit is installed on your system.
Zeppoo makes it possible to detect if a rootkit is installed on your system.

Zeppoo also makes it possible to detect hidden tasks, syscalls, some corrupted symbols, modules, and also hidden connections.

For that, it mainly uses /dev/kmem to directly inspect the memory of the kernel, and when possible, /dev/mem.

Installation:

Zeppoo uses a micro lib(pico ?) in order to obtain the interrupt descriptor table with an assembler instruction, but we provide a version directly compiled, called ulibzeppo.so

If you wish to compile your own version, you need to have the package python-devel installed, then compile with :

python setup.py build

Visualization:

** Tasks :
./zeppoo.py -v tasks

** Syscalls :
./zeppoo.py -v syscalls

** Networks :
./zeppoo.py -v networks


Checking:

** Tasks :
./zeppoo.py -c tasks

** Networks :
./zeppoo.py -c networks


Fingerprint:

** Create :
./zeppoo.py -f FICHIER create

** Checking :
./zeppoo.py -f FICHIER check

Others:

** To change device by default(/dev/kmem) :
-d PERIPH

** To use mmap to seek symbols(faster) :
-m

Examples:

** Visualization of tasks by /dev/mem using mmap :
./zeppoo.py -v tasks -d /dev/mem -m

** Make fingerprint using /dev/mem :
./zeppoo.py -f FILE create -d /dev/mem

** Check fingerprint using /dev/mem :
./zeppoo.py -f FILE check -d /dev/mem

What's New in This Release:

check execution of a binary(execve, binfmt)
add symbols verification(only execve)

last updated on:
June 19th, 2006, 9:35 GMT
price:
FREE!
developed by:
Zeppoo Team
homepage:
www.zeppoo.net
license type:
GPL (GNU General Public License) 
category:
ROOT \ Security

FREE!

In a hurry? Add it to your Download Basket!

user rating 21

3.4/5
 

0/5

Rate it!
3 Screenshots
ZeppooZeppooZeppoo

Add your review!

SUBMIT