Zeppoo 0.0.3d review

Download
by rbytes.net on

License: GPL (GNU General Public License)
File size: 0K
Developer: Zeppoo Team
0 stars award from rbytes.net

Zeppoo makes it possible to detect if a rootkit is installed on your system.

Zeppoo also makes it possible to detect hidden tasks, syscalls, some corrupted symbols, modules, and also hidden connections.

For that, it mainly uses /dev/kmem to directly inspect the memory of the kernel, and when possible, /dev/mem.

Installation:

Zeppoo uses a micro lib(pico ?) in order to obtain the interrupt descriptor table with an assembler instruction, but we provide a version directly compiled, called ulibzeppo.so

If you wish to compile your own version, you need to have the package python-devel installed, then compile with :

python setup.py build

Visualization:

** Tasks :
./zeppoo.py -v tasks

** Syscalls :
./zeppoo.py -v syscalls

** Networks :
./zeppoo.py -v networks


Checking:

** Tasks :
./zeppoo.py -c tasks

** Networks :
./zeppoo.py -c networks


Fingerprint:

** Create :
./zeppoo.py -f FICHIER create

** Checking :
./zeppoo.py -f FICHIER check

Others:

** To change device by default(/dev/kmem) :
-d PERIPH

** To use mmap to seek symbols(faster) :
-m

Examples:

** Visualization of tasks by /dev/mem using mmap :
./zeppoo.py -v tasks -d /dev/mem -m

** Make fingerprint using /dev/mem :
./zeppoo.py -f FILE create -d /dev/mem

** Check fingerprint using /dev/mem :
./zeppoo.py -f FILE check -d /dev/mem

What's New in This Release:
check execution of a binary(execve, binfmt)
add symbols verification(only execve)

Zeppoo 0.0.3d keywords