Skip to content
Searches for ports hidden by a rootkit.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


HPDetector is a free application which specializes in detecting hidden backdoor TCP/UDP ports. HPDetector uses a two step process to detect hidden ports. First, HPDetector compares the Linux Kernel or Windows Netstat exported list of ports with a list gathered from manually binding to ports. If a port caused a binding exception but is not shown in the Kernel/Netstat list, then it is probably a hidden port. Redundant checks are done to ensure that the port is actually hidden.  This program essentially catches the operating system in a “lie” about which ports are bound to an interface. It is available for both Windows and Linux.   The Windows version requires the .NET 2.0 Framework. The Linux version requires either the latest JRE or the GNU Compiler for Java.

What does it mean if a hidden port is detected?  A hidden port being detected simply means that an inconsistancy was found between different portions of the operating system.  This is sometimes an indication that a rootkit is hiding a backdoor.  A hidden port being detected should be taken seriously.  It provides a starting point to conduct further investigation.  For example, after detecting a hidden TCP port, and Administrator can attempt to telnet to the port to see if it is actually listening for connections.  Other rootkit tools such as Rootkit Revealer will help verify the prescense of a rootkit.
You can’t perform that action at this time.