{"id":48827530,"url":"https://github.com/scriptzteam/hidden","last_synced_at":"2026-04-14T18:35:44.839Z","repository":{"id":211554377,"uuid":"729452093","full_name":"scriptzteam/Hidden","owner":"scriptzteam","description":"Hide arguments and environment from the process list.","archived":false,"fork":false,"pushed_at":"2023-12-09T09:38:51.000Z","size":28,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-01-28T09:43:18.426Z","etag":null,"topics":["environment","exec","hidden","hide","process","ps-aux","root"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scriptzteam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-12-09T09:19:37.000Z","updated_at":"2023-12-09T09:38:26.000Z","dependencies_parsed_at":"2023-12-09T10:37:54.993Z","dependency_job_id":null,"html_url":"https://github.com/scriptzteam/Hidden","commit_stats":null,"previous_names":["scriptzteam/hidden"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/scriptzteam/Hidden","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scriptzteam%2FHidden","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scriptzteam%2FHidden/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scriptzteam%2FHidden/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scriptzteam%2FHidden/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scriptzteam","download_url":"https://codeload.github.com/scriptzteam/Hidden/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scriptzteam%2FHidden/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31810740,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-14T18:05:02.291Z","status":"ssl_error","status_checked_at":"2026-04-14T18:05:01.765Z","response_time":153,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["environment","exec","hidden","hide","process","ps-aux","root"],"created_at":"2026-04-14T18:35:44.684Z","updated_at":"2026-04-14T18:35:44.822Z","avatar_url":"https://github.com/scriptzteam.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cH1 align=\"center\"\u003ePrivacy for your command line options\u003c/H2\u003e\n\u003cH3 align=\"center\"\u003eA Linux tool to hide from \"ps\"\u003c/H2\u003e\n\nExample: Show only 'nmap', but without the command options:\n```sh\n./hidden nmap -sCV -F -Pn scanme.nmap.org\n              ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n                     will not show\n```\n\nExample: Replace the current shell with a hidden tmux/shell. Hide all sub processes (`-f`), take on the name of some kernel process (`-a`) and hide all command line options:\n```sh\nexec ./hidden -f -a'[kworker/1:2-cgroup_destroy]' tmux\n```\n\n---\n1. Does not require *root*\n2. Works also on static binaries (e.g. GoLang binaries)\n3. Hide the environment (*/proc/\u0026lt;PID\u0026gt;/environ*) as well\n1. Does not rely on *LD_PRELOAD=* or libc.\n2. Uses ptrace() to manipulate the Elf Auxiliary Table\n5. Only 00.1% overhead.\n6. Stops the admin from seeing or spying on your processes.\n7. Starts a process under _any_ process id (`-n \u003cpid\u003e`)\n\n---\nCompile:\n```sh\ngit clone https://github.com/scriptzteam/Hidden.git\ncd Hidden\nmake\n```\n\n---\nHow it works:\n* It uses ptrace() to manipulates the stack's Elf-Aux-Table.\n* Hidden intercepts when the Kernel passes the command-options to the program (during SYS_execve()): It moves the orignal command-options to a new memory location and then destroyes the old memory location. From the perspective of the Kernel (and procps), the command-options cease to exist. Finally, hidden fixes the pointers in the progam's Aux-Table and hands execution back to the program (PTRACE_CONTINUE). Thereafter, the program is tracked for any further calls to fork() or execve() [to do the same all over again].\n* Almost zero performance impact by using some neat ptrace-features: Tracing only execve() and fork() events (but not any other syscall).\n* The `-n \u003cpid\u003e` trick (to start a program under _any_ pid) is a gimmick: Linux assigns a new pid to every new _thread_ in sequential order, up until the largest possible pid of 4,194,304 (2^22). Thereafter, it starts again at pid 300 (or 1, depending on the environment). Hidden iterates over all 2^22 possible pids (within a few seconds) until the target pid-1 is encountered: Hidden forks 8+ processes, each calling `clone((int (*)(void *))exit, ..)`. Directly jumping into `exit()` and setting `CLONE_VM` is the fastest way to iterate through all available PIDs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscriptzteam%2Fhidden","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscriptzteam%2Fhidden","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscriptzteam%2Fhidden/lists"}