Stefano Lorenzi

Stefano Lorenzi

IT Security Specialist

Scanfolder

Scanfolder is a open source tool able to perform folder scans:

  • Look for some bad MD5
  • Run YARA and look for some malicius patterns
  • Dumpy module to exctact data (credit card, URL, mail address, SSN, Telephone number, etc)

This tool has a web interface and saves your cases in a sqlite database.
I have tested this tool with Ubuntu distribution.

Install

You can download Scanfolder here


Under Ubuntu, this tool has the follows dependencies:
sudo apt-get install python-yara md5deep

Config

The config files are located in YOUR-PATH/scanfolder/applications/init/config/ and they are:

  • HashDump: this file contains the bad hash in md5deep format (hashvalue, 2 spaces, string)
  • yara.rules
  • dumpy.cfg

Usage

To run Scanfolder, just open a linux shell and run this command:
./YOUR-PATH/scanfolder/scanfolder.py

Scanfoler

Video

Credit

This software is distributed with an unmodified copy of web2py from web2py.com
Many thanks to Gianni Amato (aka guelfoweb) for Dumpy module

This tool is currently maintained by Stefano Lorenzi, who can be contacted at info@stefanolorenzi.org or twitter @BerghemHackLab https://twitter.com/BerghemHackLab. Suggestions and criticism are welcome.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>