Scanfolder is a open source tool able to perform folder scans:
- Look for some bad MD5
- Run YARA and look for some malicius patterns
- Dumpy module to exctact data (credit card, URL, mail address, SSN, Telephone number, etc)
This tool has a web interface and saves your cases in a sqlite database.
I have tested this tool with Ubuntu distribution.
You can download Scanfolder here
Under Ubuntu, this tool has the follows dependencies:
sudo apt-get install python-yara md5deep
The config files are located in YOUR-PATH/scanfolder/applications/init/config/ and they are:
- HashDump: this file contains the bad hash in md5deep format (hashvalue, 2 spaces, string)
To run Scanfolder, just open a linux shell and run this command:
This software is distributed with an unmodified copy of web2py from web2py.com
Many thanks to Gianni Amato (aka guelfoweb) for Dumpy module
This tool is currently maintained by Stefano Lorenzi, who can be contacted at firstname.lastname@example.org or twitter @BerghemHackLab https://twitter.com/BerghemHackLab. Suggestions and criticism are welcome.