Stefano Lorenzi

Stefano Lorenzi

Cyber Security and HomeBrewer


Scanfolder is a open source tool able to perform folder scans:

  • Look for some bad MD5
  • Run YARA and look for some malicius patterns
  • Dumpy module to exctact data (credit card, URL, mail address, SSN, Telephone number, etc)

This tool has a web interface and saves your cases in a sqlite database.
I have tested this tool with Ubuntu distribution.


You can download Scanfolder here

Under Ubuntu, this tool has the follows dependencies:
sudo apt-get install python-yara md5deep


The config files are located in YOUR-PATH/scanfolder/applications/init/config/ and they are:

  • HashDump: this file contains the bad hash in md5deep format (hashvalue, 2 spaces, string)
  • yara.rules
  • dumpy.cfg


To run Scanfolder, just open a linux shell and run this command:




This software is distributed with an unmodified copy of web2py from
Many thanks to Gianni Amato (aka guelfoweb) for Dumpy module

This tool is currently maintained by Stefano Lorenzi, who can be contacted at or twitter @BerghemHackLab Suggestions and criticism are welcome.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>