
scan & analysing tools
Get flash to fully experience Pearltrees
Reverse IP Lookup - Find Other Web Sites Hosted on a Web Server
yara-project - A malware identification and classification tool
YARA in a nutshell YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.Labs Research: Solving a Little Mystery
jsunpack-n - A generic JavaScript unpacker
jsunpack-n emulates browser functionality when visiting a URL. It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities. It accepts many different types of input: PDF files - samples/sample-pdf.file Packet Captures - samples/sample-http-exploit.pcap HTML files JavaScript files SWF filestheHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported are: Google – emails,subdomains/hostnames Google profiles – Employee names Bing search – emails, subdomains/hostnames,virtual hosts Pgp servers – emails, subdomains/hostnames Linkedin – Employee names Exalead – emails,subdomain/hostnames New Features Time delays between requests XML and HTML results export Search a domain in all sources Virtual host verifier Shodan computer database integration Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion) Basic graph with stats
theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool
Как расшифровать PHP-скрипт | Raz0r.name — блог о web-безопасности
Тема декодирования зашифрованных PHP-скриптов уже однажды мной затрагивалась в посте PHP и зашифрованный код . В нем я описал способ получения значений всех инициализированных переменных и списка объявленных функций в скрипте, зашифрованным протектором ionCube. Тогда, в 2009 году, расшифровать скрипт под ionCube было проблематично – на тот момент существовали лишь платные сервисы.How do I perform a stack trace search ? Clicking the checkbox labeled "Stack Trace Search" on the GrepCode home page provides a text area where you can paste your Java stack trace. Doing a search after that will take you to a page with the results of your stack trace search. Alternatively, if you are not on the main page, you can click on the link in the header labeled "Stack Trace Search", and perform the same search.
FAQ - GrepCode.com - Java Source Code Search 2.0
List of tools for static code analysis
This is a list of tools for static code analysis . [ edit ] Historical Lint – The original static code analyzer of C code .Normally, without access to the original source code, testing the security of a Java client is unpredictable at best and unrealistic at worst. With access the original source, you can run a simple Java program and attach a debugger to it remotely, stepping through code and changing variables where needed. Doing the same with an applet is a little bit more difficult. Unfortunately, real-life scenarios don't offer you this option, anyway. Compilation and decompilation of Java are not really as deterministic as you might imagine. Therefore, you can't just decompile a Java application, run it locally and attach a debugger to it.

