The software is provided "as-is." You bear the risk of using it. ExpertSec gives no warranties or guarantees and it will not be responsable for anything related to the software, services, content (including source code) that are on this web site or on third party Internet sites, or third party programs.
Available tools:
Expert Security Check Iframe v0.1(New - Linux and Windows version)
ExpertSec Malware Detection Engine available for download
Vulnerability Finder(New)
Sality.M Removal Tool
Enabler
Show hidden files
Active rootkits detector
Ramoptimizer
File monitor
Process viewer
Check packed
Clean boot sector
Get boot sector
Show bad clusters from your hard disk
Get Thunderbird Password
Expert Security Check Iframe - Linux and Windows version
This is a command line scanner for web pages that are infected with malicious iframes. It is designed for web server administrators and hosting companies. More details available here
Vulnerability finder(New)
This tool was released in order to help developers build better applications.
It is designed to find vulnerabilities in a program. For more information about software vulnerabilities, vist this link
But if an application is vulnerable that doesn't mean it's exploitable. This tool will test only if a PE file is vulnerable, so it can be run on .exe files and .dll's (only the first section will be searched)
The idea behind it is the following:
call function
mov reg1,eax ; eax is the value returned by the function
mov smth,[reg1] ; if reg1 is 0 will cause a crash, if it's not handled properly
In case such a vulnerability is found, the output will be the file offset (in hex) where the call begins.
For more information regarding this tool, don't hesitate to contact us (tools [at] expertsec.com).
ExpertSec Malware Detection Engine
This is a malware scanner designed to spot something not right inside the Windows folder, the place where most of the malware resides.
How to use it:
Extract the contents of the zip file to a folder and double click on the esde application.
An easy to use graphical interface will appear. You need to select the Windows folder and press the Scan button. After the scan is finished, by using the default options, a report will be created and if any files are recognized as suspect, then they will automatically be sent to our research lab for further analysis. You will also be prompted for your e-mail so we can reply to you if the file is indeed a malware or not.
Also we have implemented an update function for our malware detection engine, so you can have the latest detection technology available.
Bear in mind that the product is based on complex heuristics and not on the daily updates that you get on most of the AV products. By doing this we are focusing the efforts on being proactive and detecting new malicious programs before they emerge.
As usual, if you have any comments, you find any bugs, you want to send us a report or you just want to contact us for advices, please send us an e-mail at tools [at] expertsec.com
You can download the scanner from here
Sality.M Removal Tool
This is a command line removal tool for Sality.M (aka Win32.Sality.M, Win32.Tro.Sality.E, PE_SALITY.AC, Win32.Sality.k, W32/Kookoo-A )
Sality.M is a polymorphic virus that infects Win32 PE executable files. It also contains trojan components.
Disinfection instructions:
Extract and copy the removal tool (exe & dll ) to a write protected floppy disk or a CD. After that from command prompt run the anti_sality-m.exe with the name of the folder(drive) in order to scan it.
Here is an example:
anti_sality-m.exe c:\ /clean
enabler
It's a small utility that will activate some buttons, text boxes, etc... that initially are disabled. For example, if you have an option in a program that is disabled, you can eanble it by just running this program and clicking a button.
gethiddenfiles
This get hidden files application show you the files that are marked as hidden from a directory of your choice.
How to run it:
Download the archive then unpack it and run the GetHiddenFiles.exe application.
After the search is ended the hidden files are showed and are automatically copied to a file called logfile.txt that can be found in the current folder.
Active Rootkit Detector
It's a fast rootkit detection application that will show you all hidden processes. Some of those processes may be legitimate, but some of them may be rootkits (malicious files that hide themselves).
How to run it:
Download the archive, extract it to a folder and run the ARD application.
ramoptimizer
It's a small utility that will free the so much needed RAM :) It has a predefined list of how much RAM to free 1M, 10M, 100M, 500M, or it can free how much you want to.
How to run it:
Download the archive then unpack it and run the ramoptimizer.exe application.
fmonv 0.1a
It's a set of utilities to monitor wich files are opened by an application or multiple applications. For the moment it will monitor only opened files, but in the near future functions to monitor files that are read, written or closed are going to be added.
process list
It's a small utility that will show you the running processes or their PID's.
check_packed
It's a small tool that will tell you if a program was packed or if it has packed files in it.
You can find more about packers here.
cleanboot
It's a simple tool that will clean the boot sector of the C drive. You just need to download and then to execute it. It was tested on Windows XP - NT File System
getboot (source code)
This application extract the boot record of the C drive.
badclusters
This application show you how many bad clusters do you have on the C drive.
How to run it:
Download the archive then unpack it and run the badclusters.exe application.