Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support.
Sandcat Browser includes the following pen-test oriented features:
- Live HTTP Headers
- Sandcat Console - an extensible command line console; Allows you to easily run custom commands and scripts against a target website
- Request Editor extension
- Fuzzer extension with multiple modes and support for filters
- Lua Executor extension — allows you to load and run external Lua scripts
- Syhunt Gelo — simplifies and accelerates the development of exploit-oriented extensions.
- Tor extension — Anonymity for standard browsing and for sending requests
- HTTP Brute Force, CGI Scanner scripts, Encoders/Decoders and more.
In comparison with the full-featured Sandcat Browser application included with Syhunt Hybrid, this Sandcat Browser edition doesn't come with:
- Spider cache integration
- Request replay capabilities
- CatSense™ — which offers instant page analysis information
New in 3.0
After months of hard work, Syhunt is excited to announce the release of the 3.0 version of the Syhunt Sandcat Browser. With this release, Syhunt's feature-packed, pen-test oriented web browser incorporates new capabilities and extensibility enhancements. This new version introduces a new major feature called Sandcat Console, which decreases the barrier between the pen-tester and the website, allowing the user to easily run custom commands and scripts against a website.
In addition to this major feature, Sandcat Browser 3.0 evolved from a single to a multi-process architecture (each tab is now its own process), a feature inherited from Chromium. The new version also brings in a richer experience, improved Developer Tools, improved Tor support, new extensions (such as the new encoder extensions and an enhanced Page Info tab extension) and other improvements.
Sandcat Console: an extensible command line console.
- Changed from single to multi-process architecture.
- Added Sandcat Console, a command console with several useful commands and extension possibilities. New commands can be added using the Lua programming language via the browser.addcmd() function (for example, by Sandcat Browser extensions) or by creating a Lua script file which must be placed in the Scripts/Commands directory. Read the details on how to add custom console commands here.
- Improved Developer Tools.
- Developer Tools now opens in a new tab.
- Fixed: Developer Tools not displaying cookies.
- Page Info tab now displays the full list of page objects.
- Added several encoder extensions (Base64, MD5, SHA-1 and more).
- Added a MD5 brute force extension.
- Added missing Ruby libraries to RudraScript.
- Improved UI responsiveness.
- The Chromium library was upgraded to the latest release.
- The Tor application was upgraded to the latest release.
- The Syhunt Gelo library was upgraded to the latest release (version 1.05).
- Fixed: a minor tab refresh issue.
- 128 MB of memory
- 100 MB of free disk space
- Windows XP, 2003, 2008, Vista or 7.
- As a user of a more recent Windows version you may need to be logged in with full administration rights
- Already included:
- Not included, must be downloaded separately:
- ActivePerl (optional), for running Perl scripts
- Python (optional), for running Python scripts
Syhunt Sandcat Browser
Beta release of Sandcat Browser
Download Size: 27.54 MB
Date Published: 11.18.2012
Version: 3.0 Beta 2
License: Freeware for non-commercial use
Runs on Windows XP, 2003, 2008, Vista and 7.
What is Lua?
Lua is a powerful, fast, lightweight, embeddable scripting language. It is heavily used in the game industry and security tools such as Wireshark, Snort, nmap and Syhunt tools also make use of it.
The language combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.
More information is available at the official website at http://www.lua.org.
Version: 3.0 Beta 2
Sandcat is targeted at penetration testers - people who test websites for security holes - but could also be useful for developers, or anyone else who would like a little more low-level control over their browsing .. This is a capable security testing and developer-oriented browser.
A penetration-oriented browser with plenty of advanced functionality already built in .. it’s all very easy to use: there’s something here for every level of user.
More on Sandcat Browser
Adding Console Commands
ChangeLog for Sandcat