Overview

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support.

Sandcat Browser includes the following pen-test oriented features:

• Live HTTP Headers
• Sandcat Console - an extensible command line console; Allows you to easily run custom commands and scripts against a target website
• Request Editor extension
• Fuzzer extension with multiple modes and support for filters
• JavaScript Executor extension — allows you to load and run external JavaScript files
• Lua Executor extension — allows you to load and run external Lua scripts
• Syhunt Gelo — simplifies and accelerates the development of exploit-oriented extensions.
• PageInfo extension — allows you to view the page headers, JavaScript objects and more.
• Tor extension — Anonymity for standard browsing and for sending requests
• HTTP Brute Force, CGI Scanner scripts, Encoders/Decoders and more.

Limitations

In comparison with the full-featured Sandcat Browser application included with Syhunt Hybrid, this Sandcat Browser edition doesn't come with:

• the Sandcat Pro extensions
• Scanner integration — allows you to perform manual crawling

• Spider cache integration
• Request replay capabilities
• CatSense™ — which offers instant page analysis information

New in 3.0

After months of hard work, Syhunt is excited to announce the release of the 3.0 version of the Syhunt Sandcat Browser. With this release, Syhunt's feature-packed, pen-test oriented web browser incorporates new capabilities and extensibility enhancements. This new version introduces a new major feature called Sandcat Console, which decreases the barrier between the pen-tester and the website, allowing the user to easily run custom commands and scripts against a website.

In addition to this major feature, Sandcat Browser 3.0 evolved from a single to a multi-process architecture (each tab is now its own process), a feature inherited from Chromium. The new version also brings in a richer experience, improved Developer Tools, improved Tor support, new extensions (such as the new encoder extensions and an enhanced Page Info tab extension) and other improvements.

Sandcat Console: an extensible command line console.

ChangeLog

• Changed from single to multi-process architecture.
• Added Sandcat Console, a command console with several useful commands and extension possibilities. New commands can be added using the Lua programming language via the browser.addcmd() function (for example, by Sandcat Browser extensions) or by creating a Lua script file which must be placed in the Scripts/Commands directory. Read the details on how to add custom console commands here.
• Improved Developer Tools.
  • Developer Tools now opens in a new tab.
  • Fixed: Developer Tools not displaying cookies.
• Page Info tab now displays the full list of page objects.
• Added several encoder extensions (Base64, MD5, SHA-1 and more).
• Added a MD5 brute force extension.
• Added missing Ruby libraries to RudraScript.
• Improved UI responsiveness.
• The Chromium library was upgraded to the latest release.
• The Tor application was upgraded to the latest release.
• The Syhunt Gelo library was upgraded to the latest release (version 1.05).
• Fixed: a minor tab refresh issue.

Specs

1. 128 MB of memory
2. 100 MB of free disk space
3. Windows XP, 2003, 2008, Vista or 7.
4. As a user of a more recent Windows version you may need to be logged in with full administration rights

Additional Requirements

• Already included:
  • Lua, freely available from http://www.lua.org/
  • PascalScript, freely available from http://www.RemObjects.com/
  • PHP, freely available from http://www.php.net/
  • Ruby, freely available from http://www.ruby-lang.org
• Not included, must be downloaded separately:
  • ActivePerl (optional), for running Perl scripts
  • Python (optional), for running Python scripts

Screenshots

Sandcat Browser

Browser Fuzzer

Page Info

Source Search

Download

What is Lua?

Lua is a powerful, fast, lightweight, embeddable scripting language. It is heavily used in the game industry and security tools such as Wireshark, Snort, nmap and Syhunt tools also make use of it.

The language combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.

More information is available at the official website at http://www.lua.org.