An open-source, pentest and developer-oriented web browser, using the power of Lua
Switch branches/tags
Nothing to show
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Fix help command not working in console Oct 14, 2018
packs Allow custom bookmark screen Nov 26, 2018
src Remove obsolete Chromium pref option Nov 25, 2018
.gitignore Add only used CEF library to about screen Nov 5, 2015
COPYRIGHT Initial commit May 20, 2014
LICENSE Update download links Jun 3, 2016
README.md Update download links May 10, 2018

README.md

Sandcat Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications. For more details, visit http://www.syhunt.com/sandcat/. See also the docs directory and credits section below for a few more details about the Sandcat architecture.

Directories

  • /docs - Lua API documentation
  • /packs - contents of uncompressed pack files
  • /Common - common CSS, widgets and scripts package (Common.pak)
  • /Resources - resources package (Resources.pak)
  • /src - the main executable source and built-in resource files
  • /core - user interface source
  • /html - user interface resources (HTML)
  • /lua - Lua API source

Download

Compiled binaries for Windows can be downloaded from the links below.

Compiling

For compiling Sandcat, you will just need Catarinka and pLua.

The entire Sandcat user interface is created during runtime, so there is no need to install third-party components in the IDE - you can just add the dependencies listed above to the library path and hit compile. It compiles under Delphi 10 Seattle down to XE2. If you are trying to compile it with Lazarus, let me know which errors you get - I will try to do the same soon.

Some work is still needed before a Mac or Linux version materializes.

License & Credits

Sandcat was developed by Felipe Daragon, Syhunt.

This code is licensed under a 3-clause BSD license - see the LICENSE file for details.

Third-party software used in Sandcat include:

  • libcef, based on Chromium, is the engine at the heart of the Sandcat Browser. Sandcat can use the WACEF3 (Chromium Embedded Framework) component or the DCEF3 library). Because we want Sandcat to use the latest Chromium binaries, the most up-to-date and stable wrapper is used for official Sandcat releases.
  • Lua - Developed by a small team at Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio), Lua is the core language used to develop Sandcat extensions as well as portions of the browser itself.
  • TIScript is an extended version of ECMAScript (JavaScript 1.x) developed by Terra Informatica Software and @AndrewTerra, the developers of Sciter. It is used by Sandcat for some of its user interface operations.
  • Sciter is the engine currently used by Sandcat for rendering its user interface. Sciter supports TIScript execution and, in Sandcat, it can also execute Lua scripts and be manipulated from Lua scripts.
  • Icons are derived from: Fugue Icons (by @yusukekamiyamane) and FatCow Icons.
  • The custom Lua icon is the work of Yarin Kaul, and used in Sandcat with his permission.
  • For syntax highlighting, Sandcat currently uses SynEdit and @Krystian-Bigaj's SynWeb with a color scheme adapted from @korny's CodeRay.

The license for each component listed above can be found in the /packs/Resources/docs/ directory of this repository.

Contact

Twitter: @felipedaragon, @syhunt

Email: felipe at syhunt.com

If you want to report a security bug, please see the docs\SECURITY.md file.