Automatically exported from code.google.com/p/jsunpack-n
Python JavaScript Makefile
Switch branches/tags
Nothing to show
Latest commit c01f406 Apr 2, 2015 Blake Hartstein update README
Permalink
Failed to load latest commit information.
depends Update, compress and cleanup the depends directory. Dec 1, 2011
tools added proxy tools generation script Aug 9, 2010
CHANGELOG added random proxy list and static proxy support Aug 5, 2010
COPYING initial check-in version 0.3.2a (beta) May 18, 2010
INSTALL Update, compress and cleanup the depends directory. Dec 1, 2011
INSTALL.spidermonkey initial check-in version 0.3.2a (beta) May 18, 2010
INSTALL.spidermonkey.shellcode initial check-in version 0.3.2a (beta) May 18, 2010
Makefile major pdf updates, now version 0.3.2c Jul 2, 2010
README.md update README Apr 2, 2015
debug.py pylint and pychecker compliance for debug.py Nov 4, 2011
detection.py Reformated files and reorganized imports Oct 29, 2011
exampleImport.py Reformated files and reorganized imports Oct 29, 2011
gzip.py Reformated files and reorganized imports Oct 29, 2011
html.py pylint and pychecker compliance for html.py Nov 4, 2011
htmlparse.config disabled parse rule in favor of performance Jun 9, 2010
jsunpackn.py updates thanks to David of visiblerisk.com Apr 22, 2013
lzw.py initial check-in version 0.3.2a (beta) May 18, 2010
options.config Delete empty files directory and adjust temporary directory creation. Dec 2, 2011
pdf.py fixed fileID UnboundLocalError issue Aug 8, 2014
post.js made STRICT and LOOSE shellcode detection options and better handling… Nov 12, 2010
pre.js minor fix Apr 23, 2013
rules added printSeps detection Nov 10, 2010
rules.ascii initial check-in version 0.3.2a (beta) May 18, 2010
samples.tgz updated samples archive Aug 19, 2010
swf.py Reformated files and reorganized imports Oct 29, 2011
urlattr.py Reformated files and reorganized imports Oct 29, 2011

README.md

jsunpack-n

jsunpack-n emulates browser functionality when visiting a URL. It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities. It accepts many different types of input:

PDF files - samples/sample-pdf.file Packet Captures - samples/sample-http-exploit.pcap HTML files JavaScript files SWF files This project contains the source code which runs at the website http://jsunpack.jeek.org/. Users can upload files, or enter script contents and URLs to decode. If you choose to install jsunpack-n on your own system, you can run it with the following command to fetch and decode a URL:

$ ./jsunpackn.py -u URL Optionally, you can specify the -a option, which fetches further decoded URLs or paths. If you wish to decode a local file instead, you can simply run:

$ ./jsunpackn.py samples/sample-pdf.file Other samples of malicious files exist within the samples directory.

One common problem running jsunpack-n is when there is no output. This means that there are no signature matches but it could mean that the file was decoded. You have the choice to use -v (verbose) or -V (veryverbose) to get more information in case jsunpack-n outputs nothing.