Back to Tools | Tom Liston | Rob VandenBrink | Bojan Zdrnja | Lenny Zeltser | Richard Porter | Guy Bruneau | Russ McRee

Tom Liston

  • GDI Scan - gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll and vgx.dll.

Rob VandenBrink

  • WhereIs Country Lookup by IP - Mass Country lookup by IPv4 or IPv6 address
    - whereis started as an idea and a cludgy 4-5 line script, and ended up being pared down to a much more elegant one line script over the course of a sec504 class. Many people were involved in making it what it is now.

Bojan Zdrnja

  • iPhoneMap (opens in new window) - iPhoneTracker port to Linux
  • Splunk for DShield (opens in new window) - The application retrieves DShield data (All Sources IPs) daily, removes leading zeroes from logs and indexes it into Splunk.

Lenny Zeltser

  • (opens in new window) - The site offers a simple way to query Twitter for search terms often associated with security incidents.

Richard Porter


Guy Bruneau

  • DNS Sinkhole scripts - Contains all the necessary pre-configured files to get a BIND DNS Sinkhole setup.

Russ McRee

  • MIR-ROR - Motile Incident Response - Respond Objectively, Remediate (MIR-ROR) is a security incident response specialized, command-line script that calls specific Windows Sysinternals tools, as well as some other useful utilities, to provide live capture data for investigation.