Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SPYBYE(1)		  BSD General Commands Manual		     SPYBYE(1)

NAME
     spybye — a proxy to help finding malware

SYNOPSIS
     crawl [-g good patterns] [-b bad patterns] [-p port] [-l log file]
	   [-S shareing url] [-P] [-x]

DESCRIPTION
     The spybye tool provide a proxy server through which web pages can be
     fetched and analyzed for potentially dangerous includes.  To use spybye,
     you need to configure your web browser to use the port configured by -p
     as proxy port.

     The options are as follows:

     -b good patterns  A file or URL from which good patterns can be loaded.
		       Any URL that maches a good pattern is declared harm‐
		       less.

     -b bad patterns   A file or URL from which bad patterns can be loaded.
		       Any URL that matches a bad pattern is declared danger‐
		       ous.

     -p port	       The port number under which spybye creates the proxy
		       server.	This is the port the web browser needs to con‐
		       tect to.

     -l log file       A filename to which potentially dangerous site interac‐
		       tions are being logged.

     -S share url      When spybye finds a dangerous URL, it can be reported
		       to the provided URL.  By default, this points to
		       www.spybye.org.	This option can be disabled by provid‐
		       ing an empty string.

     -P		       By default, spybye does not allow any fetches to pri‐
		       vate IP addresses.  By specifying this option, web
		       pages can be fetched from any IP address.

     -x		       Puts spybye into proxy mode.  It's possible to browse
		       the web normally, but spybye is going to disallow
		       fetches it deems dangerous.

     This tool is not very complicated and very straight forward.  It uses the
     web browser to decode potentially obfuscated javascript and then traces
     all fetches the web browser makes.	 All URLs that have been classifies as
     dangerous are displayed in the overview page but the web broswer is
     denied access to them.  For additional security, the referer header needs
     to match the already discovered URL space.	 Nonetheless, running spybye
     could potentially get your computer infected when visiting a dangerous
     web page.	So, ideally, your web browser should run within a virtual
     machine.

AUTHORS
     The spybye utility has been developed by Niels Provos.

BSD				 Feb 19, 2007				   BSD

Vote for polarhome