Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications. For more details, visit http://www.syhunt.com/sandcat/. See also the docs directory and credits section below for a few more details about the Sandcat architecture.
Directories
/docs
- Lua API documentation/packs
- contents of uncompressed pack files/Common
- common CSS, widgets and scripts package (Common.pak)/Resources
- resources package (Resources.pak)/src
- the main executable source and built-in resource files/core
- user interface source/html
- user interface resources (HTML)/lua
- Lua API source
Download
Compiled binaries for Windows can be downloaded from the links below.
- 6.0 64-bit
- 6.0 32-bit
- 6.0 32-bit with Pen-Tester Tools (included as part of Syhunt Community)
Compiling
The entire Sandcat user interface is created during runtime, so there is no need to install third-party components in the IDE - you can just add the dependencies listed above to the library path and hit compile. It compiles under Delphi 10 Seattle down to XE2. If you are trying to compile it with Lazarus, let me know which errors you get - I will try to do the same soon.
Some work is still needed before a Mac or Linux version materializes.
ChangeLog
- Request Viewer rewrite - with better display of requests and stability fixes.
- Disabled the Chromium’s XSS protection when in pentest mode.
- Simplified the tabbed UI - major tab code clean up and reorganization.
- Added drag and drop for items in the list editor.
- Fixed: occasional crash when extension called events of Lua objects.
- Additional stability.
Contact
Twitter: @felipedaragon, @syhunt
Email: felipe at syhunt.com
If you want to report a security bug, please see the
docs\SECURITY.md
file.