Thursday, March 20, 2014

Jsunpack offline (for now)

jsunpack.jeek.org is offline today for expected downtime.
I hope to bring the server online soon, but I unfortunately don't know how soon.

More details if you email me at urule99 {on the} gmail 

Blake

Monday, June 3, 2013

Jsunpack server migration in progress

Hey everybody, I'm upgrading the jsunpack server again. I'm hoping there will be no downtime during this period. Thanks.

[Edit] All done! I love it when everything goes smoothly.

Monday, April 22, 2013

Update to Jsunpack PDF parsing


Hey guys, I just added a patch from David Dorsey of Visiblerisk, Inc. (Thanks David, you are a boss!).

Below is a sample PDF you can test with just to see how awesome it is:
http://jsunpack.jeek.org/?report=2afae1f7a9b2552f2e38713e47c3371cc8a2d23c

David described a lot of the improvements and the analysis he performed at the following blog posts entitled "Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader"
Part 1: http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-learned-to-stop-worrying-a.html
Part 2: http://visiblerisk.com/blog/2013/4/15/analyzing-malicious-pdfs-or-how-i-learned-to-stop-worrying-a.html

In brief, this update improves pdf.py's XFA parsing, PDF encryption tags, and generally the update will help you to decode some malicious PDFs where jsunpackn.py had trouble decoding them before.

Thanks to David and please if you see any bugs related to this update please report them at https://code.google.com/p/jsunpack-n/issues/list and I'll fix them.

Blake

Monday, October 3, 2011

New jsunpack server!

I brought a new server online for jsunpack.jeek.org over the weekend and everything should be operating normally now. I expect this server to last about 6 months based on the volume of past submissions. I hope you enjoy it!

Blake

Wednesday, June 15, 2011

The jsunpack website is accepting submissions again

I removed the ability for people to submit URLs and files to http://jsunpack.jeek.org/, partially due to abusive submissions in late May. I brought the submissions interface back online today with some changes to help prevent further abuse. Please let me know if you encounter any sort of problems.

Friday, April 1, 2011

Temporary downtime for jsunpack website

The website for this project jsunpack.jeek.org has been down for the past 2 days because I was moving it to new hardware. The old hardware was running ESXi and caused all virtual machines to lock up repeatedly. While I was moving it the site was completely offline but I'm happy to say its back now!

Keep in mind, if you had been running jsunpack-n locally then you wouldn't have experienced any problems (thats software is freely available and that is what the server is running).

[off topic] I've seen a few people do a great job in downtime situations, none of which I did because this whole project is running from a single virtual machine with limited resources. For instance, when Netflix was recently down they acknowledged the problem and credited subscriber's accounts. When another site was down, they played a funny "Doh!" error message video from the Simpsons. In yet another case, DreamHost apologized and wrote a funny blog about it (note: I do not use or endorse DreamHost but I do read their blog). Some quotes from that post:

"I’d like compensation. You’ve earned it! You pay for 365 days of service – not 364.375"

"Why didn’t you call me? We would have loved to reach out to every customer individually, but with over one million domains hosted, that could – quite literally – have taken all year. We’d have loved to email you too, but well, we had this little network problem blocking emails."

Wednesday, December 22, 2010

Jsunpack Website Database Optimizations

I just published some new optimizations for the jsunpack.jeek.org database. This should dramatically improve the performance of the website.

Contact me if you need anything related to this update. I removed the search functionality (and associated RSS feeds) because that was one of the most performance intensive features on the database. While this type of function is still possible, I think I'll either have to limit terms that may be searched for or build a separate index structure so that it is better optimized.

[edit] In case you are curious, the jsunpack database has 186,459 submissions and 686,232 evalated scripts and URLs since 2010-01-29 14:17:36. This year was pretty active for web exploits. The majority of the submissions to jsunpack were publicly released in one of the RSS feeds with 167,356 submissions over this year. The opposite of that were the entries where users wished those submissions to remain private totaling 19,107 submissions.