CIRCLean alternatives

Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

Tools like DocBleach are useful when dealing a lot with documents from external parties or even unknown entities. It can scan a system and disarm any possible harmful embedded data or code structures from documents.

Socat is a tool to share data between systems. It can leverage an existing connection, or set up a new channel between two systems. This can be useful to relay traffic, do a quick data transfer, or test other systems. Another option is to use it on the local system to add an encrypted channel.

Metagoofil will perform a search in Google based on the given domain name. Any public documents will be downloaded and analyzed. For this task it uses libraries like Hachoir, PdfMiner, and others. Useful details include username, software versions, hostnames, etc.

File types: pdf, doc, xls, ppt, docx, pptx, xlsx

This tool can be of a great use to see what sensitive data leaks onto the network. This may be a public network or your own private network.

With Xplico analysis can be performed on captured internet traffic. The data stored in a pcap file can then be displayed and the related protocol data can be extracted from the capture file. This may include emails, HTTP sessions, VoIP calls, or anything that can be recognized and stored.

Swap memory is similar to active memory and may contain sensitive details.

Examples of sensitive data artifacts:

• Login accounts and passwords
• GPG keys
• Master keys of password managers
• Email addresses
• WiFi SSID details and keys
• Samba credentials
• Other authentication details

USB Canary is a tool to monitor the addition or removal of USB devices while a computer is locked. This small utility is written in Python and can provide an alert.

USBGuard would be used to define what devices are welcome and lock out the others. It uses a whitelist to define which devices are allowed and defines what they can do.

USBleach disarms potential threats like USB Rubber Ducky (keystroke injection) and the BadUSB attack (man-in-the-middle), which can result in a compromised system. This toolkit decreases the risks involved of accepting untrusted USB devices.