Just a quick post to list some help tools for detecting cardholder data on your systems, or tools to setup for ongoing controls to monitor for cardholder data.
1) ccsrch
ccsrch is a tool that searches for and identifies unencrypted and contiguous credit card numbers (PAN) and track data on windows and UNIX operating systems. It will also identify the location of the PAN data in the files and record MAC times
2) Senf: The Sensitive Number Finder
Senf is a fast, portable tool (written in Java, runnable just about everywhere) for finding sensitive numbers. Use this tool to identify files on your system that may have Social Security Numbers (SSNs) or Credit Card Numbers (CCNs).
Spider’s purpose is to identify files that may contain confidential data. It scans a collection of files, searching for patterns of numbers or letters that resemble Social Security numbers or credit card numbers (additional search patterns can be created using Unix regular expressions).
4) Tenable’s Ron Gula’s blog using Nessus to find Senstive Data:
Detecting Credit Cards, SSNs and other Sensitive Data at rest with Nessus
5) Snort –
using the
Bleeding
Edge
Emerging
Threat Snort rules, (see
BLEEDING-EDGE Credit Card Number Detected
ET POLICY Credit Card Number Detected in Clear) You might be using snort as
and IDS – or using a product or appliance that uses it as its engine.
This tool is also very handy to check for email that contains CC data as
well. (EDIT: Bob writes to say the that Emerging Threats have replaced
the Bleeding Edge project as it died. Thanks !)
6) Strings
using the parameter Strings -n min-len
Let me know of others that are useful.
Good Blog. I will continue reading it in the future. Nice layout too.
Aaron Wakling
Very useful. I will examine my switch’s logs with some of these tools. Thanks!
The bleeding edge project is dead. It’s been picked back up at Emergingthreats.net
Ground Labs offers Card Recon which is available in a free and commercial version.
Visit http://www.groundlabs.com/ for more detailed information. It has a solid base of QSAs and merchants who use this on a global basis for cardholder data discovery.
One tool not noted in the list is Card Recon Free Edition – http://www.groundlabs.com/crfe
Card Recon is very popular amoungst QSAs given it it purpose built for PCI.
A fast and low false-positive rate tool : PANBuster.
http://www.xmco.fr/panbuster.html
It’s free and it’s available for Windows and Linux.
I tried the Card Recon download link but found it has moved. Updated link: http://www.groundlabs.com/products/getfree