Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SPYBYE (1)


spybye - a proxy to help finding malware




crawl [-g good patterns] [-b bad patterns] [-p port] [-l log file] [-S shareing url] [-P] [-x]


The spybye tool provide a proxy server through which web pages can be fetched and analyzed for potentially dangerous includes. To use spybye, you need to configure your web browser to use the port configured by -p as proxy port.

The options are as follows:
-b good patterns A file or URL from which good patterns can be loaded. Any URL that maches a good pattern is declared harmless.
-b bad patterns A file or URL from which bad patterns can be loaded. Any URL that matches a bad pattern is declared dangerous.
-p port The port number under which spybye creates the proxy server. This is the port the web browser needs to contect to.
-l log file A filename to which potentially dangerous site interactions are being logged.
-S share url When spybye finds a dangerous URL, it can be reported to the provided URL. By default, this points to This option can be disabled by providing an empty string.
-P By default, spybye does not allow any fetches to private IP addresses. By specifying this option, web pages can be fetched from any IP address.
-x Puts spybye into proxy mode. It’s possible to browse the web normally, but spybye is going to disallow fetches it deems dangerous.

This tool is not very complicated and very straight forward. It uses the web browser to decode potentially obfuscated javascript and then traces all fetches the web browser makes. All URLs that have been classifies as dangerous are displayed in the overview page but the web broswer is denied access to them. For additional security, the referer header needs to match the already discovered URL space. Nonetheless, running spybye could potentially get your computer infected when visiting a dangerous web page. So, ideally, your web browser should run within a virtual machine.


The spybye utility has been developed by Niels Provos.
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.