Framework for analyzing web-based threats

Wepawet is a framework for the analysis of web-based threats. It uses a composition of tools and techniques to execute, trace, analyze, and characterize the activity of code whose execution is triggered by visiting a web page.

Wepawet performs various tests on the URLs or files that are submitted. Once the information associated with the visiting of a web page or the accessing of a resource have been collected, Wepawet tells you whether the resource is malicious or benign and provides you with information that helps you understand why it was classified in a way or the other.

The tool displays various pieces of information that greatly simplify the manual analysis and the understanding of the behavior of web-based threats. For example, it gives access to the unobfuscated malicious code used in an attack.

In addition to identifying a web resource as malicious, Wepawet also identifies precisely the vulnerability that are exploited during an attack. This supports classification of attacks, identification of attack campaigns, and evaluation of the security posture of an enterprise network.