PANBuster is a command-line tool allowing to easily scan files for credit card numbers stored in clear-text. PANBuster is provided to help PCI QSA, system administrators, developers, auditors and forensics to identify clear-text PAN with minimum false-positive detections.

As required by the PCI DSS standard, Primary Account Numbers (PAN) – also known as “credit card numbers” – must never be stored without strong encryption and a proper keys management.

Main Features

• Binaries available for Linux (32-bits and 64-bits), Windows (32-bits) and Mac OS X (Universal)
• Low false-positive rates
• Complexe regular expression allowing various PAN format detection
• Able to identify card brands (VISA, Mastercard, American Express, JCB, Discover, China Union..) and issuing banks (more than 1000 BIN)
• Able to parse compressed files in memory, without deflate (.ZIP, .GZ, .TGZ…)
• Skip unregular files and overlong datastream
• Detect PAN in : MySQL datafile, MSSQL (backup files only), PostgreSQL, Oracle (Dump).

You can download PANBuster over here.

make sure you subscribe to my RSS feed!