Spam Links Index > Tools
To link to this page use: http://spamlinks.net/tools.htm
Read the Frequently Asked Questions (FAQs) page first if you are new to fighting spam.
See also: Tracing spam
http://www.expita.com/header2.html
http://samspade.org/d/tools.html
http://samspade.org/d/ipdns.html
These pages allow DNS lookups, whois, traceroute, and more.
http://combat.uxn.com/
http://www.dnsstuff.com/
(and http://www.dnsstuff.com/pages/expert.htm)
http://samspade.org/t/
http://www.hatcheck.org/
http://www.caspam.org/cas_chercher.html
http://galileo.spaceports.com/~schnuppe/
http://www.netdemon.net/tools.html
http://www.tehrasha.mamehost.com/bastard/
http://www.spamshield.org/route-leecher.pl
http://www.shadowstorm.com/cgi-bin/find-ralsky-dialups?
(Find Ralsky Dial-ups)
http://www.shadowstorm.com/cgi-bin/web-weezle?
(Find common open directories)
http://www.shadowstorm.com/cgi-bin/spamhunter?
(DNS, whois, traceroute et al, all in one)
(when using Internet Explorer with the above tools, end the line with a
/ to use as intended,
e.g. http://www.shadowstorm.com/cgi-bin/spamhunter?shadowstorm.com/)
[top of section] [top] [index]
http://www.netdemon.net/downloads/
http://www.samspade.org/ssw/
(download this update, remove ".txt",
then merge it with your registry. See here
also.)
http://www.visualware.com/emailtrackerpro/
http://www.cix.co.uk/~net-services/spam/whois.htm
http://www.tnsoft.com/toolkit.htm
http://www.pc-tools.net/win32/freeware/viewhead/
http://netinfo.tsarfin.com/
http://www.kiraly.com/software/utilities/whois/
(command line)
http://www.karenware.com/powertools/ptlookup.asp
http://www.tialsoft.com/mnettrace/
http://www.hlembke.de/prod/3dtraceroute/
http://www.promailix.com/ (Crime
Scene Investigator)
[top of section] [top] [index]
http://www.grymoire.com/Spam/FF.pl
http://oplnk.net/~ajackson/software/
(under "SpamFryer" - Perl script)
http://www.blars.org/hinfo.html
(See the script in action at http://www.blars.org/cgi-bin/myhostinfo.cgi)
[top of section] [top] [index]
http://www.petemoss.com/spam/tools.html
http://www.whatroute.net/
http://www.sustworks.com/site/prod_ipmonitor.html
[top of section] [top] [index]
http://packetderm.cotse.com/cgi-bin/lookuptools/
http://www.geektools.com/
http://network-tools.com/
http://www.domainwatch.com/
http://www.false.net/ntool/n.p
(sign up to use)
http://www.canufly.net/~georgegg/dns/
http://home01.wxs.nl/~houwe135/wbnt1/
http://www.internetweather.com/
http://www.blackcode.com/net-tools/
http://networktools.tk/
http://tatumweb.com/iptools.htm
http://codeflux.com/tools/
http://www.subnetonline.com/tools/alltools.html
http://www.simplelogic.com/net_utils/AllUtils.asp
http://www.dataphone.se/~astilbe/inetcheck/
http://www.coreychapman.com/webtools.php
[top of section] [top] [index]
Discover who owns an IP address or domain name.
http://netdemon.net/tutorials/whois.txt
http://www.apnic.net/info/faq/abuse/using_whois.html
These websites provide a universal whois service, for any IP or address or domain name.
http://whois.geektools.com/cgi-bin/proxy.cgi
http://www.m5computersecurity.com/whois.php
http://whois.bw.org/
http://grove.ufl.edu/~bro/cgi-bin/wp.cgi
http://openrbl.org/whois.htm
http://afelandra.com/~stakasa/geektools/templates/geek_frame.html
(Japanese)
http://www.mse.co.jp/j_www/index.shtml
http://killaspammerforchrist.com/
http://tools.fpsn.net/whois/
http://www.fr2.cyberabuse.org/whois/
http://www.antispam.ru/cgi-bin/1/whois
http://www.atomintersoft.com/products/alive-proxy/smart-whois/
http://tools.rosinstrument.com/cgi-bin/wi.pl
http://www.whois.sc/ (whois search engine)
[top of section] [top] [index]
Wrappers or proxies for whois, to save knowing the server to look up a query at.
http://www.geektools.com/software.php
http://www.gnu.org/software/jwhois/
http://www.roble.com/docs/whoiss
(shell script)
http://wp-whois-proxy.sourceforge.net/
http://whois.bw.org/
http://www.iecc.com/gwhois
http://www.fpsn.net/products/?show=/libraries/Net-WhoisProxy
[top of section] [top] [index]
Several of the tools here also provide whois functions.
http://www.fr2.cyberabuse.org/whois/
http://www.karenware.com/powertools/ptwhois.asp
http://www.tialsoft.com/hwhois/
[top of section] [top] [index]
These servers will proxy whois requests to the correct whois server, and
can be integrated with scripts.
You can use these servers to handle any IP and domain whois lookups.
whois.thur.de
whois.geektools.com (see http://whois.geektools.com/cgi-bin/proxy.cgi)
whois.cyberabuse.org (see http://www.fr2.cyberabuse.org/whois/)
[top of section] [top]
[index]
http://www.rwhois.net/rwhois/prwhois.html
http://www.cjb.net/cgi-bin/whois.cgi
(whois for cjb.net subdomains)
[top of section] [top] [index]
[top of section] [top] [index]
http://www.arin.net/tools/ (US,
ARIN)
http://www.apnic.net/ (Asia-Pacific
and Australia, APNIC)
http://www.ripe.net/db/whois.html,
http://www.ripe.net/ (Europe, RIPE)
http://www.lacnic.net/ (Latin America,
LACNIC)
[top of section] [top] [index]
http://www.networksolutions.com/cgi-bin/whois/whois
http://checkdomain.com/
http://www.nic.mil/dodnic/ (.MIL)
http://www.nic.gov/whois.html
(.GOV)
http://www.iana.org/cctld/cctld-whois.htm
(By .tld country code)
http://afridns.org/ (African domain names)
http://www.icann.org/registrars/accredited-list.html
http://www.chebucto.ns.ca/~af380/kr-whois.html
(Whois for .KR cc-tld)
[top of section] [top] [index]
ftp://sipb.mit.edu/pub/whois/whois-servers.list
http://www.allwhois.com/
http://www.alldomains.com/
http://www.norid.no/domenenavnbaser/domreg.html
[top of section] [top] [index]
http://www.2600slc.org/texts/TraceRoute.txt
http://www.inetdaemon.com/tools/traceroute.html
http://www.opus1.com/o/nospamtrace.html
http://samspade.org/d/traceroute.html
[top of section] [top] [index]
http://www.tracert.com/cgi-bin/trace.pl
(http://www.tracert.com/)
http://www.traceroute.org/
http://www.geektools.com/traceroute.php
[top of section] [top] [index]
UNIX comes with the standard "traceroute" tool, used from the
command line.
These tools provide additional power and flexibility and can prove useful
if a spammer is spoofing results to normal traceroutes.
http://michael.toren.net/code/tcptraceroute/
http://www.mainnerve.com/lft/
http://www.hping.org/
[top of section] [top] [index]
http://www.pingplotter.com/
http://www.visualware.com/visualroute/index.html
[top of section] [top] [index]
These tools provide information on the DNS servers for a domain.
If you wish to look up hostnames or ip addresses to get DNS information
use one of the all-purpose tools.
On UNIX systems use DIG.
http://www.mavetju.org/unix/dnstracer.php
(get the binary here: http://www.mavetju.org/unix/general.php)
http://tools.eyeonsecurity.org/tools/dnstools/mx.html
http://relays.osirusoft.com/cgi-bin/rdns.cgi
(rDNS resolved for ranges of IP addresses)
[top of section] [top] [index]
Query a DNSBL with a single record at a time.
These query a whole host of lists, and return the results togther to give a full picture.
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi
http://openrbl.org/
http://www.moensted.dk/spam/
http://www.samspade.org/t/rbl
http://www.dnsstuff.com/
http://www.loosenut.com/russ-bin/rbl.pl
http://www.mob.net/~ted/tools/rbl.php3
http://mail.vene.ws/check.shtml
http://rbls.org/
http://www.rbl.jp/ckdb/ (Japanese)
http://www.schwietering.com/AmIBlackListed.php
http://tools.fpsn.net/ipbhl/
http://spamjihad.org/cgi-bin/drbcheck.cgi
http://scorpion77.cjb.net/cgi-bin/rblcheck.cgi
http://www.cluecentral.net/rblcheck/
http://www.dnsbl.info/
http://nospam-pl.net/rbl.php
[top of section] [top] [index]
http://afelandra.com/~stakasa/cgi-bin/rbcheck.cgi
http://andrew.triumf.ca/cgi-bin/nph-rbcheck.cgi?addr=
http://www.chem.utoronto.ca/cgi-bin/rbcheck.cgi
http://quickgr.its.yale.edu/cgi-bin/rbcheck_dnsbl01
[top of section] [top] [index]
These sites allow a list of IP addresses to be entered, to be checked en
masse.
Please don't abuse these sites by using them with automated scripts.
http://treehouse.dyndns.org/spamhaus/reports/listscan.php
http://spfilter.openrbl.org/lookup.php
[top of section] [top] [index]
Used to query only one (or a particular set of) DNSBL not included in the general lookups.
http://www.njabl.org/lookup.html
(NJABL)
http://www.mail-abuse.org/cgi-bin/lookup
(MAPS DNSBLs)
http://postmaster.info.aol.com/duls.html,
http://postmaster.info.aol.com/ors.html,
http://postmaster.info.aol.com/ops.html
(AOL - for server owners)
http://dsbl.org/listing (DSBL)
http://mdh.ru/drbl/drbl-find.html
(Distributed RBLs)
http://spamblock.outblaze.com/spamchk.html
(is Outblaze blocking you?)
[top of section] [top] [index]
Scripts you can use to check DNSBLs.
http://www.unicom.com/sw/blq/
http://www.osirusoft.com/rbcheck/ (dead?)
http://moensted.dk/spam/drbcheck.txt
(needs http://www.moensted.dk/spam/drbsites.txt)
http://www.bagley.org/~doug/spam/bh
(Perl)
http://bre.klaki.net/programs/spam/rbl-check.pod.txt
(check IPs in headers)
http://rblcheck.sourceforge.net/
http://www.salesianer.de/util/rblcheck.html
(Perl)
http://oberon.idunno.org/spews/
(SPEWS)
[top of section] [top] [index]
A lot of DNSBLs specify the ranges they list using subnets.
http://www.geektools.com/geektools-cgi/aggis-wrapper
http://public.pacbell.net/dedicated/cidr.html
[top of section] [top] [index]
Tools to test for open relays.
For more information on open relays including reporting see: Relays
Relay testers for general use (as far as can be reasonably determined).
http://www.abuse.net/relay.html
(http://traceroute.utanet.at/check.html
calls this same test page)
http://www.fabel.dk/relay/test/
http://members.iinet.net.au/~remmie/relay/
http://www.lucidlogic.com/relay.php
http://www.cymru.com/~robt/Tools/mtaprobe.exp
http://www.3dmail.com/spam/ (header
analysis)
http://tools.rosinstrument.com/cgi-bin/rc.pl
http://www.mailbox.net.uk/cgi-bin/relaytest.pl
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html
http://www.aupads.org/test-relay.html
http://tools.eyeonsecurity.org/tools/relay.html
[top of section] [top] [index]
Telnet to the server shown from the server you wish to test.
telnet://mach3.osirusoft.com/
telnet://relay-test.mail-abuse.org/
[top of section] [top] [index]
Scripts to test relays.
http://www.unicom.com/sw/#rlytest
http://mail-abuse.org/tsi/ar-test.html
http://www.monkeys.com/mrt/index.html
http://www.trusontechnologies.com/services/spam_tester.php
http://www.nanet.co.jp/rlytest/relaytest.html
http://arpa.org/relaycheck.pl
http://sourceforge.net/projects/smtprc
http://www.rbl.jp/svcheck.php
http://www.kluge.net/~felicity/random/testrelay.txt
http://www.mob.net/~ted/tools/relaytester.php3
http://puck.nether.net/ortest/
ftp://ftp.ruhr-uni-bochum.de/local/mail/spamtools/relaytest
(Perl)
http://www.cymru.com/~robt/Tools/mtaprobe.exp
[top of section] [top] [index]
Services for users in particular organisations.
http://www.ja.net/mail/anti-spam/STAN.html (JANET)
[top of section] [top] [index]
Tools to test for open proxies.
For more information on open relays including reporting see: Proxies
Some commonly-open proxy ports are:
80, 81, 8000, 8080 (HTTP CONNECT), 1080 (SOCKS), 3128 (Wingate/Squid), 6588 (AnalogX)
http://hatcheck.org/proxy/ - temporarily
down
http://www.atomintersoft.com/products/alive-proxy/online-proxy-checker/
http://www.shadowstorm.com/cgi-bin/proxy-hunter?
(end the line with a / if it doesn't work as expected)
http://monster.cyberabuse.org/
(self-testing. under construction)
http://tools.rosinstrument.com/cgi-bin/fpc.pl
(CONNECT proxies)
[top of section] [top] [index]
http://www.socks.nec.com/cgi-bin/download.pl
http://www.corpit.ru/mjt/proxycheck.html
ftp://ftp.monkeys.com/pub/proxy/
(PXStress)
http://www.astalavista.net/new/network.php?cmd=proxy
http://www.unicom.com/sw/pxytest/
(news)
http://blitzed.org/bopm/ (with IRCd)
http://dsbl.org/programs
[top of section] [top] [index]
Spammers try to hide various aspects of how their operation is set up, using javascript, dns tricks, specially encoded characters and long streams of redirects - untangle their knots with these tools and tips.
A URL is just so much gibberish? Feed it to one of these.
http://www.netdemon.net/decode.html
http://www.abuse.net/cgi-bin/unpackit
(convert IP to dotted quad)
http://javascript.internet.com/equivalents/url-revealer.html
(Javascript source included)
http://solutions.icobb.com/obfuscated_url_decoder.html
http://www.pc-help.org/obscure.htm
http://www.edendev.co.uk/spam/url.shtml
[top of section] [top] [index]
If the source code of a webpage is hidden as chunks of unintelligible strings, try using one of these tools.
How they work: http://samspade.org/d/javascript.html
NEW: Drag this javascript link to your toolbar, or add it to your
favourites: view page code
When you are viewing a page with source code that doesn't make sense, click
on that link.
A similar link is available from http://www.sengir.demon.co.uk/decode.html:
view
page code (2)
You can also use one of these online pages if you wish:
http://www.netdemon.net/haywyre/
http://www.swishweb.com/dec.htm
http://www.samspade.org/t/ (look
for "Javascript decoder")
http://hesketh.com/schampeo/spam-l/decode_haywyre.html
http://spamdecode.homestead.com/
http://killaspammerforchrist.com/decode/pe.html
http://www.virtualconspiracy.com/index.php?page=scrdec/intro
(Windows Scripting)
http://tools.geht.net/eval.html
[top of section] [top] [index]
Get the plain text version of an email, undoing the encoding the spammer
used.
http://www.faqs.org/faqs/mail/mime-faq/mime0/
[top of section] [top] [index]
http://www.funduc.com/otsoft.htm#decodeshellextension
ftp://ftp.andrew.cmu.edu/pub/mpack/
[top of section] [top] [index]
http://www.fpx.de/fp/Software/UUDeview/
http://www.unicom.com/sw/ungoopspam/
http://www.miken.com/uud/ (Windows)
[top of section] [top]
[index]
Base64 is an encoding defined in RFC 2045. You don't need to know that to decode it.
http://www.wc.cc.va.us/dtod/base64/
http://www.cleverportal.org/ocproject/base64decode.php
http://www.robertgraham.com/tools/base64coder.html
http://www.robietherobot.com/calc.htm
http://makcoder.sourceforge.net/demo/base64.php
http://iharder.sourceforge.net/base64/
http://ostermiller.org/utils/Base64.html
http://tools.eyeonsecurity.org/tools/Base64/
http://www.toastedspam.com/decode64
http://www.tipjar.com/nettoys/demimeulator.html
[top of section] [top] [index]
http://www.toastedspam.com/decodeqp
[top of section] [top] [index]
A guide to how Empire Towers misdirect complaints.
http://www.spamhaus.org/rokso/search.lasso?evidencefile=1103
[top of section] [top] [index]
Get the text of PDFs out without shelling out for Acrobat.
http://access.adobe.com/perl/convertPDF.pl?url=example.com/example.pdf
(Convert PDF at URL "example.com/example.pdf" into HTML)
[top of section] [top] [index]
http://www.quiss.org/swftools/swfdump.html
http://www.openswf.org/downloads/swfdump.exe
(see http://www.openswf.org/)
http://www.openswf.org/code/swfparse.cpp
[top of section] [top] [index]
http://upx.sourceforge.net/ (Common
executable file compression scheme; analyse spamware, etc.)
http://datacompression.info/
(Compression resource)
[top of section] [top] [index]
To link to this page use: http://spamlinks.net/tools.htm
Last updated: 28 Agosto, 2019
If you have a link, a correction or any comment, please click here or sign the guestbook.