Tools and Downloads


PANBuster is a command-line tool allowing to easily search for credit card numbers stored in clear-text on a system.

As required by the PCI DSS standard, Primary Account Numbers (PAN) – also known as « credit card numbers » – must never be stored without strong encryption and a proper keys management.

PANBuster is provided to help PCI QSA, system administrators, developers, auditors and forensics identify clear-text PAN with minimum false-positive detections.


Features (Free version)

  • Linux compiled version
  • Mastercard, Visa, Amex card identification
  • Compressed files analysis without deflate
  • MySQL datafile, MSSQL (backup files only), PostgreSQL, Oracle (Dump).


Features (Pro version reserved to XMCO customers) 

  • Issuer and card brand identification (more than 1000 registered banks)
  • Windows (32-bits), OS X, Solaris, HP-UX
  • Source code available
  • Search depth configuration
  • Lookup for a specific PAN or BIN
  • CSV export
  • Folders exception
  • Blacklists / False-positive management

IMA (Identity Management Auditor)

IMA is an all-in-one tool to audit accounts, passwords and authorization.

IMA can audit and reverse passwords of the following technologies :

  • Microsoft Windows
  • Microsoft SQL Server
  • Oracle Database
  • Lotus Domino

IMA embeds Pwdump, a NTDS shadow dumper and John the Ripper engine.

To download IMA, drop us an email here :


WOLFY is a command-line forensics tool that allow  to perform quick checks on suspicious/compromised Windows systems.

WOLFY is written in C#, so the .NET framework 2.0 Service Pack 1 is required.