HPE Software Products: Web Security Research Group
Share |

{DOWNLOAD LINK } HP SWFScanOpen in a New Window


I can't find the download link for HP SWFScan

can anybody send me that 



Regards Noman



SWFScan Download linkOpen in a New Window

Can any body please provide me this version download link HP SwfScan





SWFSCANOpen in a New Window

Are there any download links available for SWFSCAN?


SWFSCANOpen in a New Window



The SWFSCAN download link on HP site seems to be broken. Where can I download another copy?





Backstage at Discover ViennaOpen in a New Window

Want more from HP Discover Vienna? Get the latest updates from Backstage at Discover Vienna with daily recap videos, blogs, hot topics and more.


Download link for swfscan on HP seems broken, but it's EASY to find trojaned versions elsewhere.Open in a New Window

But when I google for it elsewhere, there seem to be PLENTY of trojaned copies available.  Please protect your community and publish a safe version on your site again.

Dead link:




Where can i download SWFScan?Open in a New Window

Just like the topic says, where i can download swfscan? i need it to test my flash applications, thanks to any help you can give me.


HP SWF Scan Tool has no User GuideOpen in a New Window



1) Though it seems user friendly, there is no user guide provided by HP.


2) How to start? or what are prerequisites to work with SWF in this tool no info available.


Please help me if anyone knows.


I've issues in this.


swf shows up blank on decompilingOpen in a New Window


We have recently migrated from flex sdk 3.5 to 4.1

After this migration one of the swf files is showing up blank on decompilation because of which there is nothing for Swfscan to analyze.

What can be the possible cause of this??? Does Swf scan has some compatibiltiy issues with flex sdk 4.1???

Any help is appreciated.





Are there any logs to explain why: "Failed to decompile source" ?Open in a New Window

I read the FAQ, it didn't help me. Can someone point us to a log file so that we can find out what needs to be done to get around this issue? Also we have the source in our hand, do we really need to decompile? Can't we just have the tool scan the source for vulnerabilities?


URL limited to 100 characters in SWFScan v1.0.Open in a New Window

I discovered that the URL field in SWFScan version 1.0 is limited to 100 characters.

To work around this the user would have to separately copy the desired SWF file to the hard drive, and then scan it with SWFscan from that location.  Use the yellow folder icon to the right of the URL field in order to browse the drives and locate the SWF file.


Can't download SwfScanOpen in a New Window


The download link just gives an javascript error.

Is there any alternative?

Regards / Jonas




How to scan Flash application protected by a login ?Open in a New Window

How do we scan flash applications protected by a login ? Does Swfscan support/have something like a login macro/script that can be used to direct the tool to scan the actual application ? I have been to the settings and do not find anything related.When I try to enter the url of the Flash applicaiton, it complains malformed flash application.(The URL, if entered in a browser redirects to a login page and once valid credentials are submitted takes us to the actual flash application.

Also are the features of SWFScan integrated to WebInspect 8.0 ?


SwfScan and preloadersOpen in a New Window

Our Flex app uses a preloader, and when we point SwfScan at our .swf, the only class it loads is the preloader.

Is there any way to evaluate the rest of the application, or do we need to remove the preloader for that?


FAQ for SWFScanOpen in a New Window

The original FAQ for SWFScan is in the blogs:  http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/hp-swfscan-faq.aspx?jumpid=reg_R1002_USEN

However, that research blog will be redirecting new questions to this SWFScan user forum.


Error loading AS2 SWFsOpen in a New Window

I've been trying to use SWFScan and it worked fine on my Flex 3 app, but none of my AS2-based SWFs (built using Flash 8) work.  Every time I try to load them I get an error stating:


"The Flash Application was malformed: Malformed data in SWF Header"


The SWFs themselves work fine, so I'm fairly certain there aren't any problems with the files.


Failed to Detect Insecure AllowDomin / AllowInsecureDomain SettingsOpen in a New Window

Overall, the tool is pretty good. But it missed a couple of issues that were detected manually during a recent assessment.

1) External XML loading (via URL in configpath) - not sure this is detectable via static anaylsis?

2) Security.allowDomain() issues - Security.allowDomain(“*”) and Security.allowInsecureDomain(“*”)


Why doesn't SWFScan recognize my SWF?Open in a New Window

I run a project called flXHR ( http://flxhr.flensed.com ) which is a flash proxy for client side, cross-domain Ajax calls. When I tried to open my flXHR.swf file with your tool, it complains about malformed headers and not being able to open it.

However, this SWF works just fine, it's used all over the place on my site and by others.  What's wrong?


Windows installation of SWFScanOpen in a New Window

  • SWFScan only runs on Windows. 

  • Will install to C:\Program Files\HP\SWFScan\

  • Will be listed on the Start Menu under All Programs > HP > SwfScan > "SwfScan 1.0"

  • I have attached the screen shots from a normal installation.


    Feature Request: Parse SWF's from HTML pagesOpen in a New Window

    Hey there guys and gal, great tool, if you plan on making any improvements it would be awesome if you could point it at a web page/site and have it parse out all the SWF's on a page and give you an option to then scan one or more of them with a quick click.

    Also the error message you get when you point SWFScan at a web site thinking this feature is already there isn't all that clear either, but hey it's a free tool right?

    Anyway, cool stuff!

    Contact Us

    Vivit Worldwide
    P.O. Box 18510
    Boulder, CO 80308

    Email: info@vivit-worldwide.org


    Vivit's mission is to serve
    the Hewlett Packard
    Enterprise User
    Community through
    Advocacy, Community,
    and Education.