Frequently (not yet) Asked Questions

Some questions/comments you might/could/should have.

What does Thorly do?

Thorly looks for security problems in flash files. This happens by running the submitted files against a database of known vulnerable files, followed by static and dynamic analysis of the Flash Application.

What kind of files can I check?

Generally all flash files, which commonly end in ".swf".

What kind of URLs can I submit?

At the moment only URLs leading directly to a flash file are retrieved. Functionality to crawl HTML-pages for swf-files might be exposed in the future.

Can I submit my ActionScript directly?

No, it only operates on build Flash Applications, which are needed to run dynamic tests.

Does it check for Malware?

No, not at the moment and it is also not the goal of this project. If you want to find out if your file contains malware, why don't try

Does it check for Waldemar?

No, who is that?

Other stuff

This totally didn't answer my question!

I only get errors and the links lead nowhere!

This is a work in progress, so some problems are to be expected. More content will come with time ... (maybe)

Can I submit vulnerabilities in flash files to you?

Sure, just send an email with URL to the flash file and PoC to [email protected]

So, how many flash files do you have in your database?

Too many, but not enough. Now more than a million.


There is no public API at the moment.