• Load image into Gallery viewer, QuickSand.io
  • Load image into Gallery viewer, QuickSand.io


Regular price
Sale price
Regular price
Sold out
Unit price

QuickSand Framework Pricing 

The QuickSand Framework is a Python Module that can analyze PDFs and documents for exploits.

Malicious active content makes up over half of the current malware documents and the majority of PDF malware we've seen in 2020. Phishing attachments can lead to ransomeware, financial theft or serious espionage from foreign states. QuickSand can detect these threats at the earliest stages - use QuickSand to check emails as they arrive or use QuickSand as a tool to scan suspicious files reported by users that antivirus can't detect. Don't be a breach victim, use QuickSand to augment your antivirus and other security solutions.

QuickSand is a Python Module that can be run as a fully on-premise command line tool, be wrapped in a web/db interface, or integrated into other products. Provide a file or stream of data and receive a risk rating, decide yourself what level of risk to allow. From criminal to advanced Advanced Persistent Threat (APT) threats we can provide early detection of new emerging threats and malware with otherwise low commercial antivirus detection (where rates of 12-20% on VirusTotal is common for document malware). Add your own Yara signatures for exploits in decoded streams or to identify exploit kits.

Integrate the QuickSand module into your existing analysis processes or as a command line tool (CLI) to scan suspicious files. Try it out online at quicksand.io.


Unlimited instances within your organization. Email and telephone support.

Product Enterprise Year 2+
QuickSand.io Python Module and CLI $20000 USD  
Annual Maintenance   $10,000 USD


Single production instance for small organizations. Email support.

Product Single Year 2+
QuickSand.io Python Module and CLI $1995 USD  
Annual Maintenance   $995 USD

Use Cases

  • Detection: QuickSand can dig deeper into document streams and encodings to detect malware normal AV may miss.
  • Reduce Risk: Detect active content that could access private information within your organization.
  • Threat Intelligence: Use QuickSand's similarity features to identify documents from the same actors or exploit kit. Define attribution through TTPs.
  • Save Time: Use QuickSand results to determine the CVE vulnerability corresponding to the version or Office or PDF software to use in a Dynamic Sandbox to achieve exploitation so that network IOCs can be extracted.
  • Common Language: Determine exploits by CVE and Mitre Attack Techniques to map your adversary's TTPs quickly and efficiently.

QuickSand is an analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressions. QuickSand supports documents, PDFs, Mime/Email, Postscript and other common formats.

QuickSand supports Yara signatures within the decoded streams of documents and PDFs to identify exploits or high risk active content.