CERT Coordination Center (CERT/CC)'s Projects
AUTOCATS is the automated code analysis testing suite, used by projects like CERT Kaiju.
Content for the CERT Guide to Coordinated Vulnerability Disclosure
This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
Scanners for Jar files that may be vulnerable to CVE-2021-44228
A client and library to cve-services 2.x to provide CVE management for CNA and CERTs
Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls
This is CERT/CC's fork of the 'exploitable' GDB plugin. We're maintaining this for historical purposes, but not currently actively participating in its development. Please submit issues or pull requests to the main (jfoote's) project.
CERT/CC's fork of the official Exploit Database repository in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recognize gets the tag for that ID. Aside from adding git tags, we do not otherwise modify the code. Updates hourly.
Drills through git commit histories to find vulnerability IDs in change logs.
Automatically exported from code.google.com/p/ip6tables-configuration
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for this project -- file bug reports and wishes here!
A tool for finding and analyzing private (and public) key files, including support for Android APK files.
Come inside, and have a nice cup of tea.
Container-based environment for debugging and analyzing Linux kernels using QEMU and GDB
CERT/CC's fork of Metasploit Framework in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recognize gets the tag for that ID. Aside from adding git tags, we do not otherwise modify the code. Updates hourly.
Parser for the JSON database included in metasploit-framework that emits a CSV file of modules keyed by vulnerability IDs and references. NOTE: Superseded by git_vul_driller linked below.
Automated static analysis tools for binary programs. This is a "mirror"; please file tickets, bug reports, or pull requests at the upstream home in @cmu-sei: https://github.com/cmu-sei/pharos
Demangles C++ symbol names genarated by Microsoft Visual C++ in order to retrieve the original C++ declarations. This is a "mirror"; please file tickets, bug reports, or pull requests at the upstream home in @cmu-sei: https://github.com/cmu-sei/pharos-demangle
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Process Monitor filter for finding privilege escalation vulnerabilities on Windows
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
Stakeholder-Specific Vulnerability Categorization
Automatically build and run a custom kernel and crasher from a syzbot report
CERT Tapioca for MITM network analysis
TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
Documentation, examples, and other resources regarding analyzing EDK2 based UEFI firmware
VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.
With the hope that someone finds the data useful, we used to periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools