Open Source IT Security Tools by Core Security

Below is an index of projects that members of the CoreLabs team have pursued. Click on any title to access more information about the project.

Title Excerpt
wiwo (Wireless Workers)

What is wiwo?


Agafi (Advanced Gadget Finder) is a x86 gadget-finder tool useful to find gadgets in programs, modules and running processes.

Protocol design flaws

Aside from the traditional vulnerability analysis in which we explore known attack vectors (e.g., buffer overflows, injection vulnerabilities) we are also in

Bug Reproducer Assistant

Bug-reproducer Assistant is a tool that extracts behavior from live running code (Python or C++), generating a program equivalent to the original, but only w

Attack Simulation

Computer systems and networks are exposed to attacks on a daily basis.


CORE GRASP is a web application protection software technique designed by A. Futoransky, E. Gutesman, D. Tiscornia and A. Waissbein from CoreLabs.

Core Wisdom

CORE WISDOM is a suite of tools designed for the secure auditing of information systems.


Coretex is a series of programming competitions organized by Core in Argentina.

Attack Payloads

Crypto and standard attack techniques can be combined with payload engineering to create dangerous botnet attacks that leverage the size of the botnet, or in


Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using 


InlineEgg is a Python module that provides the user with a toolbox of classes for writing small assembly programs.

Public-Key Cryptography Based on Polynomial Equations

One of the challenges public-key cryptography faces is the absence of schemes that are secure as well as practical.

A Penetration Testing Research Framework

Penetration testing remains a required practice for the security-aware professional for assessing the security of their infraestructure.


PyLorcon2 is a wrapper that allows using the Lorcon2 - Loss of Radio CONectivity (available here) library (writte

Attacker-centric Risk Assessment Metrics

Risk assessment can be used to measure the security posture of an organization.


Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses.


The Bugweek is a research activity wherein the security professionals in the company, from developers to exploit writers and QA analysts, dedicate an entire


The proliferation of social network services has produced an extensive leakage of private information.

XSS Agent

This project is about analyzing the problems underlying exploitation and post exploitation of cross-site scripting (xss) vulnerabilities in the web applicati

Attack Planning

Today penetration testing is a highly manual practice, which requires an knowledgeable operator with the right toolset.

BIOS rootkits

Traditionally rootkit research has focused on accomplishing persistence and stealthiness with software running at the user or kernel level within a


Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.

Zombie 2.0: A web-application attack model

We analyzed the problems underlying the attack and penetration in the web application scenario.

Core CloudInspect

We are concerned with using the elasticity of public clouds to improve the deepness and coverage of penetration testing techniques.

Teaching Penetration Testing

We are devising lessons and tools for using in a class of information security students.