Open Source IT Security Tools by Core Security

Below is an index of projects that members of the CoreLabs team have pursued. Click on any title to access more information about the project.

Titlesort ascending Excerpt
Zombie 2.0: A web-application attack model

We analyzed the problems underlying the attack and penetration in the web...

XSS Agent

This project is about analyzing the problems underlying exploitation and...

wwtool

wwtool is a wireless scanning tool that uses the Windows Native WiFi API to...

WPSIG

It's a simple tool (written in Python) that does information gathering using...

WPA Migration Mode patches for aircrack-ng and Kismet

The WPA Migration Mode patches for the Aircrack-ng suite (aircrack-ng.org)...

wiwo (Wireless Workers)

What is wiwo?
wiwo is a distributed 802.11 monitoring...

Using neural networks for OS fingerprinting

The problem of remote Operating System (OS) Detection, also called OS...

Uhooker

The Universal Hooker is a tool to intercept execution of programs. It...

Turbodiff

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers...

Teaching Penetration Testing

We are devising lessons and tools for using in a class of information...

SQL Agent

We introduce the SQL Agent technique and implementation, an efficient...

Sentinel

Sentinel is a command line tool able to protect Windows 32 bit programs...

SDT Cleaner

SDT Cleaner is a tool that intends to clean the SSDT (system service...

PyLorcon2

PyLorcon2 is a wrapper that allows using the Lorcon2 - Loss of Radio...

PyCodin

PyCodin is an open source Python library that allows instrumentation of low-...

Public-Key Cryptography Based on Polynomial Equations

One of the challenges public-key cryptography faces is the absence of...

Protocol design flaws

Aside from the traditional vulnerability analysis in which we explore known...

Pass-The-Hash Toolkit

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon...

Open XML Advisory Format

Open XML Advisory Format is an XML format developed to assist researchers...

Non-Euclidean Ring Data Scrambler (NERDS) public-key encryption

With the advent of PDAs and other constrained computing environments come...

ND2DB Attack

Within this project we research a new attack technique that allows...

MSyslog

MSyslog is a logging subsystem for UNIX operating systems. It replaces the...

MD5 collisions

After Dr. Wang presented the MD5 collisions at Crypto '05, Gera's researched...

IterDe

While reversing code there's usually a common limitation in testing the new...

iPhoneDbg Toolkit

This set of tools will enable you to delve into iPhone Binary Reversing....

InlineEgg

InlineEgg is a Python module that provides the user with a toolbox of...

Heappie

Heappie! is an exploit-writing-oriented memory analysis tool. It assists...

Gfuzz

Gfuzz is a web application fuzzing environment which combines fine-grained...

Exomind

The proliferation of social network services has produced an extensive...

eXait

eXait is a benchmark-like tool to test all the anti-instrumentation...

CORETEX

Coretex is a series of programming competitions organized by Core in...

Core Wisdom

CORE WISDOM is a suite of tools designed for the secure auditing of...

CORE TRUSS and Secure Triggers

This project relates to a software protection framework that we designed....

CORE GRASP

CORE GRASP is a web application protection software technique designed by ...

CORE FORCE

CORE FORCE® is a free comprehensive endpoint security solution for Windows...

Core CloudInspect

We are concerned with using the elasticity of public clouds to improve the...

Bugweek

The Bugweek is a research activity wherein the security professionals in the...

Bug Reproducer Assistant

Bug-reproducer Assistant is a tool that extracts behavior from live running...

BIOS rootkits

Traditionally rootkit research has focused on accomplishing...

Aureliax

Aureliax shows differences between decompiled functions. It displays their...

Attacker-centric Risk Assessment Metrics

Risk assessment can be used to measure the security posture of an...

Attack Simulation

Computer systems and networks are exposed to attacks on a daily basis. IT...

Attack Planning

Today penetration testing is a highly manual practice, which requires an...

Attack Payloads

Crypto and standard attack techniques can be combined with payload...

Agafi

Agafi (Advanced Gadget Finder) is a x86 gadget-finder tool useful to find...