Open Source IT Security Tools by Core Security
Below is an index of projects that members of the CoreLabs team have pursued. Click on any title to access more information about the project.
View our updated open source tools at Fortra GitHub
| Title | Excerpt |
|---|---|
| ND2DB Attack | Within this project we research a new attack technique that allows extraction of selected database content relying only on the attackers ability to perform d |
| Non-Euclidean Ring Data Scrambler (NERDS) public-key encryption | With the advent of PDAs and other constrained computing environments come new security requirements that are not compliant with RSA and other typically trust |
| Impacket | We're excited to welcome Impacket to Fortra's open source portfolio. |
| SQL Agent | We introduce the SQL Agent technique and implementation, an efficient translator from SQL to HTTP requests, that we use for removing the burden in the exploi |
| Teaching Penetration Testing | We are devising lessons and tools for using in a class of information security students. |
| Core CloudInspect | We are concerned with using the elasticity of public clouds to improve the deepness and coverage of penetration testing techniques. |
| Zombie 2.0: A web-application attack model | We analyzed the problems underlying the attack and penetration in the web application scenario. |
| Turbodiff | Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries. |
| BIOS rootkits | Traditionally rootkit research has focused on accomplishing persistence and stealthiness with software running at the user or kernel level within a |
| Attack Planning | Today penetration testing is a highly manual practice, which requires an knowledgeable operator with the right toolset. |
| XSS Agent | This project is about analyzing the problems underlying exploitation and post exploitation of cross-site scripting (xss) vulnerabilities in the web applicati |
| Exomind | The proliferation of social network services has produced an extensive leakage of private information. |
| Bugweek | The Bugweek is a research activity wherein the security professionals in the company, from developers to exploit writers and QA analysts, dedicate an entire |
| Sentinel | Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. |
| Attacker-centric Risk Assessment Metrics | Risk assessment can be used to measure the security posture of an organization. |
| PyLorcon2 | PyLorcon2 is a wrapper that allows using the Lorcon2 - Loss of Radio CONectivity (available here) library (writte |
| A Penetration Testing Research Framework | Penetration testing remains a required practice for the security-aware professional for assessing the security of their infrastructure. |
| Public-Key Cryptography Based on Polynomial Equations | One of the challenges public-key cryptography faces is the absence of schemes that are secure as well as practical. |
| InlineEgg | InlineEgg is a Python module that provides the user with a toolbox of classes for writing small assembly programs. |
| Gfuzz | Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using |
| Attack Payloads | Crypto and standard attack techniques can be combined with payload engineering to create dangerous botnet attacks that leverage the size of the botnet, or in |
| CORETEX | Coretex is a series of programming competitions organized by Core in Argentina. |
| Core Wisdom | CORE WISDOM is a suite of tools designed for the secure auditing of information systems. |
| CORE GRASP | CORE GRASP is a web application protection software technique designed by A. Futoransky, E. Gutesman, D. Tiscornia and A. Waissbein from CoreLabs. |
| Attack Simulation | Computer systems and networks are exposed to attacks on a daily basis. |