CERT Coordination Center (CERT/CC)

All

33 repositories

labyrinth
Public
Come inside, and have a nice cup of tea.
Other
•35•98•12•0•Updated Nov 10, 2024Nov 10, 2024
metasploit-framework
Public
CERT/CC's fork of Metasploit Framework in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recognize gets the tag for that ID. Aside from adding git tags, we do not otherwise modify the code. Updates hourly.
cve vulnerability-identification cve-searchsploit cve-search cves vulnerability-intelligence
Ruby
•
Other
•14k•2•0•0•Updated Nov 8, 2024Nov 8, 2024
Vultron
Public
Vultron is a protocol for Coordinated Vulnerability Disclosure
prototype protocol vulnerability activitypub cvd vulnerability-reports activitystreams-vocabulary vulnerability-disclosure vulnerability-response vulnerability-disclosure-policies
Python
•
Other
•2•10•4•0•Updated Nov 7, 2024Nov 7, 2024
CERT-Guide-to-CVD
Public
Content for the CERT Guide to Coordinated Vulnerability Disclosure
vulnerability vulnerability-management vulnerability-analysis cvd vulnerability-reports vulnerability-disclosure vulnerability-response vulnerability-disclosure-policies vulnerability-disclosure-program
Shell
•
Other
•5•7•14•0•Updated Nov 7, 2024Nov 7, 2024
kaiju
Public
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for this project -- file bug reports and wishes here!
reverse-engineering binary-analysis ghidra
Java
•
Other
•30•269•5•0•Updated Nov 7, 2024Nov 7, 2024
SSVC
Public
Stakeholder-Specific Vulnerability Categorization
vulnerability vulnerabilities decision-trees vulnerability-management decision-support prioritization
Python
•
Other
•32•128•67•0•Updated Nov 4, 2024Nov 4, 2024
VINCE
Public
VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.
api coordination csirt vulnerability vulnerability-management vulnerability-identification psirt python django cert
Python
•
Other
•24•59•15•0•Updated Oct 28, 2024Oct 28, 2024
exploitdb
Public
CERT/CC's fork of the official Exploit Database repository in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recognize gets the tag for that ID. Aside from adding git tags, we do not otherwise modify the code. Updates hourly.
cve vulnerability-identification cve-searchsploit cve-search cves vulnerability-intelligence
C
•
GNU General Public License v2.0
•1.9k•7•0•0•Updated Oct 2, 2024Oct 2, 2024
PoC-Exploits
Public archive
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
exploits poc vulnerabilities
Python
•
BSD 3-Clause "New" or "Revised" License
•47•181•0•0•Updated May 15, 2024May 15, 2024
tapioca
Public archive
CERT Tapioca for MITM network analysis
mitm http-proxy tapioca wireshark mitmproxy transparent-proxy ssl-inspection ssl-interception
Python
•
Other
•26•181•0•0•Updated May 15, 2024May 15, 2024
metasploit_json_parser
Public archive
Parser for the JSON database included in metasploit-framework that emits a CSV file of modules keyed by vulnerability IDs and references. NOTE: Superseded by git_vul_driller linked below.
metadata threatintel metasploit-framework vulnerability-assessment metasploit threat-intelligence metasploit-framework-database vulnerability-research metasploit-automation
Python
•
MIT License
•0•2•0•2•Updated May 15, 2024May 15, 2024
Vulnerability-Data-Archive-Tools
Public archive
Tools for working with the CERT Vulnerability Data Archive. See also https://github.com/CERTCC/Vulnerability-Data-Archive
python vulnerability-data
Python
•
Other
•15•19•0•0•Updated May 14, 2024May 14, 2024
Vulnerability-Data-Archive
Public archive
With the hope that someone finds the data useful, we used to periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools
threat cert vulnerability threatintel cve threat-analysis threat-intelligence vulnerability-report vulnerability-data vulnerability-notes
Other
•25•88•0•0•Updated May 14, 2024May 14, 2024
pharos
Public
Automated static analysis tools for binary programs. This is a "mirror"; please file tickets, bug reports, or pull requests at the upstream home in @cmu-sei: https://github.com/cmu-sei/pharos
C++
•
Other
•190•5•0•0•Updated Apr 29, 2024Apr 29, 2024
vulnerability_disclosure_policy_templates
Public archive
A collection of templates for generating vulnerability disclosure policies. (NOTE: As of 2024, these templates are now part of the CERT Guide to Coordinated Vulnerability Disclosure, see link in README.)
vulnerability disclosure cvd-policy vulnerability-disclosure disclosure-policy vulnerability-disclosure-policies
MIT License
•4•9•0•0•Updated Apr 25, 2024Apr 25, 2024
.github
Public
0•0•0•0•Updated Apr 16, 2024Apr 16, 2024
certfuzz
Public archive
This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
fuzzing fuzz-testing cert foe bff
Python
•
Other
•58•263•0•0•Updated Apr 11, 2024Apr 11, 2024
SBOM
Public
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
bill-of-materials sbom sbom-generator
JavaScript
•
MIT License
•16•57•2•0•Updated Apr 8, 2024Apr 8, 2024
cveClient
Public
A client and library to cve-services 2.x to provide CVE management for CNA and CERTs
JavaScript
•
Other
•7•18•0•0•Updated Aug 22, 2023Aug 22, 2023
keyfinder
Public archive
A tool for finding and analyzing private (and public) key files, including support for Android APK files.
Python
•44•266•0•0•Updated Nov 7, 2022Nov 7, 2022
CVE-2021-44228_scanner
Public archive
Scanners for Jar files that may be vulnerable to CVE-2021-44228
PowerShell
•
BSD 2-Clause "Simplified" License
•89•344•0•0•Updated Mar 23, 2022Mar 23, 2022
git_vul_driller
Public
Drills through git commit histories to find vulnerability IDs in change logs.
Jupyter Notebook
•
MIT License
•2•3•0•0•Updated Feb 24, 2022Feb 24, 2022
Linux-Kernel-Analysis-Environment
Public archive
Container-based environment for debugging and analyzing Linux kernels using QEMU and GDB
Shell
•
MIT License
•3•5•0•0•Updated Nov 4, 2021Nov 4, 2021
Syzbot-Repro-Runner
Public archive
Automatically build and run a custom kernel and crasher from a syzbot report
Python
•
MIT License
•1•1•0•0•Updated Nov 4, 2021Nov 4, 2021
UEFI-Analysis-Resources
Public archive
Documentation, examples, and other resources regarding analyzing EDK2 based UEFI firmware
PHP
•
MIT License
•1•6•0•0•Updated Nov 4, 2021Nov 4, 2021
autocats
Public
AUTOCATS is the automated code analysis testing suite, used by projects like CERT Kaiju.
C++
•3•1•0•0•Updated Oct 19, 2021Oct 19, 2021
exploitable
Public archive
This is CERT/CC's fork of the 'exploitable' GDB plugin. We're maintaining this for historical purposes, but not currently actively participating in its development. Please submit issues or pull requests to the main (jfoote's) project.
Python
•
Other
•119•2•0•0•Updated Jul 6, 2021Jul 6, 2021
privesc
Public archive
Process Monitor filter for finding privilege escalation vulnerabilities on Windows
9•78•0•0•Updated Jun 9, 2021Jun 9, 2021
pharos-demangle
Public
Demangles C++ symbol names genarated by Microsoft Visual C++ in order to retrieve the original C++ declarations. This is a "mirror"; please file tickets, bug reports, or pull requests at the upstream home in @cmu-sei: https://github.com/cmu-sei/pharos-demangle
C++
•
Other
•12•1•0•0•Updated Jun 25, 2020Jun 25, 2020
trommel
Public archive
TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
Python
•
Other
•47•207•0•0•Updated Jun 23, 2020Jun 23, 2020