The CERT Triage Tools can be used to assist software vendors and analysts in identifying the impact of defects discovered through techniques such as fuzz testing and prioritizing their remediation in the software development process. The CERT Triage Tools include a GNU Debugger (GDB) extension called “exploitable” that classifies Linux application bugs by severity and a wrapper script for batch execution.
In 2009, Microsoft released a set of security extensions for the Windows debugger, including a command named !exploitable, that provides automated crash analysis and security risk assessment for software that runs on the Windows platform. Subsequently, Apple released a tool called CrashWrangler (Apple Developer Connection account required) to perform similar analysis on crash logs for software that runs on the Mac OS X platform. In the course of our vulnerability discovery work in developing the CERT Basic Fuzzing Framework, we noted the lack of such a tool for software that runs on the Linux platform. The CERT Triage Tools were developed to serve purposes similar to Microsoft’s !exploitable and Apple’s CrashWrangler on the Linux platform.
- Compatible 32-bit or 64-bit Linux
- GDB 7.2 or later
- Python 2.6 or later
You can download CERT Triage Tools here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- Cupid Media Hack Exposes 42 Million Passwords In Plain Text
- Linux Backdoor Fokirtor Injects Traffic Into SSH Protocol
- Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks
- Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool
- Penetration Testing vs Vulnerability Assessment
- PorkBind v1.3 – Nameserver (DNS) Security Scanner
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 222,957 views
- AJAX: Is your application secure enough? - 118,552 views
- eEye Launches 0-Day Exploit Tracker - 84,956 views