07 June 2012 | 1,612 views

CERT Triage Tools – Vulnerability Impact Assessment Tool

Cyber Raptors Hunting Your Data?

The CERT Triage Tools can be used to assist software vendors and analysts in identifying the impact of defects discovered through techniques such as fuzz testing and prioritizing their remediation in the software development process. The CERT Triage Tools include a GNU Debugger (GDB) extension called “exploitable” that classifies Linux application bugs by severity and a wrapper script for batch execution.

In 2009, Microsoft released a set of security extensions for the Windows debugger, including a command named !exploitable, that provides automated crash analysis and security risk assessment for software that runs on the Windows platform. Subsequently, Apple released a tool called CrashWrangler (Apple Developer Connection account required) to perform similar analysis on crash logs for software that runs on the Mac OS X platform. In the course of our vulnerability discovery work in developing the CERT Basic Fuzzing Framework, we noted the lack of such a tool for software that runs on the Linux platform. The CERT Triage Tools were developed to serve purposes similar to Microsoft’s !exploitable and Apple’s CrashWrangler on the Linux platform.


  • Compatible 32-bit or 64-bit Linux
  • GDB 7.2 or later
  • Python 2.6 or later

You can download CERT Triage Tools here:


Or read more here.


Recent in Exploits/Vulnerabilities:
- The Jeep HACK – What You Need To Know
- Dharma – Generation-based Context-free Grammar Fuzzing Tool
- Hacking Team Hacked – What You Need To Know

Related Posts:
- RAWR – Rapid Assessment of Web Resources
- Penetration Testing vs Vulnerability Assessment
- Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool

Most Read in Exploits/Vulnerabilities:
  • Learn to use Metasploit – Tutorials, Docs & Videos - 231,338 views
  • AJAX: Is your application secure enough? - 119,636 views
  • eEye Launches 0-Day Exploit Tracker - 85,264 views

  • Low-cost VPS Hosting

    3 Responses to “CERT Triage Tools – Vulnerability Impact Assessment Tool”

    1. UndiFineD 8 June 2012 at 5:47 am Permalink

      CERT_triage_tools-1.01$ python triage.py chromium-browser
      Traceback (most recent call last):
      File “triage.py”, line 200, in
      results = Triager().triage(cmd, args, opts.verbose)
      File “triage.py”, line 148, in triage
      subprocess.call(shlex.split(call), stdout=file(os.devnull, ‘w’))
      File “/usr/lib/python2.7/subprocess.py”, line 493, in call
      return Popen(*popenargs, **kwargs).wait()
      File “/usr/lib/python2.7/subprocess.py”, line 679, in __init__
      errread, errwrite)
      File “/usr/lib/python2.7/subprocess.py”, line 1249, in _execute_child
      raise child_exception
      OSError: [Errno 2] No such file or directory


      $ locate chromium-browser

    2. Eli 9 June 2012 at 3:44 am Permalink

      Looks like it doesn’t want to work with Pythonv3.2.3. They changed some functions around; will more than likely submit a patch.

    3. Darknet 11 June 2012 at 8:00 am Permalink

      Yah I always have problems with Python versions too, submit a patch – perhaps they can do something about it.