search menu icon-carat-right cmu-wordmark

CERT Division Releases Six Free Cyber Simulation Tools; Introductory Webcast March 13

CERT Division Releases Six Free Cyber Simulation Tools; Introductory Webcast March 13

February 21, 2019—The SEI's CERT Division has released a suite of open source and freely available tools for use in creating realistic Internet simulations for training and other purposes. The tools' creators will introduce the suite in a free webcast, Helping You Reach the Next Level of Security: 6 Free Tools for Creating a Cyber Simulator, on March 13 at 1:30 p.m. Eastern Daylight Time. This release continues the SEI’s practice of making open-source tools publicly and freely available for use by the software engineering community and others.

The SEI developed this set of prototype tools to improve the realism, efficiency, and cost-effectiveness of cybersecurity training. These tools are used in training and exercises it delivers on behalf of its sponsors, including the Department of Defense, the FBI, the NSA and other agencies.
Recently, the SEI’s sponsors approved the release of some of these tools as open source software, packaged binaries, or virtual appliances.

"Our sponsors wanted to broaden the availability of these cyber simulation tools," said Chris May, technical director of the CERT Division’s Workforce Development (CWD) Team. “We believe these tools can be of great help to developers of training scenarios and environments. They can expedite and simplify things for anyone needing to create realistic cyber simulations.”

CERT CWD has established an open source tools web site. Recent releases on the site include the following tools:

  • GHOSTS is a framework for automating and orchestrating non-player character activities. It enables advanced user activity simulation to enrich the realism of cyber exercises. The simulated characters that participants interact with can perform many functions, such as web browsing, executing terminal commands, sending emails, or managing office documents. The functions appear as if real people were performing them, and none can be traced back to the GHOSTS software directly, making the training experience more lifelike and convincing. 
  • GreyBox is a virtual machine that comprises self-contained emulation of the Internet, including 5000-plus websites, mail servers, BitCoin environments and other sites. It simulates not only the servers, but also the Internet infrastructure, with root and TLD DNS servers, a functional “whois” service, and a realistic Tier I web cloud, including emulation of BGP and AS numbers running the actual IP addresses deployed in the Internet backbone.
  • TopoMojo is a web application that simplifies virtual lab creation and deployment. This Linux-based virtual appliance jump launches virtual machine learning environments, including use of existing network topologies from a topology library, or creation of custom topologies to meet the specific requirements of a given user. Once created, the topologies come to life in the same TopoMojo platform, deploying network configurations and the associated host systems.  These deployed environments support training, testing, and many other possibilities. 
  • WELLE-D perfectly emulates 802.11 wireless communications in virtual environments, without creating any radio signals. WELLE-D enables system administrators to configure wireless access points and/or client systems running on a Linux kernel. The software creates actual 802.11 frames and passes them across a hidden channel so the traffic does not appear in the wired Ethernet environment. Because actual 802.11 frames are used in the communication between clients, an unparalleled level of realism exists, as all Wi-Fi attack tools can operate against the actual 802.11 traffic. WELLE-D allows your cyber workforce to perform realistic attack and defend scenarios in a cost-effective, safe, and controlled environment.
  • vTunnel allows for arbitrary IP traffic to be tunneled from a guest virtual machine through the hypervisor. This feature allows certain network activity to be removed from the game space. The reason for this is that you may not want game players to see certain network traffic, e.g. command and control or scoring activities.
  • TopGen is a virtualized application service simulator for offline exercise and training networks. It allows a single host (physical, VM, or container) to serve multiple co-hosted virtual services (such as multiple HTTP vHosts, DNS views, and/or virtual mail domains). A large number of host (/32) IP addresses, corresponding to each virtual application server (each website, nameserver, and mail gateway) are then added to the TopGen host’s loopback interface. This ensures that client traffic is delivered to the appropriate application server daemon, and that replies will originate from the correct source IP address.

To download these tools, visit for source code and documentation downloads, executables, and virtual machine .ova images.