icon-carat-right menu search cmu-wordmark

Software and Tools

Access and download the software, tools, and methods that the SEI creates, tests, refines, and disseminates. Organizations and individuals worldwide use these technologies and management techniques to improve the results of software projects, the quality and behavior of software systems, and the security and survivability of networked systems.

Filter by

  • Collection of Static Analysis Assets

    Collection
    By None

    This collection contains materials on SEI’s research regarding how to improve alert systems in static analysis tools as well as the automation of these tools.

    DOWNLOAD
  • Capability-Based Software Cost Estimation (CaBSCE)

    By None

    The SEI is developing the Capability-Based Software Cost Estimation method to modernize cost estimation practices by aligning them with Agile and DevSecOps.

    DOWNLOAD
  • TEC ML Mismatch Detection Tool

    Software
    By The Software Engineering Institute

    The TEC tool compares information across descriptors and flags any mismatches or missing information.

    DOWNLOAD
  • Redemption: Automated Repair of Static Analysis Alerts

    Software
    By None

    The Redemption tool makes automated repairs to C and C++ source code based on defect alerts produced by static-analysis tools.

    DOWNLOAD
  • CERT NetSA Security Suite

    Software
    By None

    The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data.

    DOWNLOAD
  • SCALe

    Software
    By None

    SCALe is a static analysis aggregation framework that has been developed mostly as a research prototype tool as part of the SEI’s research projects.

    DOWNLOAD
  • Alert Type Frequency Assessment of Open-Source Static Analysis Tools and Codebases

    Dataset
    By David Svoboda , Lori Flynn , William Klieber

    This dataset includes all the data needed to replicate and validate our frequency analysis of static analysis (SA) alerts produced using open-source SA tools on several OSS codebases.

    DOWNLOAD
  • Mothra

    Software
    By None

    Mothra is a collection of libraries and tools for working with network flow data in the Apache Spark large-scale data analytics engine.

    DOWNLOAD
  • Juneberry

    Software
    By None

    Juneberry automates the training, evaluation, and comparison of multiple ML models against multiple datasets.

    DOWNLOAD
  • CERT Kaiju

    Software
    By None

    CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite.

    DOWNLOAD
  • Mission-Based Prioritization Tool (Coded)

    Software
    By None

    An alternate version of the tool to implement the mission-based prioritization of agile backlogs that includes a small amount of Visual Basic code that creates a tab containing the sorted …

    DOWNLOAD
  • Mission-Based Prioritization Tool (Code Free)

    Software
    By None

    A no-frills tool to implement the mission-based prioritization of agile backlogs that accounts for restrictions on government computers; the results must be manually sorted.

    DOWNLOAD
  • KalKi Platform Main Repository

    Software
    By Sebastián Echeverría

    KalKi is an IoT platform for allowing untrusted IoT devices to connect to a network in a secure way, protecting both the IoT device and the network from malicious attackers.

    DOWNLOAD
  • SEI-ACE

    Software
    By Grace Lewis , Sebastián Echeverría

    SEI-ACE is an extension of the ACE Working Group proposal to support authentication and authorization of devices in disadvantaged environments.

    DOWNLOAD
  • Crucible

    Software
    By None

    Crucible is a modular framework for creating, deploying, and managing virtual environments to support training, education, and exercises.

    DOWNLOAD
  • DSOI-ALL / devops-microcosm

    Software
    By None

    This GitHub guide provides hands-on guidance to build a DevSecOps pipeline.

    DOWNLOAD
  • CWD Tools for Improving Cyber Simulations

    Collection
    By None

    Download the open source software tools that the SEI developed to create realistic cyber simulations or access information to learn more about each one.

    DOWNLOAD
  • IRL Demo

    Software
    By None

    The IRL demo is an interactive demonstration of Maximum Causal Entropy Inverse Reinforcement Learning (MCEIRL).

    DOWNLOAD
  • SCAIFE-API YAML Specification

    Software
    By None

    The YAML file specifies the SCAIFE-API definition in a format developers can use to view, modify, and automatically generate code from.

    DOWNLOAD
  • Foundry

    Software
    By None

    Foundry is a training asset management portal that organizations can customize to meet unique training needs and that training providers can share content on.

    DOWNLOAD
  • GHOSTS

    Software
    By None

    GHOSTS is a non-player character (NPC) orchestration generator that creates a range of realistic characters who produce network traffic that appears authentic.

    DOWNLOAD
  • TopoMojo

    Software
    By None

    TopoMojo is a topology build and management tool that provides users with the same functionality and connectivity they would experience with real, physical devices.

    DOWNLOAD
  • Supplementary Materials for a Case Study of Analysis Contracts with the ACTIVE tool

    Dataset
    By None

    This archive contains the source code of the ACTIVE tool, and models/data from a case study of analysis contracts in two domains: thread scheduling, and battery design.

    DOWNLOAD
  • WELLE-D

    Software
    By None

    WELLE-D is a wireless traffic transport for wired networks that you can use to create a realistic, virtual wireless network environment.

    DOWNLOAD
  • vTunnel

    Software
    By None

    vTunnel is a traffic proxy between guest and host networks that allows certain network activity, such as scoring mechanisms, to remain hidden from trainees.

    DOWNLOAD
  • Analysis Pipeline

    Software
    By None

    The Analysis Pipeline supports inspection of flow records as they are created.

    DOWNLOAD
  • CERT Vulnerability Data Archive and Tools

    Dataset
    By Allen D. Householder

    CERT archive of non-sensitive vulnerability information in the vulnerability reports database.

    DOWNLOAD
  • ADIA

    Software
    By None

    ADIA is a VMware-based appliance used for small-to-medium sized digital investigations.

    DOWNLOAD
  • TopGen

    Software
    By None

    TopGen is a virtualized application service simulator for offline exercise and training networks.

    DOWNLOAD
  • GreyBox

    Software
    By None

    GreyBox is a single-host Internet emulator that delivers the experience of connecting to the real Internet so you can avoid the risks of connecting to live systems in your training …

    DOWNLOAD
  • SeaHorn

    Software
    By None

    SeaHorn is an automated analysis framework for LLVM-based languages.

    DOWNLOAD
  • CERT Linux Forensics Tools Repository

    Software
    By None

    The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners.

    DOWNLOAD
  • CERT YAF

    Software
    By None

    YAF, Yet Another Flowmeter, processes packet data from PCAP(3) dump files and exports the flows to IPFIX Collecting Processes or an IPFIX-based file format.

    DOWNLOAD
  • CERT fixbuf

    Software
    By None

    CERT fixbuf is a compliant implementation of the IPFIX Protocol.

    DOWNLOAD
  • CERT super_mediator

    Software
    By None

    CERT super_mediator is an IPFIX mediator for use with the YAF and SiLK tools.

    DOWNLOAD
  • MADARA

    Software
    By None

    MADARA is general-purpose middleware used for distributed timing, control, knowledge and reasoning, and quality-of-service.

    DOWNLOAD
  • GAMS

    Software
    By None

    GAMS is a distributed operating environment that controls one or more unmanned autonomous systems (UAS).

    DOWNLOAD
  • Pharos

    Software
    By None

    Pharos is a static binary analysis framework that facilitates the automated analysis of binary programs.

    DOWNLOAD
  • CLANG

    Software
    By None

    CERT Thread Safety Analysis in Clang is a tool that uses annotations to declare and enforce thread safety policies in C and C++ programs.

    DOWNLOAD
  • Clang-Tidy

    Software
    By None

    Clang-Tidy is Clang-based C++ "linter" tool that provides an extensible framework for diagnosing and fixing typical programming errors.

    DOWNLOAD
  • Big Grep

    Software
    By None

    BigGrep is a tool used to index and search a large corpus of binary files and uses a probabilistic N-gram based approach to balance index size and search speed.

    DOWNLOAD
  • CERT Tapioca

    Software
    By None

    CERT Tapioca is a network-layer MITM proxy utility that checks for apps that fail to validate certificates and investigates content of network traffic, including HTTP and HTTPS.

    DOWNLOAD
  • CERT SiLK IPset

    Software
    By None

    CERT SiLK IPset can be used to build and manipulate IPset files.

    DOWNLOAD
  • CERT SiLK

    Software
    By None

    SiLK is a collection of traffic analysis tools used to facilitate security analysis of large networks.

    DOWNLOAD
  • CERT pyfixbuf

    Software
    By None

    CERT pyfixbuf is a Python API for libfixbuf that can be used to write applications that collect and export IPFIX.

    DOWNLOAD
  • CERT snarf

    Software
    By None

    CERT snarf is a distributed alert reporting system that sends send network alert messages.

    DOWNLOAD
  • Nabu

    Software
    By None

    Nabu is a tool based on the work of NetSimile used for parsing, constructing, and comparing the structural graphs of a large collection of PDF documents.

    DOWNLOAD
  • PDFrankenstein

    Software
    By None

    PDFrankenstein is a Python tool for bulk malicious PDF feature extraction.

    DOWNLOAD
  • Insider Threat Test Dataset

    Dataset
    By None

    The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.

    DOWNLOAD
  • DMPLC

    Software
    By None

    DMPLC is the compiler for the DART Modeling and Programming Language (DMPL).

    DOWNLOAD
  • DART

    Software
    By None

    DART combines model-driven development with evidence-generating analysis for engineering high-assurance software.

    DOWNLOAD
  • CERT BFF

    Software
    By None

    CERT BFF is a software-testing tool that finds defects in applications that run on Microsoft Windows, Linux, Mac OS X, and other unix-like platforms.

    DOWNLOAD
  • Automated Assurance of Security Policy Enforcement (AASPE)

    Software
    By None

    AASPE is a set of modeling tools for security analysis and a code generator to produce code for the seL4 platform from AADL models.

    DOWNLOAD
  • Error Model Version 2

    Software
    By None

    The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset.

    DOWNLOAD
  • gbtl

    Software
    By None

    gbtl is a library that provides GraphBLAS API in C++ and common graph algorithms built on top of it.

    DOWNLOAD
  • CERT netsa-python

    Software
    By None

    The netsa-python library is a collection of Python routines and frameworks to use when developing analyses using the SiLK toolkit.

    DOWNLOAD
  • CERT iSiLK

    Software
    By None

    iSiLK is a graphical front-end for the SiLK tools, designed to work with an existing installation of the SiLK analysis suite.

    DOWNLOAD
  • bgpuma

    Software
    By None

    bgpuma is a tool that looks through BGP update files quickly to find direct matches for CIDR blocks and CIDR blocks that contain the initial set and are contained by …

    DOWNLOAD
  • QuaBaseBD

    Software
    By None

    QuABaseBD is a linked collection of computer science and software engineering knowledge used specifically for designing big data systems with NoSQL databases.

    DOWNLOAD
  • CERT Orcus

    Software
    By None

    Orcus is a system for analyzing passively-collected DNS information. It includes a capability for analyzing all DNS information that has been seen (the “resource record database”), as well as a …

    DOWNLOAD
  • Spacer

    Software
    By None

    Spacer is an algorithmic framework for SMT-based software model checking using proofs and counterexamples.

    DOWNLOAD
  • MZSRM

    Software
    By None

    MZSRM is a zero-slack rate monotonic scheduler that has been simplified for verification.

    DOWNLOAD
  • ERACES

    Software
    By None

    ERACES is a collection of methods and tools for reducing complexity in software models.

    DOWNLOAD
  • KD-Cloudlet

    Software
    By None

    Cloudlets are discoverable, generic, stateless servers located in single-hop proximity of mobile devices that can operate in disconnected mode and are virtual-machine based.

    DOWNLOAD
  • Rosecheckers

    Software
    By None

    Rosecheckers is a tool that performs static analysis on C/C++ source files to enforce the rules in the CERT C Coding Standard.

    DOWNLOAD
  • Architecture Analysis and Design Language (AADL) Tool

    Software
    By None

    AADL provides a framework for analyzing system designs and supports architecture-centric, model-based development through the system lifecycle.

    DOWNLOAD
  • CERT Dranzer

    Software
    By None

    Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls.

    DOWNLOAD
  • GDB 'Exploitable' Plugin

    Software
    By Jonathan Foote

    The GDB 'exploitable' plugin can be used to assist software vendors and analysts in identifying the impact of defects.

    DOWNLOAD
  • DidFail

    Software
    By None

    DidFail uses static analysis to detect potential leaks of sensitive information within a set of Android apps.

    DOWNLOAD
  • MCDA

    Software
    By None

    MCDA formally verifies the correctness, safety or other critical properties of distributed algorithm implementations before they are deployed.

    DOWNLOAD
  • CERT Prism

    Software
    By None

    Prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by SiLK's rwfilter tool.

    DOWNLOAD
  • Compiler-Enforced Buffer Overflow Elimination

    Software
    By None

    This tool prevents buffer overflows from succeeding in multithreaded code using static and dynamic analysis.

    DOWNLOAD
  • OSATE

    Software
    By None

    OSATE is an open-source tool platform to support AADL.

    DOWNLOAD
  • CERT Stix2Cif

    Software
    By None

    CERT Stix2Cif parses STIX/Cybox documents into JSON CIF feed files with corresponding configuration files and feeds them to CIF.

    DOWNLOAD
  • CERT Triage Tools

    Software
    By None

    CERT Triage Tools consist of a triage script and a GNU Debugger (GDB) extension named 'exploitable' that classify Linux application defects by severity.

    DOWNLOAD
  • CERT Cif2Stix

    Software
    By None

    CERT Cif2Stix is a plug-in for CIF that takes JSON object or file inputs and outputs STIX/CyBox documents.

    DOWNLOAD
  • CERT Rayon

    Software
    By None

    CERT Rayon is a Python library and set of tools that generates basic two-dimensional statistical visualizations.

    DOWNLOAD
  • Controls Systems Code Samples Download

    Software
    By None

    The Controls Systems Code Samples help an organization protect text-based intellectual property, including source code repositories.

    DOWNLOAD
  • CERT FOE

    Software
    By None

    Failure Observation Engine (FOE) is a mutational file-based fuzz testing tool for finding defects in applications that run on the Windows platform.

    DOWNLOAD
  • CERT JIRA Plugins

    Software
    By None

    CERT JIRA Plugins consist of Automated Task Creator, Email Attachment Handler, and Common Code.

    DOWNLOAD
  • Secure Coding Validation Suite

    Software
    By None

    The Secure Coding Validation Suite is a tool that performs a set of tests to validate the rules defined in ISO Technical Specification 17961.

    DOWNLOAD
  • Smart Grid Maturity Model Assets Collection (SGMM), Version 1.2

    Collection
    By None

    These are the assets related to version 1.2 of the Smart Grid Maturity Model.

    DOWNLOAD
  • CERT SQUARE for Privacy (P-SQUARE)

    Software
    By None

    P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.

    DOWNLOAD
  • CERT IPA

    Software
    By None

    CERT IPA is an IP address annotation system that provides a repository of IP address information and related tools for accessing the data.

    DOWNLOAD
  • CERT SQUARE for Acquisition (A-SQUARE)

    Software
    By None

    SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.

    DOWNLOAD
  • Copper

    Software
    By None

    Copper is a software model checker that can be used to verify whether a concurrent C program satisfies its safety, reliability, or security requirements.

    DOWNLOAD
  • Acquisition Strategy Development Tool

    Software
    By None

    The Acquisition Strategy Development Tool is a customized Excel workbook that helps acquisition planners work through their method and techniques.

    DOWNLOAD