Security Research Tools

SecureWorks' Security Research Group has developed several security tools that are publicly available. All tools are released under the GNU General Public License (GPL) and are provided "as-is", with no warranty and no support.

Fess

Latest Version: 0.1
Fess is a Perl-based exploit scanner for email that uses a signature language similar to Snort IDS.

Foregone

Latest Version: 0.1
Foregone is a forensic file recovery tool written in Perl.

Mumsie

Latest Version: 0.1
Mumsie is the Malicious URL Monitor and Snort Injection Engine, a program used to log HTTP client request headers when Snort alerts on malicious content from a webserver.

Truman

Latest Version: 0.1
Truman is a "sandnet", a behavioral analysis system for malware that provides an Internet-like environment to the target, and doesn't depend on virtual machines.

Wind Pill

Latest Version: 1.0
Wind Pill is a tool that assists in automating the tasks involved in debugging the Windows kernel.

Caffeine Monkey

Latest Version: 0.5
Caffeine Monkey is a tool that helps researchers discover different ways hackers hide their malicious JavaScript. 

SecureWorks Snort Plug-in Pack

Latest Version: 0.2.0
The SecureWorks Snort Plug-in Pack is a collection of dynamic preprocessor plug-ins for the Snort intrusion detection and prevention system.

Untorpig

Latest Version: 2.4
Untorpig is a program for incident responders to decode/decrypt data stolen by the Torpig (Anserin, Sinowal, Mebroot) Trojan in HTTP traffic logs.