This page lists open source software released by the Cybersecurity mission at NSA and also hosts a code.gov code.json code inventory file. See the Open Source @ NSA web site and the NSA Technology Transfer Program web site for more information about open source software released by NSA.
Configuration guidance for implementing application whitelisting with AppLocker.
Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found
Configuration guidance for implementing BitLocker.
Identifies unexpected and prohibited certificate authority certificates on Windows systems.
- Source: https://github.com/nsacyber/Certificate-Authority-Situational-Awareness
- Website: https://splunkbase.splunk.com/app/3113
Creates a code.gov code inventory JSON file based on GitHub repository information
A proposed hardware-based method for stopping known memory corruption exploitation techniques.
Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361
Blocks drivers from loading by using a name collision technique
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding.
An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi.
- Source: https://github.com/nsacyber/goSecure
- Website: https://nsacyber.github.io/goSecure
Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments.
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance.
Trusted Computing based services supporting TPM provisioning and supply chain validation concepts.
- Source: https://github.com/nsacyber/HIRS
- Website: https://github.com/nsacyber/HIRS/wiki
Aids in discovering HTTP and HTTPS connectivity issues
A static code analysis tool, part of the NASA Ames Java PathFinder project, that uses formal methods to verify executable Java bytecode.
- Source: https://babelfish.arc.nasa.gov/hg/jpf/jpf-mango
- Website: https://jpf.byu.edu/hg/jpf-mango or https://babelfish.arc.nasa.gov/trac/jpf/wiki/projects/jpf-mango
A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies.
Assesses CPU security of embedded devices.
A kernel network manager with monitoring and limiting capabilities for macOS.
A userland network manager with monitoring and limiting capabilities for macOS.
Verifies system integrity by establishing a baseline measurement of a system's Trusted Platform Module (TPM) and monitors for changes in that measurement. OpenAttestion was originally based on NSA's National Information Assurance Research Laboratory (NIARL) Host Integrity at Startup (HIS) software.
The Platform Attribute Certificate Creator can gather component details, create, sign, and validate the TCG-defined Platform Credential.
Configuration guidance for implementing Pass-the-Hash mitigations.
Security guidance, baselines, and compliance mechanisms using the Security Content Automation Protocol (SCAP) for hardening Linux systems and applications.
- Source: https://github.com/OpenSCAP/scap-security-guide
- Website: https://www.open-scap.org/security-policies/scap-security-guide
A mandatory access control mechanism for the Linux kernel.
- Source: https://github.com/SELinuxProject
- Website: https://selinuxproject.org
A mandatory access control mechanism for Android.
- Source: https://android.googlesource.com and https://bitbucket.org/seandroid
- Website: https://source.android.com/security/selinux
Converts serial IP data, typically collected from Industrial Control System devices, to the more commonly used Packet Capture (PCAP) format.
Fast implementations of the Simon and Speck lightweight block ciphers for the SUPERCOP benchmark toolkit.
- Source: https://github.com/nsacyber/simon-speck-supercop
- Website: https://nsacyber.github.io/simon-speck
Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies.
- Source: https://github.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations
- Website: https://splunkbase.splunk.com/app/3114 and https://splunkbase.splunk.com/app/3115
Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework.
- Source: https://github.com/unfetter-analytic and https://github.com/unfetter-discover
- Website: https://nsacyber.github.io/unfetter
A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down.
- Source: https://github.com/nsacyber/WALKOFF and https://github.com/nsacyber/WALKOFF-Apps
- Website: https://nsacyber.github.io/WALKOFF
Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats.
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings.