Proteus is an advanced dynamic analysis software testing (DAST) system for automatically finding and fixing vulnerabilities, with no false alarms, aimed at development groups, testing organizations, and cybersecurity teams. It discovers vulnerabilities that could be triggered by potentially malicious file or network inputs, including many common entries in the Common Weakness Enumeration (CWE). The tool's initial focus is on both 32-bit and 64-bit Windows native binaries.
By integrating and simplifying the use of state-of-the-art tools for binary analysis and transformation, Proteus lowers the costs and increases the efficiency and effectiveness of software testing, reverse engineering, and maintenance, including:
Proteus integrates five capabilities, each of which can be used in an end-to-end workflow or independently:
The following video introduces Proteus and demonstrates its usage spinning up multiple VMs in a unified fuzzing campaign to identify, triage, and report multiple vulnerabilities in an example program.
This material is based upon work supported by the Air Force, DARPA, Army, DIU, the Navy and the Office of Naval Research under Contract(s) No. FA8750-14-C-0110, W15QKN-18-9-1013, W56KGU-17-C-0028, FA8750-15-C-0113, HR0011-18-C-0061 and N68335-17-C-0700. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Air Force, DARPA, Army, DIU, the Navy or the Office of Naval Research.