{"id":46062189,"url":"https://github.com/vusec/kasper","last_synced_at":"2026-03-01T11:35:30.167Z","repository":{"id":94401873,"uuid":"444047323","full_name":"vusec/kasper","owner":"vusec","description":"Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel","archived":false,"fork":false,"pushed_at":"2024-05-08T16:19:08.000Z","size":67,"stargazers_count":52,"open_issues_count":0,"forks_count":8,"subscribers_count":22,"default_branch":"main","last_synced_at":"2024-05-08T17:48:35.541Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://vusec.net/projects/kasper","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vusec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-03T12:08:00.000Z","updated_at":"2024-05-08T16:19:11.000Z","dependencies_parsed_at":"2024-05-08T17:44:53.330Z","dependency_job_id":"b221b839-fe12-41b5-957a-c09a68b79593","html_url":"https://github.com/vusec/kasper","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/vusec/kasper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Fkasper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Fkasper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Fkasper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Fkasper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vusec","download_url":"https://codeload.github.com/vusec/kasper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Fkasper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29968574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T10:55:55.490Z","status":"ssl_error","status_checked_at":"2026-03-01T10:55:55.175Z","response_time":124,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-01T11:35:29.634Z","updated_at":"2026-03-01T11:35:30.121Z","avatar_url":"https://github.com/vusec.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel\n\nWe present Kasper, a speculative execution gadget scanner for the Linux kernel.\nKasper uses taint analysis policies to model an attacker capable of exploiting arbitrary software/hardware vulnerabilities on a transient path to control data (e.g., through memory massaging or LVI), access secrets (e.g., through out-of-bounds or use-after-free accesses), and leak these secrets (e.g., through cache-based, MDS-based, or port contention-based covert channels).\nEven though the kernel is heavily hardened against transient execution attacks, Kasper finds hundreds of gadgets that are not yet mitigated.\nYou can find the full paper [here](https://download.vusec.net/papers/kasper_ndss22.pdf).\n\n## Setting up ##\n\nInstall dependencies, including [go-task](https://taskfile.dev/#/installation) as a task-runner:\n```\nsudo apt install build-essential clang-11 lld-11 libelf-dev qemu-system-x86 bison flex golang libssl-dev cmake debootstrap python3-pexpect socat ninja-build ccache\nsudo sh -c \"$(curl -ssL https://taskfile.dev/install.sh)\" -- -d -b /usr/local/bin\n```\n\nInitialize/update git submodules (this will take awhile the first time it's run):\n```\ntask update\n```\n\n## Building ##\n\nCreate an initramfs and [a disk image to be used with syzkaller](https://github.com/google/syzkaller/blob/master/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md#image):\n```\ntask initramfs:create\ntask syzkaller:create-image\n```\n\nConfigure and build [LLVM with Kasper support](https://github.com/vusec/kdfsan-llvm-project/tree/kasper-llvm-v11):\n```\ntask llvm:config llvm:build\n```\n\nBuild [syzkaller with Kasper support](https://github.com/vusec/kdfsan-syzkaller/tree/kasper-syzkaller):\n\n**WARNING**: the version of syzkaller we use only works with golang 1.15 (we are using golang 1.15.15)!\n```\ntask syzkaller:build\n```\n\nConfigure and build a [Kasper-instrumented Linux kernel](https://github.com/vusec/kdfsan-linux/tree/kasper-linux-v5.12):\n```\ntask kernel:config build kernel:bzImage\n```\n\n## Running ##\n\nTest that the instrumented kernel runs correctly:\n```\ntask qemu:test\n```\n\nFuzz the instrumented kernel:\n```\ntask syzkaller:run-nobench\n```\n\n## Evaluation ##\n\nTo aggregate gadgets and run the evaluation please check out [kasper-results](https://github.com/vusec/kasper-results).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvusec%2Fkasper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvusec%2Fkasper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvusec%2Fkasper/lists"}