https://github.com/vusec/inspectre-gadget

InSpectre Gadget: in-depth inspection and exploitability analysis of Spectre disclosure gadgets
https://github.com/vusec/inspectre-gadget

Last synced: 4 months ago
JSON representation

InSpectre Gadget: in-depth inspection and exploitability analysis of Spectre disclosure gadgets

• Host: GitHub
• URL: https://github.com/vusec/inspectre-gadget
• Owner: vusec
• License: apache-2.0
• Created: 2023-11-13T08:34:24.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2026-02-20T18:39:31.000Z (4 months ago)
• Last Synced: 2026-02-20T23:44:48.809Z (4 months ago)
• Language: Assembly
• Homepage: https://vusec.github.io/inspectre-gadget/index.html
• Size: 14.3 MB
• Stars: 59
• Watchers: 17
• Forks: 5
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
![](./docs/img/inspectre-gadget-circle.png)

# InSpectre Gadget

This is the official repository for the InSpectre Gadget tool.

This code has been developed as part of our ["InSpectre Gadget" paper](https://download.vusec.net/papers/inspectre_sec24.pdf) (accepted

at 33rd USENIX Security Symposium 2024).

**Disclaimer**

This tool is a research project still under development. It should not be

considered a production-grade tool by any means.

## Description

InSpectre Gadget is a tool for inspecting potential Spectre disclosure gadgets

and performing exploitability analysis.

Documentation can be found at [https://vusec.github.io/inspectre-gadget](https://vusec.github.io/inspectre-gadget).

## Usage

A typical workflow might look something like this:

```sh

# Run the analyzer on a binary to find transmissions.

mkdir out

inspectre analyze  --address-list  --config config_all.yaml --output out/gadgets.csv --tfp-output output/tfp.csv --asm out/asm

# Evaluate exploitability.

inspectre reason gadgets.csv gadgets-reasoned.csv

# Import the CSV in a database and query the results.

# You can use any DB, this is just an example with sqlite3.

sqlite3 :memory: -cmd '.mode csv' -cmd '.separator ;' -cmd '.import gadgets-reasoned.csv gadgets' -cmd '.mode table' < queries/exploitable_list.sql

# Manually inspect interesting candidates.

inspectre show 

```

## Demo

![](docs/img/inspectre.gif)

## Evaluation and PoCs

The code for all the experiments reported in the paper (including PoCs)

can be found under the `experiments/` folder.

`experiments/scanner-eval` shows how we ran InSpectre Gadget on the Linux kernel.