NuClide Research
Most recent
navigate open esc close Corpus index built 2026-06-07 23:58 UTC

← Toolchain

Featured Instrument

BARE

Bill Rondell, Nick Adams & Dade Murphy — featured instrument — 1 min read — 141 words
Phase
analyze
Language
Rust

Air-gap-native semantic exploit mapping

§ Workflow phase

  1. 01 hunt
  2. 02 analyze
  3. 03 enrich
  4. 04 report
  5. 05 instrument

Analysis. Characterises and classifies findings.

BARE is a single self-contained binary, embedded BERT encoder, embedded 3,904-module Metasploit corpus, no Python runtime, no pip install, no internet. One scp to a classified network, ICS environment, or isolated lab and it runs.

Pipe a findings.json (nuclei / nmap / Shodan adapters included) in, get ranked exploit modules out, semantically matched, not keyword-matched.

Why this exists

Commercial vulnerability-to-exploit mapping tools assume connectivity. They phone home, they pull updates, they call out to a SaaS backend. None of that works in the environments where BARE was built to run: classified networks, ICS plants, isolated research labs.

BARE was designed from scratch for the air-gap case. ~101 MB, single binary, embedded models, it’s physical reach for offline operators.

Source

github.com/nuclide-research/BARE

In the field

Designed for ICS/OT engagements where commodity scanners can’t run. Works offline indefinitely; no telemetry, no callouts.

§ Used in

Used in

SURVEYS · 06

FIELD CASES · 06

DISCLOSURES · 01

§ analyze layer

Same phase