• Stars
    star
    366
  • Rank 116,547 (Top 3 %)
  • Language
    Rust
  • License
    MIT License
  • Created over 3 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Curated list of awesome projects and resources related to Rust and computer security

Awesome Rust Security

Curated list of awesome projects and resources related to Rust and computer security


Table of Contents



Tools

Web and Cloud Security

Pentesting

  • sn0int - OSINT framework and package manager
  • sniffglue - secure multithreaded packet sniffer
  • badtouch - scriptable network authentication cracker
  • rshijack - TCP connection hijacker
  • feroxbuster - fast, simple and recursive content discovery tool
  • rustbuster - web fuzzer and content discovery tool
  • rustscan - The Modern Port Scanner
  • kepler - NIST-based CVE lookup store and API powered by Rust.
  • phaser - Automated attack surface mapper and vulnerability scanner
  • pdfrip - Fast PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
  • chromepass - Chromepass - Hacking Chrome Saved Passwords

Authorization & Authentication Frameworks

  • biscuit - delegated, decentralized, capabilities based authorization token
  • paseto.rs - PASETO Rust implementation
  • webauthn.rs - WebAuthn implementation in Rust
  • aliri - JWT authenticaiton and OAuth2 scope authorization implementations for many web frameworks
  • OpenSK - open-source implementation for security keys written in Rust
  • dacquiri - Attributed based access control (ABAC) framework with compile-time enforcement

Cloud and Infrastructure

  • firecracker - secure and fast microVMs for serverless computing
  • boringtun - CloudFlare's Rust implementation of WireGuard
  • innernet - private network based on WireGuard
  • vaultwarden - unofficial BitWarden implementation in Rust

Software Supply Chain

Secure Frameworks


Vulnerability Assessment

Static Code Auditing

  • RustSec - organization supporting vulnerability disclosure for Rust packages, audit Cargo.lock files for dependencies
  • cargo-geiger - detect usage of unsafe Rust
  • siderophile - find ideal fuzz targets in a Rust codebase
  • cargo-crev - cryptographically verifiable code review for cargo
  • arch-audit - audit installed Arch packages for vulnerabilities
  • ripgrep - recursively search directories with regexes
  • weggli - fast and robust semantic search tool for C and C++ codebases
  • noseyparker - command-line program that finds secrets and sensitive information in textual data and Git history.

Fuzzing

  • rust-fuzz - organization implementing cargo plugins for AFL, libFuzzer, and honggfuzz
  • LibAFL - slot fuzzers together in Rust
  • fuzzcheck.rs - structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.
  • onefuzz - self-hosted Fuzzing-As-A-Service platform
  • lain - fuzzer framework implemented in Rust
  • fzero - fast grammar-based fuzz generator implementation
  • nautilus - grammar-based feedback fuzzer from RUB's Systems Security Lab
  • sidefuzz - fuzzer for side-channel vulnerabilities
  • arbitrary - trait for generating structured input from raw bytes, helpful for structure-aware fuzzing
  • rust-san - sanitizers for Rust code
  • lidiffuzz - memory allocator drop-in to test for uninitialized memory reads
  • rewind - Snapshot-based coverage-guided Windows kernel fuzzer
  • hyperpom - AArch64 fuzzer based on the Apple Silicon hypervisor
  • icicle-emu - Fuzzing-specific multi-architecture emulation framework

Binary Analysis & Reversing

  • goblin - binary parsing crate for Rust
  • unicorn.rs - Rust bindings to the Unicorn framework
  • cargo-call-stack - whole program stack analysis
  • xori - disassembly library for PE32, 32+ and shellcode
  • rd - record/replay debugger implemented in Rust
  • binsec - Swiss Army Knife for Binary (In)Security
  • radeco - Radare2-based decompiler and symbol executor
  • falcon - Binary Analysis Framework in Rust
  • mesos - binary coverage tool without modification for Windows
  • guerilla - monkey patching Rust functions
  • ropr - blazing fastβ„’ multithreaded ROP Gadget finder
  • pwninit - automate starting binary exploit challenges
  • binaryninja-rs - Binary Ninja API support for Rust

Property-Based Testing

  • quickcheck - property-based testing for Rust
  • proptest - Hypothesis-like property testing for Rust
  • bughunt-rust - example of using fuzzing QuickCheck models for bughunting
  • mutagen - mutation testing framework for Rust

Symbolic Execution

  • seer - symbolic execution engine for Rust
  • haybale - LLVM IR-based symbolic execution engine from the USCD System Security Lab

Formal Verification

  • MIRAI - abstract interpreter for Rust's MIR from Facebook
  • electrolysis - formal verification of Rust programs with the Lean theorem prover

Offensive Security and Red Teaming

Command-and-Control Frameworks

  • tetanus - Mythic agent written in Rust

Defense Evasion

Packing, Obfuscation, Encryption, Anti-analysis

  • debugoff - Linux anti-debugging and anti-analysis rust library
  • goldberg - procedural macro library for obfuscating Rust code.
  • obfstr - string obfuscation for Rust
  • oxide - PoC packer written in Rust.
  • Linux.Fe2O3 - Simple ELF prepender virus / in-memory loader written in Rust

Threat Detection and Forensics

  • yara-rust - Rust bindings to YARA
  • BONOMEN - hunt for malware critical process impersonation
  • confine - sandbox for threat detection
  • redbpf - crate for writing BPF/eBPF modules
  • cernan - telemetry aggregation and shipping
  • chainsaw - Windows Event Log Hunting
  • foniod - Data first monitoring agent using (e)BPF, built on RedBPF
  • zerotect - attack/exploit Detector that utilizes Polymorphism and Diversity
  • hayabusa - Sigma-based threat hunting and fast forensics timeline generator for Windows event logs written in Rust.
  • medusa - fast and secure multi protocol honeypot.
  • elegant-bouncer - experimental tool for detection of the FORCEDENTRY (CVE-2021-30860)
  • cargo-sandbox - sandboxed cargo

Cryptography

Frameworks

  • secrets - secure storage for cryptographic secrets in Rust
  • mundane - BoringSSL-backed cryptography library
  • rust-threshold-secret-sharing - Rust implementation of threshold-based secret sharing
  • molasses - Rust implementation of the MLS group messaging protocol
  • rust-security-framework - Rust bindings to the macOS Security.framework
  • microkv - minimal and secure key-value storage for Rust
  • swanky - suite of rust libraries for secure multi-party computation
  • tandem - maliciously secure two-party computation engine which is embeddable and accessible

Applications

  • sniffnet - Application to comfortably monitor your Internet traffic πŸ•΅οΈβ€β™‚οΈ
  • ripasso - password manager written in Rust
  • sekey - TouchID / Secure Enclave for SSH authentication
  • Mullvad VPN Client - Mullvad VPN app written in Rust
  • fakio - lightweight secure tunnel proxy.
  • firecracker - Secure and fast microVMs for serverless computing.

Educational

Books

Articles

Talks


Similar Lists


Contributing

Make a pull request if you are interested in adding more to this list! All contributions are appreciated.

More Repositories

1

Hack-Night

Hack Night is an open weekly training session run by the OSIRIS lab.
Python
1,221
star
2

Project-Ideas

A place to discuss potential projects for students of the ISIS Lab.
384
star
3

CTF-Solutions

Solutions to a variety of Capture The Flag challenges from different competitions.
Python
204
star
4

Fentanyl

Fentanyl is an IDAPython script that makes patching significantly easier
Python
203
star
5

CTF-Challenges

A repository of challenges from various CTF competitions.
Python
152
star
6

Shellcode

Assembly
136
star
7

ctf101

CTF101, a wiki-project documenting Capture The Flag techniques.
117
star
8

CSAW-CTF-2016-Quals

Repo for CSAW CTF 2016 Quals challenges
C
73
star
9

dispatch

Programmatic disassembly and patching
Python
67
star
10

CSAW-CTF-2019-Quals

Challenge Repository for CSAW CTF Quals 2019
Python
56
star
11

CSAW-CTF-2018-Finals

Repo for CSAW CTF 2018 Finals challenges
Python
56
star
12

CSAW-CTF-2017-Quals

Repo for CSAW CTF 2018 Quals challenges
JavaScript
44
star
13

CSAW-CTF-2018-Quals

Repo for CSAW CTF 2018 Quals challenges
CSS
38
star
14

PwnAdventure

Python
31
star
15

Catfish

Catfish is a tool used ease the process of finding ROP gadgets and creating payloads with them.
Python
30
star
16

screwSSH

A frighteningly-easy way of denying access to someone's publicly-accessible OpenSSH server in a default configuration. Originally written by Boris Kochergin.
C++
29
star
17

xnippet

A little tool to execute functions without debugging an entire executable. Originally written by Gonzalo J. Carracedo (BatchDrake).
28
star
18

Giraffe

PHP
27
star
19

CSAW-CTF-2023-Quals

Challenge repository for the 2023 CSAW CTF Qualifiers
PowerShell
27
star
20

ugo-ghidra

Java
21
star
21

imm-taint-trace

Immunity Debugger Taint Tracer
Python
20
star
22

vasilisk

vasilisk
Python
19
star
23

CSAW-CTF-2017-Finals

CTF Finals
C
17
star
24

dllinjection

C++
14
star
25

CSAW-CTF-2016-Finals

CSAW CTF 2016 Finals
JavaScript
14
star
26

CSAW-CTF-2019-Finals

Python
14
star
27

CSAW-CTF-2022-Quals

C#
13
star
28

LeakyPastes-V2

Looking at what people post to public pastebins
Python
12
star
29

CSAW-CTF-2021-Finals

C
8
star
30

armana

Real-time Internet threat monitor
Python
7
star
31

CSAW-CTF-2022-Finals

C
7
star
32

CSAW-CTF-2024-Quals

Public Archive for CSAW 2024 Quals
Shell
7
star
33

CSAW-CTF-2022-Final-WriteUps

C
6
star
34

CSAW-CTF-2021-Quals

Python
6
star
35

kmdhook

C++
6
star
36

HaikuSyscallFuzzer

A fuzzer for the haiku OS
Assembly
6
star
37

wonton_memory

5
star
38

fork-sentry

GitHub Action for detecting and alerting on suspicious forks of your repository
Python
5
star
39

hsdis

CFG generator for HSVM binaries
JavaScript
4
star
40

ugo

IDA Hexrays plugin for Go binaries
C++
4
star
41

DynamicEntry

Dynamic instrumentation of Apache Tomcat to kill XSS.
Java
4
star
42

poser

C
4
star
43

CSAW-CTF-2020-Quals

Challenge repository for CSAW CTF Quals 2020
Python
4
star
44

Jinga

PHP
4
star
45

observability

Grafana stack for logging and metrics
Shell
3
star
46

LeakyPastes

Looking at what people post to public pastebins
Python
3
star
47

CSAW-CTF-2020-Finals

C
3
star
48

superbot-public

Discord Email Verification Bot
JavaScript
3
star
49

csaw-2015-TBBPE

CSAW 2015 challenge
Ruby
1
star
50

CSAW-CTF-2013-Finals

CSAW CTF 2013 Finals
Python
1
star
51

CSAW-CTF-2014-Finals

CSAW CTF 2014 Finals
PHP
1
star
52

kek-tools

C++
1
star
53

CSAW-CTF-2013-Quals

CSAW CTF 2013 Quals
Python
1
star
54

CSAW-CTF-Anubis-2020

JavaScript
1
star
55

CSAW-RED-2018-Quals

Challenge repository
Python
1
star
56

CSAW-CTF-2015-Quals

CSAW CTF 2015 Quals
CSS
1
star
57

CSAW-RED-2020-Quals

CSS
1
star
58

CSAW-CTF-2014-Quals

CSAW CTF 2014 Quals
Python
1
star
59

CSAW-CTF-2015-Finals

CSAW CTF 2015 Finals
C
1
star
60

CSAW-RED-2020-Finals

Repository for the CSAW RED 2020 Finals challenges
HTML
1
star
61

CSAW-CTF-2023-Finals

Challenge repository for the 2023 CSAW CTF Finals
Python
1
star
62

recruit-CTFd

Python
1
star