Discover trailofbits/magnifier Open Source project

A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV.

3,536

graphtage

ctf

publications

Publications from Trail of Bits

A unit test-like interface for fuzzing and symbolic execution

1,232

deepstate

Principled, lightweight C/C++ PE parser

818

pe-parse

A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.

691

eth-security-toolbox

Dockerfile

670

maat

Open-source symbolic execution framework: https://maat.re

A tiny web auditor with strong opinions.

612

twa

Shell

579

winchecksec

Checksec, but for Windows: static detection of security mitigations in executables

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

523

polytracker

DARPA Challenges Sets for Linux, Windows, and macOS

514

cb-multios

498

multiplier

Code auditing productivity multiplier.

onesixtyone

fickling

A Python pickling decompiler and static analyzer

VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

407

vast

Peer-to-Peer Video Chat for Corporate LANs

381

tubertc

JavaScript

361

krf

A kernelspace syscall interceptor and randomized faulter

348

polyfile

A pure Python cleanroom implementation of libmagic, with instrumented parsing from Kaitai struct and an interactive hex viewer

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

338

it-depends

A user-mode application authorization system for MacOS written in Swift

328

sinter

Swift

301

SecureEnclaveCrypto

Demonstration library for using the Secure Enclave on iOS

Swift

276

protofuzz

Google Protocol Buffers message generator

osquery extensions by Trail of Bits

267

osquery-extensions

262

dylint

A tool for running Rust lints from dynamic libraries

Exploring RPC interfaces on Windows

259

RpcInvestigator

245

constexpr-everything

Rewrite C++ code to automatically apply `constexpr` where possible

A differential fuzzer for x86 decoders

245

binjascripts

Scripts for Binary Ninja

audit-kubernetes

mishegos

Semgrep queries developed by Trail of Bits.

226

semgrep-rules

197

circomspect

A static analyzer and linter for the Circom zero-knowledge DSL

Privacy Testing for Deep Learning

186

PrivacyRaven

An LLVM sanitizer tutorial

183

llvm-sanitizer-tutorial

Find the ideal fuzz targets in a Rust codebase

177

siderophile

Sandboxed, Rust-based, Windows Defender Client

171

flying-sandbox-monster

A set of vulnerable Golang programs

170

not-going-anywhere

163

AppJailLauncher

CTF Challenge Framework for Windows 8 and above

Binary Type Inference Ghidra Plugin

141

BTIGhidra

Java

138

uthenticode

A cross-platform library for verifying Authenticode signatures

Interactive documentation on zero-knowledge proof systems and related primitives.

136

zkdocs

HTML

133

sienna-locomotive

A user-friendly fuzzing and crash triage tool for Windows

An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite

132

Honeybee

127

ObjCGraphView

A graph view plugin for Binary Ninja to visualize Objective-C

Peter's Amazing Syntax Tree Analyzer

127

pasta

An easy-to-use, extensible and lightweight C++17 wrapper for SQLite

124

sqlite_wrapper

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

117

ebpfpub

ctf-challenges

binrec-tob

BinRec: Dynamic Binary Lifting and Recompilation

110

appjaillauncher-rs

AppJailLauncher in Rust

Create code bookmarks and code highlights with a click.

103

vscode-weaudit

TypeScript

103

test-fuzz

To make fuzzing Rust easy

A library for detecting certain improper uses of the "Defer, Panic, and Recover" pattern in Go programs

100

on-edge

ios-integrity-validator

Integrity validator for iOS devices

Shell

abi3audit

Scans Python packages for abi3 violations and inconsistencies

A BPF-based syscall fault injector

ebpfault

Sample programs that illustrate how to use control flow integrity with the clang compiler

clang-cfi-showcase

A framework for instrumenting build tools

awesome-ml-security

blight

A coverage-guided fuzzer for pure Ruby code and Ruby C extensions

ruzzy

The Manticore User Interface with plugins for Binary Ninja and Ghidra

ManticoreUI

Borrowed Instructions Synthetic Computation

bisc

Example Manticore scripts

manticore-examples

Experimental version of Algo built on Terraform

algo-ng

HCL

differ

Detecting Inconsistencies in Feature or Function Evaluations of Requirements

Use computer vision to determine if an IDN can be interpreted as something it's not

deceptiveidn

The public release of LeftoverLocals code

LeftoverLocalsRelease

A tool for finding bugs in tests

necessist

An efficient and generalized implementation of the IKOS-style KKW proof system (https://eprint.iacr.org/2018/475) for arbitrary rings.

reverie

Codex-Decompiler

Trail of Bits Testing Handbook

testing-handbook

How fast can we brute force a 64-bit comparison?

sixtyfour

DomTreSat

Dominator Tree LLVM Pass to Test Satisfiability

Mapping the NYC Infosec Community

HVCI-loldrivers-check

PowerShell

nyc-infosec

CSS

cfg-showcase

Sample programs that illustrate how to use Control Flow Guard, VS2015's control flow integrity implementation

Linux kernel driver to export the TSC frequency via sysfs

tsc_freq_khz

rubysec

RubySec Field Guide

C and C++ compiler frontend using PASTA to parse code, and VAST to represent the code as MLIR.

macroni

indurative

Easily create authenticated data structures

Haskell

http-security

Parse HTTP Security Headers

Phishing e-mail repository

trailofphish

Collection of LLVM passes and triage tools for use with the KRF fuzzer

KRFAnalysis

LLVM

ebpf-verifier

Harness for the Linux kernel eBPF verifier

ml-file-formats

List of ML file formats

umberto

poststructural fuzzing

Haskell

spf-query

Ruby SPF Parser

Various utilities useful for developers writing BPF tools

ebpf-common

Rewrite C/C++/Obj-C to Annotate Points of Interest

clang-tidy-audit

A small script for running programs with (minimal) network sandboxing

eatmynetwork

Shell

btfparse

A C++ library that parses debug information encoded in BTF format

Detect patterns of bad behavior in function calls

anselm

dmarc

Ruby DMARC Parser

A sample PoC for container-aware exec events for osquery

linuxevents

Perform multi-party computation on machine learning applications

mpc-learning