Discover trailofbits/ruzzy Open Source project

A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV.

3,536

graphtage

ctf

publications

Publications from Trail of Bits

A unit test-like interface for fuzzing and symbolic execution

1,232

deepstate

Principled, lightweight C/C++ PE parser

802

pe-parse

A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.

691

eth-security-toolbox

Dockerfile

648

maat

Open-source symbolic execution framework: https://maat.re

A tiny web auditor with strong opinions.

599

twa

Shell

578

winchecksec

Checksec, but for Windows: static detection of security mitigations in executables

DARPA Challenges Sets for Linux, Windows, and macOS

523

cb-multios

498

polytracker

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

onesixtyone

tubertc

Peer-to-Peer Video Chat for Corporate LANs

JavaScript

361

krf

A kernelspace syscall interceptor and randomized faulter

344

vast

VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

A pure Python cleanroom implementation of libmagic, with instrumented parsing from Kaitai struct and an interactive hex viewer

327

polyfile

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

322

it-depends

A user-mode application authorization system for MacOS written in Swift

313

sinter

Swift

302

fickling

A Python pickling decompiler and static analyzer

Demonstration library for using the Secure Enclave on iOS

296

SecureEnclaveCrypto

Swift

276

protofuzz

Google Protocol Buffers message generator

A tool for running Rust lints from dynamic libraries

262

dylint

osquery extensions by Trail of Bits

259

osquery-extensions

256

constexpr-everything

Rewrite C++ code to automatically apply `constexpr` where possible

245

binjascripts

Scripts for Binary Ninja

Exploring RPC interfaces on Windows

241

RpcInvestigator

236

audit-kubernetes

k8s audit repo

226

mishegos

A differential fuzzer for x86 decoders

Semgrep queries developed by Trail of Bits.

217

semgrep-rules

197

circomspect

A static analyzer and linter for the Circom zero-knowledge DSL

Privacy Testing for Deep Learning

186

PrivacyRaven

An LLVM sanitizer tutorial

178

llvm-sanitizer-tutorial

Find the ideal fuzz targets in a Rust codebase

177

siderophile

Sandboxed, Rust-based, Windows Defender Client

171

flying-sandbox-monster

A set of vulnerable Golang programs

170

not-going-anywhere

163

AppJailLauncher

CTF Challenge Framework for Windows 8 and above

Interactive documentation on zero-knowledge proof systems and related primitives.

141

zkdocs

HTML

133

sienna-locomotive

A user-friendly fuzzing and crash triage tool for Windows

A graph view plugin for Binary Ninja to visualize Objective-C

132

ObjCGraphView

A cross-platform library for verifying Authenticode signatures

127

uthenticode

An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite

124

Honeybee

122

sqlite_wrapper

An easy-to-use, extensible and lightweight C++17 wrapper for SQLite

ctf-challenges

ebpfpub

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

Peter's Amazing Syntax Tree Analyzer

110

pasta

107

appjaillauncher-rs

AppJailLauncher in Rust

Create code bookmarks and code highlights with a click.

103

vscode-weaudit

TypeScript

103

test-fuzz

To make fuzzing Rust easy

A library for detecting certain improper uses of the "Defer, Panic, and Recover" pattern in Go programs

100

on-edge

ios-integrity-validator

Integrity validator for iOS devices

Shell

ebpfault

A BPF-based syscall fault injector

BinRec: Dynamic Binary Lifting and Recompilation

binrec-tob

Sample programs that illustrate how to use control flow integrity with the clang compiler

clang-cfi-showcase

Scans Python packages for abi3 violations and inconsistencies

abi3audit

Binary Type Inference Ghidra Plugin

BTIGhidra

Java

blight

A framework for instrumenting build tools

The Manticore User Interface with plugins for Binary Ninja and Ghidra

ManticoreUI

Borrowed Instructions Synthetic Computation

bisc

Example Manticore scripts

manticore-examples

Experimental version of Algo built on Terraform

algo-ng

HCL

differ

Detecting Inconsistencies in Feature or Function Evaluations of Requirements

Use computer vision to determine if an IDN can be interpreted as something it's not

deceptiveidn

A tool for finding bugs in tests

necessist

An efficient and generalized implementation of the IKOS-style KKW proof system (https://eprint.iacr.org/2018/475) for arbitrary rings.

reverie

magnifier

How fast can we brute force a 64-bit comparison?

awesome-ml-security

sixtyfour

LeftoverLocalsRelease

The public release of LeftoverLocals code

Codex-Decompiler

Dominator Tree LLVM Pass to Test Satisfiability

DomTreSat

Mapping the NYC Infosec Community

nyc-infosec

CSS

cfg-showcase

Sample programs that illustrate how to use Control Flow Guard, VS2015's control flow integrity implementation

Linux kernel driver to export the TSC frequency via sysfs

tsc_freq_khz

rubysec

RubySec Field Guide

Easily create authenticated data structures

HVCI-loldrivers-check

PowerShell

indurative

Haskell

http-security

Parse HTTP Security Headers

Phishing e-mail repository

trailofphish

Collection of LLVM passes and triage tools for use with the KRF fuzzer

KRFAnalysis

LLVM

spf-query

Ruby SPF Parser

Harness for the Linux kernel eBPF verifier

umberto

poststructural fuzzing

Haskell

ebpf-verifier

ebpf-common

Various utilities useful for developers writing BPF tools

Rewrite C/C++/Obj-C to Annotate Points of Interest

clang-tidy-audit

C and C++ compiler frontend using PASTA to parse code, and VAST to represent the code as MLIR.

macroni

anselm

Detect patterns of bad behavior in function calls

dmarc

Ruby DMARC Parser

Trail of Bits Testing Handbook

testing-handbook

A C++ library that parses debug information encoded in BTF format

btfparse

A small script for running programs with (minimal) network sandboxing

eatmynetwork

Shell

linuxevents

A sample PoC for container-aware exec events for osquery

Perform multi-party computation on machine learning applications

mpc-learning

Measure branching along code paths

screen

go-mutexasserts

A small library that allows to check if Go mutexes are locked

tacklebox

Phishing Toolkit