Public GitHub footprint of Trail of Bits

Set up a personal VPN in the cloud

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Symbolic execution tool

A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV.

Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits

Publications from Trail of Bits

Buttercup finds and patches software vulnerabilities

CTF Field Guide

image scaling attacks for multi-modal prompt injection

Principled, lightweight C/C++ PE parser

A unit test-like interface for fuzzing and symbolic execution

Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.

Fast SNMP Scanner

Open-source symbolic execution framework: https://maat.re

A Python pickling decompiler and static analyzer

Checksec, but for Windows: static detection of security mitigations in executables

Run Rust lints from dynamic libraries

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

DARPA Challenges Sets for Linux, Windows, and macOS

Semgrep queries developed by Trail of Bits.

Code auditing productivity multiplier.

VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

Curated, community-vetted Claude Code plugin marketplace

Build and query a graph database representation of source code

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

Exploring RPC interfaces on Windows

Demonstration library for using the Secure Enclave on iOS

Google Protocol Buffers message generator

Coefficient-Based Reconstruction of Arithmetic — a Mixed Boolean-Arithmetic (MBA) expression simplifier for deobfuscation

A differential fuzzer for x86 decoders

A static analyzer and linter for the Circom zero-knowledge DSL

Scripts for Binary Ninja

Create code bookmarks and code highlights with a click.

Find the ideal fuzz targets in a Rust codebase

MCP security wrapper

Privacy Testing for Deep Learning

To make fuzzing Rust easy

Interactive documentation on zero-knowledge proof systems and related primitives.

Sandboxed, Rust-based, Windows Defender Client

A set of vulnerable Golang programs

Binary Type Inference Ghidra Plugin

CodeQL queries developed by Trail of Bits

Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external debug info.

A mutation-based tool for finding bugs in tests

CTF Challenges

Peter's Amazing Syntax Tree Analyzer

Trail of Bits Testing Handbook - appsec.guide

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

A coverage-guided fuzzer for pure Ruby code and Ruby C extensions

A CLI tool for managing DigitalOcean droplets with automated setup, SSH configuration, and lifecycle management.

AppJailLauncher in Rust

Security-oriented Go toolchain, focused on state-of-the-art fuzzing capabilities.

Integrity validator for iOS devices

Buttercup CRS as submitted to the AIxCC Final Competition

MCP server for Slither static analysis of Solidity smart contracts

Find unmaintained packages in Rust projects

A framework for instrumenting build tools

A tool to automatically detect copy+pasted and vendored code between repositories

No description provided for this repository.

A small script for running programs with (minimal) network sandboxing

SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results

It's the Go compiler, but it panics on arithmetic and truncation issues.

Easily create authenticated data structures

mewt is a mutation testing framework

A cookiecutter template for a best-practices Python project

Local transcription and speaker diarization with pyannote and parakeet

Security scanner for VS Code extensions

Help protect against malicious build scripts

A small library that allows to check if Go mutexes are locked

idac - IDA Pro command line tool for agents and humans

A sample PoC for container-aware exec events for osquery

Analyze binary security features instantly in your browser.

FIPS-204 (ML-DSA) implementation in Go

Malicious skills for testing skill scanners

Perform multi-party computation on machine learning applications

No description provided for this repository.

Rust crate to simplify Windows ACL operations

A wrapper around `anchor test` for computing test coverage

MVP for updated PEP 543 proposal

Proof-of-concept code for beating Google's ZK proof of quantum cryptanalysis

Leighton-Micali Hash-Based Signatures, for Go

A pure-Python implementation of RFC8785 (JSON Canonicalization Scheme)

Are we PEP 740 yet?

Android sandbox and IPC enumeration tools

Run tests by the lines they exercise

An Opinionated Python RFC3161 Client

Wrappers for standard library functions and types to produce more elaborate error messages

An experimental Tiny86 decoder and verifier for SIEVE

CLI tool to add attestation identities to `pylock.toml` files

No description provided for this repository.

An implementation of a pip plugin that verifies PEP-740 attestations before installing a package, and aborts the installation if verification fails.

An LSP server for the Miden assembly language

No description provided for this repository.

An ACME-based certificate authority, written in Go.

No description provided for this repository.

Main source code repository of the Tamarin prover for security protocol verification.

An implementation of JOSE standards (JWE, JWS, JWT) in Go

An interface to PKCS#11 devices that satisfies the crypto.Signer interface

Boulder's version of go-gorp/gorp