Skip to content
@trailofbits

Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks
README.md
The Trail of Bits logo

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:


Pinned Loading

  1. publications publications Public

    Publications from Trail of Bits

    Python 1.8k 226

  2. skills skills Public

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python 4.8k 411

  3. fickling fickling Public

    A Python pickling decompiler and static analyzer

    Python 621 68

  4. vscode-weaudit vscode-weaudit Public

    Create code bookmarks and code highlights with a click.

    TypeScript 232 31

  5. semgrep-rules semgrep-rules Public

    Semgrep queries developed by Trail of Bits.

    Go 500 52

  6. codeql-queries codeql-queries Public

    CodeQL queries developed by Trail of Bits

    CodeQL 160 9

Repositories

Showing 10 of 269 repositories
  • gh-action-adapt-sigstore-pypi Public
    trailofbits/gh-action-adapt-sigstore-pypi’s past year of commit activity
    Python 1 Apache-2.0 0 0 3 Updated Apr 23, 2026
  • trailmark Public

    Build and query a graph database representation of source code

    trailofbits/trailmark’s past year of commit activity
    C 89 Apache-2.0 4 2 1 Updated Apr 23, 2026
  • mquire Public

    Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external debug info.

    trailofbits/mquire’s past year of commit activity
    Rust 144 Apache-2.0 6 3 3 Updated Apr 23, 2026
  • test-fuzz Public

    To make fuzzing Rust easy

    trailofbits/test-fuzz’s past year of commit activity
    Rust 203 AGPL-3.0 26 7 1 Updated Apr 23, 2026
  • mishegos Public

    A differential fuzzer for x86 decoders

    trailofbits/mishegos’s past year of commit activity
    C++ 268 Apache-2.0 30 9 (2 issues need help) 1 Updated Apr 23, 2026
  • pip-plugin-pep740 Public

    An implementation of a pip plugin that verifies PEP-740 attestations before installing a package, and aborts the installation if verification fails.

    trailofbits/pip-plugin-pep740’s past year of commit activity
    Python 5 Apache-2.0 1 1 0 Updated Apr 23, 2026
  • fickling Public

    A Python pickling decompiler and static analyzer

    trailofbits/fickling’s past year of commit activity
    Python 621 LGPL-3.0 68 9 14 Updated Apr 23, 2026
  • it-depends Public

    A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

    trailofbits/it-depends’s past year of commit activity
    Python 390 LGPL-3.0 23 8 2 Updated Apr 23, 2026
  • cargo-unmaintained Public

    Find unmaintained packages in Rust projects

    trailofbits/cargo-unmaintained’s past year of commit activity
    Rust 88 AGPL-3.0 13 11 2 Updated Apr 23, 2026
  • necessist Public

    A mutation-based tool for finding bugs in tests

    trailofbits/necessist’s past year of commit activity
    Rust 140 AGPL-3.0 19 18 1 Updated Apr 23, 2026
View all repositories

Top languages

Loading…

Most used topics

Loading…