Skip to content
@trailofbits

Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks
README.md
The Trail of Bits logo

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:


Pinned Loading

  1. publications publications Public

    Publications from Trail of Bits

    Python 1.8k 224

  2. skills skills Public

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python 4k 338

  3. fickling fickling Public

    A Python pickling decompiler and static analyzer

    Python 614 69

  4. vscode-weaudit vscode-weaudit Public

    Create code bookmarks and code highlights with a click.

    TypeScript 231 29

  5. semgrep-rules semgrep-rules Public

    Semgrep queries developed by Trail of Bits.

    Go 487 50

  6. codeql-queries codeql-queries Public

    CodeQL queries developed by Trail of Bits

    CodeQL 154 7

Repositories

Showing 10 of 269 repositories
  • monorepo-code-scanning-action Public Forked from advanced-security/monorepo-code-scanning-action

    Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define

    trailofbits/monorepo-code-scanning-action’s past year of commit activity
    JavaScript 0 MIT 4 0 1 Updated Mar 26, 2026
  • necessist Public

    A mutation-based tool for finding bugs in tests

    trailofbits/necessist’s past year of commit activity
    Rust 137 AGPL-3.0 19 17 0 Updated Mar 26, 2026
  • sleepy-pickle-public Public

    AI model compromise through malicious pickle files

    trailofbits/sleepy-pickle-public’s past year of commit activity
    Python 1 MIT 1 0 4 Updated Mar 26, 2026
  • buttercup Public

    Buttercup finds and patches software vulnerabilities

    trailofbits/buttercup’s past year of commit activity
    Python 1,536 AGPL-3.0 170 52 17 Updated Mar 26, 2026
  • mishegos Public

    A differential fuzzer for x86 decoders

    trailofbits/mishegos’s past year of commit activity
    C++ 267 Apache-2.0 30 9 (2 issues need help) 2 Updated Mar 26, 2026
  • pip-plugin-pep740 Public

    An implementation of a pip plugin that verifies PEP-740 attestations before installing a package, and aborts the installation if verification fails.

    trailofbits/pip-plugin-pep740’s past year of commit activity
    Python 5 Apache-2.0 0 1 0 Updated Mar 26, 2026
  • fickling Public

    A Python pickling decompiler and static analyzer

    trailofbits/fickling’s past year of commit activity
    Python 614 LGPL-3.0 69 9 11 Updated Mar 26, 2026
  • tlslib.py Public

    MVP for updated PEP 543 proposal

    trailofbits/tlslib.py’s past year of commit activity
    Python 14 Apache-2.0 1 2 1 Updated Mar 26, 2026
  • gosentry Public Forked from golang/go

    Security-oriented Go toolchain, focused on state-of-the-art fuzzing capabilities.

    trailofbits/gosentry’s past year of commit activity
    Go 24 BSD-3-Clause 20,049 1 0 Updated Mar 26, 2026
  • masm-decompiler Public

    Decompiler for the Miden assembly language

    trailofbits/masm-decompiler’s past year of commit activity
    Rust 0 MIT 0 0 0 Updated Mar 26, 2026
View all repositories