Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks

Verified
We've verified that the organization trailofbits controls the domains:
- www.trailofbits.com
- trailofbits.com
Learn more about verified organizations

README.md

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:

@trailofbits — Our main GitHub organization
@crytic — Our blockchain security group
@lifting-bits — Our binary lifting research projects
@trail-of-forks — Development on others' projects

Pinned Loading

publications publications Public

Publications from Trail of Bits

Python 1.8k 220
skills skills Public

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Python 3k 240
fickling fickling Public

A Python pickling decompiler and static analyzer

Python 604 67
vscode-weaudit vscode-weaudit Public

Create code bookmarks and code highlights with a click.

TypeScript 230 29
semgrep-rules semgrep-rules Public

Semgrep queries developed by Trail of Bits.

Go 483 46
codeql-queries codeql-queries Public

CodeQL queries developed by Trail of Bits

CodeQL 147 7

Repositories

buttercup Public
Buttercup finds and patches software vulnerabilities

trailofbits/buttercup’s past year of commit activity

Python 1,510 AGPL-3.0 166 52 5 Updated Mar 2, 2026
testing-handbook Public
Trail of Bits Testing Handbook - appsec.guide

trailofbits/testing-handbook’s past year of commit activity

Rust 93 CC-BY-4.0 17 19 (3 issues need help) 3 Updated Mar 2, 2026
vendetect Public
A tool to automatically detect copy+pasted and vendored code between repositories

trailofbits/vendetect’s past year of commit activity

Python 74 AGPL-3.0 6 2 3 Updated Mar 2, 2026
vast Public
VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

trailofbits/vast’s past year of commit activity

C++ 435 Apache-2.0 32 168 (19 issues need help) 4 Updated Mar 2, 2026
necessist Public
A mutation-based tool for finding bugs in tests

trailofbits/necessist’s past year of commit activity

Rust 137 AGPL-3.0 19 17 3 Updated Mar 2, 2026
rfc3161-client Public
An Opinionated Python RFC3161 Client

trailofbits/rfc3161-client’s past year of commit activity

Rust 4 Apache-2.0 4 2 2 Updated Mar 2, 2026
build-wrap Public
Help protect against malicious build scripts

trailofbits/build-wrap’s past year of commit activity

Rust 26 AGPL-3.0 4 1 1 Updated Mar 1, 2026
are-we-pep740-yet Public
Are we PEP 740 yet?

trailofbits/are-we-pep740-yet’s past year of commit activity

HTML 10 BSD-2-Clause 6 0 0 Updated Mar 1, 2026
pajaMAS Public
Multi-agent system (MAS) hijacking demos

trailofbits/pajaMAS’s past year of commit activity

Python 42 Apache-2.0 3 3 5 Updated Mar 1, 2026
test-fuzz Public
To make fuzzing Rust easy

trailofbits/test-fuzz’s past year of commit activity

Rust 198 AGPL-3.0 25 11 (1 issue needs help) 5 Updated Mar 1, 2026