Skip to content
@trailofbits

Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks
README.md
The Trail of Bits logo

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:


Pinned Loading

  1. publications publications Public

    Publications from Trail of Bits

    Python 1.7k 219

  2. skills skills Public

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python 2.3k 182

  3. fickling fickling Public

    A Python pickling decompiler and static analyzer

    Python 598 66

  4. vscode-weaudit vscode-weaudit Public

    Create code bookmarks and code highlights with a click.

    TypeScript 227 28

  5. semgrep-rules semgrep-rules Public

    Semgrep queries developed by Trail of Bits.

    Go 470 46

  6. codeql-queries codeql-queries Public

    CodeQL queries developed by Trail of Bits

    CodeQL 144 7

Repositories

Showing 10 of 254 repositories
  • vsix-audit Public

    Security scanner for VS Code extensions

    trailofbits/vsix-audit’s past year of commit activity
    TypeScript 0 AGPL-3.0 0 0 0 Updated Feb 2, 2026
  • necessist Public

    A mutation-based tool for finding bugs in tests

    trailofbits/necessist’s past year of commit activity
    Rust 131 AGPL-3.0 18 17 1 Updated Feb 2, 2026
  • go-panikint Public Forked from golang/go

    It's the Go compiler, but it panics on arithmetic and truncation issues.

    trailofbits/go-panikint’s past year of commit activity
    Go 42 BSD-3-Clause 19,933 1 0 Updated Feb 1, 2026
  • test-fuzz Public

    To make fuzzing Rust easy

    trailofbits/test-fuzz’s past year of commit activity
    Rust 195 AGPL-3.0 25 13 (1 issue needs help) 4 Updated Feb 1, 2026
  • are-we-pep740-yet Public

    Are we PEP 740 yet?

    trailofbits/are-we-pep740-yet’s past year of commit activity
    HTML 10 BSD-2-Clause 6 0 0 Updated Feb 1, 2026
  • pajaMAS Public

    Multi-agent system (MAS) hijacking demos

    trailofbits/pajaMAS’s past year of commit activity
    Python 40 Apache-2.0 3 3 5 Updated Feb 1, 2026
  • dylint Public

    Run Rust lints from dynamic libraries

    trailofbits/dylint’s past year of commit activity
    Rust 530 Apache-2.0 49 47 (1 issue needs help) 7 Updated Feb 1, 2026
  • skills Public

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    trailofbits/skills’s past year of commit activity
    Python 2,296 CC-BY-SA-4.0 182 5 7 Updated Feb 1, 2026
  • mishegos Public

    A differential fuzzer for x86 decoders

    trailofbits/mishegos’s past year of commit activity
    C++ 260 Apache-2.0 29 9 (2 issues need help) 16 Updated Feb 1, 2026
  • claude-code-devcontainer Public

    Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

    trailofbits/claude-code-devcontainer’s past year of commit activity
    Shell 204 Apache-2.0 21 1 0 Updated Jan 31, 2026
View all repositories

Top languages

Loading…