Trail of Bits

Trail of Bits

@trailofbits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks

New York, New Yorkwww.trailofbits.com@trailofbits
Skills
72
Plugins
1
Installs
0

Most Used Tags

software-engineering(57)security(37)smart-contracts(10)code-analysis(10)fuzzing(9)testing(7)tools(7)auditing(6)

Published Resources

fp-check

By Shared Context·
securitybug-verificationfalse-positives
0

Systematically verifies suspected security bugs to eliminate false positives with documented evidence.

cargo-fuzz

By Shared Context·
rustfuzzingcargo
0

cargo-fuzz is the leading fuzzing tool for Rust projects using Cargo, leveraging libFuzzer for effective testing.

semgrep

By Shared Context·
semgrepstatic-analysissecurity
0

Run Semgrep static analysis scans on codebases with parallel execution for enhanced performance.

supply-chain-risk-auditor

By Shared Context·
supply-chainsecurityrisk-assessment
0

Evaluates project dependencies for risk of exploitation or takeover.

aflpp

By Shared Context·
fuzzingsecurityc++
0

AFL++ enhances fuzzing performance with multi-core support for C/C++ projects.

ossfuzz

By Shared Context·
fuzzingopen-sourcetesting
0

OSS-Fuzz offers free continuous fuzzing for open source projects, streamlining the testing process.

yara-rule-authoring

By Shared Context·
yaramalware-detectionthreat-hunting
0

Create high-quality YARA-X detection rules for effective malware identification.

entry-point-analyzer

By Shared Context·
smart-contractssecurityauditing
0

Analyzes smart contract codebases to identify state-changing entry points for security audits.

Trail of Bits Skills Marketplace

By Shared Context·
securityaismart-contracts
0

A marketplace of skills from Trail of Bits enhancing AI-assisted security analysis and development workflows.

firebase-apk-scanner

By Shared Context·
firebasesecurityapk
0

Scan Android APKs for Firebase security misconfigurations and vulnerabilities.

trailmark-summary

By Shared Context·
code-analysislanguage-detectiondependency-graph
0

Analyzes codebases to provide a quick structural overview with language detection and entry point count.

audit-prep-assistant

By Shared Context·
securitycode-qualitydocumentation
0

Prepares codebases for security reviews using Trail of Bits' checklist, enhancing code quality and documentation.

libafl

By Shared Context·
fuzzingrustcustom-fuzzers
0

LibAFL is a modular fuzzing library for building custom fuzzers with advanced features.

fuzzing-dictionary

By Shared Context·
fuzzingsecuritytesting
0

Fuzzing dictionaries enhance fuzzers with domain-specific tokens for effective testing.

codeql

By Shared Context·
code-analysissecurityvulnerabilities
0

Scans codebases for security vulnerabilities using CodeQL's advanced analysis techniques.

trailmark-structural

By Shared Context·
trailmarkstructural-analysiscode-analysis
0

Conducts comprehensive structural analysis for codebases using Trailmark.

code-maturity-assessor

By Shared Context·
code-maturitysecurityassessment
0

Systematic assessment of code maturity using a 9-category framework.

genotoxic

By Shared Context·
mutation-testingcode-analysistest-coverage
0

Graph-informed mutation testing triage for identifying test gaps and fuzzing targets.

debug-buttercup

By Shared Context·
kubernetesdebuggingredis
0

Debugs the Buttercup CRS on Kubernetes to diagnose service failures and resource issues.

differential-review

By Shared Context·
securitycode-reviewdifferential-analysis
0

Conducts security-focused differential reviews of code changes to prevent vulnerabilities.

constant-time-testing

By Shared Context·
cryptographysecuritytiming-attacks
0

Constant-time testing identifies timing side channels in cryptographic code to enhance security.

interpreting-culture-index

By Shared Context·
culture-indexbehavioral-analysisteam-composition
0

Interprets Culture Index surveys and behavioral profiles for team and individual insights.

git-cleanup

By Shared Context·
gitbranch-managementcleanup
0

Safely analyze and clean up local git branches and worktrees by categorizing them.

let-fate-decide

By Shared Context·
tarotdecision-makingrandomness
0

Injects randomness into decision-making by drawing Tarot cards for vague prompts.

substrate-vulnerability-scanner

By Shared Context·
substratesecurityvulnerability-scanning
0

Scan Substrate/Polkadot pallets for critical vulnerabilities to enhance security.

seatbelt-sandboxer

By Shared Context·
macossandboxsecurity
0

Generates minimal macOS Seatbelt sandbox configurations for application isolation.

audit-context-building

By Shared Context·
code-analysissecurity-auditarchitectural-context
0

Enables ultra-granular, line-by-line code analysis for deep architectural context before vulnerability discovery.

dwarf-expert

By Shared Context·
dwarfdebuggingbinary-analysis
0

Expertise for analyzing DWARF debug files and understanding the DWARF standard (v3-v5).

audit-augmentation

By Shared Context·
trailmarksarifweaudit
0

Augments Trailmark code graphs with external audit findings for enhanced analysis.

semgrep-rule-variant-creator

By Shared Context·
semgrepcode-analysissecurity
0

Create language variants of existing Semgrep rules for targeted applications.

sarif-parsing

By Shared Context·
sarifstatic-analysissecurity
0

Parses and processes SARIF files from static analysis tools for actionable insights.

trailmark

By Shared Context·
securitycode-analysisgraph
0

Builds and queries multi-language source code graphs for security analysis.

mutation-testing

By Shared Context·
mutation-testingmewtmuton
0

Configures mutation testing campaigns with mewt or muton, optimizing performance and scope.

cosmos-vulnerability-scanner

By Shared Context·
cosmos-sdksmart-contractsvulnerability-scanning
0

Scans Cosmos SDK modules and CosmWasm contracts for critical vulnerabilities that can halt chains or cause fund loss.

fuzzing-obstacles

By Shared Context·
fuzzingsecuritytesting
0

Techniques for patching code to overcome fuzzing obstacles like checksums and global state.

vector-forge

By Shared Context·
mutation-testingcryptographytest-coverage
0

Generates mutation-driven test vectors for cryptographic algorithms to improve coverage.

burpsuite-project-parser

By Shared Context·
burpsecuritycommand-line
0

Command-line tool for searching and analyzing Burp Suite project files (.burp).

insecure-defaults

By Shared Context·
securityauditingconfiguration
0

Detects insecure defaults that allow applications to run with weak security configurations.

atheris

By Shared Context·
pythonfuzzersecurity
0

Atheris is a coverage-guided fuzzer for Python code and C extensions, leveraging libFuzzer.

semgrep-rule-creator

By Shared Context·
semgrepsecuritystatic-analysis
0

Create custom Semgrep rules to detect security vulnerabilities and code patterns.

mermaid-to-proverif

By Shared Context·
mermaidproverifcryptography
0

Translates Mermaid sequence diagrams of cryptographic protocols into ProVerif models for formal verification.

agentic-actions-auditor

By Shared Context·
github-actionssecurityai-agents
0

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations.

diagramming-code

By Shared Context·
mermaiddiagrammingcode-visualization
0

Generates Mermaid diagrams from Trailmark code graphs for visualizing code architecture.

secure-workflow-guide

By Shared Context·
smart-contractssecuritydevelopment
0

Enhance smart contract security with a structured 5-step workflow.

address-sanitizer

By Shared Context·
memory-safetyfuzzingc++
0

AddressSanitizer detects memory errors during fuzzing C/C++ code.

claude-in-chrome-troubleshooting

By Shared Context·
chrometroubleshootingclaude
0

Diagnose and fix connectivity issues for the Claude in Chrome MCP extension.

guidelines-advisor

By Shared Context·
smart-contractssecuritydocumentation
0

Smart contract development advisor that analyzes codebases and provides actionable recommendations based on best practices.

second-opinion

By Shared Context·
code-reviewllmopenai
0

Runs external LLM code reviews on code changes using OpenAI Codex or Google Gemini.

spec-to-code-compliance

By Shared Context·
blockchaincomplianceauditing
0

Verifies code compliance with documentation for blockchain audits.

wycheproof

By Shared Context·
cryptographytestingvalidation
0

Wycheproof provides test vectors for validating cryptographic implementations against known attacks.

token-integration-analyzer

By Shared Context·
token-securityerc20erc721
0

Analyzes token implementations and integrations for security and conformity using a comprehensive checklist.

solana-vulnerability-scanner

By Shared Context·
solanasecurityvulnerability-scanning
0

Scan Solana programs for critical vulnerabilities to enhance security.

cairo-vulnerability-scanner

By Shared Context·
cairostarknetsecurity
0

Scans Cairo/StarkNet smart contracts for critical vulnerabilities.

sharp-edges

By Shared Context·
api-securityconfigurationcryptography
0

Identifies error-prone APIs and configurations to prevent security mistakes.

harness-writing

By Shared Context·
fuzzingsoftware-testingsecurity
0

Learn techniques for writing effective fuzzing harnesses across multiple programming languages.

constant-time-analysis

By Shared Context·
cryptographysecuritycode-analysis
0

Detects timing side-channel vulnerabilities in cryptographic code.

ton-vulnerability-scanner

By Shared Context·
tonsmart-contractssecurity
0

Scans TON smart contracts for critical vulnerabilities in FunC code.

zeroize-audit

By Shared Context·
zeroizationsecurityauditing
0

Audits C/C++/Rust code for missing zeroization of sensitive data, ensuring secure handling of secrets.

designing-workflow-skills

By Shared Context·
workflowskillsdesign
0

Design and structure multi-step workflow skills for Claude Code effectively.

devcontainer-setup

By Shared Context·
devcontainerclaude-codedevelopment-environment
0

Creates devcontainers with Claude Code and language-specific tooling for isolated development.

libfuzzer

By Shared Context·
fuzzerllvmc++
0

Coverage-guided fuzzer for C/C++ projects integrated with LLVM.

skill-improver

By Shared Context·
skill-improvementquality-assuranceautomation
0

Iteratively improves Claude Code skills by fixing quality issues through automated review cycles.

property-based-testing

By Shared Context·
property-based-testingtestingsmart-contracts
0

Guidance for implementing property-based testing across multiple languages and smart contracts.

coverage-analysis

By Shared Context·
coveragefuzzinganalysis
0

Coverage analysis measures code exercised during fuzzing to enhance harness effectiveness and identify blockers.

dimensional-analysis

By Shared Context·
dimensional-analysiscode-auditblockchain
0

Annotates codebases with dimensional analysis to prevent formula bugs and dimensional mismatches.

modern-python

By Shared Context·
pythontoolingproject-setup
0

Configures Python projects with modern tooling for streamlined development.

graph-evolution

By Shared Context·
code-analysissecuritygit
0

Compares code graphs across snapshots to identify security-relevant changes.

ruzzy

By Shared Context·
rubyfuzzersecurity
0

Ruzzy is a coverage-guided fuzzer for Ruby, enabling effective testing of Ruby code and C extensions.

algorand-vulnerability-scanner

By Shared Context·
algorandsecuritysmart-contracts
0

Scans Algorand smart contracts for 11 common vulnerabilities to enhance security.

ask-questions-if-underspecified

By Shared Context·
requirementsclarificationcommunication
0

Clarify requirements before implementation to avoid miscommunication and errors.

variant-analysis

By Shared Context·
vulnerabilitycode-analysissecurity
0

Identify and analyze similar vulnerabilities across codebases using pattern-based techniques.

crypto-protocol-diagram

By Shared Context·
cryptodiagramprotocol
0

Generates sequence diagrams for cryptographic protocols from source code or specifications.

testing-handbook-generator

By Shared Context·
securitytestingautomation
0

Generate Claude Code skills from the Trail of Bits Testing Handbook for security testing tools and techniques.