Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks

Verified
We've verified that the organization trailofbits controls the domains:
- www.trailofbits.com
- trailofbits.com
Learn more about verified organizations

README.md

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:

@trailofbits — Our main GitHub organization
@crytic — Our blockchain security group
@lifting-bits — Our binary lifting research projects
@trail-of-forks — Development on others' projects

Pinned Loading

publications publications Public

Publications from Trail of Bits

Python 1.7k 219
skills skills Public

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Python 2.3k 177
fickling fickling Public

A Python pickling decompiler and static analyzer

Python 598 66
vscode-weaudit vscode-weaudit Public

Create code bookmarks and code highlights with a click.

TypeScript 226 28
semgrep-rules semgrep-rules Public

Semgrep queries developed by Trail of Bits.

Go 469 46
codeql-queries codeql-queries Public

CodeQL queries developed by Trail of Bits

CodeQL 144 7

Repositories

skills Public
Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

trailofbits/skills’s past year of commit activity

Python 2,277 CC-BY-SA-4.0 177 4 6 Updated Feb 1, 2026
are-we-pep740-yet Public
Are we PEP 740 yet?

trailofbits/are-we-pep740-yet’s past year of commit activity

HTML 10 BSD-2-Clause 6 0 3 Updated Feb 1, 2026
dylint Public
Run Rust lints from dynamic libraries

trailofbits/dylint’s past year of commit activity

Rust 530 Apache-2.0 49 47 (1 issue needs help) 8 Updated Feb 1, 2026
mishegos Public
A differential fuzzer for x86 decoders

trailofbits/mishegos’s past year of commit activity

C++ 260 Apache-2.0 29 9 (2 issues need help) 16 Updated Feb 1, 2026
claude-code-devcontainer Public
Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

trailofbits/claude-code-devcontainer’s past year of commit activity

Shell 176 Apache-2.0 15 1 0 Updated Jan 31, 2026
necessist Public
A mutation-based tool for finding bugs in tests

trailofbits/necessist’s past year of commit activity

Rust 131 AGPL-3.0 18 17 0 Updated Jan 31, 2026
dropkit Public
A CLI tool for managing DigitalOcean droplets with automated setup, SSH configuration, and lifecycle management.

trailofbits/dropkit’s past year of commit activity

Python 27 Apache-2.0 5 0 1 Updated Jan 30, 2026
cargo-unmaintained Public
Find unmaintained packages in Rust projects

trailofbits/cargo-unmaintained’s past year of commit activity

Rust 83 AGPL-3.0 13 11 1 Updated Jan 30, 2026
go-panikint Public Forked from golang/go
It's the Go compiler, but it panics on arithmetic and truncation issues.

trailofbits/go-panikint’s past year of commit activity

Go 42 BSD-3-Clause 19,929 1 0 Updated Jan 30, 2026
buttercup Public
Buttercup finds and patches software vulnerabilities

trailofbits/buttercup’s past year of commit activity

Python 1,446 AGPL-3.0 160 52 6 Updated Jan 30, 2026