Rust Security tools Resources

Godbox Secure sandboxing system for untrusted code execution. It uses isolate which uses specific functionnalities of the Linux kernel, thus godbox no

unfuck is a utility and library for deobfuscating obfuscated Python 2.7 bytecode. It is essentially a reimplementation of the Python VM with taint tracking.

Molasses An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol s

electrolysis About A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover. Masters thesis: Simple

rust-tuf A Rust implementation of The Update Framework (TUF). Full documentation is hosted at docs.rs. Warning: Beta Software This is under active dev

authoscope authoscope is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, yo

drv-vuln-scanner Vulnerable driver scanning tool for win64, put drivers to scan in drv/. Finds imports that could be exploited, still requires manual

Linux.Fe2O3 This is a POC ELF prepender written in Rust. I like writting prependers on languages that I'm learning and find interesting. As for the na

lain This crate provides functionality one may find useful while developing a fuzzer. A recent nightly Rust build is required for the specialization f

Verdict-as-a-Service Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows eas

rd The Record & Debug Tool The Record & Debug Tool (rd) is a Rust language port of the rr-debugger/rr debugger. With rd you can record Linux program e

known key bruteforcer This little rust projects bruteforces the ~/.ssh/known_hosts file with incredible speed. Idea of this project came from this per

Rust CVE Preface This is a list of CVEs for unsound APIs in the Rust standard library. These bugs break Rust's memory safety guarantee and lead to sec

RUST_SYSCALLS Single stub direct and indirect syscalling with runtime SSN resolving for windows. Features: One single line for all your syscalls Funct

libdiffuzz: security-oriented alternative to Memory Sanitizer This is a drop-in replacement for OS memory allocator that can be used to detect uses of

ctfsak (CTF Swiss Army Knife) This is a tool to help saving time during CTFs, where it's common to have to do a lot of encoding/decoding, encrypting/d

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust. MimiRust is a program based on the wdigest attack vector

IC Kit This library provides an alternative to ic-cdk that can help developers write canisters and unit test them in their Rust code. Install Add this

Xori - Custom disassembly framework Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and pro

arch-audit pkg-audit-like utility for Arch Linux. Based on data from security.archlinux.org collected by the awesome Arch Security Team. Installation

cernan - telemetry aggregation and shipping, last up the ladder Cernan is a telemetry and logging aggregation server. It exposes multiple interfaces f

Kepler — Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

BOnum NOMEN - good name Hunt for Malware Critical Process Impersonation How it works The purpose of this tool is to detect process name impersonation

An attempt to rewrite lite-client for TON Blockchain in Rust using ton-labs-adnl library.

Intro fzero is a grammar-based fuzzer that generates a Rust application inspired by the paper "Building Fast Fuzzers" by Rahul Gopinath and Andreas Ze

Rust TLS/SSL certificate expiration date from command-line checker

Paseto Rust Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This is d

Nautilus NOTE: THIS IS AN OUTDATE REPOSITORY, THE CURRENT RELEASE IS AVAILABLE HERE. THIS REPO ONLY SERVES AS A REFERENCE FOR THE PAPER Nautilus is a

fortipwn Forti CVE-2022-40684 enumeration script built in Rust. Uploads an SSH public key into authorized_keys, allowing an attacker to SSH into a ser

UNiD Automate device security provisioning with edge intelligence Features Decentralized PKI(DPKI), DIDs, DKMS, and Credential Management End-to-End E

Magma: A strictly typed Vulkan API interface. Magma is a strictly typed Rust interface for the vulkan API. This means that whenever possible, the well

A simple port sniffer(scanner) implementation with 🦀 Install from crates.io crago install ports-sniffer From aur: yay -S ports-sniffer Arguments Argu

unicorn-rs THIS PACKAGE IS DEPRECATED AND NO LONGER MAINTAINED. Rust bindings are now included with unicorn and will be maintained there from now on.

knockson simple multi-threaded port scanner written in rust Install Using AUR https://aur.archlinux.org/packages/knockson-bin/ yay -Syu knockson-bin M

slowlorust Lightweight slowloris (HTTP DoS) implementation in Rust. Slowloris is a denial-of-service attack program which allows an attacker to overwh

SideFuzz: Fuzzing for side-channel vulnerabilities SideFuzz is an adaptive fuzzer that uses a genetic-algorithm optimizer in combination with t-statis

displaylight_rs This Rust workspace is a rewrite of my DisplayLight project. It colors leds mounted behind the monitor with the colors shown on the di

libinjection-rs Rust bindings for libinjection. How to use Add libinjection to dependencies of Cargo.toml: libinjection = "0.2" Import crate: extern c

ntcall-rs Easily call NT System Calls from rust. All System Call ID’s are dumped at compile-time. To get started just import the function you would li

cyg: Secure files in your repository Cyg will help you to secure files in your repository directly using PGP encryption. The name "cyg" was inspired b

BIDI Character Detector This tool checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks to mitigate

Is_sudo Checks if program is running as sudo in unix systems, or using admin permission in windows. Usage use is_sudo::check; use is_sudo::RunningAs;

SCMA Google Calendar Sync Synchronizes Southern California Mountaineers Association (SCMA) calendar events to Google Calendar. Credentials SCMA websit

Simple Chunk Allocator A simple no_std allocator written in Rust that manages memory in fixed-size chunks/blocks. Useful for basic no_std binaries whe

rust-zip A simple rust library to read and write Zip archives, which is also my pet project for learning Rust. At the moment you can list the files in

Extended precision integer Rust library. Provides signed/unsigned integer 256 to 2048.

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

Dama Desktop Agnostic Menu Aggregate This program aims to be a hackable, easy to use menu that can be paired to lightweight window managers in order t

corncobs: Corny COBS encoding/decoding in Rust This crate provides Consistent Overhead Byte Stuffing (COBS) support for Rust programs, with a particul

confine Containers, but for dynamic malware analysis confine is a container runtime for dynamically analyzing suspicious executables. Given a sample s

Heros NFT on Solana The Heros NFT Marketplace Boilerplate project is designed to let users fork, customize, and deploy their own nft marketplace app t

PGen-Rust Getting Started You can get the latest version of PGen from the github actions artifacts or from one of these links: linux, windows, macos U

LLVM-CBE is a C-backend for LLVM, i.e. a tool that turns LLVM bitcode 1 into C. It requires to be built near LLVM, which was found to be so heavy dependency that shipping it as Cargo crate would be absurd.

cert_installer is a utility that adds a CA certificate to Android's System Trust Store by overwriting the /system/etc/security/cacerts directory with a tmpfs mount. Changes made to the System Trust Store is not persistant across reboots.