Rust Security-testing Resources

Hiisi Proof of concept libSQL server written in Rust with deterministic simulation testing. Why Hiisi? SQLite is a versatile database, but serverless

mutatis Easily create custom, structure-aware mutators for fuzzing. Repository | Docs | Guide | Contributing About The most popular fuzzers — includin

pi-sentinel Standing watch over the Pi Network, PiSentinel is a consensus algorithm that safeguards security, decentralization, and scalability. Intro

rlt A Rust Load Testing framework with real-time tui support. rlt provides a simple way to create load test tools in Rust. It is designed to be a univ

backseat-signed Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs. This

Crabcheck A WIP property-based testing library in Rust, built with generalized targeted-property testing in mind. What is property-based testing? TODO

Engineering Practice Domains Introduction Welcome to the Engineering Practice Domains at Fearless! This repository serves as a monorepo for our collab

Dead Man's Switch This is a simple implementation of a Dead Man's Switch. Use at your own risk. Check the f****(as in friendly) code. Dead man's switc

CVE-2024-24576-Exploit The Command::arg and Command::args APIs state in their documentation that the arguments will be passed to the spawned process a

Api testing tool made with rust to use for api developement (Kind of Tui) This Rust project provides a simple yet powerful tool for making HTTP reques

🇹🇷 Eth Global Istanbul 2023 Hackaton Project 🇹🇷 Table of Contents Table of Contents About The Project Built With Getting Started Installation Cont

RustRedOps In Construction.... The project is still under development Overview RustRedOps is a repository that houses various tools and projects relat

cargo-crev to cargo-vet converter Crev and Vet are supply-chain security tools for auditing Rust/Cargo dependencies. This tool (crevette) is a helper

Hopper Hopper is an tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing. It transforms the problem of libr

Hopper Hopper is an tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing. It transforms the problem of libr

Efficient zk-Rollup Implementation in Rust This repository contains a simple, single transaction, zero-knowledge rollup made in Rust. We have combined

mls-rs   An implementation of the IETF Messaging Layer Security end-to-end encryption (E2EE) protocol. What is MLS? MLS is a new IETF end-to-end encry

NovaLdr is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities. This project is not intended to be a complete or polished product but rather a journey into the technical aspects of malware, showcasing various techniques and features.

agree agree is a CLI tool for easily applying multi-key-turn security via Shamirs Secret Sharing. Project state agree is unstable. Version semantics:

Lockbox is a command-line tool for generating and managing passwords. It uses strong encryption algorithms to securely store your passwords, so you can be sure that your data is safe.

TSFFS: Target Software Fuzzer For SIMICS TSFFS is a snapshotting, coverage-guided fuzzer built on the SIMICS full system simulator. TSFFS makes it eas

Cargo Pretty Test ✨ A Rust command-line tool that prettifies the ugly cargo test output into a beautiful output. This crate can be also used as a libr

Assured Confidential Execution (ACE) for RISC-V ACE-RISCV is an open-source project, whose goal is to deliver a confidential computing framework with

auth-rs auth-rs provides a simple authentication and authorization service for use in other services. The service is written in Rust and uses the acti

usbsas is a free and open source (GPLv3) tool and framework for securely reading untrusted USB mass storage devices. Description Following the concept

proto-sim Prototype simulation using Arbiter as the simulation & agent engine. Build & Run build.sh cargo run Arbiter config The arbiter.toml config

Bankrun Bankrun is a superfast, powerful and lightweight framework for testing Solana programs in NodeJS. While people often use solana-test-validator

bulloak A simple, fast, and easy to use Solidity test generator based on the Branching Tree Technique. Installing cargo install bulloak Usage Basic Us

🔥 Rhea A Server Load Testing Tool Rhea is a powerful and easy-to-use command-line tool written in Rust for load testing servers. It allows you to sim

twenty-twenty The twenty-twenty library allows for visual regression testing of H.264 frames and images. It makes it easy to update the contents when

Starknet Foundry Blazingly fast toolkit for developing Starknet contracts designed & developed by ex Protostar team from Software Mansion based on nat

git-signify A tool to sign arbitrary objects in a git repository. Generating keys Signing keys can be generated with signify, from the OpenBSD project

serde_test   This crate provides a convenient concise way to write unit tests for implementations of Serialize and Deserialize. The Serialize impl for

Pulsar is a security tool for monitoring the activity of Linux devices at runtime, powered by eBPF. The Pulsar core modules use eBPF probes to collect

repro-env Imagine you had a tool that takes a config like this: # repro-env.toml [container] image = "rust:1-alpine3.18" and turns it into something l

Retina Retina is a network analysis framework that enables operators and researchers to ask complex questions about high-speed (100gbE) network links

FREE Reverse Engineering Self-Study Course HERE Hacking Rust A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32

op-up Warning This is a work in progress. OP-Up is a hive tool for testing OP-Stack-compatible software modules. This project was born out of the need

🐍 Pyscan A dependency vulnerability scanner for your python projects, straight from the terminal. 🚀 blazingly fast scanner that can be used within l

Substrate NFTs Node The Substrate NFTs node is a specialized blockchain for testing use cases with the FRAME NFTs Pallet. 🚀 The purpose of this node

Overview Vuln Reach is a library for developing tools that determine if a given vulnerability is reachable. Provided to the open source community by P

job-security - job control from anywhere! job-security is a tool that lets you put your running programs into background, then bring them to the foreg

GitHub SBOM(s) Generator Action This GitHub Action and/or standalone CLI application generates a Software Bill of Materials (SBOM) for a given GitHub

mesh-security (Hackathon / Prototype status) An implementation of Sunny's Mesh Security talk from Cosmoverse 2022. This should run on any CosmWasm ena

namaka Snapshot testing tool for Nix based on haumea nix shell github:nix-community/namaka namaka check # run checks namaka review # review pending sn

Domo Arigato A simple command line tool which quickly audits the Disallow entries of a site's robots.txt. Disallow entries can be used to stop search

botwork botwork is a single-binary, generic and open-source automation framework written in Rust for acceptance testing, acceptance test driven develo

Ghost Ghost is a rust library that allows you to delete your executable while it's running. Usage // With a default placeholder value on windows (`svc

(First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls and all hooked functions (incl. hooked NtProtectVirtualMemory)

memory_pages: High level API for low level memory management While using low-level memory management in a project can provide substantial benefits, it

fri-commitment FRI low degree testing & FRI polynomial commitment using [VP19]'s trick. Implementation using arkworks libraries. Note: done in my free

warp is an friendly, fast, correct, and extensible build system built for polyglot monorepos that uses JavaScript for its configuration and is built i

subscout is a simple, nimble subdomain enumeration tool written in Rust language. It is designed to help bug bounty hunters, security professionals and penetration testers discover subdomains of a given target domain.

Bolt ⚡ Bolt is a desktop application that is designed to make the process of developing and testing APIs easier and more efficient. Quick start 👩‍💻

tree-crasher tree-crasher is an easy-to-use grammar-based black-box fuzzer. It parses a number of input files using tree-sitter grammars, and produces

Reltester Relation tester is a small testing utility for automatically checking the correctness of PartialEq, PartialOrd, Eq, and Ord implementations.

tree-splicer tree-splicer is a simple grammar-based test case generator. It parses a number of input files using tree-sitter grammars, and produces ne

apt-swarm An attempt to make a secure public p2p protocol that gossips about signed InRelease files to implement an update transparency log. Running a

RustForDataPipelines Testing out if Rust can be used for a normal Data Engineering Pipeline. Check out the full blog post here. https://www.confession

CASR: Crash Analysis and Severity Report CASR – collect crash reports, triage, and estimate severity. It is based on ideas from exploitable and apport

updlockfiles Manage lockfiles for packages that don't ship any upstream. Like updpkgsums but for 3rd party dependency trees. If you're not actively ma

cargo-is-tested [ 🇪🇸 ] El libro contiene instrucciones e información detallada en Español. cargo-is-tested is a way to check which of your items are

the full repository is using Ethers-rs for the finding of CTF unless requirement of smart contract like in case of re-entrancy. best way get good at e

runfast What is it? This is a program intended to be run in a project directory to set up a project run command, and remember it so we dont have to ty

Half Baked Block Engine About This is a half-baked block engine. It can be used for testing bundles running through jito-solana. Shortcomings The bare

Lanzaboote: Secure Boot for NixOS This repository contains tooling for UEFI Secure Boot on NixOS. The goal is to make Secure Boot available from nixpk

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

Hogg 🐽 An experimental passive website scanner. Hogg acts as a proxy between you and your DNS server and scans every website you visit for common vul

irulescan is a tool to scan iRules for unexpected/unsafe expressions that may have undesirable effects like double substitution.

Betwixt Simple, markdown-based, polyglot literate programming and documentation tests. Read code between the lines Summary Betwixt is heavily inspired

Axum Synchronizer Token Pattern CSRF prevention This crate provides a Cross-Site Request Forgery protection layer and middleware for use with the axum

Pact graph network Generates a schema of dependencies between microservices using pact-broker data. Table of contents Screenshots Tech Stack Features

Nitrogen CLI Nitrogen is a tool for deploying web services to AWS Nitro Enclaves. Given a dockerfile and an ssh key, Nitrogen will spin up an EC2, con

Multi Test: Test helpers for multi-contract interactions Warning: Alpha Software Designed for internal use only. This is used for testing cw-plus cont

"Fan Remote" A self-contained Rust binary to expose a single X10 command (turn off that fan) as an HTML form button. In its current form, it's highly

osintui Open Source Intelligence Terminal User Interface Report Bug · Request Feature Installation First, install Rust (using the recommended rustup i

partial-io Helpers for testing I/O behavior with partial, interrupted and blocking reads and writes. This library provides: PartialRead and PartialWri

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Fern proxy With the advent of Cloud Native applications, architecture patterns evolved and emerged to take advantage of cloud computing, and build mor

Recon Find, locate, and query files for ops and security experts Key Features • How To Use • Download • Contributing • License Key Features Query with

enum-dir 一款快速枚举目录的小工具，使用 Rust 编写，扫起来真的很快。 用于发现目标站点中可能存在的路径信息，同时支持字典模式和暴力枚举模式。 本工具仅用于学习 Rust 以及 Rust 协程 Tokio 使用，严禁用于非法用途。 如果使用本工具从事违法犯罪活动，造成的任何后果，本人不承

gorilla gorilla is the ultimate wordlist tool packing a lot of amazing utilities like: building wordlists based on patterns (like crunch) building wor

🚀 FeroxFuzz 🚀 A structure-aware HTTP fuzzing library 🤔 Another ferox? why? 🤔 Chill, it's not another command-line tool, this one's a library! 😁 M

huak About A Python package manager written in Rust. The Cargo for Python. ⚠️ Disclaimer: huak is currently in its Alpha phase. Huak aims to support a

RUST_SYSCALLS Single stub direct and indirect syscalling with runtime SSN resolving for windows. Features: One single line for all your syscalls Funct

huak About A Python package manager written in Rust. The Cargo for Python. ⚠️ Disclaimer: huak is currently in its proof-of-concept (PoC) phase. Huak

privacy-sexy Open-source tool to enforce privacy & security best-practices on Windows and MacOs, because privacy is sexy 🍑 🍆 privacy-sexy is a data-

Vesper A security-focused telemetry agent written in Rust using eBPF. Important: While public, this project is an educational endeavor and is not mean

🔥 firehazard 🔥 Create a fire hazard by locking down your (Microsoft) Windows so nobody can escape (your security sandbox.) Unopinionated low level A

EVM Test Parses and runs compatible common Ethereum tests from ethereum/tests against Polygon Zero's EVM. Note: This repo is currently very early in d

🚩 Show sensitive command summary when open a new terminal 👀 Clear sensitive commands from shell history 🙈 Stash your history command before present

croc-look croc-look is a tool to make testing and debuging proc macros easier by these two features Printing the implementation specific generated cod

autovet continuously searches for security breaches in open source libraries and applications. Recently processed packages package version channel las

Functional testing framework for AVR binaries, powered by simavr. tl;dr get your microcontroller's firmware black-box-tested in seconds!

Test code for Axum, Tokio, WASI Compiling: Build with Tokio unstable flag: RUSTFLAGS="--cfg tokio_unstable" cargo build Run with Enarx: Get Enarx Run:

Discoon Stealer with webhook protection Educational purposes only Only use this on your own machine and do not use it maliciously. License This projec

here we're trying to write some tools for cyber security in Rust because we don't have enough community for Rust in the cyber security field soo this

auth-tarball-from-git Authenticate a tarball through a signed tag in a git repository (with reproducible builds). The signed git tag contains a hash o

cargo-vet Note: cargo-vet is under heavy development and not quite ready for general use. Feel free to give it a try you're feeling adventerous — feed

NTPD-rs NTPD-rs is an implementation of NTP completely written in Rust, with a focus on exposing a minimal attack surface. The project is currently in