# Trail of Bits > Trail of Bits is a cybersecurity research and engineering firm, founded in 2012. The site is a research portal: open-source tools, public audit reports, academic papers, conference talks, and podcasts, organized by security domain. Library totals: 1020 publications — 620 reports, 133 talks, 40 papers, 44 catalog tools. 200+ public repositories across the Trail of Bits, Crytic, and Lifting Bits organizations. Content spans six security domains: AI/ML Security, Blockchain Security, Cryptography, Systems Security, Application Security, Software Supply Chain. Any of these can be used as a filter on the library. ## Key pages - [Explore — full library](https://trailofbits.com/library/): every report, paper, talk, podcast, and policy comment, searchable. - [Open-source tools](https://trailofbits.com/tools/): the tool catalog, organized by the problem each solves. - [Reports](https://trailofbits.com/reports/): security reviews with cover thumbnails. - [Talks](https://trailofbits.com/talks/): conference talks and presentations. - [Services](https://trailofbits.com/services/): how engagements work. - [Team](https://trailofbits.com/team/): the people and the firm's history. ## Services - [Software Assurance](https://trailofbits.com/services/software-assurance/): Multi-disciplinary security reviews across the whole SDLC, with a team sized to your threat model rather than a fixed template. - [AI/ML Security](https://trailofbits.com/services/ai-ml/): We review AI systems end to end, from training data and MLOps pipelines to model artifacts, inference hardware, and deployed agent loops. - [Application Security](https://trailofbits.com/services/application-security/): Deep code, cloud, and architecture review that finds the root cause and the fix that retires the whole bug class. - [Blockchain](https://trailofbits.com/services/blockchain/): We review every layer of a blockchain system, from smart contracts to nodes and bridges, backed by Slither, Echidna, and Medusa. - [Cryptography](https://trailofbits.com/services/cryptography/): PhD-level cryptographers who build and break real protocols, from zero-knowledge proofs and MPC to post-quantum migrations. - [Security Engineering](https://trailofbits.com/services/security-engineering/): An embedded team that builds custom security tooling and remediates vulnerabilities across your pipeline, from development through deployment. - [Research & Development](https://trailofbits.com/services/research-and-development/): Multi-year research that uncovers Internet-scale vulnerabilities and turns the findings into open-source tools, papers, and standards. ## Open-source tools - [Slither](https://trailofbits.com/tools/slither/): Static analysis for Solidity and Vyper with built-in detectors and an API for custom checks. - [Echidna](https://trailofbits.com/tools/echidna/): Property-based fuzzer that throws grammar-driven inputs at Ethereum contracts to falsify your invariants. - [Medusa](https://trailofbits.com/tools/medusa/): Parallel smart-contract fuzzing built on go-ethereum and designed for large-scale test campaigns. - [Etheno](https://trailofbits.com/tools/etheno/): JSON-RPC multiplexer and test-integration layer for contract analysis tools. - [Tealer](https://trailofbits.com/tools/tealer/): Static analysis for Algorand TEAL programs with CFG construction and vulnerability detectors. - [Circomspect](https://trailofbits.com/tools/circomspect/): Static analysis and linting for Circom circuits, aimed at catching risky patterns in zero-knowledge code. - [Remill](https://trailofbits.com/tools/remill/): Machine-code lifter that translates instructions into LLVM bitcode for later analysis and transformation. - [Anvill](https://trailofbits.com/tools/anvill/): Lifting primitives that aim for Clang-like bitcode quality so decompiled output is easier to reason about. - [VMill](https://trailofbits.com/tools/vmill/): Snapshot-based process emulator for executing lifted binaries and instrumenting them in LLVM form. - [Manticore](https://trailofbits.com/tools/manticore/): Symbolic execution engine for binaries, smart contracts, and WebAssembly programs. - [Maat](https://trailofbits.com/tools/maat/): Dynamic symbolic execution and binary-analysis framework with taint analysis, environment simulation, and constraint solving. - [Codex Decompiler](https://trailofbits.com/tools/codex-decompiler/): Ghidra plugin that uses language models to improve decompilation and reverse-engineering workflows. - [DeepState](https://trailofbits.com/tools/deepstate/): Common interface for C and C++ tests across multiple fuzzing and symbolic-execution backends. - [gosentry](https://trailofbits.com/tools/gosentry/): Security-focused Go toolchain fork that adds LibAFL fuzzing, structured inputs, grammar mode, and fuzz-time bug detectors. - [zfuzz](https://trailofbits.com/tools/zfuzz/): Emulation-based snapshot fuzzer that can load arbitrary memory dumps and attack them directly. - [KRF](https://trailofbits.com/tools/krf/): Kernel fault-injection tool for Linux and FreeBSD designed to force error paths and expose weak handling. - [ProtoFuzz](https://trailofbits.com/tools/protofuzz/): Grammar-aware fuzzer for Protocol Buffers that derives inputs from format definitions rather than hand-written generators. - [test-fuzz](https://trailofbits.com/tools/test-fuzz/): Rust macros and Cargo tooling that automate corpus creation and harness setup for fuzzing. - [Necessist](https://trailofbits.com/tools/necessist/): Mutation-style tool that removes statements and calls to uncover tests that look healthy but are actually weak. - [Mewt](https://trailofbits.com/tools/mewt/): Mutation testing framework that makes small source-code changes and runs your test suite to show whether tests catch real behavioral changes. - [rekor-monitor](https://trailofbits.com/tools/rekor-monitor/): Transparency-log monitoring for Sigstore's Rekor so maintainers can watch for suspicious signing events. - [It-Depends](https://trailofbits.com/tools/it-depends/): Dependency-graph and SBOM builder for packages and arbitrary source repositories. - [cargo-unmaintained](https://trailofbits.com/tools/cargo-unmaintained/): Identifies unmaintained packages in Rust projects before they quietly become inherited risk. - [Dylint](https://trailofbits.com/tools/dylint/): Runs custom Rust lints from dynamic libraries rather than a single fixed lint set. - [semgrep-rules](https://trailofbits.com/tools/semgrep-rules/): Public Semgrep queries developed during audits, research, and internal engineering work. - [codeql-queries](https://trailofbits.com/tools/codeql-queries/): Public CodeQL query packs used to express deeper code and data-flow policies. - [Linuxevents](https://trailofbits.com/tools/linuxevents/): eBPF-based monitoring without shipping kernel headers or a stack of environment-specific bytecode artifacts. - [ebpfpub](https://trailofbits.com/tools/ebpfpub/): Monitors system and library calls across multiple kernel versions with minimal runtime dependencies. - [ebpf-verifier](https://trailofbits.com/tools/ebpf-verifier/): Research prototype for running the eBPF verifier outside the live kernel to make cross-version testing practical. - [mquire](https://trailofbits.com/tools/mquire/): Memory-forensics tool that queries Linux kernel snapshots over SQL, using BTF and kallsyms embedded in the dump so no external debug symbols are needed. - [winchecksec](https://trailofbits.com/tools/winchecksec/): Static inspection of Windows binaries for mitigations like DEP, ASLR, and code integrity. - [pe-parse](https://trailofbits.com/tools/pe-parse/): Minimal, security-focused parser for Portable Executable files built to survive malicious or malformed inputs. - [osquery-extensions](https://trailofbits.com/tools/osquery-extensions/): Collection of Trail of Bits extensions that expand what osquery can inspect and expose. - [Graphtage](https://trailofbits.com/tools/graphtage/): Semantic diff and merge tooling for tree-shaped data such as JSON, YAML, HTML, plist, and CSS. - [Polyfile](https://trailofbits.com/tools/polyfile/): Maps the semantic structure of files, including polyglots and other intentionally confusing inputs. - [PolyTracker](https://trailofbits.com/tools/polytracker/): LLVM-based data-flow and control-flow analysis that records how program logic touches specific input bytes. - [Umberto](https://trailofbits.com/tools/umberto/): Structured-data mutator for JSON, XML, X.509, and other grammar-shaped inputs. - [mishegos](https://trailofbits.com/tools/mishegos/): Differential fuzzer for x86 decoders built to expose disagreements between analysis tools. - [Honeybee](https://trailofbits.com/tools/honeybee/): Intel Processor Trace capture and decoding suite tuned for high-throughput source and blackbox fuzzing. - [Fickling](https://trailofbits.com/tools/fickling/): Decompiles, statically analyzes, and rewrites Python pickle files to catch code hidden in ML model artifacts. - [PrivacyRaven](https://trailofbits.com/tools/privacyraven/): Privacy-testing library for deep-learning systems and privacy-preserving ML techniques. - [MPC-learning](https://trailofbits.com/tools/mpc-learning/): Multi-party computation library for machine-learning workflows built around a three-party protocol. - [abi3audit](https://trailofbits.com/tools/abi3audit/): Scans Python extensions and wheels for abi3 compatibility violations across package histories. - [CVEdb](https://trailofbits.com/tools/cvedb/): Library and CLI for consuming NVD data directly without leaning on third-party APIs. ## Machine-readable endpoints - [Full library JSON](https://trailofbits.com/api/library.json) - [Reports JSON](https://trailofbits.com/api/reports.json) - [Papers JSON](https://trailofbits.com/api/papers.json) - [Tools JSON](https://trailofbits.com/api/tools.json) - [Full content for LLMs](https://trailofbits.com/llms-full.txt) - [Sitemap](https://trailofbits.com/sitemap-index.xml) ## Optional - [Trail of Bits (GitHub)](https://github.com/trailofbits): The main organization for tools, guides, publications, and ongoing engineering work. - [Crytic (GitHub)](https://github.com/crytic): Blockchain and smart-contract tooling, including Slither, Echidna, and Medusa. - [Lifting Bits (GitHub)](https://github.com/lifting-bits): Binary lifting, LLVM-based translation, and reverse-engineering infrastructure. - [Publications datasets (GitHub)](https://github.com/trailofbits/publications/tree/master/datasets): Structured public research assets, including audit-findings datasets that belong next to the tool catalog. - [Blog](https://blog.trailofbits.com/): the technical blog — research writeups, disclosures, and tooling. - [X / Twitter](https://x.com/trailofbits) - [LinkedIn](https://www.linkedin.com/company/trail-of-bits)