Home

Awesome

List of security-related projects

This page contains a list of security-related projects. If you own or have knowledge of any projects that should be added to this list, please create a PR or open an issue!


Fuzzers

NameRepositoryDescription
Cargo Fuzzhttps://github.com/rust-fuzz/cargo-fuzzCommand-line wrapper for using libFuzzer. Easy to use, no need to recompile LLVM!
honggfuzz-rshttps://github.com/rust-fuzz/honggfuzz-rsA fuzzer developed by Google.
afl.rshttps://github.com/rust-fuzz/afl.rsAllows one to run the AFL fuzzer on code written in the Rust programming language.
cargo-libaflhttps://github.com/AFLplusplus/cargo-libaflA fuzzer backed by LibAFL
fuzzcheckhttps://github.com/loiclec/fuzzcheck-rsAn experimental fuzzing engine that mutates Rust data structures directly, bypassing conversion to/from byte strings
QuickCheckhttps://github.com/BurntSushi/quickcheckQuickCheck is a way to do property based testing using randomly generated input.
Proptesthttps://github.com/altsysrq/proptestProptest is a property testing framework (i.e., the QuickCheck family) inspired by the Hypothesis framework for Python.
rusty-radamsahttps://github.com/microsoft/rusty-radamsaRadamsa ported to Rust. Fuzzer with good mutators but lacking coverage guidance.

Model Checkers

NameRepositoryDescription
Loomhttps://github.com/carllerche/loomLoom is a model checker for concurrent Rust code. It exhaustively explores the behaviors of code under the C11 memory model, which Rust inherits.
rutenspitzhttps://github.com/jakubadamw/rutenspitzА procedural macro to be used for testing/fuzzing stateful models against an equivalent implementation.
Rust Model Checker (RMC)https://github.com/model-checking/rmcBit-precise Rust model checker based on CBMC.

Linters

NameRepositoryDescription
Cargo Clippyhttps://github.com/rust-lang/rust-clippyA collection of lints to catch common mistakes and improve your Rust code.

Static Analyzers

NameRepositoryDescription
MIRAIhttps://github.com/facebookexperimental/MIRAIMirai is an abstract interpreter for the Rust compiler's mid-level intermediate representation (MIR). It is intended to become a widely used static analysis tool for Rust.
Prustihttps://github.com/viperproject/prusti-devA static verifier for Rust, based on the Viper verification infrastructure.
Cruxhttps://github.com/GaloisInc/crucibleSymbolic execution tool to run tests on all possible inputs, exhaustively.
Rudrahttps://github.com/sslab-gatech/RudraStatic analyzer for finding memory safety bugs in unsafe Rust code.
L3Xhttps://github.com/VulnPlanet/l3x/AI-driven Static Analyzer.

Dynamic Analyzers

NameRepositoryDescription
sanitizersbuilt into the compilerProvides sanitizers for checking uninitialized memory access, uses of freed memory, memory leaks and data races between threads.
Mirihttps://github.com/rust-lang/miriAn experimental interpreter for Rust's mid-level intermediate representation (MIR). It can run binaries and test suites of cargo projects and detect certain classes of undefined behavior, including Rust-specific ones that sanitizers cannot detect. Moreover, it can do this for arbitrary CPU architectures independent of the host ("cross-interpretation").

Language-independent tools such as Valgrind, Dr. Memory, libdiffuzz etc. also work.


Input Sanitizing

NameRepositoryDescription
untrusted.rshttps://github.com/briansmith/untrustedAllows for reliable and efficient parsing of untrusted inputs in Rust.
dangeroushttps://github.com/avitex/rust-dangerousSimilar to untrusted but with a different API and more verbose error messages
semvalhttps://github.com/slowtec/semvalLibrary for semantic validation of complex data structures in Rust.

Hardened Allocators

NameRepositoryDescription
scudohttps://github.com/google/rust-scudoRust bindings for the LLVM project's Scudo hardened allocator.
mimallochttps://github.com/purpleprotocol/mimalloc_rustRust bindings for Microsoft's mimalloc allocator. Security features are an optional build-time configuration.

Vulnerability Disclosure

NameRepositoryDescription
RustSec Advisory Databasehttps://github.com/RustSec/advisory-db/The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io. Works closely with Cargo Audit.
RustSec Advisory Clienthttps://github.com/RustSec/rustsec-crateClient library for accessing the RustSec Security Advisory Database: fetches the advisory-db (or other compatible) git repository and audits Cargo.lock files against it. It is mainly used by Cargo Audit but may be useful if you would like to consume the RustSec advisory database in other capacities.
Cargo Audithttps://github.com/RustSec/cargo-auditAudit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.
Crates Audithttps://gitlab.com/zachreizner/crates-audit/A tool to cross-reference the crates.io index with the RustSec Advisory database.
Cargo denyhttps://github.com/EmbarkStudios/cargo-denyA tool for checking your dependencies given some set of predefined rules. It can check for license conflict, banned crates, vulnerabilities and source of crates. The rules are defined in the deny.toml file and can be configured for your needs.

Dependency Checker

NameRepositoryDescription
Cargo Geigerhttps://github.com/rust-secure-code/cargo-geigerA program that list statistics related to usage of unsafe Rust code in a Rust crate and all its dependencies.
Cargo Guppyhttps://github.com/facebookincubator/cargo-guppyA program/library for performing queries on Cargo dependency graphs
Siderophilehttps://github.com/trailofbits/siderophile/A program that list statistics of functions that use unsafe code in their call graph. It helps find fuzzing candidates.

Side-Channel Vulnerability Checking

NameRepositoryDescription
SideFuzzhttps://github.com/phayes/sidefuzzSideFuzz is an adaptive fuzzer that uses a genetic-algorithim optimizer in combination with t-statistics to find side-channel (timing) vulnerabilities in cryptography compiled to wasm.
dudect-bencherhttps://github.com/rozbb/dudect-bencherImplements the DudeCT statistical methods for testing constant-time functions. It is based loosely off of the bencher crate.
ctgrindhttps://github.com/RustCrypto/utils/tree/master/ctgrindTool for checking that functions are constant time using Valgrind. Based on the work of Adam Langley and Michael Gehring.

Code Review

NameRepositoryDescription
cargo crevhttps://github.com/dpc/crevcrev is an code review system as opposed to typically practiced code-change review system.
cargo vethttps://github.com/mozilla/cargo-veta tool to help projects ensure that third-party Rust dependencies have been audited by a trusted source.

Books/Guides

NameRepositoryDescription
Secure Rust Guidelineshttps://github.com/ANSSI-FR/rust-guideA guide providing recommendations and resources for secure application development in Rust.

Groups of people

NameRepositoryDescription
Rust Secure Code Working Group (Secure Code WG)https://github.com/rust-secure-code/wgUs, an official Rust working group: "Making it easy to write secure code in Rust"
Rust Formal Methods Interest Group (RFMIG)https://github.com/rust-formal-methods/wgInterest group for using formal methods to verify the correctness of Rust software — not part of the Rust governance structure
Rust VMM communityhttps://github.com/rust-vmm/community"rust-vmm is an open-source project [...] to build custom Virtual Machine Monitors (VMMs) and hypervisors"