Awesome Rust Security

Curated list of awesome projects and resources related to Rust and computer security

Table of Contents

• Tools
  • Web and Cloud Security
  • Vulnerability Assessment
  • Offensive Security and Red Teaming
  • Threat Detection and Forensics
  • Cryptography
  • Applications
• Educational
  • Books
  • Articles
  • Talks
• Similar Lists
• Contributing

Tools

Web and Cloud Security

Pentesting

• sn0int - OSINT framework and package manager
• sniffglue - secure multithreaded packet sniffer
• badtouch - scriptable network authentication cracker
• rshijack - TCP connection hijacker
• feroxbuster - fast, simple and recursive content discovery tool
• rustbuster - web fuzzer and content discovery tool
• rustscan - The Modern Port Scanner
• kepler - NIST-based CVE lookup store and API powered by Rust.
• phaser - Automated attack surface mapper and vulnerability scanner
• pdfrip - Fast PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
• chromepass - Chromepass - Hacking Chrome Saved Passwords

Authorization & Authentication Frameworks

• biscuit - delegated, decentralized, capabilities based authorization token
• paseto.rs - PASETO Rust implementation
• webauthn.rs - WebAuthn implementation in Rust
• aliri - JWT authenticaiton and OAuth2 scope authorization implementations for many web frameworks
• OpenSK - open-source implementation for security keys written in Rust
• dacquiri - Attributed based access control (ABAC) framework with compile-time enforcement

Cloud and Infrastructure

• firecracker - secure and fast microVMs for serverless computing
• boringtun - CloudFlare's Rust implementation of WireGuard
• innernet - private network based on WireGuard
• vaultwarden - unofficial BitWarden implementation in Rust

Software Supply Chain

• rebuilderd - independent verification of binary packages
• rust-tuf - Rust implementation of the Update Framework

Secure Frameworks

• adblock-rust - Brave's Rust-based adblock engine
• libinjection - Rust bindings to libinjection
• http-desync-guardian - Analyze HTTP requests to minimize risks of HTTP Desync attacks
• ammonia - Repair and secure untrusted HTML

Vulnerability Assessment

Static Code Auditing

• RustSec - organization supporting vulnerability disclosure for Rust packages, audit Cargo.lock files for dependencies
• cargo-geiger - detect usage of unsafe Rust
• siderophile - find ideal fuzz targets in a Rust codebase
• cargo-crev - cryptographically verifiable code review for cargo
• arch-audit - audit installed Arch packages for vulnerabilities
• ripgrep - recursively search directories with regexes
• weggli - fast and robust semantic search tool for C and C++ codebases
• noseyparker - command-line program that finds secrets and sensitive information in textual data and Git history.
• L3X - AI-driven Static Analyzer

Fuzzing

• rust-fuzz - organization implementing cargo plugins for AFL, libFuzzer, and honggfuzz
• LibAFL - slot fuzzers together in Rust
• fuzzcheck.rs - structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.
• onefuzz - self-hosted Fuzzing-As-A-Service platform
• lain - fuzzer framework implemented in Rust
• fzero - fast grammar-based fuzz generator implementation
• nautilus - grammar-based feedback fuzzer from RUB's Systems Security Lab
• sidefuzz - fuzzer for side-channel vulnerabilities
• arbitrary - trait for generating structured input from raw bytes, helpful for structure-aware fuzzing
• rust-san - sanitizers for Rust code
• lidiffuzz - memory allocator drop-in to test for uninitialized memory reads
• rewind - Snapshot-based coverage-guided Windows kernel fuzzer
• hyperpom - AArch64 fuzzer based on the Apple Silicon hypervisor
• icicle-emu - Fuzzing-specific multi-architecture emulation framework

Binary Analysis & Reversing

• goblin - binary parsing crate for Rust
• unicorn.rs - Rust bindings to the Unicorn framework
• cargo-call-stack - whole program stack analysis
• xori - disassembly library for PE32, 32+ and shellcode
• rd - record/replay debugger implemented in Rust
• binsec - Swiss Army Knife for Binary (In)Security
• radeco - Radare2-based decompiler and symbol executor
• falcon - Binary Analysis Framework in Rust
• mesos - binary coverage tool without modification for Windows
• guerilla - monkey patching Rust functions
• ropr - blazing fast™ multithreaded ROP Gadget finder
• pwninit - automate starting binary exploit challenges
• binaryninja-rs - Binary Ninja API support for Rust

Property-Based Testing

• quickcheck - property-based testing for Rust
• proptest - Hypothesis-like property testing for Rust
• bughunt-rust - example of using fuzzing QuickCheck models for bughunting
• mutagen - mutation testing framework for Rust

Symbolic Execution

• seer - symbolic execution engine for Rust
• haybale - LLVM IR-based symbolic execution engine from the USCD System Security Lab

Formal Verification

• MIRAI - abstract interpreter for Rust's MIR from Facebook
• electrolysis - formal verification of Rust programs with the Lean theorem prover

Offensive Security and Red Teaming

Command-and-Control Frameworks

• tetanus - Mythic agent written in Rust

Defense Evasion

• FunctionStomping - new shellcode injection technique.

Packing, Obfuscation, Encryption, Anti-analysis

• debugoff - Linux anti-debugging and anti-analysis rust library
• goldberg - procedural macro library for obfuscating Rust code.
• obfstr - string obfuscation for Rust
• oxide - PoC packer written in Rust.
• Linux.Fe2O3 - Simple ELF prepender virus / in-memory loader written in Rust

Threat Detection and Forensics

• yara-rust - Rust bindings to YARA
• BONOMEN - hunt for malware critical process impersonation
• confine - sandbox for threat detection
• redbpf - crate for writing BPF/eBPF modules
• cernan - telemetry aggregation and shipping
• chainsaw - Windows Event Log Hunting
• foniod - Data first monitoring agent using (e)BPF, built on RedBPF
• zerotect - attack/exploit Detector that utilizes Polymorphism and Diversity
• hayabusa - Sigma-based threat hunting and fast forensics timeline generator for Windows event logs written in Rust.
• medusa - fast and secure multi protocol honeypot.
• elegant-bouncer - experimental tool for detection of the FORCEDENTRY (CVE-2021-30860)
• cargo-sandbox - sandboxed cargo

Cryptography

Frameworks

• secrets - secure storage for cryptographic secrets in Rust
• mundane - BoringSSL-backed cryptography library
• rust-threshold-secret-sharing - Rust implementation of threshold-based secret sharing
• molasses - Rust implementation of the MLS group messaging protocol
• rust-security-framework - Rust bindings to the macOS Security.framework
• microkv - minimal and secure key-value storage for Rust
• swanky - suite of rust libraries for secure multi-party computation
• tandem - maliciously secure two-party computation engine which is embeddable and accessible

Applications

• sniffnet - Application to comfortably monitor your Internet traffic 🕵️‍♂️
• ripasso - password manager written in Rust
• sekey - TouchID / Secure Enclave for SSH authentication
• Mullvad VPN Client - Mullvad VPN app written in Rust
• fakio - lightweight secure tunnel proxy.
• firecracker - Secure and fast microVMs for serverless computing.

Educational

Books

• Black Hat Rust
• Rust Fuzz Book
• Secure Rust Guidelines

Articles

• str::repeat wildcopy exploit writeup
• Introduction to Fuzzing Rust code

Talks

• BlackHat EU 2018 - RustZone: Writing Trusted Applications in Rust
• DEFCON 30 - Lessons from fuzzing a smart contract compiler

Similar Lists

• awesome-rust
• rust-secure-code/projects
• analysis-tools-dev/static-analysis
• analysis-tools-dev/dynamic-analysis
• awesome-go-security

Contributing

Make a pull request if you are interested in adding more to this list! All contributions are appreciated.