30 open-source projects similar to trailofbits/slither, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Slither alternative.
Mythril is an Ethereum Virtual Machine smart contract security analyzer that uses symbolic execution to identify vulnerabilities in bytecode before deployment. It functions as a vulnerability scanner and formal auditor, treating program inputs as mathematical symbols to prove the presence of bugs in contract logic. The tool performs bytecode-level analysis to detect flaws that may be hidden by high-level compilers. It integrates SMT solvers to determine if specific vulnerability states are reachable and compares symbolic execution traces against a library of known security flaw signatures. T
This repository is a comprehensive educational curriculum and programming guide designed to teach Solidity development and smart contract testing. It provides a structured set of instructional materials and tutorials for writing, deploying, and auditing secure programmable contracts on the Ethereum Virtual Machine. The course focuses on the Foundry toolkit, providing an Ethereum tooling curriculum that covers compiling and testing smart contracts locally. It emphasizes a professional development workflow, moving from initial Solidity programming to the implementation of decentralized applicat
This project is a multi-language compiler collection and cross-platform toolchain used to translate source code from various programming languages into optimized machine code for different hardware architectures. It provides a suite of tools including an optimizing compiler backend, a machine code generator, and a comprehensive runtime library suite that implements necessary execution environments and support functions. The system utilizes a multi-pass compilation pipeline and pluggable language front-ends to process source code into intermediate representations. It distinguishes itself throu
This project is a collection of instructional resources and manuals providing strategic defense frameworks for protecting cryptocurrency assets and digital identities. It serves as a security guide for mitigating blockchain-based exploits, managing digital wallets, and implementing risk frameworks to prevent the theft of digital assets. The documentation provides detailed handbooks on wallet security, including the management of private keys, the use of hardware wallets, and secure transaction signing. It offers specialized guidance on anti-phishing defense and the identification of social en
SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
The repository contains Python implementation of Maian -- a tool for automatic detection of buggy Ethereum smart contracts of three different types: prodigal, suicidal and greedy. Maian processes contract's bytecode and tries to build a trace of transactions to find and confirm bugs. The…
This project is a comprehensive functional programming curriculum and learning resource for Haskell. It provides sequenced educational paths and technical reference guides designed to take developers from beginner to advanced levels of proficiency. The project distinguishes itself through a deep focus on theoretical and technical foundations, offering detailed studies on type theory, category theory, and runtime internals. It includes a dedicated performance handbook for optimizing execution speed and memory management, as well as an ecosystem guide for managing development tools and editor c
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Miasm is a Python reverse engineering framework designed for binary analysis, disassembly, and modification. It functions as a binary analysis framework that lifts machine code into an intermediate representation to enable platform-independent security research. The system operates as a binary emulation engine and modification toolkit, allowing for the execution of binary code in a virtual environment to track state changes without native hardware. It provides tools for binary patching to update and modify raw binary files across multiple CPU architectures and executable formats. The framewo
InvenTree is an open-source inventory management platform built on Django, designed for tracking parts, stock levels, and supply chain operations through a web interface and REST API. The system uses barcodes—including QR codes, 1D barcodes, and Data Matrix codes—as primary identifiers for scanning, linking, and triggering inventory actions, and extends core functionality through a Python plugin framework supporting custom actions, UI panels, barcode handlers, and scheduled tasks. The platform distinguishes itself through a comprehensive plugin-based extensibility system that allows custom in
Paddle-Lite is a deep learning inference engine and edge computing runtime designed to execute trained models on mobile and edge devices. It provides a hardware-accelerated inference framework and a decoupled runtime with a minimal binary footprint to operate in resource-constrained environments without third-party dependencies. The project includes a model quantization tool for reducing precision and size via static and dynamic quantization, as well as a computation graph optimizer. These tools reduce latency and memory usage by fusing operators and pruning the model intermediate representat
This project is a suite of automated tools and an LLM code review framework designed for design auditing, security scanning, and AI-driven code analysis. It functions as a developer workflow orchestrator that uses static analysis agents and agent-based workflows to automate pull request analysis and security audits. The system employs a dual-loop agent architecture to coordinate primary analysis and secondary verification, reducing false positives. It distinguishes itself through the use of browser automation to perform live UI component testing and verify frontend changes against accessibili
CrackMapExec is a network penetration testing framework and automated security scanner designed to assess security postures across large IP ranges. It functions as a multi-protocol security scanner and network protocol auditor used to identify vulnerabilities and misconfigurations. The tool provides capabilities for Active Directory auditing to enumerate users and permissions, as well as post-exploitation enumeration to gather system metadata and discover lateral movement paths. It includes a framework for credential spraying and harvesting across various network services. The system utilize
CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database. The system represents source code as a relational database, enabling the execution of structural queries and data flow analysis. This approach allows for the detection of security flaws and coding errors across large-scale repositories. The tool provides capabilities for automated code auditing, static analysis security testing, and custom vulnerability dete
DeepAudit is a privacy-preserving code audit platform that combines multiple specialized AI agents to identify and verify security vulnerabilities in source code. It functions as a local LLM vulnerability scanner, an automated security report generator, and a sandboxed exploit verifier, all operating entirely within an internal network to keep sensitive code and data on premises. What distinguishes DeepAudit is its multi-agent cooperative approach: teams of AI agents jointly plan, analyze, and cross-check findings across the codebase, moving beyond single-pass scanning. The platform also sand
SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin
Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
Beancount is a plain-text double-entry accounting system. It enforces zero-sum transactions, organizes accounts into a hierarchical five-type tree, and verifies balances at specific dates using precision-derived tolerances. Transactions are recorded in plain-text files with a strict syntax that supports currency-specific rounding, automatic interpolation of missing amounts, and comprehensive metadata including tags, links, and payee annotations. Beyond core bookkeeping, Beancount offers investment portfolio tracking with lot-based cost basis management, configurable booking strategies (FIFO,
GnuCash is a double-entry accounting software designed for personal and small-business financial management. It tracks assets, liabilities, income, and expenses using a bookkeeping system that ensures financial accuracy. The platform functions as a multi-currency bookkeeping system and a SQL-based financial ledger, persisting accounting data in relational databases or XML files. The system is distinguished by its extensibility as a Python-scriptable accounting tool, providing Python bindings and a REPL for automating tasks and creating custom reports. It also serves as an investment portfolio
This project is a cloud drive media aggregator and storage proxy that merges content from multiple cloud storage providers into a unified directory. It functions as an M3U playlist generator, converting cloud files and streaming sources into standardized formats for use in external media players. The system acts as a plugin host for Python-based scripts to fetch and parse content from third-party websites. These operations are supported by a local proxy to accelerate request loading and bypass network restrictions. The software includes a web-based interface for managing server settings and
Albert is a keyboard launcher that opens files, applications, and runs commands by typing search queries into a search bar. It functions as a keyboard-driven workflow tool, enabling users to navigate their file system, launch installed applications, and execute shell commands without touching a mouse. The launcher processes user input through a plugin-based modular architecture, where functionality is extended by dynamically loaded C++ and Python plugins. Queries are dispatched to all enabled handlers in parallel, with results merged and ranked by a combination of match quality and historical
Kreuzberg is a document extraction engine that converts PDFs, Office files, images, and over 90 other formats into clean, structured text and metadata. It is built around a compiled Rust core that can be used as a native library, a command-line tool, a REST API server, or a WebAssembly module for browser-based processing. The system is designed to run entirely on self-hosted infrastructure, with no data leaving the user's environment. What distinguishes Kreuzberg is its breadth of integration surfaces and its pipeline architecture. It exposes extraction capabilities through native bindings fo
MusicBrainz Picard is a metadata tagger and audio tag editor that identifies and tags audio files using the MusicBrainz community music database. It functions as a plugin-extensible tagging framework and a scriptable file organizer capable of reading and writing tags across various audio formats including MP3, FLAC, and WAV. The project is distinguished by its acoustic fingerprint identifier, which matches unknown music files to known recordings via sonic fingerprints. It features a custom scripting language for automating metadata transformations and organizing files into structured folder h
my-git is a comprehensive framework and reference guide for Git version control administration, repository governance, and software release management. It provides a structured approach to managing the software development lifecycle, from initial feature branching to final production deployment. The project distinguishes itself through a specialized AI-assisted development framework. This includes workflows for managing AI-generated code via automated diff reviews, intent-based commit splitting, and governance models for multi-agent coordination and session isolation using worktrees. The cod
This project is a software engineering standards guide and technical quality manual. It provides a framework for engineering governance, focusing on maintaining code quality, peer review processes, and sustainable development across large-scale technical organizations. The documentation establishes a code review framework that covers preparing, performing, and assigning peer reviews to ensure codebase stability. It defines standardized engineering patterns and maintainability criteria to keep diverse project repositories uniform and readable. The guidelines encompass code quality assurance,