trailofbits/polytracker

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/trailofbits/polytracker)

trailofbits / polytracker

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

☆588

Alternatives and similar repositories for polytracker

Users that are interested in polytracker are comparing it to the libraries listed below

Sorting:

eurecom-s3 / symcc
View on GitHub
SymCC: efficient compiler-based symbolic execution
☆856May 12, 2025Updated 9 months ago
AngoraFuzzer / libdft64
View on GitHub
libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
☆269Feb 21, 2025Updated last year
secure-software-engineering / phasar
View on GitHub
A LLVM-based static analysis framework.
☆1,034Feb 17, 2026Updated last week
mchalupa / dg
View on GitHub
[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
☆524May 21, 2025Updated 9 months ago
HexHive / retrowrite
View on GitHub
RetroWrite -- Retrofitting compiler passes through binary rewriting
☆736Apr 26, 2025Updated 10 months ago
googleprojectzero / TinyInst
View on GitHub
A lightweight dynamic instrumentation library
☆1,308Apr 1, 2025Updated 10 months ago
lifting-bits / anvill
View on GitHub
anvill forges beautiful LLVM bitcode out of raw machine code
☆366Sep 3, 2024Updated last year
R-Fuzz / symsan
View on GitHub
A LLVM Sanitizer for Symbolic Tracing
☆234Feb 7, 2026Updated 2 weeks ago
trailofbits / Honeybee
View on GitHub
An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite
☆131Feb 13, 2022Updated 4 years ago
trailofbits / maat
View on GitHub
Open-source symbolic execution framework: https://maat.re
☆648Updated this week
sslab-gatech / qsym
View on GitHub
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
☆655Nov 23, 2022Updated 3 years ago
GJDuck / e9patch
View on GitHub
A powerful static binary rewriting tool
☆1,089Feb 15, 2026Updated last week
AngoraFuzzer / Angora
View on GitHub
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic e…
☆954Jul 18, 2022Updated 3 years ago
HexHive / magma
View on GitHub
A ground-truth fuzzing benchmark suite based on real programs with real bugs.
☆334Jan 11, 2026Updated last month
wmkhoo / taintgrind
View on GitHub
A taint-tracking plugin for the Valgrind memory checking tool
☆265May 30, 2025Updated 9 months ago
vusec / parmesan
View on GitHub
ParmeSan: Sanitizer-guided Greybox Fuzzing
☆177Apr 19, 2024Updated last year
andreafioraldi / qasan
View on GitHub
QASan is a custom QEMU 3.1.1 that detects memory errors in the guest using AddressSanitizer.
☆350Jul 30, 2024Updated last year
googleprojectzero / Jackalope
View on GitHub
Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android
☆1,293Jan 13, 2026Updated last month
seahorn / clam
View on GitHub
Static Analyzer for LLVM bitcode based on Abstract Interpretation. **Update**: clam is still actively maintained. Please use branch dev1…
☆287Apr 21, 2024Updated last year
GrammaTech / ddisasm
View on GitHub
A fast and accurate disassembler
☆739Jan 23, 2026Updated last month
sdasgup3 / validating-binary-decompilation
View on GitHub
Scalable Validator for Binary Lifters
☆62Jun 28, 2020Updated 5 years ago
staticafi / symbiotic
View on GitHub
Symbiotic is a tool for finding bugs in computer programs based on instrumentation, program slicing and KLEE
☆334Feb 2, 2026Updated 3 weeks ago
aengelke / instrew
View on GitHub
A high performance LLVM-based dynamic binary instrumentation framework
☆286Jun 7, 2024Updated last year
S2E / s2e
View on GitHub
S2E: A platform for multi-path program analysis with selective symbolic execution.
☆511Feb 15, 2026Updated last week
eurecom-s3 / symqemu
View on GitHub
SymQEMU: Compilation-based symbolic execution for binaries
☆368May 5, 2025Updated 9 months ago
lifting-bits / remill
View on GitHub
Library for lifting machine code to LLVM bitcode
☆1,605Feb 13, 2026Updated 2 weeks ago
strongcourage / uafuzz
View on GitHub
UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
☆350Sep 25, 2023Updated 2 years ago
AFLplusplus / Grammar-Mutator
View on GitHub
A grammar-based custom mutator for AFL++
☆271Dec 22, 2025Updated 2 months ago
SVF-tools / SVF
View on GitHub
Static Value-Flow Analysis Framework for Source Code
☆1,652Updated this week
AFLplusplus / AFL-Snapshot-LKM
View on GitHub
A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.
☆141Aug 17, 2021Updated 4 years ago
intel / kernel-fuzzer-for-xen-project
View on GitHub
Kernel Fuzzer for Xen Project (KF/x) - Hypervisor-based fuzzing using Xen VM forking, VMI & AFL
☆473Jul 8, 2024Updated last year
evanmak / savior-source
View on GitHub
source code for savior fuzzer
☆127Oct 1, 2020Updated 5 years ago
nyx-fuzz / libxdc
View on GitHub
The fastest Intel-PT decoder for fuzzing
☆378Feb 2, 2024Updated 2 years ago
season-lab / fuzzolic
View on GitHub
fuzzing + concolic = fuzzolic :)
☆127Nov 6, 2025Updated 3 months ago
gryan11 / PGA
View on GitHub
Proximal Gradient Analysis open source release based on our USENIX Security 2021 paper: "Fine Grained Dataflow Analysis with Proximal Gra…
☆32Apr 29, 2021Updated 4 years ago
JonathanSalwan / Triton
View on GitHub
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software v…
☆4,056Dec 2, 2025Updated 2 months ago
PLSysSec / haybale
View on GitHub
Symbolic execution of LLVM IR with an engine written in Rust
☆578Oct 27, 2023Updated 2 years ago
quarkslab / rewind
View on GitHub
Snapshot-based coverage-guided windows kernel fuzzer
☆323Dec 16, 2021Updated 4 years ago
seahorn / sea-dsa
View on GitHub
A new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.
☆168Dec 4, 2025Updated 2 months ago