rustig VS pwninit

Compare rustig vs pwninit and see what are their differences.

rustig

A tool to detect code paths leading to Rust's panic handler (by Technolution)

pwninit

pwninit - automate starting binary exploit challenges (by io12)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
rustig pwninit
9 2
215 770
0.0% -
0.0 0.0
over 2 years ago 3 months ago
Rust Rust
Apache License 2.0 MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

rustig

Posts with mentions or reviews of rustig. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-03-25.
  • Is there something like "super-safe" rust?
    8 projects | /r/rust | 25 Mar 2023
    There is also rustig though it seems quite dead.
  • Is Rust really safe? How to identify functions that can potentially cause panic
    6 projects | /r/rust | 12 Mar 2023
    There’s the rustig tool (https://github.com/Technolution/rustig) that looks for code paths leading to the panic handler. Not sure if it still works though.
  • My thoughts on Rust and C++
    7 projects | /r/rust | 20 Sep 2022
    That's fair. I think I may just be a bit sore that Rustig was allowed to bit-rot and findpanics hasn't seen a commit since 2020.
  • What improvements would you like to see in Rust or what design choices do you wish were reconsidered?
    5 projects | /r/rust | 1 Sep 2022
  • Things I hate about Rust, redux
    5 projects | /r/programming | 10 Mar 2022
    There's Rustig which does it for panics, though it seems unmaintained and uses inspection of the final binary rather than source code/AST inspection.
    7 projects | /r/rust | 10 Mar 2022
    You might be interested in this: https://github.com/Technolution/rustig
  • Three Things Go Needs More Than Generics
    7 projects | news.ycombinator.com | 3 Oct 2021
    > Doesnt Rust have implicit panics on indexing out of bounds?

    It does yes. A fair number of other constructs can panic as well.

    > I wonder if any codebases lint those away.

    Clippy has a lint for indexing so probably.

    For the general case, it's almost impossible unless you're working on very low-level software (embedded, probably kernel-rust eventually) e.g. `std` assumes allocations can't fail, so any allocation will show up as a panic path.

    https://github.com/Technolution/rustig can actually uncover panic paths, but because of the above the results are quite noisy, and while it's possible to uncover bugs thanks to rustig it requires pretty ridiculous amounts of filtering.

  • Linus Torvalds on Rust support in kernel
    6 projects | news.ycombinator.com | 16 Apr 2021
    This comment is strongly confused.

    > [1] https://github.com/Technolution/rustig

    That's a binary analysis tool. It is only approximate, and does not claim to be an accurate analysis like unsafe-checking and typechecking are:

    https://github.com/Technolution/rustig#limitations

    > All paths leading to panic! from one of those functions (whether actually used or not) will be reported.

    It also only works on x86_64 binaries.

    Panics are an ugly leftover from the bad old days before Rust had nice monad-like syntax for Result error-handling (the "?" syntax). It's time for panic to sunset.

    6 projects | news.ycombinator.com | 16 Apr 2021
    This comment is strongly missinformed:

    1- panicking allocations are here to stay, because in lots of case, it's the most convenient behavior. BUT Rust is adding fallible allocations methods (prefixed with try_) which return a result instead of panicking in allocation failure.

    2- panics are catch-able as long as you don't compile your binary with panic=abort setting (and as long as you don't panic in your panic handler itself)

    3- panics can only occur in specific places (array indexing, allocations, utf-8 validation, unwrap, etc.) which are by definition known at compile-time, and there's tooling to catch these up [1].

    In practice, a might_panic annotation would add a lot of noise for pretty much everybody, because most of us mortals use panicking function all days and it's not a big deal. Obviously it is critical for Linux, but because it's relevant only to the minority of rust users, it doesn't make sense to include it in rustc itself: it's exactly the kind of situation where external tooling is the good option.

    [1] https://github.com/Technolution/rustig

pwninit

Posts with mentions or reviews of pwninit. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning pwninit yet.
Tracking mentions began in Dec 2020.

What are some alternatives?

When comparing rustig and pwninit you can also consider the following projects:

cargo-binstall - Binary installation for rust projects

Rust-for-Linux - Adding support for the Rust language to the Linux kernel.

nue - I/O and binary data encoding for Rust

goblin - An impish, cross-platform binary parsing crate, written in Rust

go101 - An up-to-date (unofficial) knowledge base for Go programming self learning

bincode - A binary encoder / decoder implementation in Rust.

bastion - Highly-available Distributed Fault-tolerant Runtime

rustysd - A service manager that is able to run "traditional" systemd services, written in rust

kani - Kani Rust Verifier

gdbstub - An ergonomic, featureful, and easy-to-integrate implementation of the GDB Remote Serial Protocol in Rust (with no-compromises #![no_std] support)

go - The Go programming language

prusti-dev - A static verifier for Rust, based on the Viper verification infrastructure.