Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems. Learn more →
Top 8 C Sandbox Projects
-
Ultimately, the combination of C and Wasm3 worked successfully.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
-
Going to toot my own horn here but if you're looking for something like a container with a security focus that is precisely what https://nanos.org was built for. No users, no login/ssh, no ability to run other programs other than the one that is already running. It kills off entire CWE's such as CWE-77/CWE-78 and neutralizes a large amount of nasty payloads forcing attackers to put in the work. It has all the same security features you'll find in linux (aslr, stack exec off, rodata no exec, etc.) but more.
A go unikernel deployed in this manner might have 5 files on the fs so you don't have a half-dozen interpreters or live off the land binary type stuff. Beware though that not all unikernels are built the same way and don't share the same security profiles as nanos.
At the end of the day though if security is a driving force containers are simply not built for that. Just the other day CVE-2024-45310 landed and a few weeks ago we had CVE-2024-42472 in flakpak (a continuation of the bubblewrap stuff).
People are probably going to jump in here and mention gvisor and firecracker. Note that firecracker is really a machine monitor replacement and most payloads are still running a linux guest (although nanos can work here). Gvisor does deal with the security issue well enough but at the cost of performance if you don't have access to hw virtualization.
-
dumpulator
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
-
-
lkm-sandbox
Collection of Linux Kernel Modules and PoC to discover, learn and practice Linux Kernel Development
-
-
InfluxDB
InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
-
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
C Sandbox discussion
C Sandbox related posts
-
Building static binaries with Go on Linux
-
Hacking Alibaba Cloud's Kubernetes Cluster
-
Neverflow: Set of C macros that guard against buffer overflows
-
Searchable Linux Syscall Table for x86 and x86_64
-
Show HN: Porting OpenBSD Pledge() to Linux
-
Backspace issue
-
How to chroot gentoo or other os?
-
A note from our sponsor - InfluxDB
influxdata.com | 19 Apr 2025
Index
What are some of the best open-source Sandbox projects in C? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | wasm3 | 7,518 |
| 2 | pafish | 3,610 |
| 3 | nanos | 2,759 |
| 4 | dumpulator | 774 |
| 5 | naikari | 81 |
| 6 | lkm-sandbox | 51 |
| 7 | exile.h | 15 |
| 8 | Wyvern | 5 |
Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai