{"id":13421676,"url":"https://github.com/ConsenSys/mythril","last_synced_at":"2025-03-15T10:31:22.470Z","repository":{"id":37465588,"uuid":"103890505","full_name":"Consensys/mythril","owner":"Consensys","description":"Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.","archived":false,"fork":false,"pushed_at":"2024-10-14T04:47:09.000Z","size":49691,"stargazers_count":3871,"open_issues_count":112,"forks_count":737,"subscribers_count":79,"default_branch":"develop","last_synced_at":"2024-10-29T09:17:21.857Z","etag":null,"topics":["blockchain","ethereum","program-analysis","security","security-analysis","smart-contracts","solidity","symbolic-execution"],"latest_commit_sha":null,"homepage":"https://mythx.io/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Consensys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-18T04:14:20.000Z","updated_at":"2024-10-27T02:19:59.000Z","dependencies_parsed_at":"2024-01-09T00:51:58.739Z","dependency_job_id":"55437cbc-a873-4a3b-ada0-5cf19211907f","html_url":"https://github.com/Consensys/mythril","commit_stats":{"total_commits":3688,"total_committers":112,"mean_commits":32.92857142857143,"dds":0.7315618221258134,"last_synced_commit":"8201bfd75f97cfcf717e3ea82205ec85928933fe"},"previous_names":["consensys/mythril-classic"],"tags_count":171,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Consensys%2Fmythril","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Consensys%2Fmythril/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Consensys%2Fmythril/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Consensys%2Fmythril/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Consensys","download_url":"https://codeload.github.com/Consensys/mythril/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243718933,"owners_count":20336590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","ethereum","program-analysis","security","security-analysis","smart-contracts","solidity","symbolic-execution"],"created_at":"2024-07-30T23:00:28.079Z","updated_at":"2025-03-15T10:31:22.462Z","avatar_url":"https://github.com/Consensys.png","language":"Python","funding_links":[],"categories":["Software Development","Tools","Developer Tools","Python","dApps directory","Roadmap","[Ethereum](https://ethereum.org/en/)","开源项目","Other","\u003ca name=\"tools\"\u003e\u003c/a\u003e Tools"],"sub_categories":["Risk Management","Symbolic Execution Tools","Whitepapers","Newsletters","安全审计","\u003ca name=\"sast\"\u003e SAST/DAST/Unity Test Analysis"],"readme":"# Mythril\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg src=\"/static/mythril_new.png\" height=\"320px\"/\u003e\n\u003c/p\u003e\n\n[![Discord](https://img.shields.io/discord/697535391594446898)](https://discord.com/invite/consensys)\n[![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril)\n[![Read the Docs](https://readthedocs.org/projects/mythril-classic/badge/?version=master)](https://mythril-classic.readthedocs.io/en/develop/)\n[![CircleCI](https://dl.circleci.com/status-badge/img/gh/Consensys/mythril/tree/develop.svg?style=shield\u0026circle-token=fd6738fd235f6c2d8e10234259090e3b05190d0e)](https://dl.circleci.com/status-badge/redirect/gh/Consensys/mythril/tree/develop)\n[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril\u0026metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)\n[![Pypi Installs](https://static.pepy.tech/badge/mythril)](https://pepy.tech/project/mythril)\n[![DockerHub Pulls](https://img.shields.io/docker/pulls/mythril/myth.svg)](https://cloud.docker.com/u/mythril/repository/docker/mythril/myth)\n\nMythril is a symbolic-execution-based security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.\n\nWhether you want to contribute, need support, or want to learn what we have cooking for the future, you can checkout diligence-mythx channel in [ConsenSys Discord server](https://discord.gg/consensys).\n\n## Installation and setup\n\nGet it with [Docker](https://www.docker.com):\n\n```bash\n$ docker pull mythril/myth\n```\n\nInstall from Pypi (Python 3.7-3.10):\n\n```bash\n$ pip3 install mythril\n```\n\nUse it via pre-commit hook (replace `$GIT_TAG` with real tag):\n\n```YAML\n- repo: https://github.com/Consensys/mythril\n  rev: $GIT_TAG\n  hooks:\n    - id: mythril\n```\n\nAdditionally, set `args: [disassemble]` or `args: [read-storage]` to use a different command than `analyze`.\n\nSee the [docs](https://mythril-classic.readthedocs.io/en/master/installation.html) for more detailed instructions. \n\n## Usage\n\nRun:\n\n```\n$ myth analyze \u003csolidity-file\u003e\n```\n\nOr:\n\n```\n$ myth analyze -a \u003ccontract-address\u003e\n```\n\nSpecify the maximum number of transactions to explore with `-t \u003cnumber\u003e`. You can also set a timeout with `--execution-timeout \u003cseconds\u003e`.\n\nHere is an example of running Mythril on the file `killbilly.sol` which is in the `solidity_examples` directory for `3` transactions:\n\n```\n\u003e myth a killbilly.sol -t 3\n==== Unprotected Selfdestruct ====\nSWC ID: 106\nSeverity: High\nContract: KillBilly\nFunction name: commencekilling()\nPC address: 354\nEstimated Gas Usage: 974 - 1399\nAny sender can cause the contract to self-destruct.\nAny sender can trigger execution of the SELFDESTRUCT instruction to destroy this contract account and withdraw its balance to an arbitrary address. Review the transaction trace generated for this issue and make sure that appropriate security controls are in place to prevent unrestricted access.\n--------------------\nIn file: killbilly.sol:22\n\nselfdestruct(msg.sender)\n\n--------------------\nInitial State:\n\nAccount: [CREATOR], balance: 0x2, nonce:0, storage:{}\nAccount: [ATTACKER], balance: 0x1001, nonce:0, storage:{}\n\nTransaction Sequence:\n\nCaller: [CREATOR], calldata: , decoded_data: , value: 0x0\nCaller: [ATTACKER], function: killerize(address), txdata: 0x9fa299cc000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef',), value: 0x0\nCaller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0\nCaller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0\n\n```\n\n\nInstructions for using Mythril are found on the [docs](https://mythril-classic.readthedocs.io/en/develop/). \n\nFor support or general discussions please checkout [diligence-mythx channel](https://discord.com/channels/697535391594446898/712829485350649886) in [ConsenSys Discord server](https://discord.gg/consensys)..\n\n## Building the Documentation\nMythril's documentation is contained in the `docs` folder and is published to [Read the Docs](https://mythril-classic.readthedocs.io/en/develop/). It is based on Sphinx and can be built using the Makefile contained in the subdirectory:\n\n```\ncd docs\nmake html\n```\n\nThis will create a `build` output directory containing the HTML output. Alternatively, PDF documentation can be built with `make latexpdf`. The available output format options can be seen with `make help`.\n\n## Vulnerability Remediation\n\nVisit the [Smart Contract Vulnerability Classification Registry](https://swcregistry.io/) to find detailed information and remediation guidance for the vulnerabilities reported.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FConsenSys%2Fmythril","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FConsenSys%2Fmythril","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FConsenSys%2Fmythril/lists"}