{"id":13729468,"url":"https://github.com/trailofbits/eth-security-toolbox","last_synced_at":"2026-02-27T07:30:14.159Z","repository":{"id":37438025,"uuid":"162624279","full_name":"trailofbits/eth-security-toolbox","owner":"trailofbits","description":"A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.","archived":false,"fork":false,"pushed_at":"2024-12-18T17:07:30.000Z","size":41,"stargazers_count":677,"open_issues_count":1,"forks_count":108,"subscribers_count":28,"default_branch":"master","last_synced_at":"2024-12-31T07:23:02.628Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-20T19:42:17.000Z","updated_at":"2024-12-22T08:49:36.000Z","dependencies_parsed_at":"2022-07-12T14:22:38.025Z","dependency_job_id":"d631f110-09c0-44ba-8a68-a0455ad136da","html_url":"https://github.com/trailofbits/eth-security-toolbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Feth-security-toolbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Feth-security-toolbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Feth-security-toolbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Feth-security-toolbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/eth-security-toolbox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239869218,"owners_count":19710485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T02:01:00.731Z","updated_at":"2026-02-27T07:30:14.109Z","avatar_url":"https://github.com/trailofbits.png","language":"Dockerfile","funding_links":[],"categories":["Security","\u003ca name=\"tools\"\u003e\u003c/a\u003e Tools"],"sub_categories":["Cairo","\u003ca name=\"sast\"\u003e SAST/DAST/Unity Test Analysis"],"readme":"# Ethereum Security Toolbox\n\nThis repository contains scripts to create a Docker container preinstalled and\npreconfigured with all of Trail of Bits’ Ethereum security tools, including:\n\n* [Echidna](https://github.com/crytic/echidna) property-based fuzz tester\n* [Medusa](https://github.com/crytic/medusa) fuzz tester based on go-ethereum\n* [Slither](https://github.com/crytic/slither) static analysis tool\n* [solc-select](https://github.com/crytic/solc-select) to quickly switch between Solidity compiler versions\n* [Building secure contracts](https://github.com/crytic/building-secure-contracts) repository\n\nOther useful tools developed by third-parties are also included:\n\n* [Foundry](https://github.com/foundry-rs/foundry), a toolkit for Ethereum app development\n* [Vyper](https://github.com/vyperlang/vyper), a Pythonic Smart Contract language for the EVM\n* [n](https://github.com/tj/n), a Node version manager\n* npm and Yarn\n* Python\n\n## Quickstart\n\nUse our prebuilt Docker container to quickly install and run the toolkit:\n\n```shell\ndocker pull ghcr.io/trailofbits/eth-security-toolbox:nightly\ndocker run -it ghcr.io/trailofbits/eth-security-toolbox:nightly\n```\n\nAlternatively, build the image from scratch:\n\n```shell\ngit clone https://github.com/trailofbits/eth-security-toolbox.git\ncd eth-security-toolbox\ndocker build -t eth-security-toolbox .\n```\n\n## Usage\n\nSimply start an instance of the Docker container:\n\n```shell\ndocker run -it ghcr.io/trailofbits/eth-security-toolbox:nightly\n```\n\nSeveral Solidity versions are preinstalled via `solc-select`. By default, `solc`\ncorresponds to the latest release. This can be changed using the `solc-select`\ntool:\n\n```shell\n$ solc --version\nsolc, the solidity compiler commandline interface\nVersion: 0.8.22+commit.4fc1097e.Linux.g++\n$ solc-select use 0.4.26\n$ solc --version\nsolc, the solidity compiler commandline interface\nVersion: 0.4.26+commit.4563c3fc.Linux.g++\n```\n\nYou can also view the installed versions and install new ones:\n\n```shell\n$ solc-select versions\n0.8.22 (current, set by /home/ethsec/.solc-select/global-version)\n0.7.6\n0.6.12\n0.5.17\n0.4.26\nethsec@f95fb29a709d:~$ solc-select install 0.8.0\nInstalling solc '0.8.0'...\nVersion '0.8.0' installed.\nethsec@f95fb29a709d:~$ solc-select use 0.8.0\nSwitched global version to 0.8.0\n$ solc --version\nsolc, the solidity compiler commandline interface\nVersion: 0.8.0+commit.c7dfd78e.Linux.g++\n```\n\nThe toolbox comes preinstalled with a LTS version of Node, and\n[n](https://github.com/tj/n), the Node version manager. You can install other\nversions of Node if needed by using `n`. Refer to their website for further\ninstructions.\n\n```shell\n$ sudo n 14\n  installing : node-v14.21.3\n       mkdir : /usr/local/n/versions/node/14.21.3\n       fetch : https://nodejs.org/dist/v14.21.3/node-v14.21.3-linux-arm64.tar.gz\n     copying : node/14.21.3\n   installed : v14.21.3 (with npm 6.14.18)\n$ node --version\nv14.21.3\n```\n\n## Usage in CI\n\nA variant of the image is published on GitHub Container Registry as\n[`ghcr.io/trailofbits/eth-security-toolbox/ci`](https://github.com/trailofbits/eth-security-toolbox/pkgs/container/eth-security-toolbox%2Fci).\nThis variant is meant to be slightly lighter, and better suited for its use in\nCI contexts such as [GitHub workflow jobs](https://docs.github.com/en/actions/writing-workflows/choosing-where-your-workflow-runs/running-jobs-in-a-container):\n\n\n```yaml\n# workflow triggers, ...\n\njobs:\n  tests:\n    runs-on: ubuntu-latest\n    container: ghcr.io/trailofbits/eth-security-toolbox/ci:nightly\n    steps:\n      # other steps ...\n      - run: medusa fuzz # or any tool from the image\n```\n\nThe main differences are:\n * The container does not have a dedicated non-root user. All tools are\n   installed under the root user.\n * Most autocompletions are not installed.\n * No solc binaries are preinstalled. You may continue to use `solc-select` to\n   install any binaries you may need.\n * pyevmasm and the building secure contracts repository are not included.\n\n## Container image labels\n\nBoth `eth-security-toolbox` and `eth-security-toolbox/ci` use the following\nlabel convention:\n\n| Label              | Description\n|--------------------|--------------------------------------------------------\n| `nightly-YYYYMMDD` | Image built from the code in `master` on day YYYY-MM-DD\n| `nightly`          | Alias for the latest `nightly-YYYYMMDD` container image\n| `testing-BRANCH`   | Image built when the tip of `BRANCH` was last updated\n| `edge`             | Alias for `testing-master`\n| `TAG`              | Image built when `TAG` was tagged\n| `latest`           | Alias for the latest `TAG` container image\n\nTo keep tooling in CI predictable, we recommend picking a `nightly-YYYYMMDD`\nimage and pinning it by hash on your workflow file. Then, establish a process\nto review the changes and update the container reference on a regular cadence,\nso that you can continue to benefit from tool improvements. The following\nsnippet shows the syntax used to pin the image on a GitHub Actions workflow;\nthe hashes may be obtained from the [container registry page](https://github.com/orgs/trailofbits/packages?repo_name=eth-security-toolbox).\n\n```yaml\ncontainer: ghcr.io/trailofbits/eth-security-toolbox/ci:nightly-YYYYMMDD@sha256:HASH_GOES_HERE\n```\n\n## Getting Help\n\nFeel free to stop by our [Slack channel](https://slack.empirehacking.nyc/) for\nhelp on using or extending this toolbox.\n\n## License\n\nThe Ethereum Security Toolbox is licensed and distributed under the\n[AGPLv3](LICENSE) license. [Contact us](mailto:opensource@trailofbits.com) if\nyou’re looking for an exception to the terms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Feth-security-toolbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Feth-security-toolbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Feth-security-toolbox/lists"}