Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fabionoth/awesome-web3-security
A curated list of awesome Web3 Security.
https://github.com/fabionoth/awesome-web3-security
List: awesome-web3-security
Last synced: 3 days ago
JSON representation
A curated list of awesome Web3 Security.
- Host: GitHub
- URL: https://github.com/fabionoth/awesome-web3-security
- Owner: fabionoth
- Created: 2024-10-08T18:37:51.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-10-18T02:00:43.000Z (2 months ago)
- Last Synced: 2024-12-05T22:01:07.114Z (16 days ago)
- Homepage:
- Size: 61.5 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- ultimate-awesome - awesome-web3-security - A curated list of awesome Web3 Security. (Other Lists / PowerShell Lists)
README
# Awesome Web3 Security
[](https://github.com/sindresorhus/awesome)
It is a collection of awesome software, libraries, documents, books, resources, and cool stuff about **web3** security.
Thanks to all [contributors](https://github.com/fabionoth/awesome-web3-security/graphs/contributors). You're awesome. This wouldn't be possible without you! The goal is to build a categorized, community-driven collection of very well-known resources.
List links and description
* **[Tools](#tools)**
* [Forensics](#forensics)
* [Testing](#testing)
* [SAST/DAST/Unity Test Analysis](#sast)
* [OS](#os)
* [Fuzzers](#fuzzers)
* [Other tools](#others)
* **[BugBounty](#bugbounty)**
* **[CTF](#ctf)**
* **[Playgrounds](#playgrounds)**
* **[Standards](#standards)**
* **[Databases/Books and References](#databases)**
## Tools
### Forensics
* [abi-decompiler](https://github.com/Decurity/abi-decompiler) - The purpose of abi-decompiler is to implement a simple tools to recover ABI of EVM smart contracts, including function names.
* [DeDaub](https://app.dedaub.com/decompile) - The Dedaub decompiler takes Ethereum Virtual Machine (EVM) bytecode and produces more readable Solidity-like code.
* [Panoramix](https://github.com/palkeo/panoramix) -This is an EVM decompiler.
### Testing
* [BSCheck](https://bscheck.eu/) - Free Binance Smart Chain token analyzer
* [QuillCheck](https://check.quillai.network/) - Safeguard your web3 investments with our AI Agent. Uncover honeypots, understand token permissions, and get comprehensive market insights. Shield yourself from rugpulls and scam tokens. DYOR here!
* [Rugscreen](https://rugscreen.com/) - Catches rugpulls before you lose money.
* [TokenSniffer](https://tokensniffer.com/) - Automated scam detection, auditing, and metrics
* [Rug PUll Detector](http://rugpulldetector.com/) - Find the smart contract of the token and copy solidity code
### SAST/DAST/Unity Test Analysis
* [Brownie](https://eth-brownie.readthedocs.io/en/stable/) - Brownie is a Python-based development and testing framework for smart contracts targeting the Ethereum Virtual Machine.
* [Ethereum Security Box](https://github.com/trailofbits/eth-security-toolbox) - This repository contains scripts to create a Docker container preinstalled and preconfigured with all of Trail of Bits’ Ethereum security tools.
* [Foundry](https://github.com/foundry-rs/foundry) - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
* [Hardhat](https://hardhat.org/) - Hardhat is a development environment for Ethereum software
* [Manticore](https://github.com/trailofbits/manticore) - Manticore is a symbolic execution tool for the analysis of smart contracts and binaries.
* [Mythril](https://github.com/ConsenSys/mythril) - Mythril is a security analysis tool for EVM bytecode
* [Mythx](https://mythx.io/) - Create a MythX account, link your Ethereum address, and generate API keys
* [Octopus](https://github.com/FuzzingLabs/octopus) - Octopus is a security analysis framework for WebAssembly module and Blockchain Smart Contract.
* [Scribble](https://github.com/ConsenSys/scribble) - A Solidity runtime verification tool for property-based testing.
* [Security2](https://github.com/eth-sri/securify2) - Securify 2.0 is a security scanner for Ethereum smart contracts supported by the Ethereum Foundation and ChainSecurity.
* [Slither](https://github.com/crytic/slither) - Slither is a Solidity & Vyper static analysis framework written in Python3
* [Surya](https://github.com/ConsenSys/surya) - Surya is an utility tool for smart contract systems. It provides a number of visual outputs and information about the contracts' structure.
* [SmartCheck](https://github.com/smartdec/smartcheck) - SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.
* [Truffle Suite](https://archive.trufflesuite.com/) - The most comprehensive suite of tools for smart contract development
### OS
* [ZIION](https://www.ziion.org/) - ZIION is the first open-source, end-to-end, pre-compiled, multi-architecture, multi-protocol blockchain security testing and development solution
### Fuzzers
* [ChainFuzz](https://github.com/ChainSecurity/ChainFuzz) - ChainFuzz requires a truffle project with correct migration files to fuzz a project.
* [Echidna](https://github.com/crytic/echidna) - Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts.
* [Foundry](https://github.com/foundry-rs/foundry) - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
### Other tools
* [ETH-Toolbox](https://eth-toolbox.com/) - EthToolbox v1.1 is a set of useful tools for Ethereum developers.
* [dethcode](https://github.com/dethcrypto/dethcode) - View source of deployed Ethereum smart contracts in VS Code
## BugBounty
* [Hacken Proof](https://hackenproof.com/) - Expert web3 bug bounty and crowdsourced audit platform
* [Immunefi](https://immunefi.com/) - Web3's bug bounty platform
## CTF
* [blocksec-ctfs](https://github.com/blockthreat/blocksec-ctfs) - A curated list of blockchain security Wargames, Challenges, and Capture the Flag (CTF) competitions and solution writeups.
* [Capture the Ether](https://capturetheether.com/) - the game of Ethereum smart contract security
* [ciphershastra](https://ciphershastra.com/) - A place where you can enhance your Security Skills by solving and learning from CTF-like challenges.
* [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) - The training ground for security researchers, developers and educators to dive into smart contract security.
* [Hack the TON](https://www.hacktheton.com/) - Hack the TON is a TON based wargame inspired by The Ethernaut, played in the TON Virtual Machine.
* [The Ethernaut](https://ethernaut.openzeppelin.com/) - The Ethernaut is a Web3/Solidity based wargame inspired by overthewire.org
## Playgrounds
* [Remix Ethereum](https://remix.ethereum.org/) - No more words. Everybody knows Remix
* [Rust Playground](https://play.rust-lang.org/) - The Rust Playground
## Standards
* [ERC 20](https://ethereum.org/en/developers/docs/standards/tokens/erc-20/) - The ERC-20 introduces a standard for Fungible Tokens, in other words, they have a property that makes each Token be exactly the same (in type and value) as another Token.
* [OWASP Smart Contract](https://owasp.org/www-project-smart-contract-top-10/) - The OWASP Smart Contract Top 10 is a standard awareness document that intends to provide Web3 developers and security teams with insight into the top 10 vulnerabilities found in smart contracts.
## Databases/Books and References
* [Chainlist](https://chainlist.org/) - Helping users connect to EVM powered networks
* [REKT](https://rekt.news/leaderboard/) - Rekt News is a leading online platform offering timely and concise information on decentralized finance (DeFi), blockchain, and the cryptocurrency industry
* [Smart Contract Security Chapter](https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc) - Chapter 9 from Ethereum book.