View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004837||Kali Linux||[All Projects] New Tool Requests||public||2018-07-05 01:45||2020-01-13 13:39|
|Priority||normal||Severity||feature||Reproducibility||have not tried|
|Target Version||Fixed in Version|
Mythril is a vulnerability discovery and analysis tool for smart contracts running on the Ethereum blockchain. It is developed and maintained by ConsenSys Diligence. It was announced at the 9th HITBSecConf 2018 in Europe, (https://www.youtube.com/watch?v=iqf6epACgds) and detailed in the write-up "Smashing Smart Contracts for Fun and Real Profit," (https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf), by Bernhard Mueller. It's currently in a public beta.
Mythril capitalizes on the same Ethos that defines Kali. It has an efficient command-line interface, with an exhaustive state tree analyzer and a rigorous vulnerability scan.
Vulnerabilities in Smart Contracts have caused the loss of hundreds of millions of dollars in 2016 and 2017 alone (see the DAO hack and the Parity Multisig bugs, for example.) As this trend increases along with the popularity of smart contract development, it becomes increasingly important for this aspect of information security to have strong representation in premier security products like Kali Linux.
ConsenSys Diligence is proud to offer this open-source tool for the widest possible amount of use under the MIT license.
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool? either a download page or a link to the latest version
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [Activity] - When did the project start? Is is still actively being deployed?
- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
- [How to use] - What are some basic commands/functions to demonstrate it?
Tool Name: Mythril
Author(s): Bernhard Mueller, ConsenSys Diligence
Description: Mythril is a vulnerability discovery and analysis tool for smart contracts running on the Ethereum blockchain. It has an efficient command-line interface, with an exhaustive state tree graphing function and comprehensive vulnerability warning system.
- APT -
- PIP3 -
- NPM -
Similar Tools: Any static analyzer or linter.
Activity: Currently under development.
How to Install:
1) Unzip "mythril-0.18.7.zip" from the download above
2) sudo apt install nodejs libssl-dev, python3.6, python3-pip
3) pip3 install -r requirements.txt
4) sudo python3 setup.py install
5) To get the Solidity compiler (Solc) which is necessary for Mythril to operate, do one of the following:
[npm install -g solc] OR
[snap install solc] OR
[docker run ethereum/solc:stable solc --version]
depending on your preferred method.
How to Use:
1) ./myth --help
[view help menu]
2) ./myth -x solidity_examples/weak_random.sol
[prints vulnerability analysis of the "weak_random.sol" contract.]
3) ./myth --graph graph.html solidity_examples/weak_random.sol
[creates an exhaustive state transition diagram of the "weak_random.sol" contract in the file graph.html]
Installing the "solc" (Solidity Compiler) dependency proved to be especially difficult on Kali as NPM, snap, apt-add-repository, and docker all encountered multiple errors during or immediately after the base installation.
For that reason, I'm removing NPM and nodejs from the dependencies list. That method has too much friction to really be worth implementing on Kali. As a temporary fix, download "solc-static-linux" from here: https://github.com/ethereum/solidity/releases -- rename it to "solc" and add it to the PATH. This will get Mythril up and running much quicker.
Soon Mythril will have an API that will reduce the need for most of these above dependencies. That can be perhaps be loaded into a shell program written in C that will make it easier to add to Kali. Perhaps it would be best to close this tool request for now and re-open once our API is out.
||This doesn't really relate to pentesting|
|2018-07-05 01:45||trichronos||New Issue|
|2018-07-05 06:06||g0tmi1k||Summary||Proposal to Add Mythril to Kali's Default Toolset => Mythril|
|2018-07-05 06:07||g0tmi1k||Note Added: 0009341|
|2018-07-05 16:28||trichronos||Note Added: 0009343|
|2018-07-06 12:43||trichronos||Note Added: 0009345|
|2018-07-07 00:24||elwood||Status||new => acknowledged|
|2018-07-14 19:01||trichronos||Note Added: 0009361|
|2019-12-09 13:30||g0tmi1k||Severity||minor => feature|
|2019-12-09 13:30||g0tmi1k||Status||acknowledged => new|
|2020-01-06 13:01||g0tmi1k||Product Version||2018.2 =>|
|2020-01-13 13:39||g0tmi1k||Note Added: 0011894|
|2020-01-13 13:39||g0tmi1k||Status||new => closed|
|2020-01-13 13:39||g0tmi1k||Resolution||open => won't fix|