2018-07-23 01:49 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004837Kali Linux[All Projects] New Tool Requestspublic2018-07-14 19:01
Reportertrichronos 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusacknowledgedResolutionopen 
Product Version2018.2 
Target VersionFixed in Version 
Summary0004837: Mythril
Descriptionhttps://www.github.com/consensys/mythril.git

Mythril is a vulnerability discovery and analysis tool for smart contracts running on the Ethereum blockchain. It is developed and maintained by ConsenSys Diligence. It was announced at the 9th HITBSecConf 2018 in Europe, (https://www.youtube.com/watch?v=iqf6epACgds) and detailed in the write-up "Smashing Smart Contracts for Fun and Real Profit," (https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf), by Bernhard Mueller. It's currently in a public beta.

Mythril capitalizes on the same Ethos that defines Kali. It has an efficient command-line interface, with an exhaustive state tree analyzer and a rigorous vulnerability scan.

Vulnerabilities in Smart Contracts have caused the loss of hundreds of millions of dollars in 2016 and 2017 alone (see the DAO hack and the Parity Multisig bugs, for example.) As this trend increases along with the popularity of smart contract development, it becomes increasingly important for this aspect of information security to have strong representation in premier security products like Kali Linux.

ConsenSys Diligence is proud to offer this open-source tool for the widest possible amount of use under the MIT license.






Attached Files

-Relationships
+Relationships

-Notes

~0009341

g0tmi1k (administrator)

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool? either a download page or a link to the latest version
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [Activity] - When did the project start? Is is still actively being deployed?
- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
- [How to use] - What are some basic commands/functions to demonstrate it?

~0009343

trichronos (reporter)

Tool Name: Mythril
Version: 0.18.7
Release: 1b84ae98ffab9173a79659b8d333d6fc3d3252dc
Homepage: https://github.com/ConsenSys/mythril
Download: https://github.com/ConsenSys/mythril/archive/v0.18.7.zip
Author(s): Bernhard Mueller, ConsenSys Diligence
License: MIT
Description: Mythril is a vulnerability discovery and analysis tool for smart contracts running on the Ethereum blockchain. It has an efficient command-line interface, with an exhaustive state tree graphing function and comprehensive vulnerability warning system.

Dependencies:

- APT -
python 3.6
python3-pip
libssl-dev
nodejs

- PIP3 -
configparser>=3.5.0
coverage
eth_abi>=1.0.0
eth-account>=0.1.0a2
ethereum>=2.3.0
eth-hash>=0.1.0
eth-keyfile>=0.5.1
eth-keys>=0.2.0b3
eth-rlp>=0.1.0
eth-tester>=0.1.0b21
eth-utils>=1.0.1
jinja2>=2.9
mock
persistent>=4.2.0
plyvel
py-flags
py-solc
pytest>=3.6.0
pytest-cov
pytest_mock
requests
rlp<1.0.0
z3-solver>=4.5

- NPM -
solc

Similar Tools: Any static analyzer or linter.

Activity: Currently under development.

How to Install:
1) Unzip "mythril-0.18.7.zip" from the download above
2) sudo apt install nodejs libssl-dev, python3.6, python3-pip
3) pip3 install -r requirements.txt
4) sudo python3 setup.py install
5) To get the Solidity compiler (Solc) which is necessary for Mythril to operate, do one of the following:
[npm install -g solc] OR
[snap install solc] OR
[docker run ethereum/solc:stable solc --version]
depending on your preferred method.

How to Use:
1) ./myth --help
[view help menu]
2) ./myth -x solidity_examples/weak_random.sol
[prints vulnerability analysis of the "weak_random.sol" contract.]
3) ./myth --graph graph.html solidity_examples/weak_random.sol
[creates an exhaustive state transition diagram of the "weak_random.sol" contract in the file graph.html]

~0009345

trichronos (reporter)

Related Tools:

Oyente: https://github.com/melonproject/oyente
Securify: https://securify.ch

~0009361

trichronos (reporter)

Installing the "solc" (Solidity Compiler) dependency proved to be especially difficult on Kali as NPM, snap, apt-add-repository, and docker all encountered multiple errors during or immediately after the base installation.

For that reason, I'm removing NPM and nodejs from the dependencies list. That method has too much friction to really be worth implementing on Kali. As a temporary fix, download "solc-static-linux" from here: https://github.com/ethereum/solidity/releases -- rename it to "solc" and add it to the PATH. This will get Mythril up and running much quicker.

Soon Mythril will have an API that will reduce the need for most of these above dependencies. That can be perhaps be loaded into a shell program written in C that will make it easier to add to Kali. Perhaps it would be best to close this tool request for now and re-open once our API is out.
+Notes

-Issue History
Date Modified Username Field Change
2018-07-05 01:45 trichronos New Issue
2018-07-05 06:06 g0tmi1k Summary Proposal to Add Mythril to Kali's Default Toolset => Mythril
2018-07-05 06:07 g0tmi1k Note Added: 0009341
2018-07-05 16:28 trichronos Note Added: 0009343
2018-07-06 12:43 trichronos Note Added: 0009345
2018-07-07 00:24 elwood Status new => acknowledged
2018-07-14 19:01 trichronos Note Added: 0009361
+Issue History