Our Tools


An open-source component of MythX, Mythril is a security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.


An IDE for custom vulnerability detector writers. Napalm helps you organise, test, manage, and develop detection modules. More than the sum of it's parts it provides features such as LLM guided false positive filtering.


Scribble is a verification language and runtime verification tool that translates high-level specifications into solidity code. It allows you to annotate a solidity smart contract with properties.

VS Code Visual Auditor for Solidity

Solidity Visual Auditor is a Visual Studio Code extension created to make the life of smart contract auditors easier. It provides security-aware syntax and semantic highlighting, a detailed class outline and advanced Solidity code insights to Visual Studio Code users. Comprehensive security analysis functionality will be added soon


Auditing complex smart contract systems may cause your head to explode. Surya by Goncalo Sá aids auditors in understanding and visualizing Solidity smart contracts. It provides information about the contracts’ structure and generates call graphs and inheritance graphs. It also supports querying the function call graph in multiple ways to aid in the manual inspection of contracts.


Karl by Daniel Luca is a monitor for smart contracts that checks for security vulnerabilities using the Mythril detection engine. It can be used to monitor the Ethereum blockchain for newly deployed vulnerable smart contracts in real-time. It eliminates false positives by running candidate contracts in a virtual copy of the blockchain. Trust us, Karl discovers a lot of interesting gems every day.


Theo was released at DefCon 27 as part of the presentation "The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum". Theo is an exploitation tool with a Metasploit-like interface, drops you into a Python REPL console, where you can use the available features to do smart contract reconnaissance, check the storage, run exploits or frontrun or backrun transactions targeting a specific smart contract.


A Tool to visualize permission relationships and other details of Aragon DAO’s.


Handy toolkit for (security) researchers poking around Ethereum nodes and contracts, now with a slick command-line interface, with auto complete commands and history.

SWC Registry

The Smart Contract Weakness Classification Registry is an implementation of the weakness classification scheme proposed in EIP-1470. It is loosely aligned to the terminologies and structure used in the Common Weakness Enumeration (CWE) while overlaying a wide range of weakness variants that are specific to smart contracts.