Skip to content

RunTimeAdmin/counterscarp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
.garrison
.garrison
 
 
.github
.github
 
 
assets
assets
 
 
data
data
 
 
deploy
deploy
 
 
docs
docs
 
 
exploit_templates
exploit_templates
 
 
results
results
 
 
tests
tests
 
 
vscode-extension
vscode-extension
 
 
webapp
webapp
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
ARCHITECTURE.md
ARCHITECTURE.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
LICENSE-PRO
LICENSE-PRO
 
 
MANIFEST.in
MANIFEST.in
 
 
QUICKSTART.md
QUICKSTART.md
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
_verify_results.txt
_verify_results.txt
 
 
access_matrix.py
access_matrix.py
 
 
aderyn_wrapper.py
aderyn_wrapper.py
 
 
attack_graph.py
attack_graph.py
 
 
check_slither.py
check_slither.py
 
 
config_loader.py
config_loader.py
 
 
config_loader.pyi
config_loader.pyi
 
 
demo_attack_graph.html
demo_attack_graph.html
 
 
docker-compose.yml
docker-compose.yml
 
 
embeddings.py
embeddings.py
 
 
ethernaut_v312_out.txt
ethernaut_v312_out.txt
 
 
exceptions.py
exceptions.py
 
 
exploit_generator.py
exploit_generator.py
 
 
fingerprint_scanner.py
fingerprint_scanner.py
 
 
fix_version.py
fix_version.py
 
 
fork_logic_checks.py
fork_logic_checks.py
 
 
fuzz_wrapper.py
fuzz_wrapper.py
 
 
garrison-audit.toml
garrison-audit.toml
 
 
garrison-bounty.toml
garrison-bounty.toml
 
 
garrison-pr.toml
garrison-pr.toml
 
 
garrison.toml
garrison.toml
 
 
git_log_out.txt
git_log_out.txt
 
 
git_status_out.txt
git_status_out.txt
 
 
gui.py
gui.py
 
 
healthcheck.py
healthcheck.py
 
 
heuristic_scanner.py
heuristic_scanner.py
 
 
history_scanner.py
history_scanner.py
 
 
http_utils.py
http_utils.py
 
 
idl_validator.py
idl_validator.py
 
 
inflation_scaffold.py
inflation_scaffold.py
 
 
intent_check.py
intent_check.py
 
 
knowledge_fetcher.py
knowledge_fetcher.py
 
 
license_manager.py
license_manager.py
 
 
logger.py
logger.py
 
 
medusa_wrapper.py
medusa_wrapper.py
 
 
orchestrator.py
orchestrator.py
 
 
orchestrator.pyi
orchestrator.pyi
 
 
pipeline_generator.py
pipeline_generator.py
 
 
plugin_manager.py
plugin_manager.py
 
 
protocol_db.py
protocol_db.py
 
 
py.typed
py.typed
 
 
pyproject.toml
pyproject.toml
 
 
pytest.ini
pytest.ini
 
 
rag_engine.py
rag_engine.py
 
 
red_team_scan.py
red_team_scan.py
 
 
report_generator.py
report_generator.py
 
 
report_generator.pyi
report_generator.pyi
 
 
run_battery_v312.py
run_battery_v312.py
 
 
run_scan_v312.bat
run_scan_v312.bat
 
 
signature_updater.py
signature_updater.py
 
 
solana_analyzer.py
solana_analyzer.py
 
 
solana_intel.py
solana_intel.py
 
 
spawn_scan.py
spawn_scan.py
 
 
state_manager.py
state_manager.py
 
 
supply_chain_check.py
supply_chain_check.py
 
 
symbolic_wrapper.py
symbolic_wrapper.py
 
 
test_report_attack_graph.html
test_report_attack_graph.html
 
 
threat_intel.py
threat_intel.py
 
 
tool-versions.json
tool-versions.json
 
 
upgrade_diff.py
upgrade_diff.py
 
 
verify_rules.py
verify_rules.py
 
 
visualizer.py
visualizer.py
 
 

Repository files navigation

Garrison Security Engine

Production-ready smart contract security platform — 21 integrated analyzers, configurable rules, and professional audit reports.

One command. Zero false positives. Client-ready deliverables.

PyPI Python License Python 3.10+

Installation

pip install garrison-engine

For optional extras:

pip install "garrison-engine[web]"          # Web interface
pip install "garrison-engine[pdf]"          # PDF report export
pip install "garrison-engine[ai,advanced]"  # RAG + LLM analysis
pip install "garrison-engine[web,pdf,ai,advanced]"  # Full install

See QUICKSTART.md for Docker setup, optional external tools (Slither, Aderyn, Medusa), and full installation details.

Quick Scan

# Scan a contracts directory and generate a report
garrison-engine --target ./contracts --report

# Use a pre-built execution profile
garrison-engine --target ./contracts --config garrison-pr.toml      # fast PR check
garrison-engine --target ./contracts --config garrison-audit.toml   # full audit
garrison-engine --target ./contracts --config garrison-bounty.toml  # bug bounty

Key Features

  • 21 Integrated Analyzers — Heuristic scanner, Slither, Aderyn, Mythril, Medusa, supply chain, threat intel, and more
  • EVM + Solana — 34 EVM vulnerability patterns, 35 Solana/Anchor rules, IDL validation
  • 3 Execution Profiles — PR check (< 2 min), full audit, bug bounty mode
  • Professional Reports — HTML, Markdown, JSON, SARIF, PDF with risk scoring
  • CI/CD Native — GitHub Actions, GitLab CI, Azure DevOps, Jenkins pipeline generator
  • AI Audit Copilot — RAG + LLM enrichment with local (Ollama) or cloud (OpenAI) backends
  • Time-Travel Scanner — Git history analysis to track vulnerability introduction
  • Attack Graph Visualization — Interactive D3.js cross-contract attack path graphs
  • Exploit PoC Generator — Foundry test exploits from detected findings
  • Protocol Fingerprinting — Identifies forks of known protocols and inherited CVEs
  • Offline / Air-Gapped — Bundled threat intel DB, local embeddings, Ollama LLM

Security & Privacy (Data Sovereignty)

Garrison Engine is built for environments where source-code confidentiality is non-negotiable — bank compliance teams, Web3 audit firms, and air-gapped infrastructure.

  • Zero code exfiltration — No source code, bytecode, or contract artifacts ever leave the host machine during a scan. All analysis is performed locally.
  • Local-first AI inference — The AI Copilot defaults to local inference via Ollama when configured (garrison.toml → [ai] provider = "ollama"). If OpenAI is selected, only a one-paragraph natural-language summary of each finding is sent to the OpenAI API — never raw source code.
  • Bundled threat intelligence — Vulnerability databases and protocol signatures ship with the package and are queried locally. Network access only occurs if you explicitly run garrison --update-signatures. For fully air-gapped environments, use garrison --update-from-file <path> to import pre-downloaded signature packs.
  • No telemetry — The CLI contains zero usage telemetry, analytics callbacks, tracking pixels, or phone-home behavior. Period.

Pricing

Feature Community (Free) Developer ($49/mo) Professional ($149/mo) Team ($399/mo)
Heuristic scanning + CLI
Markdown / JSON reports
HTML / SARIF / PDF reports
Slither + Solana analyzer
AI Copilot + Exploit Gen
Time-travel + Attack graph
Machine activations 1 3 10

Get your license: https://garrisonsec.com/pricing

export GARRISON_PRO_LICENSE=your-key-here
garrison-engine --target ./contracts --report --format html

Documentation

Document Description
QUICKSTART.md Full install, config reference, CI/CD, offline setup, troubleshooting
docs/CONFIGURATION.md Complete garrison.toml reference
docs/CLI_REFERENCE.md All CLI flags and examples
docs/WEB_APP_GUIDE.md Self-hosted web interface
docs/DEPLOYMENT.md Production server setup
CONTRIBUTING.md Adding rules and integrations

License

  • Community features: MIT License — see LICENSE
  • Pro features: Commercial License — see LICENSE-PRO

Credits

Built by CyberShield Austin · @defiauditccie · garrisonsec.com

Powered by Slither · Aderyn · Medusa · Mythril · Foundry · OSV.dev

Threat intelligence: Code4rena · Immunefi · Solodit · Neodyme · OtterSec · Sec3

Version: 4.4.0 | Chains: EVM + Solana | Analyzers: 21 | Patterns: 34 EVM + 35 Solana

⭐ If this helped you find bugs, please star the repo!

About

Production-ready smart contract security auditing platform for EVM and Solana. AI-powered analysis, attack path visualization, protocol fingerprinting, and automated exploit generation.

counterscarp.io

Topics

security-audit vulnerability-scanner blockchain-security-tools smart-contract-security-analyzer-software

Resources

Readme

License

MIT, Unknown licenses found

Licenses found

MIT
LICENSE
Unknown
LICENSE-PRO

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages