This repository contains scripts to create a Docker container preinstalled and preconfigured with all of Trail of Bits’ Ethereum security tools, including:
- Echidna property-based fuzz tester
- Etheno integration tool and differential tester
- Manticore symbolic analyzer and formal contract verifier
- Slither static analysis tool
- Rattle EVM lifter
- Not So Smart Contracts repository
Use our prebuilt Docker container to quickly install and run the toolkit:
docker pull trailofbits/eth-security-toolbox
docker run -it trailofbits/eth-security-toolbox
Alternatively, build the image from scratch:
$ git clone https://github.com/trailofbits/eth-security-toolbox.git
$ cd eth-security-toolbox
$ docker build -t eth-security-toolbox .
Simply start an instance of the Docker container:
docker run -it trailofbits/eth-security-toolbox
As many versions of Solidity as possible are installed. They can be individually executed as solc-v0.4.18 or solc-v0.5.2. By default, solc (with no version suffix) corresponds to the latest release. This can be changed using the solc-select script:
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.5.2+commit.1df8f40c.Linux.g++
$ solc-select 0.4.24
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.4.24+commit.e67f0147.Linux.g++
Feel free to stop by our Slack channel for help on using or extending this toolbox.
The Ethereum Security Toolbox is licensed and distributed under the AGPLv3 license. Contact us if you’re looking for an exception to the terms.