MythX is a powerful security analysis service that finds Solidity vulnerabilities in your Ethereum smart contract code during your development life cycle.Pythx MythX Truffle Security Embark plugin Sabre Mythos GitHub App Documentation
An open-source component of MythX, Mythril is a security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.Discord Wiki Scrooge McEtherface
VS Code Visual Auditor for Solidity
Solidity Visual Auditor is a Visual Studio Code extension created to make the life of smart contract auditors easier. It provides security-aware syntax and semantic highlighting, a detailed class outline and advanced Solidity code insights to Visual Studio Code users. Comprehensive security analysis functionality will be added soonInteractive Graphviz Preview
VS Code Visual Auditor for Vyper
Ethereum Vyper language support and syntax highlighting for Visual Studio Code. This Extension Provides Security augmented decorations, Code snippets for common language constructs and many more features.
Auditing complex smart contract systems may cause your head to explode. Surya by Goncalo Sá aids auditors in understanding and visualizing Solidity smart contracts. It provides information about the contracts’ structure and generates call graphs and inheritance graphs. It also supports querying the function call graph in multiple ways to aid in the manual inspection of contracts.
Karl by Daniel Luca is a monitor for smart contracts that checks for security vulnerabilities using the Mythril detection engine. It can be used to monitor the Ethereum blockchain for newly deployed vulnerable smart contracts in real-time. It eliminates false positives by running candidate contracts in a virtual copy of the blockchain. Trust us, Karl discovers a lot of interesting gems every day.
Theo was released at DefCon 27 as part of the presentation "The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum". Theo is an exploitation tool with a Metasploit-like interface, drops you into a Python REPL console, where you can use the available features to do smart contract reconnaissance, check the storage, run exploits or frontrun or backrun transactions targeting a specific smart contract.
A Tool to visualize permission relationships and other details of Aragon DAO’s.
Handy toolkit for (security) researchers poking around Ethereum nodes and contracts, now with a slick command-line interface, with auto complete commands and history.
The Smart Contract Weakness Classification Registry is an implementation of the weakness classification scheme proposed in EIP-1470. It is loosely aligned to the terminologies and structure used in the Common Weakness Enumeration (CWE) while overlaying a wide range of weakness variants that are specific to smart contracts.
Ethereum Advance Tools
A set of advance tools for Ethereum development, debugging and securityPython Solidity Parser Ethereum DASM Ethereum Input Decoder pyetherchain solcwrapper smart-contract-sanctuary