Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-16 05:32:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

organize chapters for the ongoing research, remove dead links, add new resources

Browse source
This commit is contained in:
bt3gl 2024-11-04 18:42:30 +07:00
parent 1748d1ed22
commit 184e917000
98 changed files with 421 additions and 11268 deletions
Download patch file Download diff file Expand all files Collapse all files

115
hacking_tools/README.md
View file

@ -2,72 +2,69 @@
<br>
### in this dir
### chapters
<br>
* [decompilers](decompilers)
* [environments](environments)
* [identity tools](identity_tools)
* [static analysis](static_analysis)
* [visual explorers](visual_explorers)
* [dynamic analysis](dynamic_analysis)
* [hacking by chains](hacking_by_chains)
* **[decompilers](decompilers)**
* **[semgrep](semgrep)**
* **[environments](environments)**
* **[identity tools](identity_tools)**
* **[static analysis](static_analysis)**
* **[visual explorers](visual_explorers)**
* **[dynamic analysis](dynamic_analysis)**
* **[hacking by chains](hacking_by_chains)**
<br>
### external resources
----
### cool resources
<br>
* [Ethstats](https://ethstats.net/)
* [EthTx Transaction Decoder](https://ethtx.info/)
* [Eth converter](https://eth-converter.com/)
* [Contracts diff checker](https://etherscan.io/contractdiffchecker)
* [Mutation Testing for Ethereum Smart Contracts](https://github.com/JoranHonig/vertigo)
* [Ethereum nodes](https://ethereumnodes.com/)
* [ERC20 verifier](https://erc20-verifier.openzeppelin.com/) and [the source code](https://github.com/tinchoabbate/slither-scripts/tree/master/erc20)
* [ANKR RPC gateway](ankr.com/rpc/)
* [burp's web3 decoder](https://github.com/nccgroup/web3-decoder)
* [Oyente, analysis Tool for Smart Contracts](https://github.com/enzymefinance/oyente)
* [Trail of Bits' Ethereum Security Toolbox](https://github.com/trailofbits/eth-security-toolbox)
* [Securify, Security scanner for Ethereum smart contracts](https://github.com/eth-sri/securify2)
* [Surya, A Solidity Inspector](https://github.com/ConsenSys/surya)
* [Octopus, Security Analysis tool for WebAssembly](https://github.com/pventuzelo/octopus)
* [ETK, EVM toolkit](https://github.com/quilt/etk)
* [Pyevmasm, EVM disassembler and assembler](https://github.com/crytic/pyevmasm)
* [Verx, smart contract verifier](http://verx.ch/)
* [Semgrep rules for smart contracts](https://github.com/Raz0r/semgrep-smart-contracts)
* [ETH detective](https://www.ethtective.com/address/)
* [EVM-trace, Ethereum Virtual Machine transaction tracing tool](https://github.com/ApeWorX/evm-trace)
* [Sleuthing Hashed Function Signature and Event Signature on Ethereum](https://dune.com/agaperste/event-and-function-signature-sleuthing?)
* [Pratical overview of classic system security](http://www.astro.sunysb.edu/steinkirch/books/security_hw.txt)
* [socketscan, track bridge transactions](https://socketscan.io/)s
* [Solhint, a linter for Solidity](https://github.com/protofire/solhint)
* [Solidity coverage tool](https://github.com/sc-forks/solidity-coverage)
* [JSON formatter](https://jsonformatter.curiousconcept.com/)
* [Craft requests from curl commands](https://reqbin.com/)
* [Tools by Notonly.owner](https://www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum)
* [Ethereum Developer Tools List](https://github.com/ConsenSys/ethereum-developer-tools-list)
* [Immunefi scrapper](https://github.com/pratraut/scrapyFi)
* [Crystal Blockchain](https://explorer.crystalblockchain.com/)
* [0XT](https://oxt.me/)
* [Impersonator](https://www.impersonator.xyz/)
* [CIA Officer's DeFi Roadmap](https://github.com/OffcierCia/DeFi-Developer-Road-Map#transaction-visualization-scoring--tracking)
* [Mnemonic Code Converter](https://iancoleman.io/bip39/)
* [Tornado Cash Pool Anonymity Auditor](https://tutela.xyz/)
* [Cryptocurrency historical data snapshot](https://coinmarketcap.com/historical/)
* [Explain shell](https://explainshell.com/)
* [revoke.cash](https://revoke.cash/)
* [breadcrumbs](https://www.breadcrumbs.app/home)
* [cookbook.dev](https://www.cookbook.dev/)
* [detect metamorphic contracts](https://metamorphic.a16zcrypto.com/)
* [rpcs list by privacy](https://chainlist.org/)
* [tenderly](https://dashboard.tenderly.co/)
* [token security detector](https://gopluslabs.io/token-security/)
* [smart contract explorers](https://sovs.notion.site/Block-Smart-Contract-Explorers-8dcaed059c844e3b8f9b67b8eb90174a)
* [cookbook.dev: find any contract](https://www.cookbook.dev/)
* [gpt4 contract reader](https://www.contractreader.io/)
* [officercia's on-chain investigation tools list](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)
* [de.fi](https://de.fi/)
* **[ethtx transaction decoder](https://ethtx.info/)**
* **[eth converter](https://eth-converter.com/)**
* **[contracts diff checker](https://etherscan.io/contractdiffchecker)**
* **[mutation testing for ethereum smart contracts](https://github.com/JoranHonig/vertigo)**
* **[ethereum nodes](https://ethereumnodes.com/)**
* **[burp's web3 decoder](https://github.com/nccgroup/web3-decoder)**
* **[oyente, analysis tool for smart contracts](https://github.com/enzymefinance/oyente)**
* **[trail of bits' ethereum security Toolbox](https://github.com/trailofbits/eth-security-toolbox)**
* **[securify, security scanner for ethereum smart contracts](https://github.com/eth-sri/securify2)**
* **[surya, a solidity inspector](https://github.com/ConsenSys/surya)**
* **[octopus, security analysis tool for webassembly](https://github.com/pventuzelo/octopus)**
* **[etk, evm toolkit](https://github.com/quilt/etk)**
* **[pyevmasm, evm disassembler and assembler](https://github.com/crytic/pyevmasm)**
* **[verx, smart contract verifier](http://verx.ch/)**
* **[eth detective](https://www.ethtective.com/address/)**
* **[evm-trace, ethereum virtual machine transaction tracing tool](https://github.com/ApeWorX/evm-trace)**
* **[sleuthing hashed function signature and event signature on ethereum](https://dune.com/agaperste/event-and-function-signature-sleuthing?)**
* **[socketscan, track bridge transactions](https://socketscan.io/)**
* **[solhint, a linter for solidity](https://github.com/protofire/solhint)**
* **[solidity coverage tool](https://github.com/sc-forks/solidity-coverage)**
* **[json formatter](https://jsonformatter.curiousconcept.com/)**
* **[craft requests from curl commands](https://reqbin.com/)**
* **[tools by notonly.owner](https://www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum)**
* **[ethereum developer tools list](https://github.com/ConsenSys/ethereum-developer-tools-list)**
* **[immunefi scrapper](https://github.com/pratraut/scrapyFi)**
* **[crystal blockchain](https://explorer.crystalblockchain.com/)**
* **[impersonator](https://www.impersonator.xyz/)**
* **[cia officer's defi roadmap](https://github.com/OffcierCia/DeFi-Developer-Road-Map#transaction-visualization-scoring--tracking)**
* **[mnemonic code converter](https://iancoleman.io/bip39/)**
* **[cryptocurrency historical data snapshot](https://coinmarketcap.com/historical/)**
* **[explain shell](https://explainshell.com/)**
* **[revoke.cash](https://revoke.cash/)**
* **[breadcrumbs](https://www.breadcrumbs.app/home)**
* **[cookbook.dev](https://www.cookbook.dev/)**
* **[detect metamorphic contracts](https://metamorphic.a16zcrypto.com/)**
* **[rpcs list by privacy](https://chainlist.org/)**
* **[tenderly](https://dashboard.tenderly.co/)**
* **[token security detector](https://gopluslabs.io/token-security/)**
* **[smart contract explorers](https://sovs.notion.site/Block-Smart-Contract-Explorers-8dcaed059c844e3b8f9b67b8eb90174a)**
* **[cookbook.dev: find any contract](https://www.cookbook.dev/)**
* **[gpt4 contract reader](https://www.contractreader.io/)**
* **[officercia's on-chain investigation tools list](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)**
* **[de.fi](https://de.fi/)**
* **[test suite for client-side script injection on websites that display NFTs](https://github.com/muellerberndt/rektosaurus)**

9
hacking_tools/decompilers/README.md
View file

@ -1,7 +1,8 @@
### decompilers
<br>
* [oko](https://oko.palkeo.com/)
* [jeb](https://www.pnfsoftware.com/jeb/evm)
* [dedaub](https://library.dedaub.com/)
* [ethervm.io](https://ethervm.io/decompile)
* **[oko](https://oko.palkeo.com/)**
* **[jeb](https://www.pnfsoftware.com/jeb/evm)**
* **[dedaub](https://library.dedaub.com/)**
* **[ethervm.io](https://ethervm.io/decompile)**

23
hacking_tools/dynamic_analysis/README.md
View file

@ -2,27 +2,38 @@
<br>
#### [echidna](https://github.com/crytic/echidna/)
### [echidna](https://github.com/crytic/echidna/)
<br>
* Fast contract fuzzer for detecting vulnerabilities in smart contracts through property-based testing.
* fast contract fuzzer for detecting vulnerabilities in smart contracts through property-based testing.
<br>
#### [harvey](https://consensys.net/diligence/fuzzing/)
---
### [harvey](https://consensys.net/diligence/fuzzing/)
<br>
* Automated fuzzing tool useful for detecting property violations in smart contract code.
* automated fuzzing tool useful for detecting property violations in smart contract code.
<br>
---
#### [manticore](https://github.com/trailofbits/manticore)
### [manticore](https://github.com/trailofbits/manticore)
<br>
* Dynamic symbolic execution framework for analyzing EVM bytecode.
* dynamic symbolic execution framework for analyzing EVM bytecode.
<br>
---
### cool references
<br>
* **[fuzzi defi](https://github.com/0xNazgul/fuzzydefi/tree/main)**

5
hacking_tools/environments/README.md
View file

@ -1 +1,6 @@
## set your environment
<br>
* **[hardhat](hardhat)**
* **[foundry](foundry)**

5
hacking_tools/environments/foundry/README.md Normal file
View file

@ -0,0 +1,5 @@
## foundry
<br>
* **[ethernaut-foundry-framework-solutions-sol](https://github.com/autistic-symposium/ethernaut-foundry-framework-solutions-sol)**

14
hacking_tools/environments/hardhat/README.md
View file

@ -1,15 +1,5 @@
## hardhat stuff
### tl; dr
## hardhat
<br>
---
### tutorials
* [hardhat for aurora](https://mirror.xyz/lilithsecurity.eth/7bxj980BWftX6oiwPu0OoTUyxLs7PhOVtSS0jVuXc04)
* **[hardhat for aurora](https://mirror.xyz/lilithsecurity.eth/7bxj980BWftX6oiwPu0OoTUyxLs7PhOVtSS0jVuXc04)**

46
hacking_tools/hacking_by_chains/cosmos/README.md
View file

@ -1,31 +1,37 @@
## cosmos and IBC
## cosmos and ibc
<br>
### tl; dr
* IBC is an interoperability protocol for communicating arbitrary data between arbitrary state machines.
<br>
* The protocol consists of two distinct layers: the transport layer (TAO) which provides the necessary infrastructure to establish secure connections and authenticate data packets between chains, and the application layer, which defines exactly how these data packets should be packaged and interpreted by the sending and receiving chains.
* ibc is an interoperability protocol for communicating arbitrary data between arbitrary state machines.
* The IBC application layer can be used to build a wide range of cross-chain applications, including but not limited to token transfers, interchain accounts (delegate calls between two chains), non-fungible token transfers and oracle data feeds.
* the protocol consists of two distinct layers: the transport layer (TAO) which provides the necessary infrastructure to establish secure connections and authenticate data packets between chains, and the application layer, which defines exactly how these data packets should be packaged and interpreted by the sending and receiving chains.
* the ibc application layer can be used to build a wide range of cross-chain applications, including but not limited to token transfers, interchain accounts (delegate calls between two chains), non-fungible token transfers and oracle data feeds.
<br>
---
### resources
### cool resources
* [cosmos developer portal](https://tutorials.cosmos.network/)
* [cosmos sdk](https://github.com/cosmos/cosmos-sdk/)
* [ibc go](https://github.com/cosmos/ibc-go)
* [tendermint core](https://github.com/cosmos/ibc-go)
* [cosmos hub](https://github.com/cosmos/gaia)
* [cosmology](https://cosmology.tech/learn)
* [ignite](https://github.com/ignite/cli)
* [gravity bridge](https://github.com/cosmos/gravity-bridge)
* [ethermint](https://github.com/evmos/ethermint)
* [atom scan](https://atomscan.com/)
* [big dipper](https://bigdipper.live/)
* [iob scan](https://ibc.iobscan.io/home)
* [mint scan](https://hub.mintscan.io/overview)
* [ng explorers](https://hub.mintscan.io/overview)
* [map of zones](https://mapofzones.com/home?columnKey=ibcVolume&period=24h)
<br>
* **[cosmos developer portal](https://tutorials.cosmos.network/)**
* **[cosmos sdk](https://github.com/cosmos/cosmos-sdk/)**
* **[ibc go](https://github.com/cosmos/ibc-go)**
* **[tendermint core](https://github.com/cosmos/ibc-go)**
* **[cosmos hub](https://github.com/cosmos/gaia)**
* **[cosmology](https://cosmology.tech/learn)**
* **[ignite](https://github.com/ignite/cli)**
* **[gravity bridge](https://github.com/cosmos/gravity-bridge)**
* **[ethermint](https://github.com/evmos/ethermint)**
* **[atom scan](https://atomscan.com/)**
* **[big dipper](https://bigdipper.live/)**
* **[iob scan](https://ibc.iobscan.io/home)**
* **[mint scan](https://hub.mintscan.io/overview)**
* **[ng explorers](https://hub.mintscan.io/overview)**
* **[map of zones](https://mapofzones.com/home?columnKey=ibcVolume&period=24h)**

11
hacking_tools/hacking_by_chains/solana/README.md
View file

@ -1,14 +1,5 @@
## solana
### tl; dr
<br>
---
### resources
* [solsec](https://github.com/0xsanny/solsec0)
* **[sealevel attacks](https://github.com/coral-xyz/sealevel-attacks): common exploits to the solana programming model (and the anchor framework)**

39
hacking_tools/identity_tools/README.md
View file

@ -6,8 +6,7 @@
<br>
* [anonymous airdrops using ZK proofs](https://github.com/stealthdrop/stealthdrop)
* **[anonymous airdrops using ZK proofs](https://github.com/stealthdrop/stealthdrop)**
<br>
@ -17,9 +16,9 @@
<br>
* [RSS3](https://rss3.io/)
* [DeBank](https://debank.com/)
* [dns dumpster](https://dnsdumpster.com/)
* **[RSS3](https://rss3.io/)**
* **[DeBank](https://debank.com/)**
* **[dns dumpster](https://dnsdumpster.com/)**
<br>
@ -30,34 +29,22 @@
<br>
* [ens/address impersonator](https://www.impersonator.xyz/)
* **[ens/address impersonator](https://www.impersonator.xyz/)**
<br>
---
### privacy tools
<br>
* [PT.io](https://www.privacytools.io/)
* [Needl](https://github.com/eth0izzle/Needl)
* **[PT.io](https://www.privacytools.io/)**
* **[Needl](https://github.com/eth0izzle/Needl)**
#### vpns
##### vpns
* [ivpn](https://www.ivpn.net/)
<br>
---
### funding
<br>
* [funding](https://changenow.io/)
* **[ivpn](https://www.ivpn.net/)**
<br>
@ -67,15 +54,15 @@
<br>
* [soundphrase](https://highbyte.glitch.me/)
* **[soundphrase](https://highbyte.glitch.me/)**
<br>
---
### articles
### cool resources
<br>
* [How to fund an undoxxed Ethereum wallet off-chain](https://mirror.xyz/xanny.eth/SGxwfVQ75831z5vFaS1LrlatUJEhxBvZ2cyTvAdCD0k)
* [Using Open-Source Investigative Tools to Investigate DeFi Frauds and Money Laundering, by Trozze et al](https://arxiv.org/pdf/2303.00810.pdf)
* **[how to fund an undoxxed Ethereum wallet off-chain, by xanny.eth](https://mirror.xyz/xanny.eth/SGxwfVQ75831z5vFaS1LrlatUJEhxBvZ2cyTvAdCD0k)**
* **[using open-source investigative tools to investigate frauds and money laundering, by trozze et al.](https://arxiv.org/pdf/2303.00810.pdf)**

17
hacking_tools/semgrep/README.md Normal file
View file

@ -0,0 +1,17 @@
## semgrep
<br>
* **[semgrep](https://github.com/semgrep/semgrep)** is the coolest tool for static analysis (searches code, finds bugs, and enforces secure guardrails and coding standards).
<br>
---
### cool redings
<br>
* **[semgrep guide, by trails of bits](https://appsec.guide/docs/static-analysis/semgrep/)**
* **[semgrep rules for smart contracts, by raz0r](https://github.com/Raz0r/semgrep-smart-contracts)**

22
hacking_tools/static_analysis/README.md
View file

@ -4,23 +4,37 @@
### [mythril](https://github.com/ConsenSys/mythril)
* EVM bytecode assessment tool for detecting contract vulnerabilities using taint analysis, concolic analysis, and control flow checking.
* EVM bytecode assessment tool for detecting contract vulnerabilities using taint analysis, concolic analysis, and control flow checking
<br>
---
### [slither](https://github.com/crytic/slither)
* Python-based Solidity static analysis framework for finding vulnerabilities, enhancing code comprehension, and writing custom analyses for smart contracts.
* python-based Solidity static analysis framework for finding vulnerabilities, enhancing code comprehension, and writing custom analyses for smart contracts
<br>
---
### [rattle](https://github.com/crytic/rattle)
* EVM bytecode static analysis framework designed to work on deployed smart contracts.
* EVM bytecode static analysis framework designed to work on deployed smart contracts
<br>
---
### [solhunt](https://github.com/iFrostizz/solhunt#readme)
* solidity analyzer in rust
<br>
---
### [codeql](https://codeql.github.com/)
* powerful static analysis framework allowing query codebases for specific code patterns
* **[trail of bits docs](https://appsec.guide/docs/static-analysis/codeql/)**

15
hacking_tools/visual_explorers/README.md
View file

@ -2,12 +2,9 @@
<br>
* [data viz for evm-based blockchains](https://github.com/monoand6/web3cat)
* [watchers.pro](https://www.watchers.pro/)
* [crypto flows](https://cryptoflows.info/)
* [spider foots](https://www.spiderfoot.net/)
* [cosmographs](https://cosmograph.app/)
* [ice vision](https://www.icevision.xyz/landing)
* **[data viz for evm-based blockchains](https://github.com/monoand6/web3cat)**
* **[watchers.pro](https://www.watchers.pro/)**
* **[crypto flows](https://cryptoflows.info/)**
* **[spider foots](https://www.spiderfoot.net/)**
* **[cosmographs](https://cosmograph.app/)**
* **[ice vision](https://www.icevision.xyz/landing)**