Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
sabre-mythx
Advanced tools
Sabre is a security analysis tool for smart contracts written in Solidity. It uses the MythX cloud service which detects a wide range of security issues.
Warning: This client is not officially supported by MythX and may not return optimal results. Please use the MythX command line client in production environments .
$ npm install -g sabre-mythx
Sign up for a free account on the MythX website to generate an API key. Set the MYTHX_API_KEY
enviroment variable by adding the following to your .bashrc
or .bash_profile
):
export MYTHX_API_KEY=eyJhbGciOiJI(...)
Run sabre analyze <solidity-file> [contract-name]
to submit a smart contract for analysis. The default mode is "quick" analysis which returns results after approximately 2 minutes. You'll also get a dashboard link where you can monitor the progress and view the report later.
--mode <quick/standard/deep>
MythX integrates various analysis methods including static analysis, input fuzzing and symbolic execution. In the backend, each incoming analysis job is distributed to a number of workers that perform various tasks in parallel. There are two analysis modes, "quick", "standard" and "deep", that differ in the amount of resources dedicated to the analysis.
--format <text/stylish/compact/table/html/json>
Select the report format. By default, Sabre outputs a verbose text report. Other options stylish
, compact
, table
, html
and json
. Note that you can also view reports for past analyses on the dashboard.
--clientToolName <string>
You can integrate Sabre into your own MythX tool and become eligible for a share of API revenues. In that case, you'll want to use the --clientToolName
argument to override the tool id which is used by the API to identify your tool.
--debug
Dump the API request and reponse when submitting an analysis.
Besides analyze
the following commands are available.
- list Get a list of submitted analyses.
- status <UUID> Get the status of an already submitted analysis
- version Print Sabre Version
- apiVersion Print MythX API version
FAQs
Client for the MythX smart contract security analysis service
The npm package sabre-mythx receives a total of 9 weekly downloads. As such, sabre-mythx popularity was classified as not popular.
We found that sabre-mythx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.