Mythril
cli Freegithub.com
πΊπΈ United States
Quick Facts
What it does
Security analysis tool by ConsenSys Diligence that uses symbolic execution, concolic analysis, taint analysis, and SMT solving to detect vulnerabilities in Ethereum-compatible smart contracts. Can analyze both Solidity source files and deployed on-chain bytecode directly. Detects reentrancy, integer overflows, unprotected selfdestruct, and owner-overwrite attacks across multiple execution paths. Supports configurable analysis depth and transaction limits. Generates reports in Markdown, JSON, and interactive jsViz format. Released under MIT license with 4,900+ commits.
When to use it
- Deep analysis exploring multiple execution paths and edge cases
- Detecting state-transition vulnerabilities (reentrancy
- integer overflows)
- Analyzing deployed EVM bytecode without source code
- Complementing static analysis with dynamic symbolic execution
- Generating visual execution graphs for audit reports
When not to use it
- When fast results are needed (symbolic execution is slow)
- Business logic flaws specific to your application domain
- Non-EVM chains (Solana
- etc.)
- Large contracts with deep call stacks (may time out)
Limitations
- Analysis time grows with contract complexity
- Timeouts common on larger contracts
- Requires Python 3.7-3.10 and solc compiler
- Max execution depth defaults to 22
Frequently Asked Questions
Is Mythril free to use?
What platforms does Mythril support?
Does Mythril require an account?
Is Mythril open source?
What are the limitations of Mythril?
What does Mythril do?
Related Tools
A curated directory and browser-based toolkit for security researchers. GhostKit combines 14+ client-side tools β JS deobfuscation, encoding/decoding, URL analysis, email header parsing, hash generation, JWT/SAML decoding, and more β with a comprehensive directory of external security tools.
Static analysis framework for Solidity and Vyper smart contracts with 90+ built-in vulnerability detectors, running in under one second per contract.
Browser-based smart contract scanner and DeFi security platform that checks tokens for rug pull indicators and vulnerability risk scores across 50+ blockchains.
Enterprise-grade blockchain forensics platform that traces cryptocurrency transactions across 27+ blockchains, identifying real-world entities and following funds through mixers, bridges, and DEXs.