theo v0.8.2 releases: Ethereum recon and exploitation tool

by do son · Published July 27, 2019 · Updated August 10, 2019

Theo

Theo aims to be an exploitation framework and a blockchain recon and interaction tool.

Features:

automatic smart contract scanning which generates a list of possible exploits.
generating and sending transactions to exploit a smart contract.
waiting for an actor to interact with a monitored smart contract, in order to frontrun them.
web3 console

Install

$ pip install theo

or

$ git clone https://github.com/cleanunicorn/theo
$ cd theo
$ virtualenv ./venv
$ . ./venv/bin/activate
$ pip install -r requirements.txt
$ pip install -e .

Use

$ theo --help

usage: theo [-h] [--rpc-http RPC_HTTP] [--rpc-ws RPC_WS] [--rpc-ipc RPC_IPC]

            [--account-pk ACCOUNT_PK] [--contract ADDRESS]

            [--skip-mythril SKIP_MYTHRIL] [--load-file LOAD_FILE] [--version]



Monitor contracts for balance changes or tx pool.



optional arguments:

  -h, --help            show this help message and exit

  --rpc-http RPC_HTTP   Connect to this HTTP RPC (default:

                        http://127.0.0.1:8545)

  --account-pk ACCOUNT_PK

                        The account's private key (default: None)

  --contract ADDRESS    Contract to monitor (default: None)

  --skip-mythril SKIP_MYTHRIL

                        Don't try to find exploits with Mythril (default:

                        False)

  --load-file LOAD_FILE

                        Load exploit from file (default: )

  --version             show program's version number and exit



RPC connections:

  --rpc-ws RPC_WS       Connect to this WebSockets RPC (default: None)

  --rpc-ipc RPC_IPC     Connect to this IPC RPC (default: None)