theo v0.8.2 releases: Ethereum recon and exploitation tool
Theo aims to be an exploitation framework and a blockchain recon and interaction tool.
- automatic smart contract scanning which generates a list of possible exploits.
- generating and sending transactions to exploit a smart contract.
- waiting for an actor to interact with a monitored smart contract, in order to frontrun them.
- web3 console
$ pip install theo
$ git clone https://github.com/cleanunicorn/theo
$ cd theo
$ virtualenv ./venv
$ . ./venv/bin/activate
$ pip install -r requirements.txt
$ pip install -e .
Find exploit and execute it
Scan a smart contract, find exploits, exploit it:
- Start Ganache as our local Ethereum node
- Deploy the vulnerable contract (happens in a different window)
- Scan for exploits
- Run exploit
Set up a honeypot, deploy honeypot, wait for an attacker, frontrun:
- Start geth as our local Ethereum node
- Start mining
- Deploy the honeypot
- Start Theo and scan the mem pool for transactions
- Frontrun the attacker and steal his ether
Copyright 2019 Daniel Luca