Smart contract security auditing platform with Pro features

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ccie14019 from gravatar.com ccie14019

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Counterscarp Engine Team
  • Tags security , audit , smart-contracts , solidity , solana , blockchain
  • Requires: Python >=3.10
  • Provides-Extra: ai , advanced , web , pdf , dev
Classifiers
Report project as malware

Project description

Counterscarp Security Engine

Production-ready smart contract security platform — 21 integrated analyzers, configurable rules, and professional audit reports.

One command. Zero false positives. Client-ready deliverables.

PyPI Python License Python 3.10+

Installation

pip install counterscarp-engine

For optional extras:

pip install "counterscarp-engine[web]"          # Web interface
pip install "counterscarp-engine[pdf]"          # PDF report export
pip install "counterscarp-engine[ai,advanced]"  # RAG + LLM analysis
pip install "counterscarp-engine[web,pdf,ai,advanced]"  # Full install

See QUICKSTART.md for Docker setup, optional external tools (Slither, Aderyn, Medusa), and full installation details.

Quick Scan

# Scan a contracts directory and generate a report
counterscarp-engine --target ./contracts --report

# Use a pre-built execution profile
counterscarp-engine --target ./contracts --config counterscarp-pr.toml      # fast PR check
counterscarp-engine --target ./contracts --config counterscarp-audit.toml   # full audit
counterscarp-engine --target ./contracts --config counterscarp-bounty.toml  # bug bounty

Key Features

  • 21 Integrated Analyzers — Heuristic scanner, Slither, Aderyn, Mythril, Medusa, supply chain, threat intel, and more
  • EVM + Solana — 34 EVM vulnerability patterns, 35 Solana/Anchor rules, IDL validation
  • 3 Execution Profiles — PR check (< 2 min), full audit, bug bounty mode
  • Professional Reports — HTML, Markdown, JSON, SARIF, PDF with risk scoring
  • CI/CD Native — GitHub Actions, GitLab CI, Azure DevOps, Jenkins pipeline generator
  • AI Audit Copilot — RAG + LLM enrichment with local (Ollama) or cloud (OpenAI) backends
  • Time-Travel Scanner — Git history analysis to track vulnerability introduction
  • Attack Graph Visualization — Interactive D3.js cross-contract attack path graphs
  • Exploit PoC Generator — Foundry test exploits from detected findings
  • Protocol Fingerprinting — Identifies forks of known protocols and inherited CVEs
  • Offline / Air-Gapped — Bundled threat intel DB, local embeddings, Ollama LLM

Security & Privacy (Data Sovereignty)

Counterscarp Engine is built for environments where source-code confidentiality is non-negotiable — bank compliance teams, Web3 audit firms, and air-gapped infrastructure.

  • Zero code exfiltration — No source code, bytecode, or contract artifacts ever leave the host machine during a scan. All analysis is performed locally.
  • Local-first AI inference — The AI Copilot defaults to local inference via Ollama when configured (counterscarp.toml → [ai] provider = "ollama"). If OpenAI is selected, only a one-paragraph natural-language summary of each finding is sent to the OpenAI API — never raw source code.
  • Bundled threat intelligence — Vulnerability databases and protocol signatures ship with the package and are queried locally. Network access only occurs if you explicitly run counterscarp --update-signatures. For fully air-gapped environments, use counterscarp --update-from-file <path> to import pre-downloaded signature packs.
  • No telemetry — The CLI contains zero usage telemetry, analytics callbacks, tracking pixels, or phone-home behavior. Period.

Pricing

Feature Community (Free) Developer ($49/mo) Professional ($149/mo) Team ($399/mo)
Heuristic scanning + CLI
Markdown / JSON reports
HTML / SARIF / PDF reports
Slither + Solana analyzer
AI Copilot + Exploit Gen
Time-travel + Attack graph
Machine activations 1 3 10

Get your license: https://counterscarp.io/pricing

export COUNTERSCARP_PRO_LICENSE=your-key-here
counterscarp-engine --target ./contracts --report --format html

Documentation

Document Description
QUICKSTART.md Full install, config reference, CI/CD, offline setup, troubleshooting
docs/CONFIGURATION.md Complete counterscarp.toml reference
docs/CLI_REFERENCE.md All CLI flags and examples
docs/WEB_APP_GUIDE.md Self-hosted web interface
docs/DEPLOYMENT.md Production server setup
CONTRIBUTING.md Adding rules and integrations

License

  • Community features: MIT License — see LICENSE
  • Pro features: Commercial License — see LICENSE-PRO

Credits

Built by CyberShield Austin · @defiauditccie · counterscarp.io

Powered by Slither · Aderyn · Medusa · Mythril · Foundry · OSV.dev

Threat intelligence: Code4rena · Immunefi · Solodit · Neodyme · OtterSec · Sec3

Version: 4.4.0 | Chains: EVM + Solana | Analyzers: 21 | Patterns: 34 EVM + 35 Solana

⭐ If this helped you find bugs, please star the repo!

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ccie14019 from gravatar.com ccie14019

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Counterscarp Engine Team
  • Tags security , audit , smart-contracts , solidity , solana , blockchain
  • Requires: Python >=3.10
  • Provides-Extra: ai , advanced , web , pdf , dev
Classifiers

Release history Release notifications | RSS feed

5.1.1

5.1.0

5.0.7

5.0.6

5.0.4

5.0.1

This version

5.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

counterscarp_engine-5.0.0.tar.gz (1.0 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

counterscarp_engine-5.0.0-py3-none-any.whl (700.9 kB view details)

Uploaded Python 3

File details

Details for the file counterscarp_engine-5.0.0.tar.gz.

File metadata

  • Download URL: counterscarp_engine-5.0.0.tar.gz
  • Upload date:
  • Size: 1.0 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for counterscarp_engine-5.0.0.tar.gz
Algorithm Hash digest
SHA256 10b401abf970c3652c61699facfa77584b4d6742b26311389e007869b59d7aca
MD5 e8ea45ced26fd4750892724396d6d77b
BLAKE2b-256 2fcd56a961ff99db4a9b1b634578cec2d8d380f129ab155296fd0d379f38a19c

See more details on using hashes here.

Provenance

The following attestation bundles were made for counterscarp_engine-5.0.0.tar.gz:

Publisher: publish.yml on RunTimeAdmin/counterscarp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file counterscarp_engine-5.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for counterscarp_engine-5.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1c044bce3bcd08462d069dc01069ee7d4994490b7c1383b9a46458ab086587e8
MD5 0bf75f3a2660736ecfacefec2064668d
BLAKE2b-256 384ded9fc6314d7c6146015c98fcc1f2c8828b2f555997f0c5d9bb140154d921

See more details on using hashes here.

Provenance

The following attestation bundles were made for counterscarp_engine-5.0.0-py3-none-any.whl:

Publisher: publish.yml on RunTimeAdmin/counterscarp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page