# Install echidna with Homebrew, Nix

Ethereum smart contract fuzzer. Version 2.3.2 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:echidna
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install echidna
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#echidna
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ec/echidna/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:echidna
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/echidna>
- **Version:** 2.3.2
- **Source summary:** Ethereum smart contract fuzzer
- **Homepage:** <https://secure-contracts.com/program-analysis/echidna/index.html>
- **Repository:** <https://github.com/crytic/echidna>
- **Upstream docs:** <https://github.com/crytic/echidna#readme>
- **License:** AGPL-3.0-only
- **Source archive:** <https://github.com/crytic/echidna/archive/refs/tags/v2.3.2.tar.gz>
- **Last updated:** 2026-06-15T10:20:15-04:00
- **Generated:** 2026-07-09T07:20:21+00:00

## Executables

- echidna (cli)
- echidna (alias)

## Dependencies

- crytic-compile
- gmp
- libff
- secp256k1
- slither-analyzer

## Build dependencies

- ghc@9.10
- haskell-stack

## Uses from macOS

- ncurses

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-09
- Package-manager version: 2.3.2
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/crytic/echidna
- Upstream latest detected: v2.3.2 (current)
## Project history and usage

Echidna is Crytic's Ethereum smart-contract fuzzer, written in Haskell and aimed at property-based and invariant testing. It became package-manager significant because smart-contract security teams need a reproducible CLI fuzzer that works with Solidity projects, build systems, CI, and containerized audit workflows.

### Project history

The public GitHub repository was created in August 2017. The README describes Echidna as a Haskell program for fuzzing and property-based testing of Ethereum smart contracts, using grammar-based campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions.

Early public GitHub release artifacts date to 2018, with 1.0.0.0 published in June 2019. By 2026 the project had reached the 2.3.x release line and remained active, with thousands of GitHub stars and ongoing pushes.

The project grew from simple echidna_ boolean properties into a broader testing tool. The README documents property, assertion, Foundry, overflow, optimization, and exploration modes, corpus collection, coverage output, JSON output, shrinking/minimization, and line-level coverage reporting.

Echidna is part of the Crytic security tooling ecosystem. The README notes Slither integration for extracting useful information before fuzzing and crytic-compile support for Foundry, Hardhat, and Truffle projects.

### Adoption history

Echidna's adoption followed smart-contract security practice: auditors and protocol developers needed fuzzing that understood Ethereum ABIs, Solidity assertions, build systems, and reproducible counterexamples. Its official docs live under the Building Secure Contracts material, placing it inside Trail of Bits/Crytic security education rather than only as a standalone CLI.

Distribution broadened beyond source builds. The README documents precompiled Linux and macOS binaries, Homebrew installation, Docker images hosted under the Crytic GitHub packages, and a GitHub Actions workflow through crytic/echidna-action. Homebrew installs Echidna with dependencies such as Slither and crytic-compile.

### How it is used

Typical usage is to run echidna against a Solidity contract or project, define properties as echidna_-prefixed boolean functions, and let the fuzzer search for call sequences that falsify them. For modern projects, echidna . can use the current build framework through crytic-compile.

Configuration is commonly supplied through a YAML file passed with --config config.yaml. Users tune EVM and test-generation parameters, select test modes, collect corpora, and integrate results into text, JSON, or CI workflows.

### Why package nerds care

Echidna is a good example of a specialized security CLI that packaging makes practical: the value is not a library import, but a reproducible executable with native dependencies, Solidity tooling, Slither, crytic-compile, solc management, and CI/container options all lined up.

It also shows the package-manager pressure created by blockchain tooling. Auditors want pinned versions for repeatable findings, while protocol teams want easy local installs and GitHub Actions coverage in fast-moving Solidity/Foundry/Hardhat projects.

### Timeline

- 2017: Public Echidna repository created.
- 2018: Early GitHub release artifacts published.
- 2019: Echidna 1.0.0.0 released.
- 2020: Echidna 1.3.0.0 release line visible on GitHub.
- 2026: Echidna 2.3.2 released, with active repository maintenance.

### Related projects

- Slither and crytic-compile are direct companion tools in the Crytic ecosystem.
- Foundry, Hardhat, and Truffle are supported build-system inputs.
- crytic/echidna-action and the official Docker images support CI and containerized adoption.

### Sources

- <https://github.com/crytic/echidna>
- <https://raw.githubusercontent.com/crytic/echidna/master/README.md>
- <https://secure-contracts.com/program-analysis/echidna/index.html>
- <https://secure-contracts.com/program-analysis/echidna/configuration.html>
- <https://github.com/crytic/echidna/releases>
- <https://api.github.com/repos/crytic/echidna>
- <https://github.com/crytic/echidna-action>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: config.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** echidna
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - echidna: normalized package name match | nixpkgs package indexes: pkgs/by-name/ec/echidna/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Web development packages](https://www.automicvault.com/pkg/web-dev-tools/) - Matched web development metadata.
- [crytic-compile](https://www.automicvault.com/pkg/brew/crytic-compile/) - Runtime dependency declared by Homebrew.
- [slither-analyzer](https://www.automicvault.com/pkg/brew/slither-analyzer/) - Runtime dependency declared by Homebrew.
- [ghc@9.10](https://www.automicvault.com/pkg/brew/ghc-9-10/) - Build dependency declared by Homebrew.
- [haskell-stack](https://www.automicvault.com/pkg/brew/haskell-stack/) - Build dependency declared by Homebrew.
- [afl++](https://www.automicvault.com/pkg/brew/afl/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing, testing.
- [wuppiefuzz](https://www.automicvault.com/pkg/brew/wuppiefuzz/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing, testing.
- [caracal](https://www.automicvault.com/pkg/brew/caracal/) - Shares av.db curated category or tags: cli, security, smart-contracts.
- [slowhttptest](https://www.automicvault.com/pkg/brew/slowhttptest/) - Shares av.db curated category or tags: cli, security, security-testing, testing.
- [h26forge](https://www.automicvault.com/pkg/brew/h26forge/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing.
- [jwt-hack](https://www.automicvault.com/pkg/brew/jwt-hack/) - Shares av.db curated category or tags: cli, security, testing.
- [medusa](https://www.automicvault.com/pkg/brew/medusa/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, compile, contract, contracts, crytic.

## Combined YAML source

View the package source record on GitHub. [combined/echidna.yml](https://github.com/automic-vault/db/blob/main/combined/echidna.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
