macOS
brew install medusalocal Homebrew formula metadata
sudo port install medusaMacPorts ports tree · security/medusa/Portfile · source: api.github.com
brew
Solidity smart contract fuzzer powered by go-ethereum. Version 1.5.1 via Homebrew; verified 2026-06-15.
install
brew install medusalocal Homebrew formula metadata
sudo port install medusaMacPorts ports tree · security/medusa/Portfile · source: api.github.com
sudo apt install medusaDebian stable package indexes · medusa · source: deb.debian.org
sudo dnf install medusaFedora Rawhide package metadata · medusa · source: dl.fedoraproject.org
nix profile install nixpkgs#medusanixpkgs package indexes · pkgs/by-name/me/medusa/package.nix · source: api.github.com
sudo pacman -S medusaArch Linux sync databases · medusa · source: geo.mirror.pkgbuild.com
overview
Solidity smart contract fuzzer powered by go-ethereum
history
medusa is a cross-platform, go-ethereum-based smart-contract fuzzer from the Crytic ecosystem. Its official README describes it as inspired by Echidna and designed for parallelized fuzz testing through a CLI or Go API.
The official repository was created in 2023 and its first GitHub release was v0.1.0 in March 2023. The project entered a security tooling space already shaped by Crytic tools such as Echidna and Slither, but focused on a Go implementation powered by go-ethereum.
The documentation grew into a mdBook under Trail of Bits' Building Secure Contracts material, with sections for installation, first steps, project configuration, CLI commands, fuzzing lifecycle, invariant testing, cheatcodes, and an evolving Go API.
medusa is a specialized package for smart-contract auditors, protocol teams, and Solidity developers who need fuzzing in local or CI workflows. Official installation docs include Go install, Homebrew, Nix, Docker, source builds, and precompiled binaries, which is a strong signal that the project expects package-manager and automation use.
The package input lists Homebrew, Debian, Fedora, MacPorts, Nix, Pacman, and Ubuntu package names, showing that the tool has moved beyond a source-only security project into normal developer-tool distribution channels.
Users initialize a Solidity project with `medusa init`, which creates `medusa.json`, then run campaigns with commands such as `medusa fuzz --target-contracts ... --test-limit ...`. Official docs recommend placing target contracts and fuzz limits in the project configuration file.
medusa is interesting to package maintainers because it brings smart-contract fuzzing into a single Go CLI while still interoperating with common Ethereum tooling such as crytic-compile, Slither, Foundry, Hardhat, and go-ethereum. It sits in the same toolbox category as Echidna and Slither, but with a distinct implementation and parallel fuzzing model.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
medusa.jsonexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
medusa | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/crytic/medusa
install metadata
| Package key | brew:medusa |
|---|---|
| Version | 1.5.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/medusa |
| Homepage | https://secure-contracts.com/program-analysis/medusa/docs/src/ |
| Repository | https://github.com/crytic/medusa |
| Upstream docs | https://github.com/crytic/medusa/blob/master/docs/src/SUMMARY.md |
| License | AGPL-3.0-only |
| Source archive | https://github.com/crytic/medusa/archive/refs/tags/v1.5.1.tar.gz |
| Last updated | 2026-06-15T10:20:21-04:00 |
| Pulse | updated |
| Dependencies | crytic-compile |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | medusa |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Conflicts With |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
medusa 2.3-2
fast, parallel, modular, login brute-forcer for network services
sudo apt install medusamedusa
nix profile install nixpkgs#medusamedusa 2.2-7build3
fast, parallel, modular, login brute-forcer for network services
sudo apt install medusamedusa 2.3-6.20240130git4e9be7e.fc44
Speedy, parallel, and modular, login brute-forcer
http://www.foofus.net/jmk/medusa/medusa.html
sudo dnf install medusamedusa 2.2-13
Speedy, massively parallel and modular login brute-forcer for network
http://www.foofus.net/jmk/medusa/medusa.html
sudo pacman -S medusamedusa
sudo port install medusasource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.