Automic VaultAutomic Vault

brew

Install medusa with Homebrew, apt, dnf, MacPorts, Nix, pacman

Solidity smart contract fuzzer powered by go-ethereum. Version 1.5.1 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install medusa

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install medusa

MacPorts ports tree · security/medusa/Portfile · source: api.github.com

Linux

Debian aptverified · 92%
sudo apt install medusa

Debian stable package indexes · medusa · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install medusa

Fedora Rawhide package metadata · medusa · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#medusa

nixpkgs package indexes · pkgs/by-name/me/medusa/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S medusa

Arch Linux sync databases · medusa · source: geo.mirror.pkgbuild.com

overview

Package summary

Solidity smart contract fuzzer powered by go-ethereum

Commands and aliases

  • medusa

history

Project history and usage

medusa is a cross-platform, go-ethereum-based smart-contract fuzzer from the Crytic ecosystem. Its official README describes it as inspired by Echidna and designed for parallelized fuzz testing through a CLI or Go API.

Project history

The official repository was created in 2023 and its first GitHub release was v0.1.0 in March 2023. The project entered a security tooling space already shaped by Crytic tools such as Echidna and Slither, but focused on a Go implementation powered by go-ethereum.

The documentation grew into a mdBook under Trail of Bits' Building Secure Contracts material, with sections for installation, first steps, project configuration, CLI commands, fuzzing lifecycle, invariant testing, cheatcodes, and an evolving Go API.

Adoption history

medusa is a specialized package for smart-contract auditors, protocol teams, and Solidity developers who need fuzzing in local or CI workflows. Official installation docs include Go install, Homebrew, Nix, Docker, source builds, and precompiled binaries, which is a strong signal that the project expects package-manager and automation use.

The package input lists Homebrew, Debian, Fedora, MacPorts, Nix, Pacman, and Ubuntu package names, showing that the tool has moved beyond a source-only security project into normal developer-tool distribution channels.

How it is used

Users initialize a Solidity project with `medusa init`, which creates `medusa.json`, then run campaigns with commands such as `medusa fuzz --target-contracts ... --test-limit ...`. Official docs recommend placing target contracts and fuzz limits in the project configuration file.

Why package nerds care

medusa is interesting to package maintainers because it brings smart-contract fuzzing into a single Go CLI while still interoperating with common Ethereum tooling such as crytic-compile, Slither, Foundry, Hardhat, and go-ethereum. It sits in the same toolbox category as Echidna and Slither, but with a distinct implementation and parallel fuzzing model.

Timeline

  • 2023: Repository is created and v0.1.0 is released.
  • 2023: Documentation describes `medusa init`, `medusa fuzz`, and `medusa.json` project configuration workflows.
  • 2026: GitHub repository lists v1.5.1 as the latest release.

Related projects

  • medusa is related to Echidna, go-ethereum, crytic-compile, Slither, Foundry, Hardhat, and Trail of Bits' Building Secure Contracts documentation.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
medusa.json

executables

Installed executables

CommandKindExposureNote
medusacliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.5.1
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv1.5.1

https://github.com/crytic/medusa

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:medusa
Version1.5.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/medusa
Homepagehttps://secure-contracts.com/program-analysis/medusa/docs/src/
Repositoryhttps://github.com/crytic/medusa
Upstream docshttps://github.com/crytic/medusa/blob/master/docs/src/SUMMARY.md
LicenseAGPL-3.0-only
Source archivehttps://github.com/crytic/medusa/archive/refs/tags/v1.5.1.tar.gz
Last updated2026-06-15T10:20:21-04:00
Pulseupdated
Dependenciescrytic-compile
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namemedusa
Version Scheme0
Revision0
Head VersionHEAD
Conflicts With
  • bash-completion
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

medusa 2.3-2

fast, parallel, modular, login brute-forcer for network services

http://foofus.net/?page_id=51

sudo apt install medusa
  • Section: admin
  • Architecture: amd64
  • 8 dependencies
  • normalized package name match
  • Matched by: Medusa
Debian stable package indexes · deb.debian.org · Debian stable package indexes: medusa from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

medusa

nix profile install nixpkgs#medusa
  • normalized package name match
  • Matched by: Medusa
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/me/medusa/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

medusa 2.2-7build3

fast, parallel, modular, login brute-forcer for network services

http://foofus.net/?page_id=51

sudo apt install medusa
  • Section: universe/admin
  • Architecture: amd64
  • 5 dependencies
  • normalized package name match
  • Matched by: Medusa
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: medusa from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

medusa 2.3-6.20240130git4e9be7e.fc44

Speedy, parallel, and modular, login brute-forcer

http://www.foofus.net/jmk/medusa/medusa.html

sudo dnf install medusa
  • License: GPL-2.0-only
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: medusa
  • 10 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Medusa
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: medusa from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

medusa 2.2-13

Speedy, massively parallel and modular login brute-forcer for network

http://www.foofus.net/jmk/medusa/medusa.html

sudo pacman -S medusa
  • License: GPL2
  • Architecture: x86_64
  • 1 dependencies
  • 7 optional deps
  • normalized package name match
  • Matched by: Medusa
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: medusa from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

medusa

sudo port install medusa
  • normalized package name match
  • Matched by: Medusa
MacPorts ports tree · api.github.com · MacPorts ports tree: security/medusa/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment