# Install medusa with Homebrew, apt, dnf, MacPorts, Nix, pacman

Solidity smart contract fuzzer powered by go-ethereum. Version 1.5.1 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:medusa
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install medusa
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install medusa
```

  Evidence: MacPorts ports tree: security/medusa/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Debian apt (92%):

```sh
sudo apt install medusa
```

  Evidence: Debian stable package indexes: medusa from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install medusa
```

  Evidence: Fedora Rawhide package metadata: medusa from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#medusa
```

  Evidence: nixpkgs package indexes: pkgs/by-name/me/medusa/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S medusa
```

  Evidence: Arch Linux sync databases: medusa from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:medusa
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/medusa>
- **Version:** 1.5.1
- **Source summary:** Solidity smart contract fuzzer powered by go-ethereum
- **Homepage:** <https://secure-contracts.com/program-analysis/medusa/docs/src/>
- **Repository:** <https://github.com/crytic/medusa>
- **Upstream docs:** <https://github.com/crytic/medusa/blob/master/docs/src/SUMMARY.md>
- **License:** AGPL-3.0-only
- **Source archive:** <https://github.com/crytic/medusa/archive/refs/tags/v1.5.1.tar.gz>
- **Last updated:** 2026-06-15T10:20:21-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- medusa (cli)
- medusa (alias)

## Dependencies

- crytic-compile

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.5.1
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/crytic/medusa
- Upstream latest detected: v1.5.1 (current)
## Project history and usage

medusa is a cross-platform, go-ethereum-based smart-contract fuzzer from the Crytic ecosystem. Its official README describes it as inspired by Echidna and designed for parallelized fuzz testing through a CLI or Go API.

### Project history

The official repository was created in 2023 and its first GitHub release was v0.1.0 in March 2023. The project entered a security tooling space already shaped by Crytic tools such as Echidna and Slither, but focused on a Go implementation powered by go-ethereum.

The documentation grew into a mdBook under Trail of Bits' Building Secure Contracts material, with sections for installation, first steps, project configuration, CLI commands, fuzzing lifecycle, invariant testing, cheatcodes, and an evolving Go API.

### Adoption history

medusa is a specialized package for smart-contract auditors, protocol teams, and Solidity developers who need fuzzing in local or CI workflows. Official installation docs include Go install, Homebrew, Nix, Docker, source builds, and precompiled binaries, which is a strong signal that the project expects package-manager and automation use.

The package input lists Homebrew, Debian, Fedora, MacPorts, Nix, Pacman, and Ubuntu package names, showing that the tool has moved beyond a source-only security project into normal developer-tool distribution channels.

### How it is used

Users initialize a Solidity project with `medusa init`, which creates `medusa.json`, then run campaigns with commands such as `medusa fuzz --target-contracts ... --test-limit ...`. Official docs recommend placing target contracts and fuzz limits in the project configuration file.

### Why package nerds care

medusa is interesting to package maintainers because it brings smart-contract fuzzing into a single Go CLI while still interoperating with common Ethereum tooling such as crytic-compile, Slither, Foundry, Hardhat, and go-ethereum. It sits in the same toolbox category as Echidna and Slither, but with a distinct implementation and parallel fuzzing model.

### Timeline

- 2023: Repository is created and v0.1.0 is released.
- 2023: Documentation describes `medusa init`, `medusa fuzz`, and `medusa.json` project configuration workflows.
- 2026: GitHub repository lists v1.5.1 as the latest release.

### Related projects

- medusa is related to Echidna, go-ethereum, crytic-compile, Slither, Foundry, Hardhat, and Trail of Bits' Building Secure Contracts documentation.

### Sources

- <https://api.github.com/repos/crytic/medusa>
- <https://api.github.com/repos/crytic/medusa/releases>
- <https://github.com/crytic/medusa>
- <https://raw.githubusercontent.com/crytic/medusa/master/docs/src/cli/init.md>
- <https://raw.githubusercontent.com/crytic/medusa/master/docs/src/getting_started/first_steps.md>
- <https://raw.githubusercontent.com/crytic/medusa/master/docs/src/getting_started/installation.md>
- <https://secure-contracts.com/program-analysis/medusa/docs/src/>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: medusa.json
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** medusa
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Conflicts With:** bash-completion
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - medusa - 2.3-2: normalized package name match | Debian stable package indexes: medusa from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | fast, parallel, modular, login brute-forcer for network services | http://foofus.net/?page_id=51
- Nix - medusa: normalized package name match | nixpkgs package indexes: pkgs/by-name/me/medusa/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - medusa - 2.2-7build3: normalized package name match | Ubuntu 24.04 LTS package indexes: medusa from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | fast, parallel, modular, login brute-forcer for network services | http://foofus.net/?page_id=51
- dnf - medusa - 2.3-6.20240130git4e9be7e.fc44: normalized package name match | Fedora Rawhide package metadata: medusa from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Speedy, parallel, and modular, login brute-forcer | http://www.foofus.net/jmk/medusa/medusa.html
- pacman - medusa - 2.2-13: normalized package name match | Arch Linux sync databases: medusa from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Speedy, massively parallel and modular login brute-forcer for network | http://www.foofus.net/jmk/medusa/medusa.html
- MacPorts - medusa: normalized package name match | MacPorts ports tree: security/medusa/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [crytic-compile](https://www.automicvault.com/pkg/brew/crytic-compile/) - Runtime dependency declared by Homebrew.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [radamsa](https://www.automicvault.com/pkg/brew/radamsa/) - Shares av.db curated category or tags: cli, fuzzer, fuzzing, security, security-testing.
- [h26forge](https://www.automicvault.com/pkg/brew/h26forge/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing.
- [wuppiefuzz](https://www.automicvault.com/pkg/brew/wuppiefuzz/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing.
- [echidna](https://www.automicvault.com/pkg/brew/echidna/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing, smart-contracts.
- [ffuf](https://www.automicvault.com/pkg/brew/ffuf/) - Shares av.db curated category or tags: cli, fuzzing, security.
- [afl++](https://www.automicvault.com/pkg/brew/afl/) - Shares av.db curated category or tags: cli, fuzzing, security, security-testing.
- [caracal](https://www.automicvault.com/pkg/brew/caracal/) - Shares av.db curated category or tags: cli, security, smart-contracts.
- [slither-analyzer](https://www.automicvault.com/pkg/brew/slither-analyzer/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, cli, contract, contracts, ethereum.

## Combined YAML source

View the package source record on GitHub. [combined/medusa.yml](https://github.com/automic-vault/db/blob/main/combined/medusa.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
