Kogwasys is a Python-powered command-line tool that protects Solidity smart contracts from critical security vulnerabilities. Built on Slither, it combines custom rule sets with trusted static analysis to detect classic and modern Web3 threats.
“Audit your contracts before hackers do.”
- 🚨 Detects Reentrancy, Oracle Manipulation, Unchecked Calls, and more
- 🔍 Supports custom rule modules for modern vulnerabilities (2025 OWASP SC Top 10)
- 📂 Scans entire Solidity projects or individual
.solfiles - 📊 Outputs detailed terminal reports in Chinese + optional JSON and HTML formats
- 🧩 VS Code compatible for integrated scanning workflows
- 💡 Fully extensible – add your own static analysis rules
# 1. Clone the repo
git clone https://github.com/onoka-ship-it/kogwasys.git
cd kogwasys
# 2. Set up virtual environment
python3 -m venv venv
source venv/bin/activate
# 3. Install dependencies
pip install -r requirements.txt
# 4. Run a scan
kogwasys --target examples/VulnerableContract.sol
# 5. Output JSON + HTML to a custom folder
kogwasys --target examples/VulnerableContract.sol --json --html --out reports
Here’s what a vulnerability scan looks like in your terminal:
