Getting Started with DeepThreat
Scan Your First Contract
From zero to comprehensive vulnerability scan in under 5 minutes. No API keys. No cloud dependencies. Just install and scan.
Watch: 3-Minute Walkthrough
Demo video coming soon
Showing live scan of a DeFi lending protocol
See DeepThreat catch oracle manipulation, reentrancy, and access control issues in real-time.
Step-by-Step Guide
Install DeepThreat
Install via npm or clone the repository. No API keys required ā runs completely local.
npm install -g deepthreat
# or
git clone https://github.com/gilchrist-research/deepthreat.git
cd deepthreat && npm installPrepare Your Contract
Point DeepThreat at your Solidity files or entire project directory. Supports individual files or full Hardhat/Foundry projects.
# Scan a single file
deepthreat scan contracts/MyToken.sol
# Scan entire project
deepthreat scan . --recursiveRun the Scan
DeepThreat runs 44 specialized scanners in parallel, then uses VulnLLM-R for deep AI reasoning on detected patterns.
deepthreat scan contracts/ --output report.json --format json
# Options:
# --severity high # Only show high/critical
# --ai-reasoning # Enable VulnLLM-R analysis
# --verbose # Detailed outputReview Results
Get structured output with vulnerability details, affected code, severity ratings, and recommended fixes.
{
"summary": {
"critical": 2,
"high": 5,
"medium": 8,
"low": 12
},
"vulnerabilities": [
{
"type": "Reentrancy",
"severity": "CRITICAL",
"file": "contracts/Vault.sol",
"line": 42,
"description": "External call before state update",
"recommendation": "Apply CEI pattern + ReentrancyGuard",
"scanner": "Reentrancy Guard"
}
]
}Fix and Re-scan
Apply recommended fixes, then re-scan to verify vulnerabilities are resolved. Iterate until clean.
# After fixing issues
deepthreat scan contracts/ --baseline previous-scan.json
# Shows only new/remaining issuesExample: Scanning a DeFi Protocol
// Example: Scanning a DeFi protocol
$ deepthreat scan contracts/ --ai-reasoning --severity high
š DeepThreat Security Scanner v2.0
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Scanning 12 contracts...
ā Access Control Analysis [12/12]
ā Reentrancy Detection [12/12]
ā Oracle Validation [4/4]
ā CEI Pattern Check [12/12]
ā Economic Attack Surface [8/8]
ā Price Manipulation [4/4]
... 12 more scanners ...
š¤ Running VulnLLM-R reasoning...
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
SCAN COMPLETE
ā ļø Found 3 HIGH severity issues:
1. [REENTRANCY] Vault.sol:42
External call before state update in withdraw()
ā Apply ReentrancyGuard + CEI pattern
2. [ORACLE] PriceOracle.sol:18
No staleness check on Chainlink feed
ā Add updatedAt validation
3. [ACCESS] Admin.sol:55
Missing access control on setFee()
ā Add onlyOwner modifier
š Full report: ./deepthreat-report.json
ā± Scan time: 3m 42sCommon Use Cases
DeFi Protocols
Scan lending platforms, DEXs, and yield farms for oracle manipulation, reentrancy, and economic attack vectors.
NFT Projects
Detect approval exploits, access control issues, and minting vulnerabilities in ERC-721/1155 contracts.
Token Contracts
Validate ERC-20/777 implementations for transfer bugs, supply manipulation, and authorization flaws.
CI/CD Integration
name: DeepThreat Security Scan
on: [push, pull_request]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install DeepThreat
run: npm install -g deepthreat
- name: Run Security Scan
run: deepthreat scan contracts/ --severity high --output report.json
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: security-report
path: report.jsonAutomatically scan every commit and PR. Fail builds on critical vulnerabilities.
Ready to Secure Your Contracts?
Start scanning in the next 5 minutes. Free. Local. No signup required.