Theo aims to be an exploitation framework and a blockchain recon and interaction tool.
Features
Theo’s purpose is to fight script kiddies that try to be leet hackers. He can listen to them trying to exploit his honeypots and make them lose their funds, for his own gain.
Install
Theo is available as a PyPI package:
$ pip install theo
$ theo –help
usage: theo [-h] [–rpc-http RPC_HTTP] [–rpc-ws RPC_WS] [–rpc-ipc RPC_IPC]
[–account-pk ACCOUNT_PK] [–contract ADDRESS]
[–skip-mythril SKIP_MYTHRIL] [–load-file LOAD_FILE] [–version]
Monitor contracts for balance changes or tx pool.
Optional arguments:
-h, –help show this help message and exit
–rpc-http RPC_HTTP Connect to this HTTP RPC (default:
http://127.0.0.1:8545)
–account-pk ACCOUNT_PK The account’s private key (default: None)
–contract ADDRESS Contract to monitor (default: None)
–skip-mythril SKIP_MYTHRIL Don’t try to find exploits with Mythril (default: False)
–load-file LOAD_FILE Load exploit from file (default: )
–version show program’s version number and exit
RPC connections:
–rpc-ws RPC_WS Connect to this WebSockets RPC (default: None)
–rpc-ipc RPC_IPC Connect to this IPC RPC (default: None)
Also Read – W13Scan : Passive Security Scanner Linux/Windows/Mac Systems
Install from sources
$ git clone https://github.com/cleanunicorn/theo
$ cd theo
$ virtualenv ./venv
$ . ./venv/bin/activate
$ pip install -r requirements.txt
$ pip install -e .
$ theo –help
Requirements
Scan a smart contract, find exploits, exploit it:
Frontrun victim
Setup a honeypot, deploy honeypot, wait for attacker, frontrun:
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…
Sanctum EDR demonstrates a multi-layered approach to detecting and preventing Event Tracing for Windows (ETW)…
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…