Documentation — Counterscarp

Quick Start

Get Counterscarp running in 5 minutes with the following steps.

Requires Python 3.9+ and pip. Optional: Rust (for Aderyn), Go (for Medusa), Foundry.

bash — Quick Start

# Option A: Install from PyPI (recommended)

$ pip install counterscarp-engine

# Option B: Install from source

$ git clone https://github.com/RunTimeAdmin/counterscarp

$ cd counterscarp-engine && pip install -e .

$ counterscarp --help

✓ Counterscarp v4.4.0 ready

Installation

Core Installation

bash

# Install from PyPI (recommended)

$ pip install counterscarp-engine

Successfully installed counterscarp-engine-4.4.0

# Install with AI/RAG features (required for Pro AI Copilot)

$ pip install counterscarp-engine[ai]

# Install with web UI support

$ pip install counterscarp-engine[web]

# Install with development dependencies

$ pip install counterscarp-engine[dev]

# Or install from source (development)

$ git clone https://github.com/RunTimeAdmin/counterscarp

$ cd counterscarp-engine && pip install -e .

# Core dependencies (auto-installed)

$ pip install requests packaging tomli solc-select

# Install Slither (static analysis, optional)

$ pip install slither-analyzer

# Install specific Solidity version

$ solc-select install 0.8.19 && solc-select use 0.8.19

Optional Tools

bash

# Aderyn (Rust-based analyzer)

$ cargo install aderyn

# Medusa (coverage-guided fuzzer)

$ go install github.com/crytic/medusa/cmd/medusa@latest

# Foundry (invariant testing)

$ curl -L https://foundry.paradigm.xyz | bash && foundryup

Pro License Activation

Licenses are tied to machine activations. Keys are cached offline for 24 hours after first validation.

Tier	Key Prefix	Machine Activations	Key Duration
Developer	`SE-DEV-`	1	30 days (recurring)
Pro	`SE-PRO-`	3	30 days (recurring)
Team	`SE-TEAM-`	10	30 days (recurring)
Enterprise	`SE-ENT-`	100+	Custom

bash

# Method 1: Environment variable (recommended for CI/CD)

$ export COUNTERSCARP_PRO_LICENSE=SE-PRO-xxxx-xxxx-xxxx

# Method 2: Add to counterscarp.toml config file

[license]

key = "SE-PRO-xxxx-xxxx-xxxx"

# Verify license status

$ counterscarp license status

[✓] License: SE-PRO-xxxx | Tier: Pro | Activations: 1/3 | Expires: 2026-05-21

# Get your license at app.counterscarp.io/pricing

First Audit

Option 1: GUI (Easiest)

bash

$ python gui.py

→ Select contract → Check boxes → Click "Run Selected Checks"

Option 2: CLI (Professional)

bash

# Fast PR check (blockers only)

$ counterscarp scan ./contracts --config counterscarp-pr.toml

# Full audit with HTML report

$ counterscarp scan ./contracts --config counterscarp-audit.toml --report --project-name "MyDeFi"

# Bug bounty mode (max coverage)

$ counterscarp scan ./contracts --config counterscarp-bounty.toml --medusa

Configuration Files

Counterscarp uses TOML configuration files to control analyzer behavior, severity thresholds, and output formats.

toml — counterscarp-audit.toml

# Counterscarp — Full Audit Configuration

[project]
name = "MyDeFi Protocol"
version = "3.0.0"

[analyzers]
slither     = true
aderyn      = true
mythril     = true
ai_copilot  = true
attack_path = true
time_travel = true

[thresholds]
blocker_severity = "HIGH"
max_findings     = 0  # 0 = fail on any HIGH

[output]
html_report = true
md_report   = true
json_output = false
          

Audit Profiles

Profile	File	Use Case	Speed
PR Check	`counterscarp-pr.toml`	Fast CI gate — blockers only, skip slow analyzers	< 2 min
Full Audit	`counterscarp-audit.toml`	Complete audit with all analyzers, 250K fuzz tests	10–30 min
Bug Bounty	`counterscarp-bounty.toml`	Maximum coverage, 500K fuzz tests, AI exploit gen	1–2 hours
Solana	`counterscarp-solana.toml`	Solana/Anchor programs, 35 Rust security patterns	5–15 min

CLI Reference

Flag	Description	Default
`--target`	Path to contracts directory or file	Required
`--config`	TOML configuration file path	`counterscarp-pr.toml`
`--report`	Generate HTML + Markdown reports	false
`--project-name`	Project name for reports	Directory name
`--medusa`	Enable Medusa fuzzing	false
`--history`	Enable Time-Travel Git Scanner	false
`--commits`	Number of commits to scan (with --history)	50
`--rag`	Enable AI Audit Copilot RAG enrichment	false
`--fingerprint`	Run Protocol Fingerprint Scanner	false
`--solana`	Enable Solana/Anchor analysis mode	false
`--output-dir`	Output directory for reports	Current dir
`--verbose`	Verbose output	false
`--help`	Show help message	—

CI/CD Integration

Counterscarp integrates with all major CI/CD platforms. Use the auto-generator or copy the manual snippets below.

Auto-Generate Pipeline Config

bash

# GitHub Actions

$ counterscarp generate-pipeline --platform github --output .github/workflows/

# GitLab CI

$ counterscarp generate-pipeline --platform gitlab --output .gitlab-ci.yml

# Azure DevOps

$ counterscarp generate-pipeline --platform azure --output azure-pipelines.yml

# Jenkins

$ counterscarp generate-pipeline --platform jenkins --output Jenkinsfile

GitHub Actions (Manual)

yaml — .github/workflows/counterscarp-engine.yml

name: Counterscarp Audit
on:
  pull_request:
    branches: [main]

jobs:
  blocker-checks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Counterscarp
        run: pip install counterscarp-engine --upgrade
      - name: Counterscarp PR Check (Blockers)
        env:
          COUNTERSCARP_PRO_LICENSE: ${{ secrets.COUNTERSCARP_PRO_LICENSE }}
        run: |
          counterscarp scan ./contracts \
            --config counterscarp-pr.toml
  advisory-checks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Counterscarp
        run: pip install counterscarp-engine --upgrade
      - name: Counterscarp Full Audit
        env:
          COUNTERSCARP_PRO_LICENSE: ${{ secrets.COUNTERSCARP_PRO_LICENSE }}
        run: |
          counterscarp scan ./contracts \
            --config counterscarp-audit.toml \
            --report
          

GitLab CI (Manual)

yaml — .gitlab-ci.yml

counterscarp-engine:
  stage: test
  image: python:3.11
  variables:
    COUNTERSCARP_PRO_LICENSE: ${COUNTERSCARP_PRO_LICENSE}
  script:
    - pip install counterscarp-engine --upgrade
    - counterscarp scan ./contracts --config counterscarp-pr.toml
  only:
    - merge_requests
          

Azure DevOps (Manual)

yaml — azure-pipelines.yml

trigger:
  branches:
    include: [main]

pool:
  vmImage: ubuntu-latest

steps:
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3.11'
- script: pip install counterscarp-engine --upgrade
  displayName: 'Install Counterscarp'
- script: counterscarp scan ./contracts --config counterscarp-pr.toml
  displayName: 'Counterscarp Scan'
  env:
    COUNTERSCARP_PRO_LICENSE: $(COUNTERSCARP_PRO_LICENSE)
          

Jenkins (Manual)

groovy — Jenkinsfile

pipeline {
  agent { label 'python' }
  environment {
    COUNTERSCARP_PRO_LICENSE = credentials('counterscarp-pro-license')
  }
  stages {
    stage('Security Scan') {
      steps {
        sh 'pip install counterscarp-engine --upgrade'
        sh 'counterscarp scan ./contracts --config counterscarp-pr.toml'
      }
    }
  }
}
          

API Reference

Counterscarp exposes a Python API for programmatic integration.

python

from counterscarp import CounterscarpEngine, AuditConfig

# Initialize engine
engine = CounterscarpEngine(
    config=AuditConfig.from_file("counterscarp-audit.toml")
)

# Run audit
results = engine.audit(target="./contracts")

# Access findings
for finding in results.findings:
    print(f"{finding.severity}: {finding.title}")
    print(f"  File: {finding.file}:{finding.line}")

# Generate report
results.export_html("audit_report.html")
results.export_markdown("audit_report.md")
          

Changelog

v4.4.0 — April 21, 2026 Latest

Published to PyPI: pip install counterscarp-engine --upgrade
Python 3.9, 3.10, 3.11, 3.12 support confirmed
Development Status: 5 - Production/Stable
Tags: security, audit, smart-contracts, solidity, solana, blockchain
Extras: ai, advanced, web, dev
Core deps: requests, packaging, tomli, solc-select
Maintainer: ccie14019 (verified by PyPI)

v2.0.0 — February 2026

21 integrated analyzers — full EVM + Solana coverage
7 innovative features: AI Copilot, Attack Path Visualizer, Time-Travel Scanner, Anchor IDL Validator, CI/CD Generator, Exploit Generator, Fingerprint Scanner
638+ tests passing
GUI + CLI interfaces
Docker deployment support
3 execution profiles: PR / Audit / Bounty

Need More Help?

Check the full documentation on GitHub or open an issue for support.

View on GitHub Contact Support