ZIION is the world’s first blockchain security virtual machine. Developed by Halborn, ZIION is designed to make it easier for blockchain developers and security professionals to set up a lab environment and get started.
ZIION includes over 100 tools for development and security testing for blockchains based on the Ethereum Virtual Machine (EVM) and Rust. These tools are installed and configured out-of-the-box, eliminating the hours of work needed to onboard new developers and testers into an organization.
ZIION is built on Kali Linux and can be run by any common virtualization platform. Virtual machine images are available for download from https://www.ziion.org/download for Parallels, Virtualbox, or VMware.
After downloading the virtual machine and importing it into the virtualization platform, start it up. By default, the username and password of the platform are both set to ziion.
Like the base Kali distribution, ZIION includes a variety of different tools that are organized into different folders. These high-level classifications include the following:
Protocol Tools: Protocol tools are ones that enable interaction or emulation of various blockchains. For example, this category includes several CLIs and software for locally hosting a node of different blockchain networks.
EVM Tools: EVM tools are primarily development and testing tools for the Ethereum Virtual Machine (EVM). Examples include Foundry, Ganache, Geth, and Truffle.
Automated EVM Tools: This category includes the tools commonly used for automated security analysis of Ethereum smart contracts. These include Manticore, Mythril, Slither, and Solgraph.
EVM Fuzzers: Fuzzing tools attempt to identify logical flaws and vulnerabilities in applications by sending them anomalous, malicious, or random inputs. ZIION comes preloaded with Echidna for fuzzing Ethereum smart contracts.
Rust Tools: Several blockchain platforms, including Solana, Polkadot, and NEAR, support smart contract development in Rust. Rust tools include a variety of different tools to help with Rust development, such as linters, dependency analysis, and macro expansion.
Rust Automated Tools: Like their EVM counterparts, Rust automated tools are focused on security analysis. Tools are designed to identify unsafe dependencies, detect common security vulnerabilities, and check code coverage of test code.
Rust Fuzzers: ZIION incorporates a few different fuzzers for Rust-based smart contracts. These include support for American Fuzzy Logic (AFL.rs), libFuzzer (Fuzz), and Honggfuzz (Honggfuzz-rs).
Go Tools: Go is another programming language gaining traction in the smart contract development space. Built-in Go tools include GoSec, which looks for application security issues based on the Go AST, and Unconvert, which removes unnecessary type conversions that could cause integer overflow or underflow vulnerabilities.
General Tools: The general tools section includes non-blockchain tools that developers and security testers would need. Examples include 7-Zip, web browsers (Chromium and Firefox), text editors (Nano, neoVIM), and programming tools (Node.js, Python, etc.)
Resources: The Resources section on ZIION provides access to documentation and wikis for various blockchains — including Polkadot, Solana, and Ethereum — and programming languages (Rust).
ZIION comes with all tools installed and compiled, so it is usable out of the box. To get started, download a VM image from the ZIION website and check out the docs for more information on the available tools and how to make full use of ZIION’s capabilities.