GarnGIT — A Lightweight Scanner for Solidity Vulnerabilities

Garngit is a portable .exe tool that scans Solidity smart contracts for known vulnerability patterns. Designed for bounty hunters, auditors, and developers, it runs without setup, dependencies, or internet access.

Key Features

• Fully portable — no install required
• Scans recursively through any Solidity project
• Detects known high-risk patterns, including:
  • delegatecall, selfdestruct, .call
  • tx.origin, upgradeTo, transferOwnership
  • MerkleProof.verify, transferFrom, unchecked {, and more
• Captures contract and function name for each match
• Outputs clean reports in both .txt and .json format
• Compatible with all modern Solidity codebases

Garngit helps you quickly identify potential bugs that are relevant to real-world bounty programs — without the overhead of installing complex tools or configuring a full audit suite.

Drop it into any project and get results in seconds.