angr

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks.

Features

Applications

As an introduction to angr's capabilities, here are some of the things that you can do using angr and the tools built with it:

angr itself is made up of several subprojects, all of which can be used separately in other projects:

Installation

angr is installed as a Python 3.10+ package, and can be easily installed via PIP.

pip install angr

Documentation

There are a few resources you can use to help you get up to speed!

Community

There are a few resources you can use to help you get up to speed or get you contributing to the project!

In all this, please keep in mind that angr is a large project being frantically worked on by a very small group of overworked students. It's open source, with a typical open source support model (i.e., pray for the best).

For an idea of what to help with, check this out.

Citation

We have used angr heavily in our academic research! If you have used angr or its sub-components in your research, please cite at least the following paper describing it:

@inproceedings{shoshitaishvili2016state,
  title={{SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis}},
  author={Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and
          Stephens, Nick and Polino, Mario and Dutcher, Audrey and Grosen, John and
          Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
  booktitle={IEEE Symposium on Security and Privacy},
  year={2016}
}

Semi-academically, angr was one of the underpinnings of Shellphish's Cyber Reasoning System for the DARPA Cyber Grand Challenge, enabling them to win third place in the final round (more info here)! Shellphish has also used angr in many CTFs.

Who works on angr?

angr is worked on by several researchers in the Computer Security Lab at UC Santa Barbara and SEFCOM at Arizona State University. Core developers (arbitrarily, 1000+ lines of code!) include:

angr would never have happened if it were not for the vision, wisdom, guidance, and support of the professors:

Additionally, there are many open-source contributors, which you can see at the various repositories in the github orgs.