angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks.
Released as Free and Open Source Software under the permissive BSD license. Contributions are welcome.
Runs on Windows, macOS, and Linux. Built for Python 3.10+.
Provides a powerful symbolic execution engine, constraint solving, and instrumentation.
Provides advanced analysis techniques for control-flow graph recovery.
Provides convenient methods to disassemble code and lift to an intermediate language.
{}
Decompile machine code to angr Intermediate Language (AIL) and C pseudocode.
Supports analysis of several CPU architectures, loading from several executable formats.
Provides powerful extensibility for analyses, architectures, platforms, exploration techniques, hooks, and more.
As an introduction to angr's capabilities, here are some of the things that you can do using angr and the tools built with it:
angr itself is made up of several subprojects, all of which can be used separately in other projects:
angr is installed as a Python 3.10+ package, and can be easily installed via PIP.
pip install angr
There are a few resources you can use to help you get up to speed!
There are a few resources you can use to help you get up to speed or get you contributing to the project!
In all this, please keep in mind that angr is a large project being frantically worked on by a very small group of overworked students. It's open source, with a typical open source support model (i.e., pray for the best).
For an idea of what to help with, check this out.
We have used angr heavily in our academic research! If you have used angr or its sub-components in your research, please cite at least the following paper describing it:
@inproceedings{shoshitaishvili2016state, title={{SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis}}, author={Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and Stephens, Nick and Polino, Mario and Dutcher, Audrey and Grosen, John and Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni}, booktitle={IEEE Symposium on Security and Privacy}, year={2016} }
Semi-academically, angr was one of the underpinnings of Shellphish's Cyber Reasoning System for the DARPA Cyber Grand Challenge, enabling them to win third place in the final round (more info here)! Shellphish has also used angr in many CTFs.
angr is worked on by several researchers in the Computer Security Lab at UC Santa Barbara and SEFCOM at Arizona State University. Core developers (arbitrarily, 1000+ lines of code!) include:
angr would never have happened if it were not for the vision, wisdom, guidance, and support of the professors:
Additionally, there are many open-source contributors, which you can see at the various repositories in the github orgs.