angr >>>

home
code
docs
api
blog
get involved!

angr
angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic")
analysis, providing tools to solve a variety of tasks.

Features

 Open Source

Released as Free and Open Source Software under the permissive BSD license. Contributions are welcome.

 Cross-Platform

Runs on Windows, macOS, and Linux. Built for Python 3.8+.

 Symbolic Execution

Provides a powerful symbolic execution engine, constraint solving, and instrumentation.

 Control-Flow Graph Recovery

Provides advanced analysis techniques for control-flow graph recovery.

  Disassembly & Lifting

Provides convenient methods to disassemble code and lift to an intermediate language.

{} Decompilation

Decompile machine code to angr Intermediate Language (AIL) and C pseudocode.

 Architecture Support

Supports analysis of several CPU architectures, loading from several executable formats.

 Extensibility

Provides powerful extensibility for analyses, architectures, platforms, exploration techniques, hooks, and more.

Applications
As an introduction to angr's capabilities, here are some of the things that you can do using angr and the tools built with it:

Control-flow graph recovery.

show code
Symbolic execution.
show code
Automatic ROP chain building using angrop.
show code
Automatic binary hardening using patcherex.
show code
Automatic exploit generation (for DECREE and simple Linux binaries) using rex.
show code
Use angr-management, a (very alpha state!) GUI for angr, to analyze binaries!
show code
Achieve cyber-autonomy in the comfort of your own home, using Mechanical Phish, the third-place winner of the DARPA
Cyber Grand Challenge.
 angr itself is made up of several subprojects, all of which can be used separately in other projects:

an executable and library loader, CLE

a library describing various architectures, archinfo
a Python wrapper around the binary code lifter VEX, PyVEX
a data backend to abstract away differences between static and symbolic domains, Claripy
the program analysis suite itself, angr

Installation
angr is installed as a Python 3.8+ package, and can be easily installed via PIP.

pip install angr

Documentation
There are a few resources you can use to help you get up to speed!

Documentation, walk-throughs, and examples are available at docs.angr.io.

The API reference.
Check out the blog! We're slowly adding many useful examples, tutorials, and walkthroughs there.
The presentations from angr's debut at DEFCON 23 (video) and Blackhat 2015 (video)
Presentations discussing Shellphish's use of angr in the DARPA Cyber Grand Challenge at HITCON ENT 2015, HITCON CMT
2015, and 32C3 (video)

Community
There are a few resources you can use to help you get up to speed or get you contributing to the project!

We primarily use slack for communication, at angr.slack.com. You can get an invite here.
You can file an issue or send us a PR on github in the appropriate repo.
If you prefer email, and don't mind longer response times, shoot an email to angr-at-lists.cs.ucsb.edu. This is a public
mailing list (to which you can subscribe here).

In all this, please keep in mind that angr is a large project being frantically worked on by a very small group of overworked
students. It's open source, with a typical open source support model (i.e., pray for the best).
 For an idea of what to help with, check this out.

Citation
We have used angr heavily in our academic research! If you have used angr or its sub-components in your research, please
cite at least the following paper describing it:

@inproceedings{shoshitaishvili2016state,
title={{SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis}},
author={Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and
Stephens, Nick and Polino, Mario and Dutcher, Audrey and Grosen, John and
Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
booktitle={IEEE Symposium on Security and Privacy},
year={2016}
}
Show more papers

Semi-academically, angr was one of the underpinnings of Shellphish's Cyber Reasoning System for the DARPA Cyber Grand
Challenge, enabling them to win third place in the final round (more info here)! Shellphish has also used angr in many CTFs.

Who works on angr?

angr is worked on by several researchers in the Computer Security Lab at UC Santa Barbara and SEFCOM at Arizona State
University. Core developers (arbitrarily, 1000+ lines of code!) include:

Yan Shoshitaishvili
Ruoyu (Fish) Wang
Audrey Dutcher
Lukas Dresel
Eric Gustafson
Nilo Redini
Paul Grosen
Colin Unger
Chris Salls
Nick Stephens
Christophe Hauser
 John Grosen

angr would never have happened if it were not for the vision, wisdom, guidance, and support of the professors:

Christopher Kruegel
Giovanni Vigna

Additionally, there are many open-source contributors, which you can see at
the
various
repositories
in
the
github
orgs.

angr owes its existence to research sponsored by DARPA under agreement number
N66001-13-2-4039!

Site icons provided by Icomoon and Freepik, licensed by CC 3.0 BY

For questions, hop on our slack (get an invite here)

or contact the angr mailing list:
angr ~at~ lists.cs.ucsb.edu