angr vs Triton
GitHub Stats
About angr
angr is a platform-agnostic binary analysis framework developed at UC Santa Barbara's Seclab. It combines both static and dynamic symbolic (concolic) analysis, providing a powerful Python API for analyzing compiled binaries without source code. angr can automatically explore execution paths through a binary, solve for inputs that reach specific code locations, recover control flow graphs, perform taint analysis, and identify vulnerabilities like buffer overflows and format string bugs. Its architecture is modular - SimOS provides OS abstraction, SimEngine handles execution, and the exploration strategies (DFS, BFS, coverage-optimized) guide analysis through the program state space. angr is widely used in academic research and CTF competitions, and forms the backbone of several automated vulnerability discovery tools.
About Triton
Triton is a dynamic binary analysis library that provides symbolic execution, taint analysis, and abstract syntax tree (AST) representations of program semantics for building custom program analysis tools. It lifts native instructions from x86, x64, ARM32, and AArch64 into an intermediate representation, enabling precise reasoning about program behavior including constraint solving for input generation and vulnerability discovery. Reverse engineers, vulnerability researchers, and software verification engineers use Triton to automate tasks like deobfuscation, coverage-guided analysis, exploit generation, and program verification that would be impractical to perform manually. The framework exposes a comprehensive Python API alongside its C++ core, allowing researchers to script sophisticated analyses that combine concrete execution with symbolic reasoning to explore program paths and extract semantic information.
Platform Support
Tags
Shared
angr only
Triton only