angr vs Unicorn Engine
GitHub Stats
About angr
angr is a platform-agnostic binary analysis framework developed at UC Santa Barbara's Seclab. It combines both static and dynamic symbolic (concolic) analysis, providing a powerful Python API for analyzing compiled binaries without source code. angr can automatically explore execution paths through a binary, solve for inputs that reach specific code locations, recover control flow graphs, perform taint analysis, and identify vulnerabilities like buffer overflows and format string bugs. Its architecture is modular - SimOS provides OS abstraction, SimEngine handles execution, and the exploration strategies (DFS, BFS, coverage-optimized) guide analysis through the program state space. angr is widely used in academic research and CTF competitions, and forms the backbone of several automated vulnerability discovery tools.
About Unicorn Engine
Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU. It provides a clean API for emulating machine code across x86 (16/32/64-bit), ARM, ARM64, MIPS, SPARC, and M68K architectures. Unlike full system emulators, Unicorn focuses purely on CPU instruction emulation - no OS, no hardware peripherals - which makes it fast and embeddable. Security researchers use Unicorn to emulate specific code snippets (like unpacking routines, decryption functions, or shellcode) without executing them on real hardware, making it invaluable for malware analysis, fuzzing, and binary instrumentation. Unicorn provides hooks for memory access, code execution, and interrupts, allowing fine-grained observation and control of emulated code. Bindings exist for Python, Java, Go, Rust, Ruby, and many other languages.
Platform Support
Tags
angr only
Unicorn Engine only