angr
BSD-2-Clause๐งฌ Reverse Engineering ยท Python
angr is a platform-agnostic binary analysis framework developed at UC Santa Barbara's Seclab. It combines both static and dynamic symbolic (concolic) analysis, providing a powerful Python API for analyzing compiled binaries without source code. angr can automatically explore execution paths through a binary, solve for inputs that reach specific code locations, recover control flow graphs, perform taint analysis, and identify vulnerabilities like buffer overflows and format string bugs. Its architecture is modular - SimOS provides OS abstraction, SimEngine handles execution, and the exploration strategies (DFS, BFS, coverage-optimized) guide analysis through the program state space. angr is widely used in academic research and CTF competitions, and forms the backbone of several automated vulnerability discovery tools.
Installation
pip
$ pip install angrDocker
$ docker pull angr/angrUse Cases
- Automated vulnerability discovery through symbolic execution of binaries
- Solving CTF reverse engineering challenges by constraining execution paths
- Recovering control flow graphs from stripped or obfuscated binaries
- Finding inputs that trigger specific code paths or crash conditions
- Building custom binary analysis tools on top of the angr Python API
Tags
Details
- Category
- ๐งฌ Reverse Engineering
- Language
- Python
- Repository
- angr/angr
- License
- BSD-2-Clause
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Alternatives & Comparisons
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Compare angr vs GhidraRadare2
CPortable reversing framework. Disassembly, debugging, analysis, patching, and scripting in a single CLI.
Compare angr vs Radare2Cutter
C++GUI for Radare2. Makes reverse engineering accessible with graphs, decompiler, and hex editor built in.
Compare angr vs CutterdnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
Compare angr vs dnSpyILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
Compare angr vs ILSpyx64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Compare angr vs x64dbgDetect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
Compare angr vs Detect It EasyRetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Compare angr vs RetDecRizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.
Compare angr vs RizinMore in Reverse Engineering
dnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
x64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Detect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
RetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.
Rizin
CReverse engineering framework forked from radare2. Modernized API, improved UX, with Cutter as its official GUI.