angr 8 is out! This release migrates angr to Python 3 and drops Python 2 support, in addition to bringing a bunch of performance improvements and bugfixes. For more details, see here.

What is angr?

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic ("concolic") analysis, making it applicable to a variety of tasks.

As an introduction to angr's capabilities, here are some of the things that you can do using angr and the tools built with it:

angr itself is made up of several subprojects, all of which can be used separately in other projects:

How do I use angr?

angr installs through pip! We recommend installing it in a virtualenv:

$ mkvirtualenv angr
$ pip install angr

We also provide a docker container:

$ docker run -it angr/angr

How do I learn?

There are a few resources you can use to help you get up to speed!

How do I get involved (or get help)?

There are a few resources you can use to help you get up to speed or get you contributing to the project!

In all this, please keep in mind that angr is a large project being frantically worked on by a very small group of overworked students. It's open source, with a typical open source support model (i.e., pray for the best).

For an idea of what to help with, check this out.

Can angr be used for science?

We have used angr heavily in our academic research! If you have used angr or its sub-components in your research, please cite at least the following paper describing it:

  title={{SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis}},
  author={Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and
          Stephens, Nick and Polino, Mario and Dutcher, Audrey and Grosen, John and
          Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
  booktitle={IEEE Symposium on Security and Privacy},

Semi-academically, angr was one of the underpinnings of Shellphish's Cyber Reasoning System for the DARPA Cyber Grand Challenge, enabling them to win third place in the final round (more info here)! Shellphish has also used angr in many CTFs.

Who works on angr?

angr is worked on by several researchers in the Computer Security Lab at UC Santa Barbara and SEFCOM at Arizona State University. Core developers (arbitrarily, 1000+ lines of code!) include:

angr would never have happened if it were not for the vision, wisdom, guidance, and support of the professors:

Additionally, there are many open-source contributors, which you can see at the various repositories in the github orgs.