DeforaNetworks/manticore
3
0
Fork 0
Code Releases Activity
31 Commits 7 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
feliam f5515df4ff Add capstone ASR special case
2017-03-02 16:33:58 -03:00
examples
Misc cleanup: Rm old script, unused executor hooking functions (#38)
2017-03-01 13:47:46 -05:00
manticore
Add capstone ASR special case
2017-03-02 16:33:58 -03:00
scripts
Port to real python package structure (#6)
2017-02-15 12:32:08 -05:00
test
Add hook decorator (#28)
2017-02-27 15:44:33 -05:00
.gitignore
Remove ManticoreControl object [#180] (#4)
2017-02-14 14:54:52 -05:00
.travis.yml
Add unicorn to required deps (#31)
2017-03-01 11:22:04 -05:00
LICENSE
Add LICENSE file (#5)
2017-02-13 18:30:25 -05:00
README.md
Add readme for devs
2017-03-01 13:44:50 -05:00
requirements.txt
Add unicorn to required deps (#31)
2017-03-01 11:22:04 -05:00
setup.py
Add unicorn to required deps (#31)
2017-03-01 11:22:04 -05:00
stats.py
Fix empty trace file (#39)
2017-03-01 13:47:55 -05:00

README.md

manticore

Build Status

Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.

features

  • Input Generation: Manticore automatically generates inputs that trigger unique code paths.
  • Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations.
  • Execution Tracing: Manticore records an instruction-level trace of the program's execution for each generated input.
  • Programmatic Interface (beta): Manticore exposes programmatic access to its analysis engine via a Python API.

scope

Manticore supports binaries of the following formats, operating systems, and architectures. It has been primarily used on binaries compiled from C and C++.

  • OS/Formats: Linux ELF, Windows Minidump
  • Architectures: x86, x86_64, ARMv7 (partial)

requirements

Manticore is officially supported on Linux and uses Python 2.7.

installation

From the root of the Manticore repository, run:

pip install .

or, if you would like to do a user install:

pip install --user .

This installs the Manticore CLI tool (manticore) and the Python API.

Then, install the Z3 Theorem Prover. Download the latest release for your platform from https://github.com/Z3Prover/z3/releases/latest, and place the enclosed z3 binary in your $PATH.

Note: Due to a known issue, Capstone may not install correctly. If you get this error message, "ImportError: ERROR: fail to load the dynamic library.", or another related to Capstone, try reinstalling via pip install -I --no-binary capstone

for developers

For a dev install, run:

pip install -e .[dev]

This installs a few other dependencies used for tests, which you can run, for example, with some of the commands below:

cd /path/to/manticore/
# all tests
nosetests
# just one file
nosetests test/test_armv7cpu.py
# just one test class
nosetests test/test_armv7cpu.py:Armv7CpuInstructions
# just one test
nosetests test/test_armv7cpu.py:Armv7CpuInstructions.test_mov_imm_min

quick start

After installing Manticore, here is some basic usage you can try.

cd examples/linux
make
manticore basic  # a pse_* directory is created
cat pse_*/*1.stdin | ./basic
cat pse_*/*2.stdin | ./basic

cd ../script
python count_instructions.py ../linux/helloworld

usage

$ manticore ./path/to/binary  # runs, and creates a directory with analysis results

or

# example Manticore script
from manticore import Manticore

hook_pc = 0x400ca0

m = Manticore('./path/to/binary')

@m.hook(hook_pc)
def hook(state):
  cpu = state.cpu
  print 'eax', cpu.EAX
  print cpu.read_int(cpu.SP)

  m.terminate()  # tell Manticore to stop

m.run()

FAQ

How does Manticore compare to angr?

In short, Manticore is simpler. Manticore is a smaller codebase, and has fewer dependencies and features. Accordingly, Manticore may also be slower, for example, due to having less symbolic execution optimizations and techniques implemented.

Generally speaking, a subset of the analyses that can be implemented with angr, can be implemented with Manticore, however if youve used neither, you may find Manticore to have a slightly less steep learning curve. Additionally, if you come from a reverse engineering or exploitation background, you may find Manticore intuitive due to its lack of intermediate representation and overall emphasis on staying close to machine abstractions.

Description
No description provided
Readme 12 MiB
Languages
Python 100%