Download
Manticore helps us quickly take advantage of symbolic execution, taint analysis, and instrumentation to analyze binaries. Parts of Manticore underpinned our symbolic execution capabilities in the Cyber Grand Challenge. As an open-source tool, we hope that others can take advantage of these capabilities in their own projects. We prioritized simplicity and usability while building Manticore. We used minimal external dependencies and our API should look familiar to anyone with exploitation or reversing background. If you have never used such a tool before, give Manticore a try. Manticore comes with an easy-to-use command line tool that quickly generates new program “test cases” (or sample inputs) with symbolic execution. Each test case results in a unique outcome when running the program, like a normal process exit or crash (e.g., invalid program counter, invalid memory read/write).
Features
- Manticore can execute a program with symbolic inputs and explore all the possible states it can reach
- Manticore can automatically produce concrete inputs that result in a given program state
- Manticore can detect crashes and other failure cases in binaries and smart contracts
- Manticore provides fine-grained control of state exploration via event callbacks and instruction hooks
- Manticore exposes programmatic access to its analysis engine via a Python API
- Ethereum smart contracts (EVM bytecode)
Project Samples
