Public | Automated Build

Last pushed: 2 days ago
Short Description
Dynamic binary analysis tool
Full Description


Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.


  • Input Generation: Manticore automatically generates inputs that trigger unique code paths
  • Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations
  • Execution Tracing: Manticore records an instruction-level trace of execution for each generated input
  • Programmatic Interface: Manticore exposes programmatic access to its analysis engine via a Python API

Manticore supports binaries of the following formats, operating systems, and
architectures. It has been primarily used on binaries compiled from C and C++.
Examples of practical manticore usage are also on github.

  • OS/Formats: Linux ELF
  • Architectures: x86, x86_64, ARMv7, and Ethereum Virtual Machine (EVM)


Manticore is supported on Linux, and requires Python 2.7. Ubuntu 16.04 is strongly recommended.
Ethereum APIs which compile Solidity source code require the solc program in your $PATH.

Quick Start

Install and try Manticore in a few shell commands (see an asciinema):

# Install system dependencies
sudo apt-get update && sudo apt-get install python-pip -y
python -m pip install -U pip

# Install manticore and its dependencies
sudo pip install manticore

# Download and build the examples
git clone && cd manticore/examples/linux

# Use the Manticore CLI
manticore basic
cat mcore_*/*0.stdin | ./basic
cat mcore_*/*1.stdin | ./basic

# Use the Manticore API
cd ../script
python ../linux/helloworld


Option 1: Perform a user install (requires ~/.local/bin in your PATH).

echo "PATH=\$PATH:~/.local/bin" >> ~/.profile
source ~/.profile
pip install --user manticore

Option 2: Use a virtual environment (requires virtualenvwrapper or similar).

pip install virtualenvwrapper
echo "source /usr/local/bin/" >> ~/.profile
source ~/.profile
mkvirtualenv manticore
pip install manticore

Option 3: Perform a system install.

sudo pip install manticore

Once installed, the manticore CLI tool and Python API will be available.

For installing a development version of Manticore, see our wiki.


If you'd like to use redis for state serialization (instead of disk), install
redis using your host package manager, then install manticore as above, but
with [redis] appended to the name of the package, e.g.

pip install manticore[redis]

Note that this does not make manticore use redis automatically, and you'll still
have to manually set the workspace to the redis URI.


$ manticore ./path/to/binary        # runs, and creates a mcore_* directory with analysis results
$ manticore ./path/to/binary ab cd  # use concrete strings "ab", "cd" as program arguments
$ manticore ./path/to/binary ++ ++  # use two symbolic strings of length two as program arguments


# example Manticore script
from manticore import Manticore

hook_pc = 0x400ca0

m = Manticore('./path/to/binary')

def hook(state):
  cpu = state.cpu
  print 'eax', cpu.EAX
  print cpu.read_int(cpu.ESP)

  m.terminate()  # tell Manticore to stop

Further documentation is available in several places:

  • The wiki contains some
    basic information about getting started with manticore and contributing

  • The examples directory has some very minimal examples that
    showcase API features

  • The manticore-examples
    repository has some more involved examples, for instance solving real CTF problems

  • The API reference has more
    thorough and in-depth documentation on our API

Docker Pull Command
Source Repository