Manticore - Symbolic Execution Tool For Analysis Of Binaries In Addition To Smart Contracts


Manticore is a symbolic execution tool for analysis of binaries too smart contracts.
Note: Beginning amongst version 0.2.0, Python 3.6+ is required.

Features
  • Input Generation: Manticore automatically generates inputs that trigger unique code paths
  • Crash Discovery: Manticore discovers inputs that crash programs via retention security violations
  • Execution Tracing: Manticore records an instruction-level line of execution for each generated input
  • Programmatic Interface: Manticore exposes programmatic access to its analysis engine via a Python API
Manticore tin plough over the sack analyze the next types of programs:
  • Ethereum smart contracts (EVM bytecode)
  • Linux ELF binaries (x86, x86_64 too ARMv7)

Usage

CLI
Manticore has a command line interface which tin plough over the sack move used to easily symbolically execute a supported plan or smart contract. Analysis results volition move placed into a novel directory outset amongst mcore_.
Use the CLI to explore possible states inward Ethereum smart contracts. Manticore includes detectors that flag potentially vulnerable code inward discovered states. Solidity smart contracts must convey a .sol extension for analysis past times Manticore. See a demo.
$ manticore ./path/to/contract.sol  # runs, too creates a mcore_* directory amongst analysis results $ manticore --detect-reentrancy ./path/to/contract.sol  # Above, but amongst reentrancy detection enabled $ manticore --detect-all ./path/to/contract.sol  # Above, but amongst all detectors enabled
The ascendance line of piece of job tin plough over the sack also move used to only explore a Linux binary:
$ manticore ./path/to/binary        # runs, too creates a mcore_* directory amongst analysis results $ manticore ./path/to/binary ab cd  # operate concrete strings "ab", "cd" every bit plan arguments $ manticore ./path/to/binary ++ ++  # operate 2 symbolic strings of length 2 every bit plan arguments

API
Manticore has a Python programming interface which tin plough over the sack move used to implement custom analyses.
For Ethereum smart contracts, it tin plough over the sack move used for detailed verification of arbitrary contract properties. Set starting conditions, execute symbolic transactions, too then review discovered states to ensure invariants for your contract hold.
from manticore.ethereum import ManticoreEVM contract_src=""" contract Adder {     component incremented(uint value) populace returns (uint){         if (value == 1)             revert();         provide value + 1;     } } """ m = ManticoreEVM()  user_account = m.create_account(balance=1000) contract_account = m.solidity_create_contract(contract_src,                                               owner=user_account,                                               balance=0) value = m.make_symbolic_value()  contract_account.incremented(value)  for Blue Planet inward m.running_states:     print("can value move 1? {}".format(state.can_be_true(value == 1)))     print("can value move 200? {}".format(state.can_be_true(value == 200)))
It is also possible to operate the API to create custom analysis tools for Linux binaries.
# instance Manticore script from manticore import Manticore  hook_pc = 0x400ca0  m = Manticore('./path/to/binary')  @m.hook(hook_pc) def hook(state):   cpu = state.cpu   print('eax', cpu.EAX)   print(cpu.read_int(cpu.ESP))    m.terminate()  # tell Manticore to halt  m.run()

Requirements
  • Manticore is supported on Linux too requires Python 3.6+.
  • Ubuntu 18.04 is strongly recommended.
  • Ethereum smart contract analysis requires the solc plan inward your $PATH.

Quickstart
Install too try Manticore inward a few trounce commands:
# Install arrangement dependencies sudo apt-get update && sudo apt-get install python3 python3-pip -y  # Install Manticore too its dependencies sudo pip3 install manticore  # Download the examples git clone https://github.com/trailofbits/manticore.git && cd manticore/examples/linux  # Build the examples brand  # Use the Manticore CLI manticore basic truthful cat mcore_*/*0.stdin | ./basic truthful cat mcore_*/*1.stdin | ./basic  # Use the Manticore API cd ../script python3 count_instructions.py ../linux/helloworld
You tin plough over the sack also operate Docker to apace install too try Manticore:
# Download the Manticore icon docker draw trailofbits/manticore  # Download the examples git clone https://github.com/trailofbits/manticore.git && cd manticore  # Run container amongst a shared examples/ directory docker run -it -v $PWD/examples:/home/manticore/examples trailofbits/manticore  # Change to examples directory manticore@80d441275ebf$ cd examples/linux  # Build the examples manticore@80d441275ebf$ brand  # Use the Manticore CLI manticore@80d441275ebf$ manticore basic manticore@80d441275ebf$ truthful cat mcore_*/*0.stdin | ./basic manticore@80d441275ebf$ truthful cat mcore_*/*1.stdin | ./basic  # Use the Manticore API manticore@80d441275ebf$ cd ../script manticore@80d441275ebf$ python3 count_instructions.py ../linux/helloworld

Installation
Option 1: Perform a user install (requires /.local/bin inward your PATH).
echo "PATH=\$PATH: /.local/bin" >>  /.profile source  /.profile pip3 install --user manticore
Option 2: Use a virtual environs (requires virtualenvwrapper or similar).
sudo pip3 install virtualenvwrapper echo "source /usr/local/bin/virtualenvwrapper.sh" >>  /.profile source  /.profile mkvirtualenv manticore sudo ./manticore/bin/pip3 install manticore
Option 3: Perform a arrangement install.
sudo pip3 install manticore
Option 4: Install via Docker.
docker draw trailofbits/manticore
Once installed, the manticore CLI tool too Python API volition move available.
For installing a evolution version of Manticore, meet our wiki.

Getting Help
Feel gratis to halt past times our Slack channel for assistance on using or extending Manticore.
Documentation is available inward several places:
  • The wiki contains around basic information most getting started amongst Manticore too contributing
  • The examples directory has around real minimal examples that showcase API features
  • The API reference has to a greater extent than thorough too in-depth documentation on our API
  • The manticore-examples repository has around to a greater extent than involved examples, for instance solving existent CTF problems