Mark Mossberg edited this page Apr 18, 2018 · 65 revisions

Welcome to the manticore wiki!



Explore the examples directory to find sample binaries and scripts that demonstrate the API.

We recommend starting with the following examples:

More complex examples are also available in the manticore-examples repository


We're happy to offer bounties of $50, $100, or $200 for contributions to Manticore. Mugs and stickers are also available.

Contact us for a bounty payout if you:

  • Publish a challenge writeup. We'll add you to the list of references on this wiki.
  • Implement a new syscall or instruction. Help us get coverage of more complex binaries.
  • Add a new feature like Python3 compatibility, macOS support, or better CLI output.
  • Fix any bug! Try looking through the easy and help wanted labels.


How does Manticore compare to angr?

Manticore is simpler. It has a smaller codebase, fewer dependencies and features, and an easier learning curve. If you come from a reverse engineering or exploitation background, you may find Manticore intuitive due to its lack of intermediate representation and overall emphasis on staying close to machine abstractions.

Was Manticore part of the Trail of Bits CRS?

Not exactly. The Trail of Bits CRS used FrankenPSE to provide its binary symbolic execution capabilities. FrankenPSE and Manticore share the same heritage: PySymEmu (2013). The difference between the two stems from their respective use-cases.

Manticore is designed so an expert user can guide it, and therefore supports flexible APIs that help its users achieve specific goals. Manticore also supports more architectures and binary file formats.

FrankenPSE was designed to tightly integrate with the Trail of Bits CRS. This includes sharing the same program snapshot representation as the GRR fuzzer. FrankenPSE is also x86-only and uses microx, a lightweight, single-instruction x86 instruction JIT executor.

Why does Manticore require pip 7.1.0?

We need to use the --no-binary flag to workaround a known issue in Capstone, and that feature is only available in pip 7.1.0 or higher. You may be able to use a lower version of pip by using the --no-use-wheel flag instead.

"ImportError: ERROR: fail to load the dynamic library."

You ran Manticore and it errored on something like this:

  File "/root/.virtualenvs/manticore/local/lib/python2.7/site-packages/manticore/core/cpu/abstractcpu.py", line 1, in <module>
    from capstone import *
  File "/root/.virtualenvs/manticore/local/lib/python2.7/site-packages/capstone/__init__.py", line 230, in <module>
    raise ImportError("ERROR: fail to load the dynamic library.")
ImportError: ERROR: fail to load the dynamic library.

This is a known issue in capstone. Try reinstalling capstone with the --no-binary flag.


If you would like to cite Manticore, you can use this bibtex.

  title  = "Manticore: Symbolic Execution for Humans",
  author = "Trail of Bits",
  howpublished = {\url{https://github.com/trailofbits/manticore}}