52 Open source projects that are alternatives of or similar to Klee

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.

Binary Analysis Platform

Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine

A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.

Simplify Ethereum security analysis and testing

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!

APISan: Sanitizing API Usages through Semantic Cross-Checking

An open source interactive disassembler

Yet another implementation of AEG (Automated Exploit Generation) using symbolic execution engine Triton.

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.

A unit test-like interface for fuzzing and symbolic execution

An analysis tool for Python that blurs the line between testing and type systems.

Playing with the Tigress binary protection. Break some of its protections and solve some of its challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.

yet another tool for analysing binaries

History of symbolic execution (as well as SAT/SMT solving, fuzzing, and taint data tracking)

A lightweight VM for hardware hacking, RE (fuzzing, symEx, exploiting etc) and wargaming tasks

Simple Theorem Prover, an efficient SMT solver for bitvectors

No description or website provided.

The Symbolic, Mechanized, Observable, Operational SHell: an executable formalization of the POSIX shell standard.

Code for my blog post on using S2E for malware analysis

No description or website provided.

KLEESpectre is a symbolic execution engine with speculation semantic and cache modelling

Lazy python wrapper of KLEE for solving CTF challenges

Binsec/Rel is an extension of Binsec that implements relational symbolic execution for constant-time verification and secret-erasure at binary-level.

Super Fast Concolic Execution Engine based on Source Code Taint Tracing

Extracting high level semantic information from binary code

A 6502-oriented low-level programming language supporting advanced static analysis

RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.

TRACER Symbolic Execution Tool

Symbolic Execution Engine for Boogie

symbolic execution plugin for binary ninja

A symbolic debugger for C/C++ (via LLVM), machine code, and JVM programs

Adaptive Callsite-sensitive Control Flow Integrity - EuroS&P'19

Main repository of the Vigor NF verification project.

CRAX: software CRash analysis for Automatic eXploit generation

Staged Abstract Interpreters

CRETE under development

A simple (unfinished) SMT solver for QF_ABV.

Final project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).

Tool that generates unit test by C/C++ source code, trying to reach all branches and maximize code coverage

Use angr in Ghidra

Reverse engineering framework in Python

Use angr in the IDA Pro debugger generating a state from the current debug session

Symbiotic is a tool for finding bugs in computer programs based on instrumentation, program slicing and KLEE

SymGDB - symbolic execution plugin for gdb

Automatic verification of LLVM optimizations

Symbolic execution tool

Automatic ROPChain Generation

Seeding fuzzers with symbolic execution

Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code

Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.