Zelos is a comprehensive binary emulation platform. It (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform.
One use of it is to quickly assess the dynamic behavior of binaries via command-line or python scripts.
All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM and MIPS binaries are supported. Unicorn provides CPU emulation.
Full documentation is available here.
Installation
Use the package manager pip to install the tool.
Also Read – Sifter : A Osint, Recon & Vulnerability Scanner
pip install zelos
Basic Usage
To emulate a binary with default options:
$ zelos my_binary
To view the instructions that are being executed, add the -v
flag:
$ zelos -v my_binary
You can print only the first time each instruction is executed, rather than every execution, using --fasttrace
:
$ zelos -v –fasttrace my_binary
By default, syscalls are emitted on stdout. To write syscalls to a file instead, use the --strace
flag:
$ zelos –strace path/to/file my_binary
Specify any command line arguments after the binary name:
$ zelos my_binary arg1 arg2
import zelos
z = zelos.Zelos(“my_binary”)
z.start(timeout=3)
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
First, create a new python virtual environment. This will ensure no package version conflicts arise:
$ python3 -m venv ~/.venv/zelos
$ source ~/.venv/zelos/bin/activate
Now clone the repository and change into the zelos
directory:
(zelos) $ git clone git@github.com:zeropointdynamics/zelos.git
(zelos) $ cd zelos
Install an editable version of it into the virtual environment. This makes import zelos
available, and any local changes to it will be effective immediately:
(zelos) $ pip install -e ‘.[dev]’
At this point, tests should pass and documentation should build:
(zelos) $ pytest
(zelos) $ cd docs
(zelos) $ make html
Built documentation is found in docs/_build/html/
.
Install it to pre-commit hooks to ensure code style compliance:
(zelos) $ pre-commit install
In addition to automatically running every commit, you can run them anytime with:
(zelos) $ pre-commit run –all-files
Commands vary slightly on Windows:
C:> python3 -m venv zelos_venv
C:> zelos_venv\Scripts\activate.bat
(zelos) C:> pip install -e .[dev]
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…