diff --git a/librz/core/cmd/cmd_analysis.c b/librz/core/cmd/cmd_analysis.c
index 8926d7e6356..b597b708b05 100644
--- a/librz/core/cmd/cmd_analysis.c
+++ b/librz/core/cmd/cmd_analysis.c
@@ -189,6 +189,7 @@ static const char *help_msg_ae[] = {
 	"aesuo", " [optype]", "step until given opcode type",
 	"aets", "[?]", "ESIL Trace session",
 	"aex", " [hex]", "evaluate opcode expression",
+	"aez", "[?]", "RzIL-based Emulation",
 	NULL
 };
 
@@ -4325,91 +4326,6 @@ static void __analysis_esil_function(RzCore *core, ut64 addr) {
 	rz_analysis_esil_free(core->analysis->esil);
 }
 
-static void cmd_analysis_rzil(RzCore *core, const char *input) {
-	char *n;
-	int repeat_times = 0;
-	bool step_event = false;
-	PJ *pj = NULL;
-
-	switch (input[0]) {
-	case 's': // "aezs"
-		if (input[1] == 'e') { // "aezse"
-			step_event = true;
-			input++;
-			if (input[1] == 'j') { // "aezsej"
-				pj = pj_new();
-				pj_a(pj);
-				input++;
-			}
-		}
-		switch (input[1]) {
-		case '?': // "aezs?"
-			rz_cons_printf("Usage: aezs[ej] [n times] - steps n instructions in the VM (can output events)\n");
-			break;
-		case ' ': //"aezs [repeat num]"
-			n = strchr(input, ' ');
-			if (!(*(n + 1))) {
-				repeat_times = 1;
-			} else {
-				repeat_times = rz_num_math(core->num, n + 1);
-			}
-			for (int i = 0; i < repeat_times; ++i) {
-				if (step_event) {
-					rz_core_analysis_rzil_step_with_events(core, pj);
-				} else {
-					rz_core_rzil_step(core);
-				}
-			}
-			break;
-		// default addr
-		default:
-			if (step_event) {
-				rz_core_analysis_rzil_step_with_events(core, pj);
-			} else {
-				rz_core_rzil_step(core);
-			}
-			break;
-		}
-		if (pj) {
-			pj_end(pj);
-			char *output = pj_drain(pj);
-			rz_cons_println(output);
-			free(output);
-			pj = NULL;
-		}
-		break;
-	case 'i': // "aezi"
-		switch (input[1]) {
-		case '?': // "aezi?"
-			rz_cons_printf("Usage: aezi - (re)initialize Rizin IL VM\n");
-			break;
-		case 0: // "aezi"
-			rz_core_analysis_rzil_reinit(core);
-			break;
-		}
-		break;
-	case 'v': // "aezv"
-		switch (input[1]) {
-		case '?': // "aezv?"
-			rz_cons_printf("Usage: aezv - prints the current status of the Rizin IL VM\n");
-			break;
-		case 0: // "aezv"
-			rz_core_analysis_rzil_vm_status(core);
-			break;
-		}
-		break;
-	case '?': // "aez?" see issue 1533
-		if (input[1] == '?') {
-			RZ_LOG_ERROR("see ae?\n");
-			break;
-		}
-	/* fallthrough */
-	default:
-		rz_core_cmd_help(core, help_msg_ae);
-		break;
-	}
-}
-
 static void cmd_analysis_esil(RzCore *core, const char *input) {
 	RzAnalysisEsil *esil = core->analysis->esil;
 	ut64 addr = core->offset;
@@ -4915,10 +4831,6 @@ static void cmd_analysis_esil(RzCore *core, const char *input) {
 		rz_analysis_op_fini(&aop);
 		break;
 	}
-	case 'z': { // "aez"
-		cmd_analysis_rzil(core, input + 1);
-		break;
-	}
 	case '?': // "ae?"
 		if (input[1] == '?') {
 			rz_core_cmd_help(core, help_detail_ae);
@@ -9153,3 +9065,30 @@ RZ_IPI RzCmdStatus rz_analysis_xrefs_graph_handler(RzCore *core, int argc, const
 #undef CMD_REGS_PREFIX
 #undef CMD_REGS_REG_PATH
 #undef CMD_REGS_SYNC
+
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_init_handler(RzCore *core, int argc, const char **argv) {
+	rz_core_analysis_rzil_reinit(core);
+	return RZ_CMD_STATUS_OK;
+}
+
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_state_handler(RzCore *core, int argc, const char **argv) {
+	rz_core_analysis_rzil_vm_status(core);
+	return RZ_CMD_STATUS_OK;
+}
+
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_step_handler(RzCore *core, int argc, const char **argv) {
+	rz_core_rzil_step(core);
+	return RZ_CMD_STATUS_OK;
+}
+
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_step_events_handler(RzCore *core, int argc, const char **argv, RzCmdStateOutput *state) {
+	PJ *pj = state->mode == RZ_OUTPUT_MODE_JSON ? state->d.pj : NULL;
+	if (pj) {
+		pj_a(pj);
+	}
+	rz_core_analysis_rzil_step_with_events(core, pj);
+	if (pj) {
+		pj_end(pj);
+	}
+	return RZ_CMD_STATUS_OK;
+}
diff --git a/librz/core/cmd_descs/cmd_analysis.yaml b/librz/core/cmd_descs/cmd_analysis.yaml
index ba8fa94fb75..e5758caff06 100644
--- a/librz/core/cmd_descs/cmd_analysis.yaml
+++ b/librz/core/cmd_descs/cmd_analysis.yaml
@@ -3,6 +3,36 @@
 ---
 name: cmd_analysis
 commands:
+  - name: aez
+    summary: RzIL-based Emulation
+    cname: cmd_analysis_il
+    subcommands:
+      - name: aezi
+        summary: (Re)initialize the RzIL VM
+        cname: cmd_analysis_il_init
+        args: []
+      - name: aezv
+        summary: Show the current status of the RzIL VM
+        cname: cmd_analysis_il_state
+        args: []
+      - name: aezs
+        summary: Step a single instruction in the VM
+        cname: cmd_analysis_il_step
+        args: []
+      - name: aezse
+        summary: Step a single instruction in the VM and show events
+        cname: cmd_analysis_il_step_events
+        type: RZ_CMD_DESC_TYPE_ARGV_STATE
+        modes:
+          - RZ_OUTPUT_MODE_STANDARD
+          - RZ_OUTPUT_MODE_JSON
+        args: []
+    details:
+      - name: Examples
+        entries:
+          - text: "42aezs"
+            arg_str: ""
+            comment: Step 42 times in the VM
   - name: af
     summary: Analyze Functions commands
     cname: cmd_analysis_fcn
diff --git a/librz/core/cmd_descs/cmd_descs.c b/librz/core/cmd_descs/cmd_descs.c
index 4d6f75e093e..57a904d5cbb 100644
--- a/librz/core/cmd_descs/cmd_descs.c
+++ b/librz/core/cmd_descs/cmd_descs.c
@@ -11,6 +11,7 @@ static const RzCmdDescDetail system_details[2];
 static const RzCmdDescDetail system_to_cons_details[2];
 static const RzCmdDescDetail hash_bang_details[2];
 static const RzCmdDescDetail pointer_details[2];
+static const RzCmdDescDetail cmd_analysis_il_details[2];
 static const RzCmdDescDetail analysis_reg_cond_details[4];
 static const RzCmdDescDetail ar_details[2];
 static const RzCmdDescDetail cmd_cmp_unified_details[2];
@@ -969,6 +970,50 @@ static const RzCmdDescHelp cmd_ox_help = {
 static const RzCmdDescHelp cmd_analysis_help = {
 	.summary = "Analysis commands",
 };
+static const RzCmdDescDetailEntry cmd_analysis_il_Examples_detail_entries[] = {
+	{ .text = "42aezs", .arg_str = "", .comment = "Step 42 times in the VM" },
+	{ 0 },
+};
+static const RzCmdDescDetail cmd_analysis_il_details[] = {
+	{ .name = "Examples", .entries = cmd_analysis_il_Examples_detail_entries },
+	{ 0 },
+};
+static const RzCmdDescHelp cmd_analysis_il_help = {
+	.summary = "RzIL-based Emulation",
+	.details = cmd_analysis_il_details,
+};
+static const RzCmdDescArg cmd_analysis_il_init_args[] = {
+	{ 0 },
+};
+static const RzCmdDescHelp cmd_analysis_il_init_help = {
+	.summary = "(Re)initialize the RzIL VM",
+	.args = cmd_analysis_il_init_args,
+};
+
+static const RzCmdDescArg cmd_analysis_il_state_args[] = {
+	{ 0 },
+};
+static const RzCmdDescHelp cmd_analysis_il_state_help = {
+	.summary = "Show the current status of the RzIL VM",
+	.args = cmd_analysis_il_state_args,
+};
+
+static const RzCmdDescArg cmd_analysis_il_step_args[] = {
+	{ 0 },
+};
+static const RzCmdDescHelp cmd_analysis_il_step_help = {
+	.summary = "Step a single instruction in the VM",
+	.args = cmd_analysis_il_step_args,
+};
+
+static const RzCmdDescArg cmd_analysis_il_step_events_args[] = {
+	{ 0 },
+};
+static const RzCmdDescHelp cmd_analysis_il_step_events_help = {
+	.summary = "Step a single instruction in the VM and show events",
+	.args = cmd_analysis_il_step_events_args,
+};
+
 static const RzCmdDescHelp cmd_analysis_fcn_help = {
 	.summary = "Analyze Functions commands",
 };
@@ -9233,6 +9278,20 @@ RZ_IPI void rzshell_cmddescs_init(RzCore *core) {
 
 	RzCmdDesc *cmd_analysis_cd = rz_cmd_desc_oldinput_new(core->rcmd, root_cd, "a", rz_cmd_analysis, &cmd_analysis_help);
 	rz_warn_if_fail(cmd_analysis_cd);
+	RzCmdDesc *cmd_analysis_il_cd = rz_cmd_desc_group_new(core->rcmd, cmd_analysis_cd, "aez", NULL, NULL, &cmd_analysis_il_help);
+	rz_warn_if_fail(cmd_analysis_il_cd);
+	RzCmdDesc *cmd_analysis_il_init_cd = rz_cmd_desc_argv_new(core->rcmd, cmd_analysis_il_cd, "aezi", rz_cmd_analysis_il_init_handler, &cmd_analysis_il_init_help);
+	rz_warn_if_fail(cmd_analysis_il_init_cd);
+
+	RzCmdDesc *cmd_analysis_il_state_cd = rz_cmd_desc_argv_new(core->rcmd, cmd_analysis_il_cd, "aezv", rz_cmd_analysis_il_state_handler, &cmd_analysis_il_state_help);
+	rz_warn_if_fail(cmd_analysis_il_state_cd);
+
+	RzCmdDesc *cmd_analysis_il_step_cd = rz_cmd_desc_argv_new(core->rcmd, cmd_analysis_il_cd, "aezs", rz_cmd_analysis_il_step_handler, &cmd_analysis_il_step_help);
+	rz_warn_if_fail(cmd_analysis_il_step_cd);
+
+	RzCmdDesc *cmd_analysis_il_step_events_cd = rz_cmd_desc_argv_state_new(core->rcmd, cmd_analysis_il_cd, "aezse", RZ_OUTPUT_MODE_STANDARD | RZ_OUTPUT_MODE_JSON, rz_cmd_analysis_il_step_events_handler, &cmd_analysis_il_step_events_help);
+	rz_warn_if_fail(cmd_analysis_il_step_events_cd);
+
 	RzCmdDesc *cmd_analysis_fcn_cd = rz_cmd_desc_oldinput_new(core->rcmd, cmd_analysis_cd, "af", rz_cmd_analysis_fcn, &cmd_analysis_fcn_help);
 	rz_warn_if_fail(cmd_analysis_fcn_cd);
 	RzCmdDesc *afb_cd = rz_cmd_desc_group_state_new(core->rcmd, cmd_analysis_fcn_cd, "afb", RZ_OUTPUT_MODE_STANDARD | RZ_OUTPUT_MODE_RIZIN | RZ_OUTPUT_MODE_JSON | RZ_OUTPUT_MODE_QUIET | RZ_OUTPUT_MODE_TABLE, rz_analysis_function_blocks_list_handler, &analysis_function_blocks_list_help, &afb_help);
diff --git a/librz/core/cmd_descs/cmd_descs.h b/librz/core/cmd_descs/cmd_descs.h
index d1ee0b8831d..6f07ffef2cc 100644
--- a/librz/core/cmd_descs/cmd_descs.h
+++ b/librz/core/cmd_descs/cmd_descs.h
@@ -51,6 +51,10 @@ RZ_IPI RzCmdStatus rz_cmd_help_search_handler(RzCore *core, int argc, const char
 RZ_IPI int rz_cmd_help(void *data, const char *input);
 RZ_IPI RzCmdStatus rz_push_escaped_handler(RzCore *core, int argc, const char **argv);
 RZ_IPI int rz_cmd_ox(void *data, const char *input);
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_init_handler(RzCore *core, int argc, const char **argv);
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_state_handler(RzCore *core, int argc, const char **argv);
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_step_handler(RzCore *core, int argc, const char **argv);
+RZ_IPI RzCmdStatus rz_cmd_analysis_il_step_events_handler(RzCore *core, int argc, const char **argv, RzCmdStateOutput *state);
 RZ_IPI RzCmdStatus rz_analysis_function_blocks_list_handler(RzCore *core, int argc, const char **argv, RzCmdStateOutput *state);
 RZ_IPI RzCmdStatus rz_analysis_function_blocks_add_handler(RzCore *core, int argc, const char **argv);
 RZ_IPI RzCmdStatus rz_analysis_function_blocks_del_handler(RzCore *core, int argc, const char **argv);
diff --git a/test/db/rzil/bf b/test/db/rzil/bf
index 288df4e281d..2fd196e38a4 100644
--- a/test/db/rzil/bf
+++ b/test/db/rzil/bf
@@ -7,7 +7,7 @@ e asm.bytes=true
 e analysis.arch=bf
 s 0
 aezi
-aezs 390
+390aezs
 EOF
 EXPECT=<<EOF
 Hello World!
@@ -38,7 +38,7 @@ ARGS=-b32
 CMDS=<<EOF
 s 0
 aezi
-aezs 906
+906aezs
 EOF
 EXPECT=<<EOF
 Hello World!
@@ -111,7 +111,7 @@ ARGS=-b32
 CMDS=<<EOF
 s 0
 aezi
-aezs 906
+906aezs
 EOF
 EXPECT=<<EOF
 Hello World!
@@ -127,7 +127,7 @@ e analysis.arch=bf
 e rzil.step.events.read=true
 s 0
 aezi
-aezse 390
+390aezse
 EOF
 EXPECT=<<EOF
 var_read(name: ptr, value: 0x0000000000000000)
@@ -1711,3 +1711,19 @@ mem_write(addr: 0x0000000000000002, old: 0x22, new: 0x23)
 pc_write(old: 0x0000000000000011, new: 0x0000000000000012)
 EOF
 RUN
+
+NAME=aezsej
+FILE=bins/bf/hello-loops.bf
+ARGS=-b32
+CMDS=<<EOF
+e asm.arch=bf
+e analysis.arch=bf
+e rzil.step.events.read=true
+s 0
+aezi
+aezsej
+EOF
+EXPECT=<<EOF
+[{"type":"var_read","name":"ptr","value":"0x0000000000000000"},{"type":"var_read","name":"ptr","value":"0x0000000000000000"},{"type":"mem_read","address":"0x0000000000000000","value":"uninitialized memory"},{"type":"mem_write","address":"0x0000000000000000","old":"0x00","new":"0x01"},{"type":"pc_write","old":"0x0000000000000000","new":"0x0000000000000001"}]
+EOF
+RUN