/pwntools

CTF framework used by Gallopsled in every CTF

Primary LanguagePythonOtherNOASSERTION

pwntools logo

Docs latest Docs 2.2.0 PyPI Gittip Travis Twitter MIT License

This is the CTF framework used by Gallopsled in every CTF.

from pwn import *
context(arch = 'i386', os = 'linux')

r = remote('exploitme.example.com', 31337)
# EXPLOIT CODE GOES HERE
r.send(asm(shellcraft.sh()))
r.interactive()

However we have made command-line frontends for some of the functionality in pwnlib. These are:

  • asm/disasm: Small wrapper for various assemblers.
  • constgrep: Tool for finding constants defined in header files.
  • cyclic: De Bruijn sequence generator and lookup tool.
  • hex/unhex: Command line tools for doing common hexing/unhexing operations.
  • shellcraft: Frontend to our shellcode.
  • phd: Replacement for hexdump with colors.

Documentation

Our documentation is available at pwntools.readthedocs.org

To get you started, we've provided some example solutions for past CTF challenges in our write-ups repository.

Installation

pwntools is best supported on Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.).

Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with

pip install pwntools

However, some of the features (ROP generation and assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.

Contribution

See CONTRIBUTING.md

Contact

If you have any questions not worthy of a bug report, feel free to join us at #pwntools on Freenode and ask away. Click here to connect.