pwntools – CTF Framework & Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

Command-line frontends for some of the functionality are available:

• asm/disasm: Small wrapper for various assemblers.
• constgrep: Tool for finding constants defined in header files.
• cyclic: De Bruijn sequence generator and lookup tool.
• hex/unhex: Command line tools for doing common hexing/unhexing operations.
• shellcraft: Frontend to our shellcode.
• phd: Replacement for hexdump with colors.

Usage

1 2 3 4 5 6 7

from pwn import * context(arch = 'i386', os = 'linux') r = remote('exploitme.example.com', 31337) # EXPLOIT CODE GOES HERE r.send(asm(shellcraft.sh())) r.interactive()

Requirements

pwntools is best supported on Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.).

Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with:

1	pip install pwntools

However, some of the features (ROP generation and assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.

You can download pwntools here:

2.2.0.zip

Or read more here.

Enjoy learning and please like it tf you found it helpful.