pwntools – CTF Framework & Exploit Development Library
pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
Command-line frontends for some of the functionality are available:
- asm/disasm: Small wrapper for various assemblers.
- constgrep: Tool for finding constants defined in header files.
- cyclic: De Bruijn sequence generator and lookup tool.
- hex/unhex: Command line tools for doing common hexing/unhexing operations.
- shellcraft: Frontend to our shellcode.
- phd: Replacement for hexdump with colors.
Usage
|
1 2 3 4 5 6 7 |
from pwn import * context(arch = 'i386', os = 'linux') r = remote('exploitme.example.com', 31337) # EXPLOIT CODE GOES HERE r.send(asm(shellcraft.sh())) r.interactive() |
Requirements
pwntools is best supported on Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.).
Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with:
|
1 |
pip install pwntools |
However, some of the features (ROP generation and assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.
You can download pwntools here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- ATM Hacked Using Samsung Galaxy S4 & USB Port
- InsomniaShell – ASP.NET Reverse Shell Or Bind Shell
- Sony Pictures Hacked – Employee Details & Movies Leaked
Related Posts:
- Metasploit 3.3 Released! Exploitation Framework
- Metasploit 2.7 Released – Automated Hacking
- FxCop – .NET Framework Security Analysis Tool
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 228,708 views
- AJAX: Is your application secure enough? - 119,282 views
- eEye Launches 0-Day Exploit Tracker - 85,145 views