There are bits of code everyone has written a million times, and everyone has their own way of doing it. Pwntools aims to provide all of these in a semi-standard way, so that you can stop copy-pasting the same struct.unpack(‘>I’, x) code around and instead use more slightly more legible wrappers like pack or p32 or even p64(…, endian=’big’, sign=True).

Aside from convenience wrappers around mundane functionality, it also provides a very rich set of tubes which wrap all of the IO that you’ll ever perform in a single, unifying interface. Switching from a local exploit to a remote exploit, or local exploit over SSH becomes a one-line change.

Last but not least, it also includes a wide array of exploitation assistance tools for intermediate-to-advanced use cases. These include remote symbol resolution given a memory disclosure primitive (MemLeak and DynELF), ELF parsing and patching (ELF), and ROP gadget discovery and call-chain building (ROP).

Changelog v4.0-beta

• Python 3 support! <3
• #1317 Tubes with context.encoding
• #1216 Improve format string generator
• #1285 Add freebsd generic syscall templates
• 76413f Add pwnlib.adb.bootimg for ‘ANDROID!’ format boot.img images
• #1202 Docker: Kill 14 layers in pwntools base images
• #1182 shellcraft.dupio() for mips

Download && Tutorial

Copyright (c) 2015 Gallopsled et al.