pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
from pwn import *
context(arch = 'i386', os = 'linux')
r = remote('exploitme.example.com', 31337)
# EXPLOIT CODE GOES HERE
r.send(asm(shellcraft.sh()))
r.interactive()
You can now do a live demo of Pwntools, right in your browser. Alternately, you can SSH to the same host, and log in as user zerocool
with this private key (password i_promise_not_to_be_evil
).
It will drop you into a clean, Docker-ized container. There is nothing of value on the VPS, so please don't be evil.
Our documentation is available at docs.pwntools.com
To get you started, we've provided some example solutions for past CTF challenges in our write-ups repository.
pwntools is best supported on 64-bit Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). Python 2.7 is required.
Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with
apt-get update
apt-get install python2.7 python-pip python-dev git libssl-dev
pip install --upgrade pwntools
If you'd like to be an early tester of the the current beta release, add
--pre
to the command-line.
However, some of the features (assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.
See CONTRIBUTING.md
If you have any questions not worthy of a bug report, feel free to ping us
at #pwntools
on Freenode and ask away.
Click here to connect.
There is also a mailing list for higher latency discussion.