pwntools

CTF framework and exploit development library

OTHER License

Downloads
188.6K
Stars
11.5K
Committers
266
View Code on GitHub Visit Website View on X
Ecosystems: Assembly, Linux, Python, Shell

Bot releases are hidden (Show)

pwntools - 3.12.0

Published by TethysSvensson over 6 years ago

3.12.0

  • #1083 Better error messages for gdb when LD_PRELOAD is incorrect
  • #1085 Add support for extracting Android BOOTLDR! images
  • #1075 Add support for detecting GNU Screen for run_in_new_terminal
  • #1074 Add support for running pwntools-gdb wrapper script instead of gdb
  • #1067 Add pwnlib.tubes.server module, which adds a reusable server listener
  • #1063 Add support for labels in fit(), allowing dynamic contents to be injected. (This feature is really cool, check out the pull request!)
pwntools - 3.11.0

Published by TethysSvensson almost 7 years ago

3.11.0

  • #1044 Enhancements to ROP
    • Much better support for 64-bit Intel (amd64) ROP
    • ROP gadget selection is optimized to favor multi-pops instead of multiple single-pop gadgets
    • Added support for blacklisting byte values in ROP gadget addresses
  • #1049 Enhancements to cyclic
    • context now has two additional attributes, cyclic_alphabet and cyclic_length, which correspond to the arguments alphabet and n to cyclic() and cyclic_find() and related routines.
    • The motivation for this change is to allow setting the alphabet globally, so that any padding / patterns generated internally to pwntools can be controlled. The specific motivation is blacklisting values in ROP padding.
  • #1052 Enhancements for detecting QEMU_LD_PREFIX used by QEMU user-mode emulation for sysroots
  • #1035 Minor documentation changes
  • #1032 Enhancements to pwn template
  • #1031 More accurate Coredump.fault_addr on amd64
  • #1084 Fix broken tests due to ftp.debian.org going down
pwntools - 3.10.0

Published by TethysSvensson almost 7 years ago

3.10.0

  • #1007 Add support for setting a gdbinit file in the context
  • #1055 Fixes for Corefile stack parsing, speed up ELF.string()
  • #1057 Fix a variable name typo in DynELF logging which results in an exception being thrown
  • #1058 Fix an edge case in ssh_process.exe
pwntools - 3.9.2

Published by TethysSvensson almost 7 years ago

3.9.2

  • #1043 Do not attempt to populate the libraries used by statically-linked binaries
pwntools - 3.9.1

Published by TethysSvensson almost 7 years ago

3.9.1

  • #1038 Fix an issue with process() where glibc would buffer data internally, causing a hang on select()
  • #1036 Fix Travis CI logging verbosity
  • #1029 Fix some unicode issues when using the readline command history in tube.interactive()
pwntools - 3.9.0

Published by TethysSvensson about 7 years ago

3.9.0

  • #1003 Make concat_all faster while also simplifying it's logic
  • #1014 Fix for overwritten env when parsing core file
  • #1023 Fixes to Travis CI
pwntools - 3.8.0

Published by TethysSvensson about 7 years ago

3.8.0

  • #981 Fixed RELRO detection logic
  • #986 Enhancements to DynELF for controlling usage of LibcDB
  • A few documentation fixes
  • A few fixes for the Docker image
pwntools - 3.7.1

Published by TethysSvensson over 7 years ago

3.7.1

  • #998 Fix a bug where integer values could not be set in .pwn.conf.
pwntools - 3.7.0

Published by TethysSvensson over 7 years ago

3.7.0

  • #933 DynELF works better with different base addresses
  • #952 A few small fixes were made to pwn template, and the CRC database was updated.
  • 5c72d62c Updated the CRC database
pwntools - 3.6.1

Published by TethysSvensson over 7 years ago

3.6.1

  • #979+1a4a1e1 Fixed #974, a bug related to the terminal handling and numlock.
  • #980 Fixed the pwn template command.
pwntools - 3.6.0

Published by TethysSvensson over 7 years ago

3.6.0

  • #895 Added a Dockerfile to simplify testing setup and allow testing on OSX
  • #897 Fixed some incorrect AArch64 syscals
  • #893 Added the pwnlib.config module
    • Configuration options can now be set in ~/.pwn.conf
    • This replaces the old, undocumented mechanism for changing logging colors. Only @br0ns and @ebeip90 were likely using this.
    • More information is available in the documentation here.
  • #899 Pwntools now uses Unicorn Engine to emulate PLT instructions to ensure correct mapping of PIE / RELRO binaries.
  • #904 Enhancements to the accuracy of the pwn checksec command.
  • #905 Added a pwn debug command-line utility which automates the process of gdb.attach(process(...)) to spawn GDB
    • More information is available in the documentation here
  • #919 Added a pwn template command-line utility to simplify the process of bootstrapping a new exploit.
    • More information is available in the documentation here.
  • #948 Fix unnecessary warning for Core files
  • #954 Fix list processing in ~/.pwn.conf
  • #967 Respect TERM_PROGRAM for run_in_new_terminal
  • #970 Fix overly-aggressive corefile caching
pwntools - 3.5.1

Published by TethysSvensson over 7 years ago

3.5.1

  • #945 Speed up ssh via caching checksec results (fixes #944)
  • #950 Fixes a bug where setting context.arch does not have an effect on adb.compile() output architecture
pwntools - 3.5.0

Published by TethysSvensson over 7 years ago

3.5.0

  • b584ca3 Fixed an issue running setup.py on ARM
  • #822 Enabled relative leaks with MemLeak
    • This should be useful for e.g. heap-relative leaks
  • #832 Changed all internal imports to use absolute imports (no functional changes)
  • a12d0b6 Move STDOUT, PIPE, PTY constants to globals
    • process(..., stdin=process.PTY) --> process(..., stdin=PTY)
  • #828 Use PR_SET_PTRACER for all process() and ssh.process() instances
    • This simplifies debugging on systems with YAMA ptrace enabled
  • Various documentation enhancements
    • In particular, the gdb, elf, and ssh docs are much better
  • #833 Performance enhancements for adb module
  • d0267f3 packing.fit() now treats large offsets as cyclic patterns (e.g. 0x61616161 behaves the same as "aaaa")
  • #835 Added ssh.checksec
    • Reports the kernel version and other relevant information on connection
  • #857 Slightly shortened execve shellcode
  • 300f8e0 Slightly speed up processing of large ELF files
  • #861 Adds support for extracting IKCONFIG configs from Linux kernel images, and extends checksec to report on any insecure configurations discovered
  • #871 Moves all of the basic syscall templates to shellcraft/common and exposes them via symlinks. Closed #685
    • Should not have any visible effects from any documented APIs
    • shellcraft.arch.os.syscall_function() still works the same
    • We now have the ability to differentiate between the connect syscall, and a TCP connect helper
  • #887 sh_string now returns a quoted empty string '' rather than just an empty string
  • #839 Exposes a huge amount of functionality via corefiles which was not previously availble. See the docs for examples.
    • process().corefile will automatically instantiate a Corefile for the process
    • QEMU-emulated processes are supported
    • Native processes are supported, including extraction of coredumps from apport crash logs
    • Native processes can be dumped while running, in a manner similar to GDB's gcore script
  • #875 Added documentation (and tests) for AArch64 shellcode
  • #882 The ROP class now respects context.bytes instead of using the hard-coded value of 4 (fixed #879)
  • #869 Added several fields to the process class (uid, gid, suid, sgid) which are recorded at execution time, based on the file permissions
  • #868 Changed the way that ssh.process() works internally, and it now returns a more specialized class, ssh_process.
    • Added ssh_process.corefile for fetching remote corefiles
    • Added ssh_process.ELF for getting an ELF of the remote executable
    • The uid, gid, and suid, and sgid which are recorded at execution time, based on the file permissions
  • #865 Fixes ELF.read to support contiguous memory reads across non-contiguous file-backed segments
  • #862 Adds a symlink= argument to ssh.set_working_directory, which will automatically symlink all of the files in the "old" working directory into the "new" working directory
pwntools - 3.4.1

Published by TethysSvensson over 7 years ago

3.4.1

  • #894 Fix a bug when using gdb.debug() over ssh.
  • e021f57 Fix a bug (#891) in rop when needing to insert padding to fix alignment
pwntools - 3.4.0

Published by TethysSvensson over 7 years ago

3.4.0

  • #800 Add shell= option to ssh.process()
  • #806 Add context.buffer_size for fine-tuning tube performance
    • Also adds buffer_fill_size= argument for all tubes
  • b83a6c7 Fix undocumented process.leak function
  • 546061e Modify coredump_filter of all spawned processes, so that core dumps are more complete
  • #809 Add several functions to adb (unlink, mkdir, makedirs, isdir, exists)
  • #817 Make disconnection detection more robust
pwntools - 3.3.4

Published by TethysSvensson almost 8 years ago

3.3.4

  • #850 and #846 fix issues with hexdump and the phd command-line utility, when using pipes (e.g. echo foo | phd)
  • #852 Fixes register ordering in regsort
  • #853 Fixes the registers restored in shellcraft.amd64.popad
pwntools - 3.3.3

Published by TethysSvensson almost 8 years ago

3.3.3

  • #843 fixed a bug in amd64.mov.
pwntools - 3.3.2

Published by TethysSvensson almost 8 years ago

3.3.2

  • #840 Fixed a regression introduced by [#837][837].
pwntools - 3.3.1

Published by TethysSvensson almost 8 years ago

3.3.1

  • #833 Fixed a performance-impacting bug in the adb module.
  • #837 Fixed a bug(#836) causing hexdump(cyclic=True) to throw an exception.
pwntools - 3.3.0

Published by TethysSvensson almost 8 years ago

3.3.0

  • b198ec8 Added tube.stream() function, which is like tube.interact() without a prompt or keyboard input.
    • Effectively, this is similar to cat file and just prints data as fast as it is received.
  • aec3fa6 Disable update checks against GitHub
    • These checks frequently broke due to GitHub query limits
  • #757 Fixed adb.wait_for_device() re-use of the same connection
  • f9133b1 Add a STDERR magic argument to make logging go to stderr instead of stdout
    • Usage is e.g. python foo.py STDERR or PWNLIB_STDERR=1 python foo.py
    • Also adds context.log_console to log to any file or terminal
  • 67e11a9 Add faster error checking to cyclic() when provided very large values
  • 5fda658 Expose BitPolynom in globals()
  • #765 Added -d option for hex-escaped output for shellcraft command-line tool
  • #772 Fixed bash completion regressions
  • 30c34b7 Fix ROP.call() with Function objects from ELF.functions
  • fa402ce Add adb.uptime and adb.boot_time
  • 82312ba Add cyclic_metasploit and cyclic_metasploit_find
Package Rankings
Top 0.99% on Pypi.org
Top 22.15% on Formulae.brew.sh
Badges
Extracted from project README
PyPI Docs GitHub Workflow Status (dev) Coveralls MIT License Packaging status Discord Twitter
Related Projects
pwndbg

Exploit Development and Reverse Engineering with GDB Made Easy

22 Feb 2015 7,408
gen_py_tool

Generate Python Tool

09 Jun 2017 1
SteamTools

🛠「Watt Toolkit」是一个开源跨平台的多功能 Steam 工具箱。

15 Dec 2020 19,885
pwncat

Fancy reverse and bind shell handler

07 May 2020 2,598
pywinauto

Windows GUI Automation with Python (based on text properties)

25 May 2015 4,921
pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation fra...

21 Sep 2015 8,385