reddit hackernews mail facebook facebook linkedin


CTF framework and exploit development library.

Pwntools is a grab-bag of tools to make exploitation during CTFs as painless as possible, and to make exploits as easy to read as possible. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

There are bits of code everyone has written a million times, and everyone has their own way of doing it. Pwntools aims to provide all of these in a semi-standard way, so that you can stop copy-pasting the same code around and instead use more slightly more legible wrappers.

Aside from convenience wrappers around mundane functionality, it also provides a very rich set of tubes which wrap all of the IO that you'll ever perform in a single, unifying interface. Switching from a local exploit to a remote exploit, or local exploit over SSH becomes a one-line change.

Last but not least, it also includes a wide array of exploitation assistance tools for intermediate-to-advanced use cases. These include remote symbol resolution given a memory disclosure primitive (MemLeak and DynELF), ELF parsing and patching (ELF), and ROP gadget discovery and call-chain building (ROP).