pwntools
pwntools
is a CTF framework and exploit development library.
Written in Python, it is designed for rapid prototyping and development,
and intended to make exploit writing as simple as possible.
The primary location for this documentation is at docs.pwntools.com, which uses readthedocs. It comes in three primary flavors:
Getting Started
Module Index
Each of the pwntools
modules is documented here.
pwnlib.adb
— Android Debug Bridgepwnlib.args
— Magic Command-Line Argumentspwnlib.asm
— Assembler functionspwnlib.atexception
— Callbacks on unhandled exceptionpwnlib.atexit
— Replacement for atexitpwnlib.constants
— Easy access to header file constantspwnlib.config
— Pwntools Configuration Filepwnlib.context
— Setting runtime variablespwnlib.dynelf
— Resolving remote functions using leakspwnlib.encoders
— Encoding Shellcodepwnlib.elf.config
— Kernel Config Parsingpwnlib.elf.corefile
— Core Filespwnlib.elf.elf
— ELF Filespwnlib.exception
— Pwnlib exceptionspwnlib.filepointer
— FILE* structure exploitationpwnlib.filesystem
— Manipulating Files Locally and Over SSHpwnlib.flag
— CTF Flag Managementpwnlib.fmtstr
— Format string bug exploitation toolspwnlib.gdb
— Working with GDBpwnlib.libcdb
— Libc Databasepwnlib.log
— Logging stuffpwnlib.memleak
— Helper class for leaking memorypwnlib.qemu
— QEMU Utilitiespwnlib.replacements
— Replacements for various functionspwnlib.rop.ret2dlresolve
— Return to dl_resolvepwnlib.rop.rop
— Return Oriented Programmingpwnlib.rop.srop
— Sigreturn Oriented Programmingpwnlib.runner
— Running Shellcodepwnlib.shellcraft
— Shellcode generationpwnlib.shellcraft.aarch64
— Shellcode for AArch64pwnlib.shellcraft.amd64
— Shellcode for AMD64pwnlib.shellcraft.arm
— Shellcode for ARMpwnlib.shellcraft.common
— Shellcode common to all architecturepwnlib.shellcraft.i386
— Shellcode for Intel 80386pwnlib.shellcraft.mips
— Shellcode for MIPSpwnlib.shellcraft.riscv64
— Shellcode for RISCV64pwnlib.shellcraft.thumb
— Shellcode for Thumb Modepwnlib.term
— Terminal handlingpwnlib.timeout
— Timeout handlingpwnlib.tubes
— Talking to the World!pwnlib.tubes.buffer
— buffer implementation for tubespwnlib.tubes.process
— Processespwnlib.tubes.serialtube
— Serial Portspwnlib.tubes.sock
— Socketspwnlib.tubes.ssh
— SSHpwnlib.ui
— Functions for user interactionpwnlib.update
— Updating Pwntoolspwnlib.useragents
— A database of useragent stringspwnlib.util.crc
— Calculating CRC-sumspwnlib.util.cyclic
— Generation of unique sequencespwnlib.util.fiddling
— Utilities bit fiddlingpwnlib.util.getdents
— Linux binary directory listingpwnlib.util.hashes
— Hashing functionspwnlib.util.iters
— Extension of standard moduleitertools
pwnlib.util.lists
— Operations on listspwnlib.util.misc
— We could not fit it any other placepwnlib.util.net
— Networking interfacespwnlib.util.packing
— Packing and unpacking of stringspwnlib.util.proc
— Working with/proc/
pwnlib.util.safeeval
— Safe evaluation of python codepwnlib.util.sh_string
— Shell Expansion is Hardpwnlib.util.web
— Utilities for working with the WWWpwnlib.windbg
— Working with WinDbg
Bytes
The bytes vs text distinction is so important that it even made it to this main page. See the pwntools-tutorial repo for the latest tutorial finally explaining the difference once and for all (hopefully).