from pwn import *
The most common way that you’ll see pwntools used is
>>> from pwn import *
Which imports a bazillion things into the global namespace to make your life easier.
This is a quick list of most of the objects and routines imported, in rough order of importance and frequency of use.
Super convenient wrappers around all of the common functionality for CTF challenges
Connect to anything, anywhere, and it works the way you want it to
Helpers for common tasks like
Interact directly with the application via
Useful functions to make sure you never have to remember if
'>'means signed or unsigned for
struct.pack, and no more ugly
index at the end.
endianin sane manners (also these can be set once on
contextand not bothered with again)
Most common sizes are pre-defined (
u64, etc), and
pwnlib.util.packing.pack()lets you define your own.
Make your output pretty!
Utilities for generating strings such that you can find the offset of any given substring given only N (usually 4) bytes. This is super useful for straight buffer overflows. Instead of looking at 0x41414141, you could know that 0x61616171 means you control EIP at offset 64 in your buffer.
Library of shellcode ready to go
asm(shellcraft.sh())gives you a shell
Templating library for reusability of shellcode fragments
ELF binary manipulation tools, including symbol lookup, virtual memory to file offset helpers, and the ability to modify and save binaries back to disk
Dynamically resolve functions given only a pointer to any loaded module, and a function which can leak data at any address
Automatically generate ROP chains using a DSL to describe what you want to do, rather than raw addresses
Dictionary containing all-caps command-line arguments for quick access
python foo.py REMOTE=1and
args['REMOTE'] == '1'.
- Can also control logging verbosity and terminal fanciness
Useful utilities for generating random data from a given alphabet, or simplifying math operations that usually require masking off with 0xffffffff or calling ord and chr an ugly number of times
Routines for querying about network interfaces
Routines for querying about processes
It’s the new
Functions for safely evaluating python code without nasty side-effects.
These are all pretty self explanatory, but are useful to have in the global namespace.
Additionally, all of the following modules are auto-imported for you. You were going to do it anyway.