pwntools - WolvSec/Knowledge-Base GitHub Wiki

pwntools is essential to automating any cybersecurity work, and is especially useful in CTF competitions. Take a look at the documentation: https://docs.pwntools.com/en/stable/ and inventory all the different modules and functions. You will most often see this library present in good writeups after competition, so look at those as a guide.

Very comprehensive tutorial here: https://github.com/Gallopsled/pwntools-tutorial

Examples

Running a program with pwntools

from pwn import *

elf = context.binary = ELF('./vuln')  # Tell pwntools what binary you are operating on

io = process()  # Start the process

out = io.recvuntil(b'enter your favorite address?\n')  # Read from the process stdout
print(out)

io.sendline(b'AAAA')  # Write to the process stin

io.interactive()  # Open up stdin/stdout to your control, useful after you pop a shell

Packing a pointer with pwntools (note the Endianess):

>>> p64(0x400000)
b'\x00\x00@\x00\x00\x00\x00\x00'