pwntools | CTF framework and exploit development library | Hacking library

 by   Gallopsled Python Version: 4.12.0b1 License: Non-SPDX

kandi X-RAY | pwntools Summary

kandi X-RAY | pwntools Summary

pwntools is a Python library typically used in Security, Hacking applications. pwntools has no bugs, it has no vulnerabilities, it has build file available and it has high support. However pwntools has a Non-SPDX License. You can install using 'pip install pwntools' or download it from GitHub, PyPI.

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

            kandi-support Support

              pwntools has a highly active ecosystem.
              It has 10297 star(s) with 1610 fork(s). There are 294 watchers for this library.
              There were 4 major release(s) in the last 6 months.
              There are 107 open issues and 835 have been closed. On average issues are closed in 188 days. There are 23 open pull requests and 0 closed requests.
              It has a negative sentiment in the developer community.
              The latest version of pwntools is 4.12.0b1

            kandi-Quality Quality

              pwntools has 0 bugs and 0 code smells.

            kandi-Security Security

              pwntools has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              pwntools code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              pwntools has a Non-SPDX License.
              Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

            kandi-Reuse Reuse

              pwntools releases are available to install and integrate.
              Deployable package is available in PyPI.
              Build file is available. You can build the component from source.
              Installation instructions, examples and code snippets are available.
              pwntools saves you 50838 person hours of effort in developing the same functionality from scratch.
              It has 69884 lines of code, 1647 functions and 230 files.
              It has high code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed pwntools and discovered the below as its top functions. This is intended to give you an instant insight into pwntools implemented functionality, and help decide if they suit your requirements.
            • Attaches target to target .
            • Runs a process .
            • Sorts the registers .
            • Debug debugging .
            • Dump a string in hex .
            • Copy data to dst .
            • Perform a flatFlatten using the given arguments .
            • For debugging purposes only
            • Initialize the class .
            • Display options .
            Get all kandi verified functions for this library.

            pwntools Key Features

            No Key Features are available at this moment for pwntools.

            pwntools Examples and Code Snippets

            FirstBlood,Get Started - Unified I/O
            Pythondot img1Lines of Code : 66dot img1no licencesLicense : No License
            copy iconCopy
            #-- Factory --#
  '/path/to/file', [mode]) # open local file
            uio.tcp(addr, port) # connect to a remote server
            uio.local(port) # connect to localhost
            uio.stdio # wrapped stdin and stdout
            uio.spawn(cmd) # spawn a process [WIP]
            uio.bind(ip, port)  
            Pythondot img2Lines of Code : 63dot img2License : Permissive (MIT)
            copy iconCopy
            >>> from pwntrace import *
            >>> p = ltrace("/bin/ls", ["fflush", "fclose"])
            [x] Starting local process '/usr/bin/ltrace'
            [+] Starting local process '/usr/bin/ltrace': pid 8737
            >>> p.recv()
            [*] Process '/usr/bin/ltrace' stopp  
            Pythondot img3Lines of Code : 47dot img3no licencesLicense : No License
            copy iconCopy
            Suppose the 6 arguments are in s0-s5:
            move $a0, $s0    #  and 0($fp) is reserved for this on the stack
            move $a1, $s1    #  and 4($fp) is reserved for this on the stack
            move $a2, $s2    # and 8($fp)...
            move $a3, $s3    # and 12($fp)...
            sw $s4, 16($fp)  
            python text based game unresolved reference error message
            Pythondot img4Lines of Code : 107dot img4License : Strong Copyleft (CC BY-SA 4.0)
            copy iconCopy
            def instructions():
                print('Welcome to: Friday the 13th Text Based Game')
                print('Move Between Rooms, Collect all 6 items')
                print('Once you have all 6 i
            copy iconCopy
            def get_room_item(rooms, location):
                return rooms[location]['Item']
            if 'Item' in rooms[location]:
            Python while loop extra iterations?
            Pythondot img6Lines of Code : 24dot img6License : Strong Copyleft (CC BY-SA 4.0)
            copy iconCopy
            def foo(i):
                print(i, end=" ")
                for _ in range(i):
                    foo(i - 1)
            print(foo(3)) # 3 2 1 0 1 0 2 1 0 1 0 2 1 0 1 0 hell lot numbers!
            import math
            def MathChallenge(num, count):
                if nu
            Nextcord Fight Command Organization and Suggestions
            Pythondot img7Lines of Code : 73dot img7License : Strong Copyleft (CC BY-SA 4.0)
            copy iconCopy
            class Fight(commands.Cog):
                testServerID = 948362430256410685
                char_speed = {           
                    'Dre': 3,
                    'Henry': 4,
                    'Sonic': 10,
                    'Nub': 3,
                    'God': 5,
                    'Pewdiepie': 6,
            OPENGL gluPerspective implementation
            Pythondot img8Lines of Code : 30dot img8License : Strong Copyleft (CC BY-SA 4.0)
            copy iconCopy
            def swLookAt(self,eyex,eyey,eyez,atx,aty,atz,upx,upy,upz):
                # [...]
                return mylookat
            def swPerspective(self,fovy,aspect,near,far):
            Game of the nim, minimax, game tree, data structure
            Pythondot img9Lines of Code : 48dot img9License : Strong Copyleft (CC BY-SA 4.0)
            copy iconCopy
            def movelist(state):
                for i in range(state[0]):
                    yield (i, state[1], state[2])
                for i in range(state[1]):
                    yield (state[0], i, state[2])
                for i in range(state[2]):
                    yield (state[0], state[1], i)
            def winnningm
            Missing item from Python List when counting execution time for A* Pathfinding algorithm
            Pythondot img10Lines of Code : 21dot img10License : Strong Copyleft (CC BY-SA 4.0)
            copy iconCopy
            full_time = t.stop()
            import astar
            >>> for i in range(0, 4):
            ...     print(i)
            list.append(astar.full_time) # append inserts at th

            Community Discussions


            Is there a way to convert memory adress string to little endian input?
            Asked 2022-Feb-04 at 10:18

            this thing could easily be solves by writing a function that builds the string that I want. But it would be a bit nicer, and a bit more concise if there is something that I can just import and use, it seems lik there should be. I have a python script that uses python pwntools.

            It reads a memory leak from a executable that consists of a string that basically just looks like this:



            Answered 2022-Feb-04 at 10:18

            python3 itself is sufficent for that task



            conda-forge can't install pwntools due to UnsatisfiableError
            Asked 2021-Oct-19 at 14:15

            I created a new Conda Env with:



            Answered 2021-Oct-19 at 14:15

            Using mamba, the issue is more clear (I have added pwntools to the environment creation line:



            pyinstaller isn't converting (or generate a corrupted exe) when pwn package is imported
            Asked 2021-Oct-15 at 01:33

            i am working on reverse shell project using pwn as Client/Server instead of using socket because it's more comfortable in receiving (recvuntil) messages ,but when ever i tried to convert it to EXE using pyinstaller to onefile it ended up failing , generating a corrupted exe or generate an exe that keeps giving Errors ,i even have tested this program on console first.

            so is there a way to make it work or even to make my own pyinstaller (if i have to)?

            i can't think of better title than this ,so if you have better just comment it

            my venv conda python version is 3.9.7

            Here is a little Server Code (this is just for testing):



            Answered 2021-Oct-15 at 01:33

            After Three days of debugging i can tell that there is two steps for the solution to work:

            firstly: Try to reinstall pwntools package by removing it firstly and then install it



            Module Six has no attribute ensure_text
            Asked 2021-Apr-12 at 21:21

            Out of the blue, my python installation seems to have broken. When trying to run a python script, I get the following...



            Answered 2021-Apr-12 at 21:21

            I was able to update six by doing a wget in ~/.local/lib/python3.9/site-packages. This solved the problem.



            Why hex address addition are not the same in gdb and python
            Asked 2021-Feb-11 at 15:35

            I'm doing a buffer overflow exercice with gdb and python(3.9) pwntools on kali. I'm working with a 32bits ELF so my context is set this way : context(arch="i386", os="linux")

            I'm at the step I have to calculate offset between addresses functions and the result in python is driving me crazy.

            In gdb : p 0xf7e280e0 + 0xefdc8000 = 0xe7bf00e0

            In my python script : 0xf7e280e0 + 0xefdc8000 = 0x1e7bf00e0

            Can you help me to understand why the result is not the same?

            Thanks :)



            Answered 2021-Feb-11 at 15:35

            Can you help me to understand why the result is not the same?

            Python performs arithmetic with arbitrary precision. If you add two 32-bit numbers, the result could overflow and produce a number which does not fit in 32 bits.

            Is there any way to force this?

            Assuming by "force this" you mean: force Python to compute a 32-bit number, sure: you just need to mask off the bits you don't want:



            Get a SIGSEV on a buffer overflow
            Asked 2020-Nov-19 at 19:33

            I am attempting to create a buffer-overflow on a simple x64 C binary with all protections enabled (i.e. ASLR, canary, PIE, NX, Full RelRO - disabled Fortify). I am using an (updated) x64 Kali Linux 2020.3 distro (in vmware using the vmware image from the official offensive security website). I am compiling the program as root and I am enabling the SUID bit to access the program with root privilidges from an unpriviledged account. The code of the vulnerable program (example5.c) is the following:



            Answered 2020-Nov-19 at 16:28

            I think you wrongly calculated some offset. I modified your script to automate some calculation. I am using Ubuntu 20.04 for testing. Btw, you should use %p instead of %llx for address.

            Set breakpoint after printf(input); then inspected the stack, I decided to go for __libc_start_main to leak libc base:



            pwntools Python module doesn't work in python2 but works in python3
            Asked 2020-May-26 at 19:08

            I have a python2 script I want to run with the pwntools python module and I tried running it using:


            But then I get:

            File "", line 3, in from pwn import * ImportError: No module named pwn

            But when I try it with python3, it gets past that error but it runs into other errors because it's a python2 script. Why does pwntools not work when I run it with python2 and can I get my script to run without porting the whole thing to python3?



            Answered 2020-Mar-31 at 20:55

            Hard to say for sure but it looks like you installed pwntools for python3 and not for python2. Packages are not shared between python versions. if you run python2 -m pip install --user pwntools and then try to run with python2 does it work?



            Segfault in ret2libc attack, but not hardcoded system call
            Asked 2020-Mar-22 at 02:08

            I have the following protostar challenge



            Answered 2020-Mar-22 at 02:08

            After searching the instruction movaps segfault I came across this site that explains the issue.

            The MOVAPS issue

            If you're using Ubuntu 18.04 and segfaulting on a movaps instruction in buffered_vfprintf() or do_system() in the 64 bit challenges then ensure the stack is 16 byte aligned before returning to GLIBC functions such as printf() and system(). The version of GLIBC packaged with Ubuntu 18.04 uses movaps instructions to move data onto the stack in some functions. The 64 bit calling convention requires the stack to be 16 byte aligned before a call instruction but this is easily violated during ROP chain execution, causing all further calls from that function to be made with a misaligned stack. movaps triggers a general protection fault when operating on unaligned data, so try padding your ROP chain with an extra ret before returning into a function or return further into a function to skip a push instruction.

            Simply adding a call to a ret gadget before the call to system aligned bytes, and allowed me to pop a shell.


            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install pwntools

            Pwntools is best supported on 64-bit Ubuntu LTS releases (14.04, 16.04, 18.04, and 20.04). Most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). Python3 is suggested, but Pwntools still works with Python 2.7. Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with.


            Our documentation is available at A series of tutorials is also available online. To get you started, we've provided some example solutions for past CTF challenges in our write-ups repository.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
          • PyPI

            pip install pwntools

          • CLONE
          • HTTPS


          • CLI

            gh repo clone Gallopsled/pwntools

          • sshUrl


          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Hacking Libraries


            by wifiphisher


            by threat9


            by s0md3v


            by Gallopsled


            by Atmosphere-NX

            Try Top Libraries by Gallopsled


            by GallopsledPython


            by GallopsledPython


            by GallopsledRuby


            by GallopsledPython


            by GallopsledPython