pwntools - CTF framework and exploit development library

  •        120

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.



Related Projects

Zeratool - Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems

  •    Python

This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are then weaponized for remote code execution through pwntools and a series of script tricks. Finally the payload is tested locally then submitted to a remote CTF server to recover the flag. Zeratool has room to grow and future iterations of Zeratool will include information disclosure discovery and linking those leaks to an offset for general ASLR bypasses.

pwntools-write-ups - A colleciton of CTF write-ups all using pwntools

  •    Python

Some of the tests are a bit finnicky, both due to pwntools and the services themselves. If other tests are failing or there are other issues (e.g. services still running after the test), then please file an issue.

zio - unified io lib for pwning development written in python

  •    Python

zio is an easy-to-use io library for pwning development, supporting an unified interface for local process pwning and TCP socket io. The primary goal of zio is to provide unified io interface between process stdin/stdout and TCP socket io. So when you have done local pwning development, you only need to change the io target to pwn the remote server.

Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go


Welcome to my collection of exploit writeups. This repo is where my current and future writeups for public exploits, vulnerability research, and CTF challenge solves will go. Below is a directory of the current writeups that I've published. An overview of the PS4 kernel exploit codenamed "namedobj", which targets a type confusion vulnerability in the sys_namedobj_* Sony system calls. This overview covers the basic exploit strategy required to leverage the type confusion bug into a fully fledged exploit.

fbctf - Platform to host Capture the Flag competitions

  •    Hack

The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.The FBCTF platform was designed with flexibility in mind, allowing for different types of installations depending on the needs of the end user. The FBCTF platform can be installed either in Development Mode, or Production Mode.

v0lt - Security CTF Toolkit (Not maintained anymore)

  •    Python

v0lt is an attempt to regroup every tool I used/use/will use in security CTF, Python style. A lot of exercises were solved using bash scripts but Python may be more flexible, that's why. Nothing to do with Gallopsled. It's a toy toolkit, with small but specific utils only.

awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.

stripe-ctf-2.0 - Capture the Flag: Web Edition

  •    Python

This repository contains the source code to the levels from the Stripe CTF 2.0, which ran from August 22-29, 2012.

defcon-vm - Files from my DEFCON CTF VM.

  •    Perl

This repository contains the files necessary for the DEFCON CTF VM that I created. You can grab a copy of the VM itself from my blog. NOTE: Your network settings may not resolve "defcon.local" as a hostname. You can log in and run ifconfig from inside the VM to get its IP address. You can also try using just "defcon" or "defcon." and see if those work.

one_gadget - The best tool for finding one gadget RCE in

  •    Ruby

When playing ctf pwn challenges we usually need the one-gadget RCE (remote code execution), which leads to call execve('/bin/sh', NULL, NULL). Note: require ruby version >= 2.1.0, you can use ruby --version to check.

MBE - Course materials for Modern Binary Exploitation by RPISEC

  •    C

This repository contains the materials as developed and used by RPISEC to teach Modern Binary Exploitation at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation. Vulnerability research & exploit development is something totally outside the bounds of what you see in a normal computer science curriculum, but central to a lot of what we RPISEC members find ourselves doing in our free time. We also find that subjects in offensive security tend to have a stigma around them in university that we would like to help shake off. These are practical, applied skills that we're excited to share with those interested in learning.

shellen - :cherry_blossom: Interactive shellcoding environment to easily craft shellcodes

  •    Python

Shellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Shellen can also be used as an assembly or disassembly tool. keystone and capstone engines are used for all of shellen's operations.

armpwn - Repository to train/learn memory corruption on the ARM platform.

  •    Python

Repository to train/learn memory corruption exploitation on the ARM platform. This is the material of a workshop I prepared for my CTF Team. Either upload the binary to some ARM device (I used a Raspberry Pi) or use qemu locally as described here. Also copy the webroot/ folder and the led script to the device. The binary expects both to be in the current working directory.

gef - GEF - GDB Enhanced Features for exploit devs & reversers

  •    Python

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

payloads - Git All the Payloads! A collection of web attack payloads.

  •    Shell

run ./ to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.



A multi-agent capture-the-flag package designed for teaching artificial intelligence concepts.


  •    C++

Outgun is a free, cross-platform 32-player capture-the-flag (CTF) 2D action game.

RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)

  •    HTML

Root the Box is a real-time scoring engine for computer wargames where hackers can practice and learn. The application can be easily configured and modified for any CTF game. Root the Box attempts to engage novice and experienced players alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to the real-world, such as penetration testing, incident response, digital forensics and threat hunting. Just as in traditional CTF games, each team or player targets challenges of varying difficulty and sophistication, attempting to collect flags. Root the Box brings additional options to the game. It can be configured to allow the creation of "Botnets" by uploading a small bot program to target machines, which grant periodic rewards with (in-game) money for each bot in the botnet; the larger the botnet the larger the reward. Money can be used to unlock new levels, buy hints to flags, download a target's source code, or even "SWAT" other players by bribing the (in-game) police. Player's "bank account passwords" can also be publically displayed by the scoring engine, allowing players to crack each other's passwords and steal each other's money.