pwntools
angr
Our great sponsors
pwntools | angr | |
---|---|---|
8 | 13 | |
11,447 | 7,203 | |
1.9% | 1.8% | |
9.1 | 9.7 | |
8 days ago | 4 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pwntools
-
PwnTools for Exploit Development
The Pwntools library stands out as a sophisticated toolset for CTF enthusiasts and security researchers. It aids in creating and executing shellcode, designing payloads, and interacting with remote processes. For instance, the context feature allows developers to switch between different architectures effortlessly, while the 'tube' module streamlines the communication between local and remote processes. And it's not just limited to Linux; the library has support for various platforms including Windows, making it versatile and comprehensive.
-
unable to install pwntools on mac m1
you have to remove the unicorn dependency from the setup.py because doesn't support m1 git clone https://github.com/Gallopsled/pwntools cd pwntools sed -i'' '/unicorn/d' setup.py pip install --upgrade .
-
Awesome CTF : Top Learning Resource Labs
Pwntools - CTF Framework for writing exploits.
-
Awesome Penetration Testing
Pwntools - Rapid exploit development framework built for use in CTFs.
-
Not sure if belongs here
Pwntools is a thing.
-
What is Calypso?
One library that I may eventually make which will probably not be an officially maintained library but which I will maintain myself will be a partial or full port of pwntools (a library written in Python for CTFs) to Calypso. For more information on CTFs, atan made a pretty cool post about them:
- Use pwntools for your exploits
-
anybody know good packet crafting resources?
Scapy is great if you're attacking low level networking protocol stacks like TCP/IP or UDP. In that case, you may be modifying packet headers and such. Otherwise, it's much easier to just use the Python socket module and craft your custom payload in Python. Even better is the pwntools module.
angr
-
30 Years of Decompilation and the Unsolved Structuring Problem: Part 1
That's awesome! That's exactly how modern decompilers deal with a special type of goto occurrence. They reduce gotos (or completely eliminate them) by introducing a `while(true)` loop, followed by corresponding `continue` and `breaks`... we all, of course, know that `while(true)` did not exist in the source, but it's a nice hack!
We even do this in the angr decompiler, found here: https://github.com/angr/angr/blob/8e48d001e18a913ecd4ed2e995...
- Ask not what the compiler can do for you
-
The Full Story of Large Language Models and RLHF
One would hope browser and OS vendors would use AI to remediate vulnerabilities but vast majority of software vendors won't ever use it.
Also, automated vulnerability finding is very much real and already used today. This isn't something that has just become viable via LLMs, but I guess LLMs can enhance it:
https://github.com/angr/angr
-
Synthesizing optimal 8051 code with an SMT solver (2020)
Check out angr [1], a symbolic execution engine, and claripy [2], its frontend to SMT solvers like z3.
[1] https://angr.io
[2] https://api.angr.io/claripy.html
-
Any standard algorithms for parsing (disassembling) machine code?
BAP (https://github.com/binaryanalysisplatform/bap), angr (https://angr.io/) and others already do what you're asking for as more purpose-built solutions for dynamic analysis. Angr specifically in python.
-
Can anyone explain to me how to find main function in elf file?
As /u/hkei noted, it's actually quite difficult to do in general, and usually requires some kind of heuristic. For example, see https://github.com/dyninst/dyninst/blob/v12.1.0/dyninstAPI/src/image.C#L476. Full disclosure, I am a Dyninst developer. There is also the python-based angr that might be more amenable to a one-off solution.
-
We are Legitimate Business Syndicate, DEF CON CTF Organizers 2013-2017, Ask Us Anything
I think there's a lot of promise in automation that's been spun off from the CTF community. Angr and Binary Ninja are both very much spinoffs from contest hacking, and are pretty great for helping a skilled hacker find flaws in software.
-
Awesome Penetration Testing
angr - Platform-agnostic binary analysis framework.
-
Programming in Z3 by learning to think like a compiler
angr uses z3.
https://github.com/angr/angr
Supposedly, the DoD has used angr for some use cases.
-
What's a good technology to introduce to my company?
Try using angr to automate bug finding
What are some alternatives?
Metasploit - Metasploit Framework
qiling - A True Instrumentable Binary Emulation Framework
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
RustScan - 🤖 The Modern Port Scanner 🤖
one_gadget - The best tool for finding one gadget RCE in libc.so.6
frontier-silicon-firmwares - Frontier silicon internet radio firmware binaries
padding-oracle-attacker - 🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.
CrossHair - An analysis tool for Python that blurs the line between testing and type systems.
gophish - Open-Source Phishing Toolkit
bap - Binary Analysis Platform
peda - PEDA - Python Exploit Development Assistance for GDB
BinV - 👓 Yet another binary vulnerbilities checker. An automated vulnerability scanner for ELF based on symbolic execution.