Skip to main content

No project description provided

Project description


A box for CTF challenges with some sugar functions, Just enjoy it

Current version: 1.3.0

Please use python 3.6+



All you need to do is

pip install ctfbox



from ctfbox import * # Will not import the pwn part, please check the PWN Usage section below
# enjoy it


PWN Usage



Some functions with names similar to PHP, close to intuition

  • url_encode(s: str, encoding: str = 'utf-8') -> str
  • url_decode(s: str, encoding: str = 'utf-8') -> str
  • base64_decode(s: str, encoding='utf-8') -> str
  • base64_encode(s: str, encoding='utf-8') -> str
  • bin2hex(s: str) -> str
  • hex2bin(s: str) -> str
  • json_encode(obj) -> object
  • json_decode(data) -> str
  • jwt_decode(token: str) -> bytes
  • jwt_encode(header: dict, payload: dict, key=None, algorithm=None) -> str
  • sha1(s: str, encoding='utf-8') -> str
  • sha256(s: str, encoding='utf-8') -> str
  • md5(s: str, encoding='utf-8') -> str
  • random_int(minN: int = 0, maxN: int = 1024) -> int
  • random_string(n: int = 32, alphabet: str = "") -> str
  • od_parse(data: str) -> Dict[str, Union[str, list]]
  • Threader(number: int, timeout: int = None, retry: int = 2)
     A simple decorator function that can decorate the function to make it multi-threaded.


  • get_flask_pin(username: str, absRootPath: str, macAddress: str, machineId: str, modName: str = "", appName: str = "Flask") -> str
  • flask_session_helper (⚠️ There is no flask dependency in ctfbox itself, the following two functions need to install the dependency by yourself)
    • flask_session_encode(secret_key: str, payload: dict) -> str
    • flask_session_decode(session_data: str, secret_key: str) -> dict
  • php_serialize_escape_helper
    • php_serialize_escape_s2l(src: str, dst: str, payload: str, paddingTrush: bool = False) -> Tuple[str, int]
    • php_serialize_escape_l2s(src: str, dst: str, disString: str, payload: str, paddingTrush: bool = False) -> Tuple[str, int]
  • provide(host: str = "", port: int = 2005, isasync: bool = False, files: List[Tuple[Union[filepath, content], routePath, contentType]] = {})
    A simple and customizable http server.
  • hashAuth(startIndex: int = 0, endIndex: int = 5, answer: str = "", maxRange: int = 1000000, threadNum: int = 25, hashType: HashType = HashType.MD5) -> str
    A function used to blast the first few bits of the hash, often used to crack the ctf verification code
  • httpraw(raw: Union[bytes, str], **kwargs -> requests.Response)
    Send raw request by python-requests
    Allow kwargs:
    - proxies(dict) : requests proxies
    - timeout(float): requests timeout
    - verify(bool)  : requests verify
    - real_host(str): use real host instead of Host if set
    - ssl(bool)     : whether https
  • gopherraw(raw: str, host: str = "", ssrfFlag: bool = False) -> str
    Generate gopher requests URL form a raw http request


please refer to source code for function's signatures and usages

  • print data in hex format: printHex()
  • pack number into bytes: p16(), p32(), p64()
  • unpack number from bytes: u16(), u32(), u64()


  • TODO


  • Usage
    # Doesn't support Windows
    from pwn import * # import pwntools
    # set pwntools config...
    # context.os = 'linux'
    # context.log_level = 'debug'
    # context.arch = 'amd64'
    from ctfbox.pwntools.config import Config # import confit for pwn part of ctfbox
    # set necessary config 
    - local(bool) : connect to local binary / remote address, default: True
    - bin(str)    : the binary path, e.g. './pwn'
    - address(str): the remote address, e.g. ''
    - pie(bool)   : whether the memory address is randomized, default: False
    Config.local = True
    Config.address = ""
    Config.bin = "./bin"
    # import pwn part
    from ctfbox.pwn import *
    now you can use the attributes/functions below
    slog // empty dictionary, you can set the leaked address and corresponding name. e.g. slog['libc'] = libc_addr
    elf  // pwntools.ELF(binaray)
    cn   // a connect to local binary or remote address
    re   // lambda of cn.recv(m, t)
    recv // lambda of cn.recv()
    ru   // lambda of cn.recvuntil(x)
    rl   // lambda of cn.recvline()
    sd   // lambda of cn.send(x)
    sl   // lambda of cn.sendline(x)
    ia   // lambda of cn.interactive()
    sla  // lambda of cn.sendlineafter(a, b)
    sa   // lambda of cn.sendafter(a, b)
    ft   // ft(arg, f=pwnlib.util.cyclic.de_bruijn(), l=None) lambda of flat(*arg, filler=f, length=l)
    gdba // gdba(bps) debug, argument bps save the breakpoint address, breakpoint can also be automatically set when pie is turned on, need pmap command
    slog_show // print all set slogs, in hexadecimal format



  • requests
  • PyJWT






  • refactor project structure
  • add some functions:
    • flask_session_encode
    • flask_session_decode
    • php_serialize_escape_l2s
    • php_serialize_escape_s2l
    • gopherraw



  • fix a bug that httpraw may not be able to send post request correctly
  • fix a bug that could not solve port
  • fix a bug that real_host could not use
  • fix a bug that may cause encoding error


  • add dev dependencies: icecream
  • add some functions:
    • od_parse
    • get_flask_pin
    • httpraw
    • p16 p32 p64 and uXX functions
    • Base32 and Base64 table getter


  • move project to new directory
  • update, added missing functions


  • add pwn part, please see Pwn Usage
  • add some functions that may be used in reverse
  • update hashAuth functions
    • error if startIndex is less than endIndex
    • if startIndex is zero and length of hash(endIndex - startIndex) is not equal to length of answer, endIndex will be set to length of answer
  • update, add usage and contributors, Supplementary dependency: PyJWT


  • update


  • update


  • first commit

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ctfbox-1.3.0.tar.gz (17.8 kB view hashes)

Uploaded source

Built Distribution

ctfbox-1.3.0-py3-none-any.whl (22.1 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page