A tool to help with ethereum smart contract exploit interaction, designed with CTF challenges in mind. Some might call it a set of pwn tools for ethereum exploitation.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for degrigis from gravatar.com degrigis Avatar for Lukas-Dresel from gravatar.com Lukas-Dresel

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT License)

Author: Lukas Dresel

Tags ctf, ethereum, exploits, security, smart-contracts, testing

Requires: Python >=3.7

Classifiers

Project description

ethpwn

A tool to help with ethereum smart contract exploit interaction, designed with CTF challenges in mind. One might call it a set of pwn tools for ethereum exploitation :P. ethpwn is designed to help you waste the smallest amount of time possible on the annoying parts of interacting with ethereum smart contracts, mainly deployment, transaction sending, and interaction.

Installation

pip install ethpwn

Usage

Example exploits for the ethernaut challenges

SPOILERS AHEAD! If you haven't solved the ethernaut challenges yet, you should solve them first before looking at the respective examples.

With that said, you can see examples of how to use ethpwn to solve the ethernaut challenges in the Lukas-Dresel/ethernaut repository.

Deploying an exploit contract

#!/usr/bin/env python3

import os
import sys
from time import sleep
from ethpwn.prelude import *


context.connect_http(sys.argv[1])

# syntax deploy.py <contract to deploy> [<solidity files with code..>]
CONTRACT_METADATA.add_solidity_files(sys.argv[2:])

with CONTRACT_METADATA['Exploit'].deploy_destructible() as (tx_hash, target):

    print(f"Exploit contract is at {target.address}")

    transact(target.functions.exploit(), value=ARGS.value, force=ARGS.force)

    # on __exit__ of the context manager, `contract.destroy()` will be called to return any leftover funds

Interacting with the target contract to exploit it off-chain

An example of how to interact with the target contract to exploit it off-chain can be found in the examples/ directory.

SPOILER ALERT: This example is the solution to the ethernaut fallback challenge.

The gist of it looks as follows:

...

# illustration of how to import contracts from strings
CONTRACT_SOURCE=""" <copy & paste the source from ethernaut here> """
CONTRACT_METADATA.add_solidity_source(CONTRACT_SOURCE, 'Fallback.sol')

target = CONTRACT_METADATA['Fallback'].get_contract_at(ARGS.target_addr)

# set our contribution to non-zero
transact(target.functions.contribute(), value=wei(ether=0.0001))

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for degrigis from gravatar.com degrigis Avatar for Lukas-Dresel from gravatar.com Lukas-Dresel

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT License)

Author: Lukas Dresel

Tags ctf, ethereum, exploits, security, smart-contracts, testing

Requires: Python >=3.7

Classifiers

Release history Release notifications | RSS feed

1.0.0

0.0.5.post7

0.0.5.post6

0.0.5.post5

0.0.4

0.0.3

0.0.2

0.0.2a2 pre-release

0.0.2a1 pre-release

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ethpwn-0.0.1.tar.gz (14.8 kB view hashes)

Uploaded Source

Built Distribution

ethpwn-0.0.1-py3-none-any.whl (16.9 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page