Automatic tool to quickly start a pwn CTF challenge

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for church1792 from gravatar.com church1792

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License Copyright (c) 2025 Matteo Chiesa Permission is hereby granted, free of charge, to any ...)
  • Author: Matteo Chiesa
  • Maintainer: Matteo Chiesa
  • Tags ctf , pwn
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

PwnIt

This repository started as a fork of spwn. It was a good tools for initialize a PWN challenge, but I wanted more customization, and since it had not been maintained for a couple of years, I started to look into the code to give more freedom to the user. In the end, I ended up completely refactoring the code and adding some useful features.

Features

  • Auto detect files from cwd (executable and all the libs)
  • Analyze executable:
    • checksec
    • interesting functions
    • seccomp rules
    • cryptographic constants
  • Patch executable:
    • Download and unstrip all the libraries related to the detected libc (loader included)
    • Set runpath and interpreter of the executable with the libraries from the cwd or from the downloaded ones
  • Set binary and loader to be executable
  • Interactively generate functions to navigate a menu in the binary
  • Generate the solve script from your template
  • Download the libc source code

Usage

usage: pwnit [-h] [-r HOST:PORT] [-o] [-i] [-t TAG] [-p PATH] [--seccomp] [--yara RULES_FILEPATH] [--libc-source]

pwnit is a tool to quickly start a pwn challenge

options:
  -h, --help            show this help message and exit
  -r HOST:PORT, --remote HOST:PORT
                        Specify <host>:<port>
  -o, --only            Do only the actions specified in args
  -i, --interactions    Create the interactions
  -t TAG, --template TAG
                        Create the script from the template
  -p PATH, --patch PATH
                        Patch the executable with the specified path
  --seccomp             Print seccomp rules if present
  --yara RULES_FILEPATH
                        Check for given Yara rules file
  --libc-source         Donwload the libc source

If the files have weird names (such as the libc name not starting with libc), the autodetection will fail; the best fix for this is to rename the files.

To understand how the interactions creation works, I suggest to just try it out. It should be pretty straight forward, but if you want to pwn as fast as possible, you cannot waste any time :)

Installation

This tool requires this packages:

sudo apt update
sudo apt install patchelf elfutils ruby-rubygems
# Or the equivalent for you package manager

sudo gem install seccomp-tools

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for church1792 from gravatar.com church1792

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License Copyright (c) 2025 Matteo Chiesa Permission is hereby granted, free of charge, to any ...)
  • Author: Matteo Chiesa
  • Maintainer: Matteo Chiesa
  • Tags ctf , pwn
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.1

0.6.0

0.5

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pwnit-0.7.7.tar.gz (12.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pwnit-0.7.7-py3-none-any.whl (18.3 kB view details)

Uploaded Python 3

File details

Details for the file pwnit-0.7.7.tar.gz.

File metadata

  • Download URL: pwnit-0.7.7.tar.gz
  • Upload date:
  • Size: 12.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for pwnit-0.7.7.tar.gz
Algorithm Hash digest
SHA256 1cc9e3aaa752cffe85de6ed6c5774d19a037cdf13e7c11bec1aeacd683abb851
MD5 889f0247ddb9acbefb506f28dad7efb7
BLAKE2b-256 26dff2a91f5d61e6c935da88f2b7c869f060e94c3ab798bd8569e033d8570b24

See more details on using hashes here.

File details

Details for the file pwnit-0.7.7-py3-none-any.whl.

File metadata

  • Download URL: pwnit-0.7.7-py3-none-any.whl
  • Upload date:
  • Size: 18.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for pwnit-0.7.7-py3-none-any.whl
Algorithm Hash digest
SHA256 ca2c25e3cd16436aded70179d2ec721fa4c6fc3fabfcead3e0e7a340b0962cb9
MD5 599007fe5375be638284cc09b3a42a83
BLAKE2b-256 cbab9be76116ed28367f521297fcfe4035d2cff5796e6a20193fd65218e16ca8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page