// the find
Gallopsled/pwntools
CTF framework and exploit development library
pwntools is the de-facto standard Python library for binary exploitation and CTF challenges. It wraps everything a pwner needs—process/socket interaction, ELF parsing, ROP chain construction, shellcode generation, GDB integration, format string exploitation, and more—into one import. If you do binary exploitation on Linux, you almost certainly already use this.
- The tube abstraction (process/remote/ssh all sharing the same recv/send/interactive API) makes switching between local testing and remote targets a one-line change, which genuinely saves time during CTFs.
- Architecture coverage is unusually broad: x86, amd64, ARM, AArch64, MIPS, RISC-V, LoongArch64, PowerPC, SPARC—shellcraft and constants tables exist for all of them, with both little and big endian variants.
- GDB integration via pwnlib.gdb lets you attach a debugger mid-script with breakpoints set programmatically, which is far more useful than manually attaching and typing addresses.
- The ROP module does real gadget discovery and chain construction including ret2dlresolve and SROP out of the box, not just gadget listing.
- The global context object (context.arch, context.os, etc.) is mutable shared state, which causes subtle bugs when writing multi-arch scripts or running tests in parallel—it's a design wart that's baked too deep to easily fix now.
- The automatic update checker and some import-time side effects (logging setup, terminal detection) make pwntools slow and annoying to use in non-interactive scripts or CI pipelines unless you set NOTERM and similar env vars.
- Windows support is essentially nonexistent; if your target or tooling is Windows-based you're on your own, and the documentation is upfront about this only in passing.
- The ROP engine struggles with complex binaries that use things like jump tables or indirect calls—it works well on toy CTF binaries but can produce subtly broken chains on real-world software without obvious error messages.