Command Line Tools

pwntools comes with a handful of useful command-line utilities which serve as wrappers for some of the internal functionality.

asm

Assemble shellcode into bytes

line

Lines to assemble. If none are supplied, use stdin

-h, --help

show this help message and exit

-f <format>, --format <format>

Output format (defaults to hex for ttys, otherwise raw)

-o <file>, --output <file>

Output file (defaults to stdout)

-c <<opt>>, --context <<opt>>

The os/architecture the shellcode will run in (default: linux/i386), choose from: aarch64, alpha, amd64, arm, avr, cris, freebsd, i386, ia64, linux, m68k, mips, mips64, msp430, powerpc, powerpc64, s390, sparc, sparc64, thumb, vax, windows

constgrep

Looking up constants from header files. Example: constgrep -c freebsd -m ^PROT_ ‘3 + 4’

regex

The regex matching constant you want to find

constant

The constant to find

-h, --help

show this help message and exit

-e <<constant name>>, --exact <<constant name>>

Do an exact match for a constant instead of searching for a regex

-i, --case-insensitive

Search case insensitive

-m, --mask-mode

Instead of searching for a specific constant value, search for values not containing strictly less bits that the given value.

-c <<opt>>, --context <<opt>>

The os/architecture to find constants for (default: linux/i386), choose from: aarch64, alpha, amd64, arm, avr, cris, freebsd, i386, ia64, linux, m68k, mips, mips64, msp430, powerpc, powerpc64, s390, sparc, sparc64, thumb, vax, windows

cyclic

Cyclic pattern creator/finder

count

Number of characters to print

-h, --help

show this help message and exit

-a <alphabet>, --alphabet <alphabet>

The alphabet to use in the cyclic pattern (defaults to all lower case letters)

-n <length>, --length <length>

Size of the unique subsequences (defaults to 4).

-l <<lookup value>>, -o <<lookup value>>, --offset <<lookup value>>, --lookup <<lookup value>>

Do a lookup instead printing the alphabet

disasm

Disassemble bytes into text format

hex

Hex-string to disasemble. If none are supplied, then it uses stdin in non-hex mode.

-h, --help

show this help message and exit

-c <<opt>>, --context <<opt>>

The architecture of the shellcode (default: i386), choose from: powerpc64, aarch64, sparc64, powerpc, mips64, msp430, thumb, amd64, sparc, alpha, s390, i386, m68k, mips, ia64, cris, vax, avr, arm

elfdiff

a
b
-h, --help

show this help message and exit

elfpatch

elf

File to patch

offset

Offset to patch in virtual address (hex encoded)

bytes

Bytes to patch (hex encoded)

-h, --help

show this help message and exit

hex

Hex-encodes data provided on the command line or via stdin.

data

Data to convert into hex

-h, --help

show this help message and exit

phd

Pwnlib HexDump

file

File to hexdump. Reads from stdin if missing.

-h, --help

show this help message and exit

-w <width>, --width <width>

Number of bytes per line.

-l <highlight>, --highlight <highlight>

Byte to highlight.

-s <skip>, --skip <skip>

Skip this many initial bytes.

-c <count>, --count <count>

Only show this many bytes.

-o <offset>, --offset <offset>

Addresses in left hand column starts at this address.

--color <color>

Colorize the output. When ‘auto’ output is colorized exactly when stdout is a TTY. Default is ‘auto’.

shellcraft

Microwave shellcode – Easy, fast and delicious

<shellcode>

The shellcode you want

<arg>

Argument to the chosen shellcode

-h, --help

show this help message and exit

-?, --show

Show shellcode documentation

-o <<file>>, --out <<file>>

Output file (default: stdout)

-f <<format>>, --format <<format>>

Output format (default: hex), choose from {r}aw, {s}tring, {c}-style array, {h}ex string, hex{i}i, {a}ssembly code, {p}reprocssed code

unhex

Decodes hex-encoded data provided on the command line or via stdin.

hex

Hex bytes to decode

-h, --help

show this help message and exit