Download Latest Version Release 4.15.0 source code.tar.gz (4.4 MB)
Email in envelope

Get an email when there's a new version of Pwntools

Home / 4.15.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2025-10-12 8.7 kB
0
Release 4.15.0 source code.tar.gz 2025-10-12 4.4 MB
0
Release 4.15.0 source code.zip 2025-10-12 5.5 MB
0
Totals: 3 Items   10.0 MB 0

This is the last release supporting Python 2 and Python <3.10. See [#2495]

This release comes with a bunch of fixes, some new features, and a few deprecations. Thank you to every contributing their features and fixes!

Highlights

  • Added context.gdb_binary to specify which gdb command to use. Useful to specify e.g. pwndbg. Checkout the pwn.conf config file to set it globally. (@Ninja3047)
  • Added tube.upload_manually to upload data to a shell using shell commands. Quickly upload your exploit into that kernel pwn challenge without manually typing the echo {chunk} | base64 -d >> exploit loop.
  • Improved libcdb handling of a local libc-database without relying on external services. (@the-soloist)
  • Cache the output of asm() to speed up subsequent exploit runs. (Disable the cache using context.cache_dir = None)
  • Improve documentation regarding which ELF functions run the binary internally. (Thanks to @Hackrrr who made a CTF challenge for it at Compete With Team Europe CTF 2025)

Deprecations

Removal of some CLI command scripts

Many of the CLI utilities coming with pwntools had ambiguous names and caused problems while packaging in different distributions. Most of the commands are deprecated now and print a warning suggesting to use pwn <thecommand> instead.

Only checksec, constgrep, libcdb, phd, pwnstrip, and shellcraft stay as standalone CLI scripts. The rest will be removed and only accessible through the pwn wrapper in the future.

$ debug
/home/user/.local/bin/debug:8: DeprecationWarning: The 'debug' command is deprecated and will be removed in a future version. Please use 'pwn debug' instead.
  sys.exit(deprecated_main())
usage: pwn debug [-h] [-x GDBSCRIPT] [--pid PID] [-c context] [--exec EXECUTABLE] [--process PROCESS_NAME] [--sysroot SYSROOT]

Deprecate 'keepends' argument in favor of 'drop' in tube.recvline*

tube.recvline used the keepends argument to specify whether to include the trailing newline in the return value while tube.recvuntil uses drop to specify inclusion of the delimiter. The semantics are inversed for both functions causing confusion:

:::python
io.recvuntil(b'pwn', drop=True) # Don't include `pwn` at the end.
io.recvline(keepends=False) # Don't include `\n` at the end.

Since drop is a more generic name (and shorter to type), tube.recvline* accepts a drop parameter now and usage of keepends is deprecated.

The detailed changelog is as follows:

New Contributors

Full Changelog: https://github.com/Gallopsled/pwntools/compare/4.14.1...4.15.0

Source: README.md, updated 2025-10-12