Pwntools Cheatsheet

Making a Connection
import pwn Import the pwn module.
conn = pwn.process(path) Start and connect to the local executable at path.
conn = pwn.remote(host, port) Connect to TCP port port on host.
Sending and Receiving Data
conn.send(s) Send the string s.
conn.sendline(s) Send the string s and a newline.
s = conn.recv(n) Receive up to n bytes.
s = conn.recvn(n) Receive exactly n bytes.
s = conn.recvline() Receive up to and including a newline.
s = conn.recvuntil(prompt) Receive up to and including the string prompt.
s = conn.recvregex(regex) Receive up to and including something that matches regex.
s = conn.recvall() Receive everything until the connection closes.
conn.sendlineafter(prompt, s) Receive until prompt, then send the string s.
conn.interactive() Drop into interactive mode.
Packing and Unpacking Integers
s = pwn.p<N>(n) Pack unsigned N-bit integer n into a string.
n = pwn.u<N>(s) Unpack string s into an unsigned N-bit integer.
s = pwn.p<N>(n, sign=True) Pack signed N-bit integer n into a string.
n = pwn.u<N>(s, sign=True) Unpack string s into a signed N-bit integer.
Shellcraft
asm = pwn.shellcraft.sh() Generate assembly that opens an interactive shell.
asm = pwn.shellcraft.cat(path) Generate assembly that dumps the file at path.
asm = pwn.shellcraft.exit(code) Generate assembly that exits with code code.
asm = pwn.shellcraft.nop() Generate assembly for a single-byte no-op.
bin = pwn.asm(asm) Assembles asm into a binary snippet.
asm = pwn.disasm(bin) Disassembles bin into assembly.
Context Control
pwn.context.log_level = "debug" Log all traffic through your connection.
pwn.context.log_level = "warn" Don't log unless something goes wrong.
pwn.context.arch = "i386" Set the target CPU architecture.
pwn.context.os = "linux" Set the target operating system.
pwn.context.endian = "big" Set the target endianness.
pwn.context.word_size = 32 Set the target word size.
pwn.context(arch="arm", ...) Set any of the above in a single line.