Major update drops for popular Pwntools penetration showbag

Hackers chuffed


The third version of the Pwntools exploit showbag has been released, sporting new Android p0wnage functions and a host of additional modules.

The Python development library is the brainchild of the Gallopsled CTF team, which wrote the toolset to help fellow security types build faster exploits for penetration testing and capture the flag competitions.

Pwntools is popular with hordes of hackers who enjoy the benefit of simplified exploit development.

Gallopsled announced the major update, the first in 18 months, which folds in some 1,305 commits since the last version, including bonus hacking features from the forked Binjitsu exploit toolbox project.

"Pwntools is a Python library/framework developing exploits for capture the flag competitions, like DEFCON CTF, picoCTF, and wargames like pwnable.kr," the Pwntools developers said.

"Pwntools makes the exploit developer's life easier by providing a suite of easy and quick tools that do exactly what an exploit developer would want them to -- without the hassle of writing template code or dealing with various minor gotchas."

While the hacking suite is deployed on Ubuntu, users of other OSes can play with a PwnTools demonstration in their browsers.

Team-less would-be hackers wishing to test Pwntools in a capture the flag team can join the OpenToAllCTFteam, which allows all members to participate in its hacking events.

The Pwntools developers are planning on support for Python 3, but say that upgrade will take time.

PwnTools joins popular hacking tools Metasploit and the Browser Exploitation Framework (BEeF) Project. ®

Similar topics


Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2022