pwn_cli is a lightweight helper for working through binary exploitation challenges with pwntools, GDB, and a Python-based REPL.
It helps you:
- launch a target binary in a tmux session,
- attach GDB automatically,
- load an exploit script dynamically,
- bootstrap starter files for a new challenge,
- and optionally use the bundled Google example setup.
- Create starter files with
--init - Launch a binary with a saved session config
- Load
exploit.pydynamically inside the REPL - Use helpers such as
restart()andread_exploit() - Try the included Google example with
--google_example
Install the following before using the tool:
- Python 3
- pwntools
- ptpython
- tmux
- gdb
Install Python dependencies:
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txtpython3 main.py --init .This will create:
exploit.pygdbscript
python3 main.py /path/to/your/binaryYou can also provide the binary explicitly with:
python3 main.py --binary /path/to/your/binaryThis is meant to showcase how I used this helper in the process of solving the "secure-vault" at https://capturetheflag.withgoogle.com/beginners-quest
python3 main.py --google_exampleThis configures the session to use the sample files in the google-example/ directory.
The main entrypoint is main.py.
Common options:
python3 main.py [binary]
python3 main.py --binary /path/to/binary
python3 main.py --exploit-file /path/to/exploit.py
python3 main.py --gdbscript /path/to/gdbscript
python3 main.py --clear-session
python3 main.py --google_exampleOnce the session starts, you will enter a Python REPL with access to:
io— the live pwntools GDB connectionrestart()— restart the session in a new tmux windowread_exploit()— reload the exploit script from disk
- The launcher stores session information in
.pwn_cli_session.json. main.pyuses tmux to create a managed session and then launches the interactive REPL.- The exploit file is loaded dynamically, so you can update it without restarting the whole workflow manually.
- The
gdbscriptis loaded into GDB and reloaded every timerestart()is called, so it can also be edited freely during the session.