A small collection of custom Python helpers for binary-exploitation / pwn challenges:
a CLI cyclic-pattern offset finder, a flexible payload-bytes builder, and a tiny helper
that exposes your .py tools on PATH.
CTF / lab tooling — use it where you're allowed to.
flowchart LR
A["1 · crash with a cyclic pattern<br/>(pwntools cyclic / De Bruijn)"] --> B["cyclfind <pattern> <value-at-EIP/RIP><br/>→ offset (CLI, no REPL)"]
B --> C["paybin -u 'A,<offset>' -r <ret-addr> -u 'B,8' … -o payload.bin<br/>→ build the byte payload (unicode pads, hex, reversed/LE, …)"]
C --> D["feed payload.bin to the target<br/>(stdin / arg / socket)"]
E["addbin (sudo)"] -.->|"adds the shebang, chmod +x, symlinks each .py into /bin without the extension"| F["cyclfind / paybin available everywhere in your shell"]
cyclfind.py = cyclic -l on the command line · paybin.py = a flexible payload-bytes
builder · addbin.py = puts your .py tools on PATH.
Pretty much useless, does the same as cyclic -l but in the cli
$ cyclfind
Usage: find.py <string> <pattern>
Example: find.py abcde cd$ cyclfind abcdef de
3This one is usefull, it permits to create pwn payloads very easily
$ paybin
Usage: paybin [options]
Options:
-u <char>,<count> : Unicode UTF-8 (repeats character)
-b <hex> : Bytes (e.g., '1234' becomes \x12\x34)
-r <hex> : Bytes in reverse order
-bx <hex-string> : Hex-encoded bytes (e.g., '\x12\x34')
-rx <hex-string> : Hex-encoded bytes in reverse order
-o <output-file> : Specify output file (required)
-v : Verbose mode (print payload details)
Example: paybin -u A,28 -r 76910408 -o output.bin
paybin -v -u A,28 -rx "\x76\x91\x04\x08" -o output.bin$ paybin -u "A,4" -r "08049182" -u "A,4" -u "B,4" -u "C,4" -v -o payload.bin
Payload written to payload.bin (20 bytes)
Payload length: 20 bytes
Hex view: 4141414182910408414141414242424243434343
ASCII view: AAAA....AAAABBBBCCCC
Bytes view: b'\x41\x41\x41\x41\x82\x91\x04\x08\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43'$ paybin -u "A,4" -r "08049182" -u "A,4" -r "deadbeef" -r "c0debabe" -v -o payload.bin
Payload written to payload.bin (20 bytes)
Payload length: 20 bytes
Hex view: 414141418291040841414141efbeaddebebadec0
ASCII view: AAAA....AAAA........
Bytes view: b'\x41\x41\x41\x41\x82\x91\x04\x08\x41\x41\x41\x41\xef\xbe\xad\xde\xbe\xba\xde\xc0'
elz@Vx00 /share/utils % ### addbin.py
This one is simply used to add binary files to the environement
it does the following :
- read all the files ending with .py in the current directory
- if they don't have the python shebang, add it
- make the file executable
- link it from current dir to /bin and remove the .py
$ sudo addbin
[-] Skipped cyclfind.py
[-] Skipped addbin.py
[-] Skipped paybin.pyHere all the files are skipped because they are allready exported, now i have access to all the .py files everywhere in my terminal
For example it turned only directory local paybin.py to /bin/paybin which makes it available in all the directories