pwntools now includes "pwn template"

[zachriggle]

As of the (future) Pwntools 3.6.0 release, a new command-line helper pwn template is available which supplants much of the functionality in pwnup. See here for more information: Gallopsled/pwntools#909.

The only thing that it does not do is the I/O recording, which seems useful, but less useful than the template generation.

Do you have any suggestions for the current pwn template implementation? Would you be willing to bless it as a pwnup replacement?

Thanks!
Zach

[vitapluvia]

Hi Zach!

Thanks so much for adding this feature to pwntools! This is incredible!

Before creating this tool I had thought of keeping common templates around, copying different client types based on what was needed, replacing the string for host & port etc.

I'd argue to keep the record feature in the future. It became very useful to be able to record stdio without having to worry about the minutia of characters to recvuntil, etc. It helps to have all of this figured out when we really want to focus on the CTF challenge, and keep our heads in the context of the game.

If possible, I'd love to contribute a pull request to pwntools to add the recording feature and possibly split apart the templates into the various types of clients, similar to how pwnup works right now (remote, ssh, local).

~Vita

[zachriggle]

As things are now, there shouldn't be any need to split up the templates.

The design of the current template used by pwn template is so that you can trivially switch between remote and local exploitation, and easily enable / disable the debugger. This is something that pwnup doesn't appear to handle.

[vitapluvia]

Ah I see, I was only looking at the local & remote methods included in the TCP remote & SSH examples. Didn't see all the conditionals in the template.

That is a nice feature to be able to switch! Do you think the recording feature makes sense to add?

[vitapluvia]

Other than the recording, I'm ready to deprecate pwnup in favor of pwn template 👍