Skip to content
Automatic exploit generation for simple linux pwn challenges.
Branch: master
Clone or download
Latest commit 4c168e1 Aug 10, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
plugins plugins Aug 10, 2019
LICENSE initial Aug 4, 2019 update Aug 10, 2019 win function option fixed Aug 9, 2019 added canary bruteforcing & fixed some things Aug 8, 2019
requirements.txt initial Aug 4, 2019 plugins Aug 10, 2019 update Aug 10, 2019


Exploits simple linux bof challenges involving alsr, nx and to some extend format strings. You can let it get you a shell or specify a win function that is called.



  • The program expects a local installation of libcdatabase in /home/user/tools/libcdatabase. To run local exploits make sure you add your local libc to libcdatabase (32-bit & 64-bit versions). Also in ~/tools you need a clone of ROPgadget (used for static binary exploitation).


The examples assume you create a 'work' subdirectory in the project folder where you copy the target binary into and run the program from.

Exploit local binary:

python ../ <name>

Run remote challenge

python ../ <name> -rhost <address> -rport <port>


  • a lot, this a just a PoC
  • we assume we can write enough bytes to put our payload after the return pointer overwrite - this is not always the case, so we fail on some binaries

Tested on

You can’t perform that action at this time.