Release 4.13.0beta0

What's Changed

• Term module revamp: activating special handling of terminal only when necessary by @Arusekk in #2242
• Detect challenge binary and libc in pwn template by @peace-maker in #2309
• Add support to start a process on Windows by @peace-maker in #2310
• Add basic darwin support for shellcrafter by @patryk4815 in #2161
• Explicitly define p64/u64 functions for IDE support by @peace-maker in #2189
• Add ELF.stripped and ELF.debuginfo properties by @peace-maker in #2336
• Fix: Allow setting attributes on gdb Breakpoints by @Nils1729 in #2339
• Fix gdb.debug: exe parameter now respected, allow empty argv by @goreil in #2233
• Fix getting right amount of data for ELF.search by @gordiig in #2281
• Add x86 CET status to checksec output by @peace-maker in #2293
• elf: Resolve more relocations into GOT entries by @Arusekk in #2277
• rop: Make stack move faster by @Arusekk in #2300
• Fix Python 3.12 warning in pwn libcdb by @xambroz in #2302
• Remove unnecessary python2 shebangs by @xambroz in #2301
• Allow to add to the existing environment in process instead of replacing it by @heapcrash in #1763
• Allow to add to the existing environment in ssh instead of replacing it by @heapcrash in #1764
• Fix pwn libcdb file crashing if "/bin/sh" string was not found by @xambroz in #2307
• Fix support for amd64 x32 ABI by @peace-maker in #2305
• Nicer error when running tmux exploit outside tmux by @peace-maker in #2314
• Bump unicorn dependency to >=2.0.1 by @peace-maker in #2315
• Make sure winexec is 16 byte aligned and add nCmdShow option by @kizzx2 in #2308
• elf/corefile: Clean up pyelftools workarounds by @Arusekk in #2319
• Make pwn template always set context.binary by @FlorianKothmeier in #2279
• Add timeout to gdbserver by @Ordoviz in #2321
• Fix unhex for odd length bytes by @Vsyl in #2333
• Speed up pwn disasm with colored output by @Vsyl in #2334
• Lookup using $PATHEXT file extensions in which on Windows by @peace-maker in #2328
• fix: follow symlink for libs on ssh connection by @teddav in #2338
• Make sure TERM_PROGRAM points to a valid program in run_in_new_terminal by @peace-maker in #2329
• Retry failed lookups after one week in libcdb by @peace-maker in #2323
• Match against local system libc first in libcdb by @peace-maker in #2325
• checksec.py: import ELF instead of * by @disconnect3d in #2346
• Fix pwn constgrep when it matches a non-constant type (Fixes #2344) by @disconnect3d in #2345
• Launch GDB correctly in iTerm on Mac by @teddav in #2341
• Improved DynELF address resolutions and symbol lookups by @Bl4ck-C4t in #2335
• Add a flatten argument to ssh.libs by @ValekoZ in #2268
• Fix Unicorn Engine 1GB limit that calls exit: raise OSError instead (Fixes #2343) by @disconnect3d in #2347

New Contributors

• @gordiig made their first contribution in #2281
• @xambroz made their first contribution in #2302
• @kizzx2 made their first contribution in #2308
• @FlorianKothmeier made their first contribution in #2279
• @Ordoviz made their first contribution in #2321
• @Vsyl made their first contribution in #2333
• @teddav made their first contribution in #2338
• @Nils1729 made their first contribution in #2339
• @patryk4815 made their first contribution in #2161
• @Bl4ck-C4t made their first contribution in #2335
• @ValekoZ made their first contribution in #2268

Full Changelog: 4.12.0...4.13.0beta0

Release 4.12.0

What's Changed

• Add --libc libc.so argument to pwn template by @peace-maker in #2212
• Add -p (--prefix) and -s (--separator) arguments to hex command by @marcan2020 in #2117
• Allow creating custom templates in user-config directory by @hweissi in #2257
• Allow empty argv in ssh.process() (#2217) by @goreil in #2234
• Add shellcraft.sleep template wrapping SYS_nanosleep by @peace-maker in #2221
• shellcraft: more explicit sleep.asm docstring by @disconnect3d in #2226
• Allow ELF.search(str) by @zt20xx in #2211
• Fix format string badbytes inconsistency by @Arusekk in #1895
• Fix passing arguments on the stack in shellcraft syscall template by @peace-maker in #2219
• Fix remote and listen in sagemath by @peace-maker in #2202
• Don't change log level for Corefile._parse_stack() by @peace-maker in #2222
• Fix crash in serialtube when connection fails by @fercevik729 in #2228
• Use command -v instead of which by @whokilleddb in #1946
• py2: fix long hex in shellcraft etc. by @Arusekk in #2230
• shellcraft/i386: optimize stackhunter by @Arusekk in #2231
• shellcraft/*/freebsd: match linux in switching cs by @Arusekk in #2232
• Replace isSet with is_set as the former is deprecated in 3.10+ by @maple3142 in #2208
• Added MAP_ADD opcode to list of opcodes in safeeval.py by @fercevik729 in #2243
• Do not overwrite global bytes in examples by @peace-maker in #2240
• Decoded data from recv_all in adb.packages to a string by @fercevik729 in #2237
• Remove unused and broken rop.find_stack_adjustment by @fercevik729 in #2249
• Rename wd parameter to cwd in ssh.system and ssh.run_to_end by @peace-maker in #2251
• Fix readline omitting a trailing \n by @peace-maker in #2349
• Add RETURN_CONST as an allowed _const_code in safeeval for Python 3.12 compatibility by @erikleffler in #2352
• Change temp path in install script by @Young-Lord in #2097
• Publish Docker images through CI by @peace-maker in #2236
• ci: stabilize coverage by @Arusekk in #2235
• Keep Github Actions up-to-date with Dependabot by @peace-maker in #2238

New Contributors

• @marcan2020 made their first contribution in #2117
• @maple3142 made their first contribution in #2208
• @zt20xx made their first contribution in #2211
• @fercevik729 made their first contribution in #2228
• @whokilleddb made their first contribution in #1946
• @hweissi made their first contribution in #2257
• @erikleffler made their first contribution in #2352

Full Changelog: 4.11.1...4.12.0

Release 4.12.0beta1

What's Changed

• Fix _countdown_handler not invoking timeout_change; Fix value is valu… by @TanixLu in #2287
• Fix tube.clean_and_log not logging buffered data by @peace-maker in #2272
• FIX: Generated shebang with path to python invalid if path contains spaces by @ksshen0000 in #2285
• shellcraft.aarch64: Fix atexit SEGV in loader by @Arusekk in #2294
• Python 2: Fix installing from source by @peace-maker in #2298

New Contributors

• @TanixLu made their first contribution in #2287
• @ksshen0000 made their first contribution in #2285

Full Changelog: 4.12.0beta0...4.12.0beta1

Release 4.11.1

What's Changed

• Fix _countdown_handler not invoking timeout_change; Fix value is valu… by @TanixLu in #2287
• Fix tube.clean_and_log not logging buffered data by @peace-maker in #2272
• FIX: Generated shebang with path to python invalid if path contains spaces by @ksshen0000 in #2285
• shellcraft.aarch64: Fix atexit SEGV in loader by @Arusekk in #2294
• Python 2: Fix installing from source by @peace-maker in #2298

New Contributors

• @TanixLu made their first contribution in #2287
• @ksshen0000 made their first contribution in #2285

Full Changelog: 4.11.0...4.11.1

4.12.0beta0

What's Changed

• Add --libc libc.so argument to pwn template by @peace-maker in #2212
• Add -p (--prefix) and -s (--separator) arguments to hex command by @marcan2020 in #2117
• Add shellcraft.sleep template wrapping SYS_nanosleep by @peace-maker in #2221
• Allow creating custom templates in user-config directory and using pwn template --template <path> by @hweissi in #2257
• Allow empty argv in ssh.process() (#2217) by @goreil in #2234
• Fix remote and listen in sagemath by @peace-maker in #2202
• Replace isSet with is_set as the former is deprecated in 3.10+ by @maple3142 in #2208
• Convert ELF.search needle to bytes by @zt20xx in #2211
• shellcraft/i386: optimize stackhunter by @Arusekk in #2231
• shellcraft/*/freebsd: match linux in switching cs by @Arusekk in #2232
• Fix passing arguments on the stack in shellcraft syscall template by @peace-maker in #2219
• Resolved issue #1411 abt serial-tube misbehaving. by @fercevik729 in #2228
• Fix format string badbytes inconsistency by @Arusekk in #1895
• Change temp path in install script by @Young-Lord in #2097
• Remove Travis CI Badge from README by @peace-maker in #2220
• Don't change log level for Corefile._parse_stack() by @peace-maker in #2222
• Fix Python 2 editable user install by @peace-maker in #2224
• shellcraft: more explicit sleep.asm docstring by @disconnect3d in #2226
• Use command -v instead of which by @whokilleddb in #1946
• py2: fix long hex in shellcraft etc. by @Arusekk in #2230
• Publish Docker images through CI by @peace-maker in #2236
• ci: stabilize coverage by @Arusekk in #2235
• Added MAP_ADD opcode to list of opcodes in safeeval.py by @fercevik729 in #2243
• Do not overwrite global bytes in examples by @peace-maker in #2240
• Decoded data from recv_all in adb.packages to a string by @fercevik729 in #2237
• Keep Github Actions up-to-date with Dependabot by @peace-maker in #2238
• Fix pushing docker images on manual workflow run by @peace-maker in #2250
• Remove unused and broken rop.find_stack_adjustment by @fercevik729 in #2249
• Only run docker workflow on upstream repo by @peace-maker in #2252
• Rename wd parameter to cwd in ssh.system and ssh.run_to_end by @peace-maker in #2251

New Contributors

• @marcan2020 made their first contribution in #2117
• @maple3142 made their first contribution in #2208
• @zt20xx made their first contribution in #2211
• @fercevik729 made their first contribution in #2228
• @whokilleddb made their first contribution in #1946
• @hweissi made their first contribution in #2257

Full Changelog: 4.11.0...4.12.0beta0

Release 4.11.0

What's Changed

• Make fmtstr module able to create payload without $ notation by @murph12F in #2185
• Add search for libc binary by leaked function addresses by @peace-maker in #2103
• Support for RISC-V 64-bit architecture by @Xeonacid in #2177
• ELF.nx and ELF.execstack enhancements by @yuvalpoliti in #2186
• Handle context.newline correctly in tube.interactive() by @peace-maker in #2129
• Fix bug at ssh.py:download and download_file with relative paths by @goreil in #2214
• Fix ssh.process not setting ssh_process.cwd by @peace-maker in #2241
• Fix corefile module after pyelftools update by @peace-maker in #2261
• Lots of bug fixes and documentation improvements

New Contributors

• @Jusb3 made their first contribution in #2152
• @nathan9991 made their first contribution in #2157
• @dfyz made their first contribution in #2167
• @Minei3oat made their first contribution in #2163
• @murph12F made their first contribution in #2185
• @ElouanFiore made their first contribution in #2192
• @yuvalpoliti made their first contribution in #2186
• @jamestiotio made their first contribution in #2174
• @Jakub259 made their first contribution in #2158

Full Changelog: 4.10.0...4.11.0

Release 4.11.0beta0

• #2185 make fmtstr module able to create payload without $ notation
• #2103 Add search for libc binary by leaked function addresses libcdb.search_by_symbol_offsets()
• #2177 Support for RISC-V 64-bit architecture
• #2186 Enhance ELF.nx and ELF.execstack
• #2129 Handle context.newline correctly when typing in tube.interactive()

Release 4.10.0 in memoriam Zach Riggle

In memoriam — Zach Riggle — long time contributor and maintainer of Pwntools.

• #2062 make pwn cyclic -l work with entry larger than 4 bytes
• #2092 shellcraft: dup() is now called dupio() consistently across all supported arches
• #2093 setresuid() in shellcraft uses current euid by default
• #2125 Allow tube.recvregex to return capture groups
• #2144 Removes p2align 2 asm() headers from x86-32, x86-64 and mips architectures to avoid inconsistent instruction length when patching binaries

Release 4.10.0beta0

• #2062 make pwn cyclic -l work with entry larger than 4 bytes
• #2092 shellcraft: dup() is now called dupio() consistently across all supported arches
• #2093 setresuid() in shellcraft uses current euid by default
• #2125 Allow tube.recvregex to return capture groups
• #2144 Removes p2align 2 asm() headers from x86-32, x86-64 and mips architectures to avoid inconsistent instruction length when patching binaries

Release 4.9.0

• #1975 Add libcdb commandline tool
• #1979 Add js_escape() and js_unescape() to util.fiddling
• #2011 Fix tube's debug output of same byte compression
• #2023 Support KDE Konsole in run_in_new_terminal function
• #2027 Fix ELF.libc_start_main_return with glibc 2.34
• #2033 Quote file and core path in generated GDB script
• #2035 Change Buffer's parent class to object
• #2037 Allow SSH tunnel to be treated like a TCP socket (with 'raw=True')
• #2123 Fix ROP without a writeable cache directory
• #2124 Fix tube.recvpred() timeout argument