4.12.0beta0

What's Changed

• Add --libc libc.so argument to pwn template by @peace-maker in #2212
• Add -p (--prefix) and -s (--separator) arguments to hex command by @marcan2020 in #2117
• Add shellcraft.sleep template wrapping SYS_nanosleep by @peace-maker in #2221
• Allow creating custom templates in user-config directory and using pwn template --template <path> by @hweissi in #2257
• Allow empty argv in ssh.process() (#2217) by @goreil in #2234
• Fix remote and listen in sagemath by @peace-maker in #2202
• Replace isSet with is_set as the former is deprecated in 3.10+ by @maple3142 in #2208
• Convert ELF.search needle to bytes by @zt20xx in #2211
• shellcraft/i386: optimize stackhunter by @Arusekk in #2231
• shellcraft/*/freebsd: match linux in switching cs by @Arusekk in #2232
• Fix passing arguments on the stack in shellcraft syscall template by @peace-maker in #2219
• Resolved issue #1411 abt serial-tube misbehaving. by @fercevik729 in #2228
• Fix format string badbytes inconsistency by @Arusekk in #1895
• Change temp path in install script by @Young-Lord in #2097
• Remove Travis CI Badge from README by @peace-maker in #2220
• Don't change log level for Corefile._parse_stack() by @peace-maker in #2222
• Fix Python 2 editable user install by @peace-maker in #2224
• shellcraft: more explicit sleep.asm docstring by @disconnect3d in #2226
• Use command -v instead of which by @whokilleddb in #1946
• py2: fix long hex in shellcraft etc. by @Arusekk in #2230
• Publish Docker images through CI by @peace-maker in #2236
• ci: stabilize coverage by @Arusekk in #2235
• Added MAP_ADD opcode to list of opcodes in safeeval.py by @fercevik729 in #2243
• Do not overwrite global bytes in examples by @peace-maker in #2240
• Decoded data from recv_all in adb.packages to a string by @fercevik729 in #2237
• Keep Github Actions up-to-date with Dependabot by @peace-maker in #2238
• Fix pushing docker images on manual workflow run by @peace-maker in #2250
• Remove unused and broken rop.find_stack_adjustment by @fercevik729 in #2249
• Only run docker workflow on upstream repo by @peace-maker in #2252
• Rename wd parameter to cwd in ssh.system and ssh.run_to_end by @peace-maker in #2251

New Contributors

• @marcan2020 made their first contribution in #2117
• @maple3142 made their first contribution in #2208
• @zt20xx made their first contribution in #2211
• @fercevik729 made their first contribution in #2228
• @whokilleddb made their first contribution in #1946
• @hweissi made their first contribution in #2257

Full Changelog: 4.11.0...4.12.0beta0

Release 4.11.0

What's Changed

• Make fmtstr module able to create payload without $ notation by @murph12F in #2185
• Add search for libc binary by leaked function addresses by @peace-maker in #2103
• Support for RISC-V 64-bit architecture by @Xeonacid in #2177
• ELF.nx and ELF.execstack enhancements by @yuvalpoliti in #2186
• Handle context.newline correctly in tube.interactive() by @peace-maker in #2129
• Fix bug at ssh.py:download and download_file with relative paths by @goreil in #2214
• Fix ssh.process not setting ssh_process.cwd by @peace-maker in #2241
• Fix corefile module after pyelftools update by @peace-maker in #2261
• Lots of bug fixes and documentation improvements

New Contributors

• @Jusb3 made their first contribution in #2152
• @nathan9991 made their first contribution in #2157
• @dfyz made their first contribution in #2167
• @Minei3oat made their first contribution in #2163
• @murph12F made their first contribution in #2185
• @ElouanFiore made their first contribution in #2192
• @yuvalpoliti made their first contribution in #2186
• @jamestiotio made their first contribution in #2174
• @Jakub259 made their first contribution in #2158

Full Changelog: 4.10.0...4.11.0

Release 4.11.0beta0

• #2185 make fmtstr module able to create payload without $ notation
• #2103 Add search for libc binary by leaked function addresses libcdb.search_by_symbol_offsets()
• #2177 Support for RISC-V 64-bit architecture
• #2186 Enhance ELF.nx and ELF.execstack
• #2129 Handle context.newline correctly when typing in tube.interactive()

Release 4.10.0 in memoriam Zach Riggle

In memoriam — Zach Riggle — long time contributor and maintainer of Pwntools.

• #2062 make pwn cyclic -l work with entry larger than 4 bytes
• #2092 shellcraft: dup() is now called dupio() consistently across all supported arches
• #2093 setresuid() in shellcraft uses current euid by default
• #2125 Allow tube.recvregex to return capture groups
• #2144 Removes p2align 2 asm() headers from x86-32, x86-64 and mips architectures to avoid inconsistent instruction length when patching binaries

Release 4.10.0beta0

• #2062 make pwn cyclic -l work with entry larger than 4 bytes
• #2092 shellcraft: dup() is now called dupio() consistently across all supported arches
• #2093 setresuid() in shellcraft uses current euid by default
• #2125 Allow tube.recvregex to return capture groups
• #2144 Removes p2align 2 asm() headers from x86-32, x86-64 and mips architectures to avoid inconsistent instruction length when patching binaries

Release 4.9.0

• #1975 Add libcdb commandline tool
• #1979 Add js_escape() and js_unescape() to util.fiddling
• #2011 Fix tube's debug output of same byte compression
• #2023 Support KDE Konsole in run_in_new_terminal function
• #2027 Fix ELF.libc_start_main_return with glibc 2.34
• #2033 Quote file and core path in generated GDB script
• #2035 Change Buffer's parent class to object
• #2037 Allow SSH tunnel to be treated like a TCP socket (with 'raw=True')
• #2123 Fix ROP without a writeable cache directory
• #2124 Fix tube.recvpred() timeout argument

Release 4.9.0beta0

• #1975 Add libcdb commandline tool
• #1979 Add js_escape() and js_unescape() to util.fiddling
• #2011 Fix tube's debug output of same byte compression
• #2023 Support KDE Konsole in run_in_new_terminal function
• #2027 Fix ELF.libc_start_main_return with glibc 2.34
• #2033 Quote file and core path in generated GDB script
• #2035 Change Buffer's parent class to object
• #2037 Allow SSH tunnel to be treated like a TCP socket (with 'raw=True')

Release 4.8.0

• #1922 Fix logic in wait_for_debugger
• #1828 libcdb: Load debug info and unstrip libc binary
• #1939 Fix error in validating log levels
• #1981 Fix cyclic_find() to make it work with large int values

Release 4.7.1

• #1784 Use temporary cache directory when persistent cache cannot be used
• #1973 ELF symbols can be looked up by bytes values
• several bugfixes (#2012, #2031, #1912, #1961, #2007, #2040, #2051)

Release 4.8.0beta0

• #1922 Fix logic in wait_for_debugger
• #1828 libcdb: Load debug info and unstrip libc binary
• #1939 Fix error in validating log levels
• #1981 Fix cyclic_find() to make it work with large int values