~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

pwninit

Rust ★ 1086 via github-topic
→ View on GitHub

AI Summary: pwninit is a tool designed to automate the setup for binary exploitation challenges by preparing the necessary executables and library files. Key features include the ability to set the challenge binary as executable, download an appropriate linker and debug symbols, patch the binary using patchelf, and generate a customizable pwntools solve script. This streamlines the initial configuration process for security professionals and students engaging in binary exploitation tasks.

README

Checks Status Deploy Status

pwninit

A tool for automating starting binary exploit challenges

Features

  • Set challenge binary to be executable
  • Download a linker (ld-linux.so.*) that can segfaultlessly load the provided libc
  • Download debug symbols and unstrip the libc
  • Patch the binary with patchelf to use the correct RPATH and interpreter for the provided libc
  • Fill in a template pwntools solve script

Usage

Short version

Run pwninit

Long version

Run pwninit in a directory with the relevant files and it will detect which ones are the binary, libc, and linker. If the detection is wrong, you can specify the locations with --bin, --libc, and --ld.

Custom solve.py template

If you don’t like the default template, you can use your own. Just specify --template-path <path>. Check template.py for the template format. The names of the exe, libc, and ld bindings can be customized with --template-bin-name, --template-libc-name, and --template-ld-name.

Persisting custom solve.py

You can make pwninit load your custom template automatically by adding an alias to your ~/.bashrc.

Example
alias pwninit='pwninit --template-path ~/.config/pwninit-template.py --template-bin-name e'

Install

Arch Linux

Install pwninit or pwninit-bin from the AUR.

Download

You can download statically-linked musl binaries from the releases page.

Using cargo

Run

cargo install pwninit

This places the binary in ~/.cargo/bin.

Note that openssl, liblzma, and pkg-config are required for the build.

Example

$ ls
hunter  libc.so.6  readme

$ pwninit
bin: ./hunter
libc: ./libc.so.6

setting ./hunter executable
fetching linker
https://launchpad.net/ubuntu/+archive/primary/+files//libc6_2.23-0ubuntu10_i386.deb
unstripping libc
https://launchpad.net/ubuntu/+archive/primary/+files//libc6-dbg_2.23-0ubuntu10_i386.deb
setting ./ld-2.23.so executable
copying ./hunter to ./hunter_patched
running patchelf on ./hunter_patched
writing solve.py stub

$ ls
hunter	hunter_patched	ld-2.23.so  libc.so.6  readme  solve.py

solve.py:

#!/usr/bin/env python3

from pwn import *

exe = ELF("./hunter_patched")
libc = ELF("./libc.so.6")
ld = ELF("./ld-2.23.so")

context.binary = exe


def conn():
    if args.LOCAL:
        r = process([exe.path])
        if args.GDB:
            gdb.attach(r)
    else:
        r = remote("addr", 1337)

    return r


def main():
    r = conn()

    # good luck pwning :)

    r.interactive()


if __name__ == "__main__":
    main()
exploit rust