Overview
A personal toolkit that reduces exploit development boilerplate. Not a framework that replaces pwntools, but a layer on top that handles the parts that stay the same across targets.
Shellcode Templates
Pre-tested shellcode for common primitives across architectures, annotated with known constraints: bad bytes, alignment requirements, ASLR considerations.
from edf.shellcode import execve, encode
sc = execve('/bin/sh', arch='x86_64')
sc = encode(sc, avoid=[b'\x00', b'\x0a', b'\x20'])
print(f"[+] shellcode: {len(sc)} bytes")Each template ships with a test harness that runs it in a sandboxed process before you trust it against a target.
ROP Chain Helpers
Gadget finding generates noise. The framework filters against a curated set of useful gadget patterns and ranks by how consistently a gadget appears across libc versions. Less time reading through pop-pop-ret spam.
from edf.rop import GadgetDB
db = GadgetDB('./libc.so.6')
chain = db.build([
('pop rdi', 1),
('ret', 0),
('system', None),
])pwntools Extensions
Small additions that fill gaps: better leak parsing with format string detection, automatic offset finding against a live process via GDB scripting, structured logging that maps addresses to symbols at runtime.
Notes
This is tooling built for personal use and CTF work. It is opinionated, not general-purpose. Some things are hardcoded to assumptions I make consistently.