Pwntools Template by Christos.S

#!/usr/bin/python3
from pwn import *

context.terminal = ['tmux', 'splitw', '-v']

binary = './rop'
elf = ELF(binary)

ssh_en = False
if args.R:
	host = '2019shell1.picoctf.com'
	port = 22
	
	if ssh_en:
		user = ''
		password = ''
		r = ssh(user=user, host=host, port=port, password=password)

def start():
	if args.R:
		if not ssh_en: return remote(host, port)
		else: return r.process(binary, cwd='/problems/leap-frog_1_2944cde4843abb6dfd6afa31b00c703c')
	
	else:
		gs = '''
		init-gef
		c
		'''
		if args.GDB: return gdb.debug(elf.path, gs)
		else: return process(elf.path)

io = start()
	
io.interactive()

Pwntools Template by Evangelospro

#!/usr/bin/python3
import sys
import subprocess
NAME = "YOURNAME"

import argparse
all_args = argparse.ArgumentParser()
all_args.add_argument("-ip", "--ip-address", required=True,
   help="IP Address (remote)")
all_args.add_argument("-p", "--port", required=True,
   help="Port (remote)")
all_args.add_argument("-b", "--binary", required=True,
   help="Binary file (Local)")
all_args.add_argument("--patch", required=False,
   help="Patch with patchelf)")

args = vars(all_args.parse_args())

host = args['ip_address']
port = args['port']
binary = args['binary']
patch = args['patch']
print(args)
path = input("PWN solution filename(Default is 'autopwn_(binary_name).py': ")
if path == "" or path == " ":
    path = f"autopwn_{binary}.py"
with open(path, 'w') as f:
    f.write(f"""
#!/usr/bin/python3
# Writeup by {NAME}
import os
from pwn import *

dir_path =  os.path.dirname(__file__)
patch = {patch}
if patch is not None:
    subprocess.call(f"PATH_TO_THE_PWNINIT_BINRY_FOR_LIBC_PATCHING(<https://github.com/io12/pwninit>) --no-template --bin {binary}", shell=True)
    binary_path = dir_path + f"/{binary}_patched"
else:
    binary_path = dir_path + f"/{binary}"
elf = context.binary = ELF(binary_path, checksec=True)

def pwn_ssh():
    host = "{host}"
    port = "{port}"
    user = input("ssh user:")
    password = input("ssh password: ")
    return ssh(user=user, host=host, port=port, password=password)

def pwn_remote():
    host = "{host}"
    port = "{port}"
    return remote(host, port)

def pwn_gdb():
    gdbscript = '''
    init-pwndbg
    continue
    '''
    return gdb.debug(elf.path, gdbscript)

def pwn_local():
    return process(elf.path, cwd=dir_path)

# Find offset to EIP/RIP for buffer overflows
def find_xip(payload, arch):
    print(arch)
    # Launch process and send the payload
    io = process(elf.path)
    io.sendlineafter(b'>', payload)
    # Wait for the process to crash
    io.wait()
    # Print out the address of EIP/RIP at the time of crashing
    if "i386" in arch:
        xip_offset = cyclic_find(io.corefile.pc)  # x86
    elif "64" in arch:
        xip_offset = cyclic_find(io.corefile.read(io.corefile.sp, 4))  # x64
    info('The EIP/RIP offset is ')
    success(str(xip_offset))
    return int(xip_offset)

def start():
    if args.R:
        return pwn_remote()
    elif args.S:
        return pwn_ssh()
    elif args.L:
        return pwn_local()
    elif args.GDB:
        return pwn_gdb()
    else:
        print("Please select an argument from [remote(R), local(L), ssh(S), GDB(GDB)]")
        quit()
padding = find_xip(cyclic(250), elf.get_machine_arch())
io = start()
# ===============================================================================================
#                                 !!!EXPLOIT GOES HERE!!!
# ===============================================================================================
io.interactive()""")