Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
By Olivia Brown - Apr 30, 2025
📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP →
ethpwn
A swiss army knife package to help with ethereum smart contract exploit interaction, designed with CTF challenges in mind. Some might call it a set of pwn tools for ethereum exploitation.
- Maintainers
- 2
ethpwn
ethpwn is a project inspired by the widely popular CTF exploitation framework pwntools, and the amazing enhanced GDB utility GEF. In other words, ethpwn is all you ever wanted for debugging and interacting with smart contracts on EVM-based blockchains.
More practically, this package includes a kick-ass command line debugger for simulating and re-playing Ethereum transactions (ethdbg), and a set of convenient wrappers for many web3 functionalities that are useful for interacting with smart contracts.
⚡️ Quick Setup
Release Installation
pip install ethpwn
Developer Installation
Make sure your pip version is >= 23.1.2, then:
git clone git@github.com:ethpwn/ethpwn.git && cd ./ethpwn && pip install -e .
| ❗️ Note |
|---|
To start out, if you haven't created your global config before, you should run ethpwn config create to generate your initial configuration file. This command will interactively prompt you for the most important settings, including the Ethereum node URL to use and wallets you want to use. |
⚡️ Jump Start for ethdbg
ethdbg --txid 0x82a11757c3f34c2882e209c6e5ae96aff3e4db7f7984d54f92b02e1fed87e834 --node-url https://mainnet.infura.io/v3/38eb4be006004da4a89315232040e222
📖 Documentation
⚙️ Currently Supported EVM-based Chains
| Chain Name | Chain Id | Supported |
|---|---|---|
| mainnet | 1 | ✅ |
| sepolia (testnet) | 11155111 | ✅ |
FAQs
A swiss army knife package to help with ethereum smart contract exploit interaction, designed with CTF challenges in mind. Some might call it a set of pwn tools for ethereum exploitation.
We found that ethpwn demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
A New Overview in our Dashboard
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
By André Staltz - Apr 29, 2025
Product
Introducing Socket Fix for Safe, Automated Dependency Upgrades
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.
By John-David Dalton - Apr 25, 2025