Use the pwncli family when you want an interactive exploit driver that stays attached to a specific debug session.
pwncli
pwncli writes the provided script into the session runtime directory, launches it with uv run, and exposes both startup output and any parsed attach result marker.
{"tool":"pwncli","arguments":{"session_id":"chal-a","binary_path":"/workspace/chal","file":"from pwn import *\nprint('ready')\n"}}
Important returned fields
runtime_dir: session-specific directory used for the inline scriptio.current_output: output collected for this callattachment.result: parsed attach result marker when presentstartup.ready: whether the driver reached a ready statestartup.reason: why the wait finishedstartup.alive: whether the driver is still alivestartup.pid: driver process idstartup.replaced: whether an older driver was replaced for this session
{"tool":"sendinput","arguments":{"session_id":"chal-a","data":"AAAA\n"}}
{"tool":"checkoutput","arguments":{"session_id":"chal-a"}}
{"tool":"checkevents","arguments":{"session_id":"chal-a"}}
sendinput writes raw bytes to stdincheckoutput returns buffered output and clears itcheckevents returns structured events plus alive, exit_code, and driver_pid
sendinput does not append a newline automatically.
{"tool":"pwncli_stop","arguments":{"session_id":"chal-a"}}
{"tool":"list_pwncli_sessions","arguments":{}}
pwncli_stop kills the driver bound to a sessionlist_pwncli_sessions lists all active drivers
Behavior notes
- one
pwncli driver per debug session
- launching a new driver for the same session replaces the old one
close_debug_session also stops the session’s active driver
