Paddown is an AES CBC PKCS7 Padding Oracle Attack engine. It simplifies performing Padding Oracle Attack on a vulnerable encryption service. This is useful for both CTF and real-world attacks, where you are in possession of a ciphertext, and have a so called Padding Oracle available.

• Using Paddown is as easy as subclassing the Paddown class overwriting the hasValidPadding(...) method retuning a bool. As argument it takes ciphertext to test against the Padding Oracle. Have your implementation return True if you receive no padding error and False otherwise.

• Now you are ready to call .decrypt() on your class and start decrypting your ciphertext.

Examples can be found in the ./examples directory.

The project can be setup with

python3 -m venv .venv
.venv/bin/activate
pip install -r requirements/dev.txt
pre-commit install

We are open to pull requests.

We use black, flake8 and isort for linting, and implement unit testing using pytest. A pre-commit configuration file has been added, for checking against these linters before comitting.

Please squash all commits when merging a pull request.

To run the unittests, simply run pytest.