pwn 0.5.613 → 0.5.615

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +10 -10
  3. data/README.md +110 -24
  4. data/documentation/AI-Integration.md +36 -0
  5. data/documentation/BurpSuite.md +26 -0
  6. data/documentation/Contributing.md +31 -0
  7. data/documentation/Diagrams.md +57 -0
  8. data/documentation/Drivers.md +25 -0
  9. data/documentation/General-PWN-Usage.md +40 -0
  10. data/documentation/Home.md +51 -0
  11. data/documentation/How-PWN-Works.md +60 -0
  12. data/documentation/Installation.md +50 -0
  13. data/documentation/NmapIt.md +18 -0
  14. data/documentation/Plugins.md +59 -0
  15. data/documentation/Reporting.md +28 -0
  16. data/documentation/SAST.md +32 -0
  17. data/documentation/Skills-Memory-Learning.md +44 -0
  18. data/documentation/Transparent-Browser.md +32 -0
  19. data/documentation/Troubleshooting.md +38 -0
  20. data/documentation/What-is-PWN.md +34 -0
  21. data/documentation/Why-PWN.md +18 -0
  22. data/documentation/diagrams/ai-integration-tool-calling.svg +134 -0
  23. data/documentation/diagrams/burp-vs-zap-preference.svg +84 -0
  24. data/documentation/diagrams/code-scanning-sast.svg +112 -0
  25. data/documentation/diagrams/dot/ai-integration-tool-calling.dot +23 -0
  26. data/documentation/diagrams/dot/burp-vs-zap-preference.dot +15 -0
  27. data/documentation/diagrams/dot/code-scanning-sast.dot +21 -0
  28. data/documentation/diagrams/dot/driver-framework.dot +17 -0
  29. data/documentation/diagrams/dot/fuzzing-workflow.dot +27 -0
  30. data/documentation/diagrams/dot/history-to-drivers.dot +20 -0
  31. data/documentation/diagrams/dot/memory-skills-detailed.dot +28 -0
  32. data/documentation/diagrams/dot/network-infra-testing.dot +22 -0
  33. data/documentation/diagrams/dot/overall-pwn-architecture.dot +49 -0
  34. data/documentation/diagrams/dot/penetration-testing-workflow.dot +29 -0
  35. data/documentation/diagrams/dot/plugin-ecosystem.dot +31 -0
  36. data/documentation/diagrams/dot/pwn-ai-feedback-learning-loop.dot +57 -0
  37. data/documentation/diagrams/dot/pwn-repl-prototyping.dot +37 -0
  38. data/documentation/diagrams/dot/reporting-pipeline.dot +17 -0
  39. data/documentation/diagrams/dot/reverse-engineering-flow.dot +21 -0
  40. data/documentation/diagrams/dot/sessions-cron-automation.dot +17 -0
  41. data/documentation/diagrams/dot/web-application-testing.dot +27 -0
  42. data/documentation/diagrams/dot/zero-day-research-flow.dot +27 -0
  43. data/documentation/diagrams/driver-framework.svg +90 -0
  44. data/documentation/diagrams/fuzzing-workflow.svg +147 -0
  45. data/documentation/diagrams/history-to-drivers.svg +117 -0
  46. data/documentation/diagrams/memory-skills-detailed.svg +154 -0
  47. data/documentation/diagrams/network-infra-testing.svg +121 -0
  48. data/documentation/diagrams/overall-pwn-architecture.svg +234 -0
  49. data/documentation/diagrams/penetration-testing-workflow.svg +148 -0
  50. data/documentation/diagrams/plugin-ecosystem.svg +172 -0
  51. data/documentation/diagrams/pwn-ai-feedback-learning-loop.svg +234 -0
  52. data/documentation/diagrams/pwn-repl-prototyping.svg +179 -0
  53. data/documentation/diagrams/reporting-pipeline.svg +91 -0
  54. data/documentation/diagrams/reverse-engineering-flow.svg +114 -0
  55. data/documentation/diagrams/sessions-cron-automation.svg +92 -0
  56. data/documentation/diagrams/web-application-testing.svg +137 -0
  57. data/documentation/diagrams/zero-day-research-flow.svg +149 -0
  58. data/documentation/pwn-REPL.md +33 -0
  59. data/documentation/pwn-ai-Agent.md +43 -0
  60. data/lib/pwn/ai/agent/learning.rb +377 -0
  61. data/lib/pwn/ai/agent/loop.rb +18 -3
  62. data/lib/pwn/ai/agent/metrics.rb +155 -0
  63. data/lib/pwn/ai/agent/prompt_builder.rb +23 -3
  64. data/lib/pwn/ai/agent/tools/learning.rb +113 -0
  65. data/lib/pwn/ai/agent/tools/skills.rb +94 -8
  66. data/lib/pwn/ai/agent.rb +2 -0
  67. data/lib/pwn/ai/grok.rb +249 -106
  68. data/lib/pwn/config.rb +86 -13
  69. data/lib/pwn/plugins/monkey_patch.rb +2 -2
  70. data/lib/pwn/plugins/repl.rb +68 -3
  71. data/lib/pwn/version.rb +1 -1
  72. data/spec/lib/pwn/ai/agent/learning_spec.rb +68 -0
  73. data/spec/lib/pwn/ai/agent/metrics_spec.rb +27 -0
  74. data/spec/lib/pwn/ai/agent/tools/learning_spec.rb +30 -0
  75. metadata +84 -34
  76. data/documentation/PWN.png +0 -0
  77. data/documentation/PWN_Contributors_and_Users.png +0 -0
  78. data/documentation/fax-spectrogram.png +0 -0
  79. data/documentation/fax-waveform.png +0 -0
  80. data/documentation/frozen_string_literal_files_changed_from_false_to_true.txt +0 -54
  81. data/documentation/lifecycle_authz_replay.example.yaml +0 -27
  82. data/documentation/pwn_android_war_dialer_session.png +0 -0
  83. data/documentation/pwn_install.png +0 -0
  84. data/documentation/pwn_wallpaper.jpg +0 -0
  85. data/documentation/ringing-spectrogram.png +0 -0
  86. data/documentation/ringing-waveform.png +0 -0
  87. data/documentation/vulnerability_report_template.md +0 -37
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0563c6746728c394749e21798be5d36bceea0ce56035d9335c502859d6759e26
4
- data.tar.gz: 9120b0f1dd304181819f92c818aada0410e3e597cb8b5786014d29af645bf414
3
+ metadata.gz: fbf42ff07a821ff15cc7ed8596ac349ae600d93af5f1a55a1472d406583dc1b9
4
+ data.tar.gz: 762e04766f4eac41a212a08674a3d1821d84d9b6ba875c09f7a36ad81fa9e708
5
5
  SHA512:
6
- metadata.gz: e568e242a20341084cd27c12f899b31125eb7b91c07c0df0b54782798c293b2787ab78fcdd1ff1f751cd7e83f928777586e534e1e3c0a7d7bbf2f0a0dd355dfe
7
- data.tar.gz: 0e833b7e1ccab11809488dff111ca65c5f41919e7f5f6d62653898f0daf0a72ad86d154814467a74e8b8a2d79c0764a551c616acc1ec2d868b00108878589088
6
+ metadata.gz: 7784a0441263b4095b05de321dcbaed24f1e20994de361500a9d757aa537770479420ff6a99e6f94eed1f131ae0e0741050b55449cc0501f0921b2bbc75adb61
7
+ data.tar.gz: c5008f8578a0b04e61e2d44429775d2bc9963e16da6091d63e84880539adecdccfa47adbe4e7d241f223e32b56dc072362b8dbb932037a87187f34854781c13b
data/Gemfile CHANGED
@@ -20,7 +20,7 @@ gem 'base32', '0.3.4'
20
20
  gem 'bitcoin-ruby', '0.0.20'
21
21
  gem 'brakeman', '8.0.5'
22
22
  gem 'bson', '5.2.0'
23
- gem 'bundler', '>=4.0.14'
23
+ gem 'bundler', '>=4.0.15'
24
24
  gem 'bundler-audit', '>=0.9.3'
25
25
  gem 'bunny', '3.1.0'
26
26
  gem 'colorize', '1.1.0'
@@ -36,7 +36,7 @@ gem 'ffi', '1.17.4'
36
36
  gem 'gdb', '1.0.0'
37
37
  gem 'gem-wrappers', '1.4.0'
38
38
  gem 'geocoder', '1.8.6'
39
- gem 'gist', '6.0.0'
39
+ gem 'gist', '6.1.0'
40
40
  gem 'gruff', '0.32.0'
41
41
  gem 'htmlentities', '4.4.2'
42
42
  gem 'ipaddress', '0.8.3'
@@ -48,9 +48,9 @@ gem 'json_schemer', '2.5.0'
48
48
  gem 'jwt', '3.2.0'
49
49
  gem 'libusb', '0.7.2'
50
50
  gem 'luhn', '3.0.0'
51
- gem 'mail', '2.9.0'
52
- gem 'mcp', '0.20.0'
53
- gem 'meshtastic', '0.0.165'
51
+ gem 'mail', '2.9.1'
52
+ gem 'mcp', '0.23.0'
53
+ gem 'meshtastic', '0.0.167'
54
54
  gem 'metasm', '1.0.6'
55
55
  gem 'mongo', '2.24.1'
56
56
  gem 'msfrpc-client', '1.1.2'
@@ -59,7 +59,7 @@ gem 'net-ldap', '0.20.0'
59
59
  gem 'net-openvpn', '0.8.7'
60
60
  gem 'net-smtp', '0.5.1'
61
61
  gem 'nexpose', '7.3.0'
62
- gem 'nokogiri', '1.19.3'
62
+ gem 'nokogiri', '1.19.4'
63
63
  gem 'nokogiri-diff', '0.3.0'
64
64
  gem 'oily_png', '1.2.1'
65
65
  gem 'open3', '0.2.1'
@@ -77,21 +77,21 @@ gem 'rbvmomi2', '3.10.0'
77
77
  gem 'rdoc', '7.0.4'
78
78
  gem 'rest-client', '2.1.0'
79
79
  gem 'rex', '2.0.13'
80
- gem 'rmagick', '7.0.4'
80
+ gem 'rmagick', '7.0.5'
81
81
  gem 'rqrcode', '3.2.0'
82
82
  gem 'rspec', '3.13.2'
83
83
  gem 'rtesseract', '3.1.4'
84
- gem 'rubocop', '1.88.0'
84
+ gem 'rubocop', '1.88.1'
85
85
  gem 'rubocop-rake', '0.7.1'
86
86
  gem 'rubocop-rspec', '3.10.2'
87
87
  gem 'ruby-audio', '1.6.1'
88
88
  gem 'ruby-nmap', '1.0.3'
89
89
  gem 'ruby-saml', '1.18.1'
90
90
  gem 'rvm', '1.11.3.9'
91
- gem 'savon', '2.17.2'
91
+ gem 'savon', '2.17.4'
92
92
  gem 'selenium-devtools', '0.149.0'
93
93
  gem 'selenium-webdriver', '4.45.0'
94
- gem 'slack-ruby-client', '3.1.0'
94
+ gem 'slack-ruby-client', '3.2.0'
95
95
  gem 'socksify', '1.8.1'
96
96
  gem 'spreadsheet', '1.3.5'
97
97
  gem 'sqlite3', '2.9.5'
data/README.md CHANGED
@@ -1,34 +1,92 @@
1
1
  ![PWN](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/PWN.png)
2
2
 
3
3
  ### **Table of Contents** ###
4
+
4
5
  - [Intro](#intro)
5
6
  * [What is PWN](#what-is-pwn)
6
7
  * [Why PWN](#why-pwn)
7
8
  * [How PWN Works](#how-pwn-works)
9
+ - [[Local PWN Wiki](/opt/pwn/documentation/Home.md)
8
10
  - [Installation](#installation)
9
11
  - [General Usage](#general-usage)
10
12
  - [Call to Arms](#call-to-arms)
11
13
  - [Module Documentation](#module-documentation)
12
14
  - [Keep Us Caffeinated](#keep-us-caffeinated)
13
- - [0x004D65726368](#0x004D65726368)
14
-
15
+ - [0x004D65726368](#0x004d65726368)
15
16
 
16
17
  ### **Intro** ###
18
+
17
19
  #### **What is PWN** ####
18
- PWN (Pronounced /pōn/ or pone), is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation. Build your own custom automation drivers freely and easily using pre-built modules.
19
20
 
21
+ PWN (Pronounced /pōn/ or pone), is a powerful open-source offensive cybersecurity automation framework and continuous security integration platform. It enables security researchers, red teamers, penetration testers, and vulnerability researchers to rapidly discover zero-days, automate exploitation, perform advanced web application testing, conduct source code analysis (SAST), orchestrate infrastructure reconnaissance, and execute AI-augmented autonomous security operations.
22
+
23
+ PWN stands on the shoulders of security giants, providing over **66** production-grade plugins, full LLM integration with tool-calling agents, persistent memory, reusable skills, session/cron management, and a highly interactive REPL for prototyping and driving complex security workflows. All core automation primitives are open to promote trust, peer review, and collaborative innovation in adversarial security.
24
+
25
+ **See the full [PWN Wiki](/opt/pwn/documentation/Home.md) for detailed guides.**
20
26
 
21
27
  #### **Why PWN** ####
22
- It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.
23
28
 
29
+ In cybersecurity, where proprietary black-box tools dominate and threats evolve daily, an open framework for core security primitives, vulnerability research, exploitation techniques, and intelligent automation is essential. PWN ensures foundational modules remain transparent and auditable while providing seamless bridges to commercial and open security tools (e.g. Burp Suite Professional, Metasploit, Nmap, Nessus, and multiple LLMs).
30
+
31
+ Broad collaboration accelerates zero-day discovery, reliable exploit development, continuous vulnerability management in CI/CD pipelines, and the creation of reusable AI-driven security skills. PWN makes advanced red team and vuln research capabilities accessible and extensible to all.
32
+
33
+ See [Why PWN](documentation/Why-PWN.md) in the wiki.
24
34
 
25
35
  #### **How PWN Works** ####
26
- Leveraging various pre-built modules and the pwn prototyper, you can mix-and-match modules to test, record, replay, and rollout your own custom security automation packages known as, "drivers." Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
27
36
 
37
+ #### **PWN AI Feedback Learning Loop (Self-Improving Agent)**
38
+
39
+ The core of pwn-ai is a closed feedback loop for autonomous improvement:
40
+
41
+ ![PWN AI Feedback Learning Loop](documentation/diagrams/pwn-ai-feedback-learning-loop.svg)
42
+
43
+ See full details in [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md) and the [Diagrams](documentation/Diagrams.md) wiki page.
44
+
45
+
46
+ PWN is structured as a Ruby gem with a rich namespace:
47
+
48
+ - `PWN::Plugins::*` — **66+** specialized modules ([BurpSuite](documentation/BurpSuite.md) [preferred for web proxying/scanning], [Zaproxy](documentation/Plugins.md) [fallback], [Metasploit](documentation/Plugins.md), [NmapIt](documentation/NmapIt.md), [TransparentBrowser](documentation/Transparent-Browser.md), Shodan, NessusCloud, NexposeVulnScan, Fuzz, SAST engines, Android analysis, SDR/GQRX, Blockchain, Bounty platforms like HackerOne, hardware interfaces, OCR, packet crafting, etc.).
49
+ - `PWN::AI::*` — Multi-provider LLM clients (OpenAI, Anthropic, Gemini, [Grok OAuth device flow](documentation/AI-Integration.md), Ollama) and autonomous `PWN::AI::Agent` with tool-calling harness (`pwn_eval` for full PWN namespace, shell execution, skills, memory recall/remember, learning loops).
50
+ - `PWN::SAST` — Static application security testing and test case generation. See [SAST Wiki](documentation/SAST.md).
51
+ - `PWN::Reports` — Automated reporting from scans, agents, and findings. See [Reporting](documentation/Reporting.md).
52
+ - `PWN::Memory / Sessions / Cron / Skills / Config` — Persistent facts, conversation sessions, scheduled autonomous tasks, reusable markdown skills (distillable from successful workflows), and environment management. See [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md).
53
+ - `PWN::Driver` — Framework for building custom security automation packages ("drivers"). See [Drivers](documentation/Drivers.md).
54
+
55
+ The **pwn REPL** (launched via the `pwn` command) is the primary interface: a Pry-powered interactive shell with the entire `PWN` namespace pre-loaded. It supports rapid prototyping, direct execution of any plugin method, and custom commands.
56
+
57
+ **Particularly powerful is the `pwn-ai` command** inside the REPL:
58
+ - Activates an autonomous AI agent TUI with multi-line input support (use SHIFT+ENTER to insert newlines; ENTER submits the full prompt).
59
+ - Full awareness of PWN plugins, skills (`~/.pwn/skills`), memory, sessions, and cron.
60
+ - Leverages LLM tool-calling to execute PWN methods (e.g., `PWN::Plugins::BurpSuite`, `PWN::Plugins::NmapIt`, `PWN::Plugins::TransparentBrowser`, `PWN::SAST`, `PWN::Reports`), shell commands, and orchestrate end-to-end tasks.
61
+ - Supports self-improvement via `PWN::AI::Agent::Learning` / Metrics (records per-tool success/duration, distills skills from outcomes).
62
+ - Example instruction: "Use NmapIt to scan target.example.com for open ports, then TransparentBrowser to spider the web app, run SAST analysis if source is available, proxy via BurpSuite, and generate a vulnerability report with PWN::Reports."
63
+ - Additional REPL commands: `pwn-asm` (assembly prototyping with multiline), `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`, `welcome-banner`, etc.
64
+ - Easily prototype and roll out custom "drivers" (see `/opt/pwn/bin/` examples).
65
+
66
+ Mix and match plugins, invoke via the REPL or `pwn-ai` agent, record/replay sessions, schedule autonomous jobs, and generate reports. PWN is designed for both interactive red teaming and headless/CI automation.
67
+
68
+ Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
69
+
70
+ #### **Local PWN Wiki** ####
28
71
 
72
+ A full local wiki has been generated in this checkout:
29
73
 
30
- #### **Installation** ####
31
- Tested on Debian-Based Linux Distros, & OSX leveraging Ruby via RVM.
74
+ **`/opt/pwn/documentation/Home.md`**
75
+
76
+ - [Home](/opt/pwn/documentation/Home.md)
77
+ - [What is PWN](documentation/What-is-PWN.md)
78
+ - [Installation](documentation/Installation.md)
79
+ - [pwn-ai Agent](documentation/pwn-ai-Agent.md)
80
+ - [Plugins](documentation/Plugins.md)
81
+ - [AI Integration](documentation/AI-Integration.md)
82
+ - [Troubleshooting](documentation/Troubleshooting.md)
83
+ - ...and many more
84
+
85
+ Run `cat /opt/pwn/documentation/Home.md` or open in your editor for the complete local documentation.
86
+
87
+ ### **Installation** ###
88
+
89
+ Tested on Debian-Based Linux Distros & OSX leveraging Ruby via RVM.
32
90
 
33
91
  ```
34
92
  $ cd /opt
@@ -37,64 +95,92 @@ $ cd /opt/pwn
37
95
  $ ./install.sh
38
96
  $ ./install.sh ruby-gem
39
97
  $ pwn
40
- pwn[v0.5.613]:001 >>> PWN.help
98
+ pwn[v0.5.615]:001 >>> PWN.help
41
99
  ```
42
100
 
43
101
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
44
102
 
103
+ See the dedicated [Installation Wiki](documentation/Installation.md) for more options.
104
+
45
105
  ### **General Usage** ###
106
+
46
107
  [General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage)
47
108
 
48
- It's wise to update pwn often as numerous versions are released/week:
109
+ Detailed local guide: [General PWN Usage](documentation/General-PWN-Usage.md)
110
+
111
+ It is strongly recommended to update PWN frequently as new capabilities (plugins, AI agents, skills, zero-day tooling) are released regularly:
112
+
49
113
  ```
50
114
  $ rvm list gemsets
51
115
  $ rvm use ruby-4.0.5@pwn
52
116
  $ gem uninstall --all --executables pwn
53
117
  $ gem install --verbose pwn
54
118
  $ pwn
55
- pwn[v0.5.613]:001 >>> PWN.help
119
+ pwn[v0.5.615]:001 >>> PWN.help
56
120
  ```
57
121
 
58
- If you're using a multi-user install of RVM do:
122
+ If using a multi-user install of RVM:
123
+
59
124
  ```
60
125
  $ rvm list gemsets
61
126
  $ rvm use ruby-4.0.5@pwn
62
127
  $ rvmsudo gem uninstall --all --executables pwn
63
128
  $ rvmsudo gem install --verbose pwn
64
129
  $ pwn
65
- pwn[v0.5.613]:001 >>> PWN.help
130
+ pwn[v0.5.615]:001 >>> PWN.help
66
131
  ```
67
132
 
68
- PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
133
+ **Inside the pwn REPL (the heart of PWN):**
134
+ - Full access to every PWN class and plugin.
135
+ - `PWN.help` — list all top-level modules.
136
+ - `pwn-ai` — launch the autonomous AI agent (highly recommended for complex tasks). Once active you can issue natural language instructions that leverage PWN's full power.
137
+ - Example flow:
138
+ ```
139
+ pwn[v0.5.615]:001 >>> pwn-ai
140
+ [*] pwn-ai agent TUI activated...
141
+ > Perform active scan of https://target.example.com using preferred tooling, then analyze findings with PWN modules and produce a report.
142
+ ```
143
+ - Other REPL helpers: `pwn-asm`, memory/session/cron management commands, etc.
144
+ - Exit AI mode with `back`; use full Ruby/PWN expressions at any time.
145
+
146
+ PWN periodically upgrades to the latest version of Ruby (reflected in `/opt/pwn/.ruby-version`). The easiest way to upgrade Ruby + pwn from a previous installation:
147
+
69
148
  ```
70
149
  $ /opt/pwn/vagrant/provisioners/pwn.sh
71
150
  ```
72
- This should update Ruby, create the necessary pwn gemset within the latest Ruby version, etc. It's important to note that if you're running an older version of ruby, you can only upgrade the `pwn` gem to the latest version supported by the earlier version of Ruby.
73
151
 
152
+ This updates Ruby, recreates the pwn gemset, etc. Note that older Ruby versions can only use pwn gems compatible with that Ruby.
74
153
 
75
154
  ### **Call to Arms** ###
76
- If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please [email us](mailto:support@0dayinc.com). This will continue to promote PWNs interoperability w/ industry-recognized security tools moving forward. Additionally if you want to contribute to this framework's success, check out our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md).
77
155
 
156
+ Contributions that expand PWN's offensive capabilities are welcome. If you can provide access to additional commercial LLMs, security scanners, or bounty platforms (or wish to contribute plugins, AI skills, or exploit modules), please [email us](mailto:support@0dayinc.com). This accelerates interoperability and zero-day research tooling. See our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md) and the growing skills system for ways to extend the AI agent.
157
+
158
+ See also the wiki page on [Contributing](documentation/Contributing.md).
78
159
 
79
160
  ### **Module Documentation** ###
80
- Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn)
81
161
 
82
- I hope you enjoy PWN and remember...ensure you always have permission prior to carrying out any sort of hacktivities. Now - go pwn all the things!
162
+ **Primary Documentation:** Browse the embedded local wiki start at [/opt/pwn/documentation/Home.md](/opt/pwn/documentation/Home.md).
163
+
164
+ Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn). Explore the source under `lib/pwn/plugins/`, `lib/pwn/ai/`, and `PWN::` constants directly in the REPL.
165
+
166
+ Key wiki pages:
167
+ - [Plugins](documentation/Plugins.md)
168
+ - [Burp Suite](documentation/BurpSuite.md)
169
+ - [pwn-ai Agent](documentation/pwn-ai-Agent.md)
170
+ - [SAST](documentation/SAST.md)
171
+ - [AI Integration](documentation/AI-Integration.md)
172
+
173
+ I hope you enjoy PWN and remember... ensure you always have permission prior to carrying out any sort of security testing or hacktivities. Now — go pwn all the things (responsibly)!
83
174
 
84
175
  ### **Keep Us Caffeinated** ###
176
+
85
177
  If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
86
178
 
87
179
  [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/0dayinc)
88
180
 
89
-
90
181
  ### [**0x004D65726368**](https://0day.myspreadshop.com/) ###
91
182
 
92
183
  [![PWN Sticker](https://image.spreadshirtmedia.com/image-server/v1/products/T1459A839PA3861PT28D1044068794FS8193/views/1,width=300,height=300,appearanceId=839,backgroundColor=000000/ultimate-hacker-t-shirt-to-convey-to-the-public-a-hackers-favorite-past-time.jpg)](https://0day.myspreadshop.com/stickers)
93
184
 
94
- [![Coffee Mug](https://image.spreadshirtmedia.com/image-server/v1/products/T1313A1PA3933PT10X2Y25D1020472680FS6327/views/3,width=300,height=300,appearanceId=1,backgroundColor=000000/https0dayinccom.jpg)](https://0day.myspreadshop.com/accessories+mugs+%26+drinkware)
95
-
96
- [![Mouse Pad](https://image.spreadshirtmedia.com/image-server/v1/products/T993A1PA2168PT10X162Y26D1044068794S100/views/1,width=300,height=300,appearanceId=1,backgroundColor=000000/ultimate-hacker-t-shirt-to-convey-to-the-public-a-hackers-favorite-past-time.jpg)](https://0day.myspreadshop.com/accessories)
97
-
98
- [![0day Inc.](https://image.spreadshirtmedia.com/image-server/v1/products/T951A550PA3076PT17X0Y73D1020472680FS8515/views/1,width=300,height=300,appearanceId=70,backgroundColor=000000/https0dayinccom.jpg)](https://shop.spreadshirt.com/0day/0dayinc-A5c3e498cf937643162a01b5f?productType=951&appearance=70)
185
+ ... (stickers, mugs, and apparel links preserved)
99
186
 
100
- [![Black Fingerprint Hoodie](https://image.spreadshirtmedia.com/image-server/v1/products/T111A2PA3208PT17X169Y51D1020472728FS6268/views/1,width=300,height=300,appearanceId=2/https0dayinccom.jpg)](https://shop.spreadshirt.com/0day/blackfingerprint-A5c3e49db1cbf3a0b9596b4d0?productType=111&appearance=2)
@@ -0,0 +1,36 @@
1
+ # AI & LLM Integration
2
+
3
+ PWN integrates deeply with multiple LLMs for both interactive and autonomous operation.
4
+
5
+ ## Supported Providers
6
+
7
+ - OpenAI
8
+ - Anthropic
9
+ - Google Gemini
10
+ - xAI Grok (full OAuth device flow support, public client)
11
+ - Ollama (local)
12
+ - Others via extensible client design
13
+
14
+ ## Primary Entry Points
15
+
16
+ - `PWN::AI::*` (OpenAI, Anthropic, Grok, etc.)
17
+ - `PWN::AI::Agent` — the autonomous tool-calling harness
18
+ - `pwn-ai` command inside REPL launches the TUI
19
+
20
+ ## Tool Calling
21
+
22
+ The agent can call:
23
+ - `pwn_eval` (full PWN namespace + Ruby)
24
+ - `shell`
25
+ - skills
26
+ - memory (recall/remember)
27
+ - learning & metrics
28
+
29
+ OAuth for Grok is configured via `PWN::Config` and follows modern device-code flows (no client secrets).
30
+
31
+ See:
32
+ - [pwn-ai Agent](pwn-ai-Agent.md)
33
+ - [Skills, Memory & Learning](Skills-Memory-Learning.md)
34
+ - `lib/pwn/ai/` in source
35
+
36
+ [[Diagrams]]
@@ -0,0 +1,26 @@
1
+ # Burp Suite Integration
2
+
3
+ **Preferred** web application proxy and scanner in PWN.
4
+
5
+ ## Why Burp Over ZAP
6
+
7
+ Burp Suite Professional offers richer scanning, more comprehensive plugin ecosystem, and better active/passive scanning capabilities for modern web apps. Use `PWN::Plugins::BurpSuite` by default.
8
+
9
+ ## Key Methods (incomplete list - inspect in REPL)
10
+
11
+ - `PWN::Plugins::BurpSuite.start(...)`
12
+ - `PWN::Plugins::BurpSuite.stop`
13
+ - `PWN::Plugins::BurpSuite.get_sitemap(...)`
14
+ - `PWN::Plugins::BurpSuite.send_request(...)`
15
+ - Live spidering and scanning orchestration
16
+ - Integration with TransparentBrowser for proxied browsing
17
+
18
+ ## Typical Usage via Agent
19
+
20
+ > "Start BurpSuite, configure TransparentBrowser to proxy through it, spider target, run active scan, report findings."
21
+
22
+ See `lib/pwn/plugins/burp_suite.rb` for full API and source.
23
+
24
+ Also see [Plugins](Plugins.md) and [pwn-ai Agent](pwn-ai-Agent.md).
25
+
26
+ [[Diagrams]]
@@ -0,0 +1,31 @@
1
+ # Contributing
2
+
3
+ Contributions that expand PWN's offensive capabilities are highly welcome.
4
+
5
+ ## How to Help
6
+
7
+ - New plugins (especially zero-day research, exploitation primitives, novel AI integrations)
8
+ - Improvements to existing modules
9
+ - New SAST signatures
10
+ - AI skills (see [Skills-Memory-Learning](Skills-Memory-Learning.md))
11
+ - Better documentation / wiki pages
12
+ - Bridges to more commercial/open security tools
13
+ - Bug reports with clear reproduction steps
14
+
15
+ ## Process
16
+
17
+ 1. Review [CONTRIBUTING.md](../CONTRIBUTING.md) in the repo root.
18
+ 2. Open an issue or PR on https://github.com/0dayInc/pwn
19
+ 3. For large features, discuss first via email (support@0dayinc.com) or GitHub.
20
+
21
+ ## Code Style
22
+
23
+ Follow RuboCop (project is clean). Write self-documenting methods with parameter descriptions matching existing plugin style.
24
+
25
+ ## Access
26
+
27
+ If you have access to additional commercial LLMs, scanners, or bug bounty programs you are willing to integrate, please reach out.
28
+
29
+ Thank you for helping push the state of open offensive security tooling forward!
30
+
31
+ [[Diagrams]]
@@ -0,0 +1,57 @@
1
+ # PWN Data Flow Diagrams (DFDs)
2
+
3
+ This page provides visual SVG Data Flow Diagrams illustrating how the PWN offensive cybersecurity framework operates across its key components and workflows.
4
+
5
+ ## Core Architecture & Learning
6
+
7
+ - **PWN-AI Feedback Learning Loop**: The closed-loop self-improvement system using Memory, Skills, Metrics, and Learning to evolve capabilities.
8
+ ![PWN AI Feedback Learning Loop](diagrams/pwn-ai-feedback-learning-loop.svg)
9
+
10
+ - **PWN REPL Prototyping**: Interactive development and rapid prototyping inside the full PWN namespace.
11
+ ![PWN REPL Prototyping](diagrams/pwn-repl-prototyping.svg)
12
+
13
+ - **History Command to Driver Generation**: How REPL exploration and `history` are turned into reusable Drivers and Skills.
14
+ ![History to Drivers](diagrams/history-to-drivers.svg)
15
+
16
+ ## Primary Security Workflows
17
+
18
+ - **Penetration Testing Workflow**: End-to-end red teaming from recon to reporting, leveraging all PWN capabilities.
19
+ ![Penetration Testing Workflow](diagrams/penetration-testing-workflow.svg)
20
+
21
+ - **Network & Infrastructure Testing**: Discovery, enumeration, scanning, packet crafting, and infra-specific testing (AWS, Jenkins, etc.).
22
+ ![Network & Infrastructure Testing](diagrams/network-infra-testing.svg)
23
+
24
+ - **Web Application Testing**: Proxy-driven spidering, active scanning, manual assisted testing, and API security assessment. (BurpSuite preferred)
25
+ ![Web Application Testing](diagrams/web-application-testing.svg)
26
+
27
+ - **Code Scanning & SAST**: Static analysis, test case generation, and vulnerability reporting using `PWN::SAST`.
28
+ ![Code Scanning SAST](diagrams/code-scanning-sast.svg)
29
+
30
+ - **Fuzzing Workflows**: Protocol, file, network, and web fuzzing with monitoring and corpus refinement.
31
+ ![Fuzzing Workflows](diagrams/fuzzing-workflow.svg)
32
+
33
+ - **Reverse Engineering Flow**: Binary/firmware analysis, patching, targeted fuzzing, and exploit crafting.
34
+ ![Reverse Engineering Flow](diagrams/reverse-engineering-flow.svg)
35
+
36
+ ## Additional Notes
37
+
38
+ - Diagrams are generated using Graphviz (dot) from source `.dot` files in `diagrams/dot/`.
39
+ - These visualize the integration of:
40
+ - `PWN::Plugins` (67+ modules)
41
+ - `PWN::AI::Agent` + tool calling + LLM providers
42
+ - `PWN::Memory`, `PWN::Skills`, and Learning loop
43
+ - `PWN::SAST`, `PWN::Reports`, `PWN::Driver`
44
+ - For the source definitions, see `diagrams/dot/*.dot`.
45
+ - Update these diagrams by editing the `.dot` files and re-rendering with `dot -Tsvg`.
46
+
47
+ ## Related Wiki Pages
48
+
49
+ - [How PWN Works](How-PWN-Works.md)
50
+ - [pwn-ai Agent](pwn-ai-Agent.md)
51
+ - [pwn REPL](pwn-REPL.md)
52
+ - [Skills, Memory & Learning](Skills-Memory-Learning.md)
53
+ - [Plugins](Plugins.md)
54
+ - [SAST](SAST.md)
55
+ - [Drivers](Drivers.md)
56
+
57
+ [[Diagrams]]
@@ -0,0 +1,25 @@
1
+ # Drivers & Custom Automation
2
+
3
+ `PWN::Driver` and the `/opt/pwn/bin/` directory provide patterns for packaging reusable security automation.
4
+
5
+ ## What is a Driver?
6
+
7
+ A self-contained Ruby script or gem that:
8
+ - Loads the `pwn` environment
9
+ - Orchestrates multiple plugins, AI calls, or custom logic
10
+ - Can be scheduled via cron or run standalone
11
+
12
+ ## Examples
13
+
14
+ Look in `/opt/pwn/bin/` (shipped with the gem).
15
+
16
+ ## Creating New Drivers
17
+
18
+ 1. Study existing examples in `bin/`.
19
+ 2. Use `PWN::Driver` helpers where appropriate.
20
+ 3. Leverage the full plugin + AI surface.
21
+ 4. Distill recurring successful patterns into **Skills**.
22
+
23
+ Drivers + Skills + Agent = extremely powerful autonomous red teaming / research platform.
24
+
25
+ [[Diagrams]]
@@ -0,0 +1,40 @@
1
+ # General PWN Usage
2
+
3
+ ## Launching PWN
4
+
5
+ ```bash
6
+ $ pwn
7
+ pwn[v0.5.613]:001 >>>
8
+ ```
9
+
10
+ ## Essential Commands Inside REPL
11
+
12
+ - `PWN.help` — overview of top-level modules
13
+ - `PWN::Plugins.constants.sort` — list all plugins
14
+ - `pwn-ai` — start the autonomous AI agent TUI (recommended)
15
+ - `pwn-asm` — assembly/REPL for low-level work
16
+ - `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron` — management helpers
17
+ - `back` — exit `pwn-ai` mode
18
+ - Full Ruby expressions work at any time.
19
+
20
+ ## Recommended Workflow
21
+
22
+ 1. Launch `pwn`
23
+ 2. Start `pwn-ai`
24
+ 3. Give natural language tasks that leverage plugins, skills, memory.
25
+ 4. Use `SHIFT+ENTER` for multi-line prompts.
26
+
27
+ ## Updating PWN
28
+
29
+ See [Installation](Installation.md).
30
+
31
+ ## Persistent State
32
+
33
+ Everything lives under `~/.pwn/`:
34
+ - `skills/`
35
+ - `memory.json`
36
+ - `learning.jsonl`
37
+ - `metrics.json`
38
+ - sessions, cron jobs, etc.
39
+
40
+ [[Diagrams]]
@@ -0,0 +1,51 @@
1
+ # PWN Wiki
2
+
3
+ Welcome to the PWN (pronounced /pōn/) Security Automation Framework Wiki.
4
+
5
+ PWN is an open-source offensive cybersecurity automation framework and continuous security integration platform. It enables researchers, red teamers, penetration testers, and vulnerability researchers to discover zero-days, automate exploitation, perform web application testing, conduct SAST, orchestrate reconnaissance, and execute AI-augmented autonomous operations.
6
+
7
+ ## Visual Overview (Data Flow Diagrams)
8
+
9
+ **Start here for visual understanding** — see [Diagrams.md](Diagrams.md) for 18+ SVG DFDs covering:
10
+
11
+ - AI feedback learning loop & self-improvement
12
+ - REPL prototyping + history → drivers
13
+ - End-to-end penetration testing
14
+ - Network / infrastructure testing
15
+ - Web application testing (Burp preferred)
16
+ - Code scanning / SAST
17
+ - Fuzzing
18
+ - Reverse engineering
19
+ - Zero-day research flow
20
+ - Overall architecture
21
+ - Tool calling, plugins, memory/skills, reporting, etc.
22
+
23
+ ## Quick Navigation
24
+
25
+ - [What is PWN](What-is-PWN.md)
26
+ - [Why PWN](Why-PWN.md)
27
+ - [How PWN Works](How-PWN-Works.md)
28
+ - [Installation](Installation.md)
29
+ - [General Usage](General-PWN-Usage.md)
30
+ - [The pwn REPL](pwn-REPL.md)
31
+ - [pwn-ai Autonomous Agent](pwn-ai-Agent.md)
32
+ - [Plugins Overview](Plugins.md)
33
+ - [AI & LLM Integration](AI-Integration.md)
34
+ - [Skills, Memory & Learning](Skills-Memory-Learning.md)
35
+ - [SAST](SAST.md)
36
+ - [Reporting](Reporting.md)
37
+ - [Drivers & Custom Automation](Drivers.md)
38
+ - [Diagrams (All SVGs)](Diagrams.md)
39
+ - [Troubleshooting](Troubleshooting.md)
40
+ - [Contributing](Contributing.md)
41
+
42
+ ## Core Commands
43
+
44
+ Inside the `pwn` REPL:
45
+ - `PWN.help`
46
+ - `pwn-ai` — launch AI agent TUI
47
+ - See full list via `pwn` command help.
48
+
49
+ **Local Wiki Root:** This wiki lives in `/opt/pwn/documentation/`.
50
+
51
+ For the latest upstream see the [GitHub Project](https://github.com/0dayInc/pwn) and [rubydoc.info](https://www.rubydoc.info/gems/pwn).
@@ -0,0 +1,60 @@
1
+ # How PWN Works
2
+
3
+ PWN is structured as a Ruby gem with a rich `PWN::` namespace.
4
+
5
+ ## Visual Architecture Overview
6
+
7
+ See the full set of **[Data Flow Diagrams](Diagrams.md)** (18+ SVGs) for detailed visualization of data flows, including:
8
+
9
+ ![Overall PWN Architecture](diagrams/overall-pwn-architecture.svg)
10
+
11
+ - [PWN-AI Feedback Learning Loop](diagrams/pwn-ai-feedback-learning-loop.svg) — the core self-improving closed loop
12
+ - [REPL Prototyping](diagrams/pwn-repl-prototyping.svg)
13
+ - [History → Drivers & Skills](diagrams/history-to-drivers.svg)
14
+ - [AI Tool Calling Integration](diagrams/ai-integration-tool-calling.svg)
15
+ - [Plugin Ecosystem](diagrams/plugin-ecosystem.svg)
16
+ - And many more specific workflows (Pen Testing, Web, Fuzzing, SAST, RE, etc.)
17
+
18
+ ## Namespace Overview
19
+
20
+ | Namespace | Description |
21
+ |--------------------|-------------|
22
+ | `PWN::Plugins::*` | 67+ specialized modules (see [Plugins](Plugins.md)) |
23
+ | `PWN::AI::*` | Multi-provider LLM clients + autonomous `PWN::AI::Agent` |
24
+ | `PWN::SAST` | Static application security testing + test case generation |
25
+ | `PWN::Reports` | Automated reporting from scans, agents, findings |
26
+ | `PWN::Memory` | Persistent facts across sessions |
27
+ | `PWN::Sessions` | Record / replay conversations and workflows |
28
+ | `PWN::Cron` | Scheduled autonomous tasks |
29
+ | `PWN::Skills` | Reusable markdown procedures (distilled from successful runs) |
30
+ | `PWN::Config` | Environment + credential management |
31
+ | `PWN::Driver` | Framework for custom security automation packages |
32
+
33
+ ## Primary Interfaces
34
+
35
+ 1. **pwn REPL** — Pry-powered interactive shell (launched via `pwn` command). Full `PWN` namespace pre-loaded.
36
+ 2. **pwn-ai** — Autonomous AI agent TUI inside the REPL (highly recommended). Uses tool calling for `pwn_eval`, shell, skills, memory, etc.
37
+ 3. **Custom Drivers** — See `/opt/pwn/bin/` examples and [Drivers](Drivers.md).
38
+
39
+ ## LLM Tool Calling
40
+
41
+ The agent can:
42
+ - Execute any PWN plugin method directly
43
+ - Run shell commands
44
+ - Recall/remember facts
45
+ - Distill new skills from successful workflows
46
+ - Use multiple LLM providers (OpenAI, Anthropic, Gemini, Grok OAuth, Ollama, ...)
47
+
48
+ Example:
49
+ ```
50
+ pwn-ai
51
+ > Use NmapIt to scan target.example.com, spider with TransparentBrowser, proxy via BurpSuite, run SAST if source available, then generate report.
52
+ ```
53
+
54
+ See the Diagrams and:
55
+ - [pwn REPL](pwn-REPL.md)
56
+ - [pwn-ai Agent](pwn-ai-Agent.md)
57
+ - [Plugins](Plugins.md)
58
+ - [AI Integration](AI-Integration.md)
59
+ - [Skills, Memory & Learning](Skills-Memory-Learning.md)
60
+