pwn 0.5.613 → 0.5.615
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +10 -10
- data/README.md +110 -24
- data/documentation/AI-Integration.md +36 -0
- data/documentation/BurpSuite.md +26 -0
- data/documentation/Contributing.md +31 -0
- data/documentation/Diagrams.md +57 -0
- data/documentation/Drivers.md +25 -0
- data/documentation/General-PWN-Usage.md +40 -0
- data/documentation/Home.md +51 -0
- data/documentation/How-PWN-Works.md +60 -0
- data/documentation/Installation.md +50 -0
- data/documentation/NmapIt.md +18 -0
- data/documentation/Plugins.md +59 -0
- data/documentation/Reporting.md +28 -0
- data/documentation/SAST.md +32 -0
- data/documentation/Skills-Memory-Learning.md +44 -0
- data/documentation/Transparent-Browser.md +32 -0
- data/documentation/Troubleshooting.md +38 -0
- data/documentation/What-is-PWN.md +34 -0
- data/documentation/Why-PWN.md +18 -0
- data/documentation/diagrams/ai-integration-tool-calling.svg +134 -0
- data/documentation/diagrams/burp-vs-zap-preference.svg +84 -0
- data/documentation/diagrams/code-scanning-sast.svg +112 -0
- data/documentation/diagrams/dot/ai-integration-tool-calling.dot +23 -0
- data/documentation/diagrams/dot/burp-vs-zap-preference.dot +15 -0
- data/documentation/diagrams/dot/code-scanning-sast.dot +21 -0
- data/documentation/diagrams/dot/driver-framework.dot +17 -0
- data/documentation/diagrams/dot/fuzzing-workflow.dot +27 -0
- data/documentation/diagrams/dot/history-to-drivers.dot +20 -0
- data/documentation/diagrams/dot/memory-skills-detailed.dot +28 -0
- data/documentation/diagrams/dot/network-infra-testing.dot +22 -0
- data/documentation/diagrams/dot/overall-pwn-architecture.dot +49 -0
- data/documentation/diagrams/dot/penetration-testing-workflow.dot +29 -0
- data/documentation/diagrams/dot/plugin-ecosystem.dot +31 -0
- data/documentation/diagrams/dot/pwn-ai-feedback-learning-loop.dot +57 -0
- data/documentation/diagrams/dot/pwn-repl-prototyping.dot +37 -0
- data/documentation/diagrams/dot/reporting-pipeline.dot +17 -0
- data/documentation/diagrams/dot/reverse-engineering-flow.dot +21 -0
- data/documentation/diagrams/dot/sessions-cron-automation.dot +17 -0
- data/documentation/diagrams/dot/web-application-testing.dot +27 -0
- data/documentation/diagrams/dot/zero-day-research-flow.dot +27 -0
- data/documentation/diagrams/driver-framework.svg +90 -0
- data/documentation/diagrams/fuzzing-workflow.svg +147 -0
- data/documentation/diagrams/history-to-drivers.svg +117 -0
- data/documentation/diagrams/memory-skills-detailed.svg +154 -0
- data/documentation/diagrams/network-infra-testing.svg +121 -0
- data/documentation/diagrams/overall-pwn-architecture.svg +234 -0
- data/documentation/diagrams/penetration-testing-workflow.svg +148 -0
- data/documentation/diagrams/plugin-ecosystem.svg +172 -0
- data/documentation/diagrams/pwn-ai-feedback-learning-loop.svg +234 -0
- data/documentation/diagrams/pwn-repl-prototyping.svg +179 -0
- data/documentation/diagrams/reporting-pipeline.svg +91 -0
- data/documentation/diagrams/reverse-engineering-flow.svg +114 -0
- data/documentation/diagrams/sessions-cron-automation.svg +92 -0
- data/documentation/diagrams/web-application-testing.svg +137 -0
- data/documentation/diagrams/zero-day-research-flow.svg +149 -0
- data/documentation/pwn-REPL.md +33 -0
- data/documentation/pwn-ai-Agent.md +43 -0
- data/lib/pwn/ai/agent/learning.rb +377 -0
- data/lib/pwn/ai/agent/loop.rb +18 -3
- data/lib/pwn/ai/agent/metrics.rb +155 -0
- data/lib/pwn/ai/agent/prompt_builder.rb +23 -3
- data/lib/pwn/ai/agent/tools/learning.rb +113 -0
- data/lib/pwn/ai/agent/tools/skills.rb +94 -8
- data/lib/pwn/ai/agent.rb +2 -0
- data/lib/pwn/ai/grok.rb +249 -106
- data/lib/pwn/config.rb +86 -13
- data/lib/pwn/plugins/monkey_patch.rb +2 -2
- data/lib/pwn/plugins/repl.rb +68 -3
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/ai/agent/learning_spec.rb +68 -0
- data/spec/lib/pwn/ai/agent/metrics_spec.rb +27 -0
- data/spec/lib/pwn/ai/agent/tools/learning_spec.rb +30 -0
- metadata +84 -34
- data/documentation/PWN.png +0 -0
- data/documentation/PWN_Contributors_and_Users.png +0 -0
- data/documentation/fax-spectrogram.png +0 -0
- data/documentation/fax-waveform.png +0 -0
- data/documentation/frozen_string_literal_files_changed_from_false_to_true.txt +0 -54
- data/documentation/lifecycle_authz_replay.example.yaml +0 -27
- data/documentation/pwn_android_war_dialer_session.png +0 -0
- data/documentation/pwn_install.png +0 -0
- data/documentation/pwn_wallpaper.jpg +0 -0
- data/documentation/ringing-spectrogram.png +0 -0
- data/documentation/ringing-waveform.png +0 -0
- data/documentation/vulnerability_report_template.md +0 -37
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fbf42ff07a821ff15cc7ed8596ac349ae600d93af5f1a55a1472d406583dc1b9
|
|
4
|
+
data.tar.gz: 762e04766f4eac41a212a08674a3d1821d84d9b6ba875c09f7a36ad81fa9e708
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7784a0441263b4095b05de321dcbaed24f1e20994de361500a9d757aa537770479420ff6a99e6f94eed1f131ae0e0741050b55449cc0501f0921b2bbc75adb61
|
|
7
|
+
data.tar.gz: c5008f8578a0b04e61e2d44429775d2bc9963e16da6091d63e84880539adecdccfa47adbe4e7d241f223e32b56dc072362b8dbb932037a87187f34854781c13b
|
data/Gemfile
CHANGED
|
@@ -20,7 +20,7 @@ gem 'base32', '0.3.4'
|
|
|
20
20
|
gem 'bitcoin-ruby', '0.0.20'
|
|
21
21
|
gem 'brakeman', '8.0.5'
|
|
22
22
|
gem 'bson', '5.2.0'
|
|
23
|
-
gem 'bundler', '>=4.0.
|
|
23
|
+
gem 'bundler', '>=4.0.15'
|
|
24
24
|
gem 'bundler-audit', '>=0.9.3'
|
|
25
25
|
gem 'bunny', '3.1.0'
|
|
26
26
|
gem 'colorize', '1.1.0'
|
|
@@ -36,7 +36,7 @@ gem 'ffi', '1.17.4'
|
|
|
36
36
|
gem 'gdb', '1.0.0'
|
|
37
37
|
gem 'gem-wrappers', '1.4.0'
|
|
38
38
|
gem 'geocoder', '1.8.6'
|
|
39
|
-
gem 'gist', '6.
|
|
39
|
+
gem 'gist', '6.1.0'
|
|
40
40
|
gem 'gruff', '0.32.0'
|
|
41
41
|
gem 'htmlentities', '4.4.2'
|
|
42
42
|
gem 'ipaddress', '0.8.3'
|
|
@@ -48,9 +48,9 @@ gem 'json_schemer', '2.5.0'
|
|
|
48
48
|
gem 'jwt', '3.2.0'
|
|
49
49
|
gem 'libusb', '0.7.2'
|
|
50
50
|
gem 'luhn', '3.0.0'
|
|
51
|
-
gem 'mail', '2.9.
|
|
52
|
-
gem 'mcp', '0.
|
|
53
|
-
gem 'meshtastic', '0.0.
|
|
51
|
+
gem 'mail', '2.9.1'
|
|
52
|
+
gem 'mcp', '0.23.0'
|
|
53
|
+
gem 'meshtastic', '0.0.167'
|
|
54
54
|
gem 'metasm', '1.0.6'
|
|
55
55
|
gem 'mongo', '2.24.1'
|
|
56
56
|
gem 'msfrpc-client', '1.1.2'
|
|
@@ -59,7 +59,7 @@ gem 'net-ldap', '0.20.0'
|
|
|
59
59
|
gem 'net-openvpn', '0.8.7'
|
|
60
60
|
gem 'net-smtp', '0.5.1'
|
|
61
61
|
gem 'nexpose', '7.3.0'
|
|
62
|
-
gem 'nokogiri', '1.19.
|
|
62
|
+
gem 'nokogiri', '1.19.4'
|
|
63
63
|
gem 'nokogiri-diff', '0.3.0'
|
|
64
64
|
gem 'oily_png', '1.2.1'
|
|
65
65
|
gem 'open3', '0.2.1'
|
|
@@ -77,21 +77,21 @@ gem 'rbvmomi2', '3.10.0'
|
|
|
77
77
|
gem 'rdoc', '7.0.4'
|
|
78
78
|
gem 'rest-client', '2.1.0'
|
|
79
79
|
gem 'rex', '2.0.13'
|
|
80
|
-
gem 'rmagick', '7.0.
|
|
80
|
+
gem 'rmagick', '7.0.5'
|
|
81
81
|
gem 'rqrcode', '3.2.0'
|
|
82
82
|
gem 'rspec', '3.13.2'
|
|
83
83
|
gem 'rtesseract', '3.1.4'
|
|
84
|
-
gem 'rubocop', '1.88.
|
|
84
|
+
gem 'rubocop', '1.88.1'
|
|
85
85
|
gem 'rubocop-rake', '0.7.1'
|
|
86
86
|
gem 'rubocop-rspec', '3.10.2'
|
|
87
87
|
gem 'ruby-audio', '1.6.1'
|
|
88
88
|
gem 'ruby-nmap', '1.0.3'
|
|
89
89
|
gem 'ruby-saml', '1.18.1'
|
|
90
90
|
gem 'rvm', '1.11.3.9'
|
|
91
|
-
gem 'savon', '2.17.
|
|
91
|
+
gem 'savon', '2.17.4'
|
|
92
92
|
gem 'selenium-devtools', '0.149.0'
|
|
93
93
|
gem 'selenium-webdriver', '4.45.0'
|
|
94
|
-
gem 'slack-ruby-client', '3.
|
|
94
|
+
gem 'slack-ruby-client', '3.2.0'
|
|
95
95
|
gem 'socksify', '1.8.1'
|
|
96
96
|
gem 'spreadsheet', '1.3.5'
|
|
97
97
|
gem 'sqlite3', '2.9.5'
|
data/README.md
CHANGED
|
@@ -1,34 +1,92 @@
|
|
|
1
1
|

|
|
2
2
|
|
|
3
3
|
### **Table of Contents** ###
|
|
4
|
+
|
|
4
5
|
- [Intro](#intro)
|
|
5
6
|
* [What is PWN](#what-is-pwn)
|
|
6
7
|
* [Why PWN](#why-pwn)
|
|
7
8
|
* [How PWN Works](#how-pwn-works)
|
|
9
|
+
- [[Local PWN Wiki](/opt/pwn/documentation/Home.md)
|
|
8
10
|
- [Installation](#installation)
|
|
9
11
|
- [General Usage](#general-usage)
|
|
10
12
|
- [Call to Arms](#call-to-arms)
|
|
11
13
|
- [Module Documentation](#module-documentation)
|
|
12
14
|
- [Keep Us Caffeinated](#keep-us-caffeinated)
|
|
13
|
-
- [0x004D65726368](#
|
|
14
|
-
|
|
15
|
+
- [0x004D65726368](#0x004d65726368)
|
|
15
16
|
|
|
16
17
|
### **Intro** ###
|
|
18
|
+
|
|
17
19
|
#### **What is PWN** ####
|
|
18
|
-
PWN (Pronounced /pōn/ or pone), is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation. Build your own custom automation drivers freely and easily using pre-built modules.
|
|
19
20
|
|
|
21
|
+
PWN (Pronounced /pōn/ or pone), is a powerful open-source offensive cybersecurity automation framework and continuous security integration platform. It enables security researchers, red teamers, penetration testers, and vulnerability researchers to rapidly discover zero-days, automate exploitation, perform advanced web application testing, conduct source code analysis (SAST), orchestrate infrastructure reconnaissance, and execute AI-augmented autonomous security operations.
|
|
22
|
+
|
|
23
|
+
PWN stands on the shoulders of security giants, providing over **66** production-grade plugins, full LLM integration with tool-calling agents, persistent memory, reusable skills, session/cron management, and a highly interactive REPL for prototyping and driving complex security workflows. All core automation primitives are open to promote trust, peer review, and collaborative innovation in adversarial security.
|
|
24
|
+
|
|
25
|
+
**See the full [PWN Wiki](/opt/pwn/documentation/Home.md) for detailed guides.**
|
|
20
26
|
|
|
21
27
|
#### **Why PWN** ####
|
|
22
|
-
It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.
|
|
23
28
|
|
|
29
|
+
In cybersecurity, where proprietary black-box tools dominate and threats evolve daily, an open framework for core security primitives, vulnerability research, exploitation techniques, and intelligent automation is essential. PWN ensures foundational modules remain transparent and auditable while providing seamless bridges to commercial and open security tools (e.g. Burp Suite Professional, Metasploit, Nmap, Nessus, and multiple LLMs).
|
|
30
|
+
|
|
31
|
+
Broad collaboration accelerates zero-day discovery, reliable exploit development, continuous vulnerability management in CI/CD pipelines, and the creation of reusable AI-driven security skills. PWN makes advanced red team and vuln research capabilities accessible and extensible to all.
|
|
32
|
+
|
|
33
|
+
See [Why PWN](documentation/Why-PWN.md) in the wiki.
|
|
24
34
|
|
|
25
35
|
#### **How PWN Works** ####
|
|
26
|
-
Leveraging various pre-built modules and the pwn prototyper, you can mix-and-match modules to test, record, replay, and rollout your own custom security automation packages known as, "drivers." Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
|
|
27
36
|
|
|
37
|
+
#### **PWN AI Feedback Learning Loop (Self-Improving Agent)**
|
|
38
|
+
|
|
39
|
+
The core of pwn-ai is a closed feedback loop for autonomous improvement:
|
|
40
|
+
|
|
41
|
+

|
|
42
|
+
|
|
43
|
+
See full details in [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md) and the [Diagrams](documentation/Diagrams.md) wiki page.
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
PWN is structured as a Ruby gem with a rich namespace:
|
|
47
|
+
|
|
48
|
+
- `PWN::Plugins::*` — **66+** specialized modules ([BurpSuite](documentation/BurpSuite.md) [preferred for web proxying/scanning], [Zaproxy](documentation/Plugins.md) [fallback], [Metasploit](documentation/Plugins.md), [NmapIt](documentation/NmapIt.md), [TransparentBrowser](documentation/Transparent-Browser.md), Shodan, NessusCloud, NexposeVulnScan, Fuzz, SAST engines, Android analysis, SDR/GQRX, Blockchain, Bounty platforms like HackerOne, hardware interfaces, OCR, packet crafting, etc.).
|
|
49
|
+
- `PWN::AI::*` — Multi-provider LLM clients (OpenAI, Anthropic, Gemini, [Grok OAuth device flow](documentation/AI-Integration.md), Ollama) and autonomous `PWN::AI::Agent` with tool-calling harness (`pwn_eval` for full PWN namespace, shell execution, skills, memory recall/remember, learning loops).
|
|
50
|
+
- `PWN::SAST` — Static application security testing and test case generation. See [SAST Wiki](documentation/SAST.md).
|
|
51
|
+
- `PWN::Reports` — Automated reporting from scans, agents, and findings. See [Reporting](documentation/Reporting.md).
|
|
52
|
+
- `PWN::Memory / Sessions / Cron / Skills / Config` — Persistent facts, conversation sessions, scheduled autonomous tasks, reusable markdown skills (distillable from successful workflows), and environment management. See [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md).
|
|
53
|
+
- `PWN::Driver` — Framework for building custom security automation packages ("drivers"). See [Drivers](documentation/Drivers.md).
|
|
54
|
+
|
|
55
|
+
The **pwn REPL** (launched via the `pwn` command) is the primary interface: a Pry-powered interactive shell with the entire `PWN` namespace pre-loaded. It supports rapid prototyping, direct execution of any plugin method, and custom commands.
|
|
56
|
+
|
|
57
|
+
**Particularly powerful is the `pwn-ai` command** inside the REPL:
|
|
58
|
+
- Activates an autonomous AI agent TUI with multi-line input support (use SHIFT+ENTER to insert newlines; ENTER submits the full prompt).
|
|
59
|
+
- Full awareness of PWN plugins, skills (`~/.pwn/skills`), memory, sessions, and cron.
|
|
60
|
+
- Leverages LLM tool-calling to execute PWN methods (e.g., `PWN::Plugins::BurpSuite`, `PWN::Plugins::NmapIt`, `PWN::Plugins::TransparentBrowser`, `PWN::SAST`, `PWN::Reports`), shell commands, and orchestrate end-to-end tasks.
|
|
61
|
+
- Supports self-improvement via `PWN::AI::Agent::Learning` / Metrics (records per-tool success/duration, distills skills from outcomes).
|
|
62
|
+
- Example instruction: "Use NmapIt to scan target.example.com for open ports, then TransparentBrowser to spider the web app, run SAST analysis if source is available, proxy via BurpSuite, and generate a vulnerability report with PWN::Reports."
|
|
63
|
+
- Additional REPL commands: `pwn-asm` (assembly prototyping with multiline), `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`, `welcome-banner`, etc.
|
|
64
|
+
- Easily prototype and roll out custom "drivers" (see `/opt/pwn/bin/` examples).
|
|
65
|
+
|
|
66
|
+
Mix and match plugins, invoke via the REPL or `pwn-ai` agent, record/replay sessions, schedule autonomous jobs, and generate reports. PWN is designed for both interactive red teaming and headless/CI automation.
|
|
67
|
+
|
|
68
|
+
Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
|
|
69
|
+
|
|
70
|
+
#### **Local PWN Wiki** ####
|
|
28
71
|
|
|
72
|
+
A full local wiki has been generated in this checkout:
|
|
29
73
|
|
|
30
|
-
|
|
31
|
-
|
|
74
|
+
**`/opt/pwn/documentation/Home.md`**
|
|
75
|
+
|
|
76
|
+
- [Home](/opt/pwn/documentation/Home.md)
|
|
77
|
+
- [What is PWN](documentation/What-is-PWN.md)
|
|
78
|
+
- [Installation](documentation/Installation.md)
|
|
79
|
+
- [pwn-ai Agent](documentation/pwn-ai-Agent.md)
|
|
80
|
+
- [Plugins](documentation/Plugins.md)
|
|
81
|
+
- [AI Integration](documentation/AI-Integration.md)
|
|
82
|
+
- [Troubleshooting](documentation/Troubleshooting.md)
|
|
83
|
+
- ...and many more
|
|
84
|
+
|
|
85
|
+
Run `cat /opt/pwn/documentation/Home.md` or open in your editor for the complete local documentation.
|
|
86
|
+
|
|
87
|
+
### **Installation** ###
|
|
88
|
+
|
|
89
|
+
Tested on Debian-Based Linux Distros & OSX leveraging Ruby via RVM.
|
|
32
90
|
|
|
33
91
|
```
|
|
34
92
|
$ cd /opt
|
|
@@ -37,64 +95,92 @@ $ cd /opt/pwn
|
|
|
37
95
|
$ ./install.sh
|
|
38
96
|
$ ./install.sh ruby-gem
|
|
39
97
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
98
|
+
pwn[v0.5.615]:001 >>> PWN.help
|
|
41
99
|
```
|
|
42
100
|
|
|
43
101
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
44
102
|
|
|
103
|
+
See the dedicated [Installation Wiki](documentation/Installation.md) for more options.
|
|
104
|
+
|
|
45
105
|
### **General Usage** ###
|
|
106
|
+
|
|
46
107
|
[General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage)
|
|
47
108
|
|
|
48
|
-
|
|
109
|
+
Detailed local guide: [General PWN Usage](documentation/General-PWN-Usage.md)
|
|
110
|
+
|
|
111
|
+
It is strongly recommended to update PWN frequently as new capabilities (plugins, AI agents, skills, zero-day tooling) are released regularly:
|
|
112
|
+
|
|
49
113
|
```
|
|
50
114
|
$ rvm list gemsets
|
|
51
115
|
$ rvm use ruby-4.0.5@pwn
|
|
52
116
|
$ gem uninstall --all --executables pwn
|
|
53
117
|
$ gem install --verbose pwn
|
|
54
118
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
119
|
+
pwn[v0.5.615]:001 >>> PWN.help
|
|
56
120
|
```
|
|
57
121
|
|
|
58
|
-
If
|
|
122
|
+
If using a multi-user install of RVM:
|
|
123
|
+
|
|
59
124
|
```
|
|
60
125
|
$ rvm list gemsets
|
|
61
126
|
$ rvm use ruby-4.0.5@pwn
|
|
62
127
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
128
|
$ rvmsudo gem install --verbose pwn
|
|
64
129
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
130
|
+
pwn[v0.5.615]:001 >>> PWN.help
|
|
66
131
|
```
|
|
67
132
|
|
|
68
|
-
|
|
133
|
+
**Inside the pwn REPL (the heart of PWN):**
|
|
134
|
+
- Full access to every PWN class and plugin.
|
|
135
|
+
- `PWN.help` — list all top-level modules.
|
|
136
|
+
- `pwn-ai` — launch the autonomous AI agent (highly recommended for complex tasks). Once active you can issue natural language instructions that leverage PWN's full power.
|
|
137
|
+
- Example flow:
|
|
138
|
+
```
|
|
139
|
+
pwn[v0.5.615]:001 >>> pwn-ai
|
|
140
|
+
[*] pwn-ai agent TUI activated...
|
|
141
|
+
> Perform active scan of https://target.example.com using preferred tooling, then analyze findings with PWN modules and produce a report.
|
|
142
|
+
```
|
|
143
|
+
- Other REPL helpers: `pwn-asm`, memory/session/cron management commands, etc.
|
|
144
|
+
- Exit AI mode with `back`; use full Ruby/PWN expressions at any time.
|
|
145
|
+
|
|
146
|
+
PWN periodically upgrades to the latest version of Ruby (reflected in `/opt/pwn/.ruby-version`). The easiest way to upgrade Ruby + pwn from a previous installation:
|
|
147
|
+
|
|
69
148
|
```
|
|
70
149
|
$ /opt/pwn/vagrant/provisioners/pwn.sh
|
|
71
150
|
```
|
|
72
|
-
This should update Ruby, create the necessary pwn gemset within the latest Ruby version, etc. It's important to note that if you're running an older version of ruby, you can only upgrade the `pwn` gem to the latest version supported by the earlier version of Ruby.
|
|
73
151
|
|
|
152
|
+
This updates Ruby, recreates the pwn gemset, etc. Note that older Ruby versions can only use pwn gems compatible with that Ruby.
|
|
74
153
|
|
|
75
154
|
### **Call to Arms** ###
|
|
76
|
-
If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please [email us](mailto:support@0dayinc.com). This will continue to promote PWNs interoperability w/ industry-recognized security tools moving forward. Additionally if you want to contribute to this framework's success, check out our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md).
|
|
77
155
|
|
|
156
|
+
Contributions that expand PWN's offensive capabilities are welcome. If you can provide access to additional commercial LLMs, security scanners, or bounty platforms (or wish to contribute plugins, AI skills, or exploit modules), please [email us](mailto:support@0dayinc.com). This accelerates interoperability and zero-day research tooling. See our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md) and the growing skills system for ways to extend the AI agent.
|
|
157
|
+
|
|
158
|
+
See also the wiki page on [Contributing](documentation/Contributing.md).
|
|
78
159
|
|
|
79
160
|
### **Module Documentation** ###
|
|
80
|
-
Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn)
|
|
81
161
|
|
|
82
|
-
|
|
162
|
+
**Primary Documentation:** Browse the embedded local wiki — start at [/opt/pwn/documentation/Home.md](/opt/pwn/documentation/Home.md).
|
|
163
|
+
|
|
164
|
+
Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn). Explore the source under `lib/pwn/plugins/`, `lib/pwn/ai/`, and `PWN::` constants directly in the REPL.
|
|
165
|
+
|
|
166
|
+
Key wiki pages:
|
|
167
|
+
- [Plugins](documentation/Plugins.md)
|
|
168
|
+
- [Burp Suite](documentation/BurpSuite.md)
|
|
169
|
+
- [pwn-ai Agent](documentation/pwn-ai-Agent.md)
|
|
170
|
+
- [SAST](documentation/SAST.md)
|
|
171
|
+
- [AI Integration](documentation/AI-Integration.md)
|
|
172
|
+
|
|
173
|
+
I hope you enjoy PWN and remember... ensure you always have permission prior to carrying out any sort of security testing or hacktivities. Now — go pwn all the things (responsibly)!
|
|
83
174
|
|
|
84
175
|
### **Keep Us Caffeinated** ###
|
|
176
|
+
|
|
85
177
|
If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
|
|
86
178
|
|
|
87
179
|
[](https://buymeacoff.ee/0dayinc)
|
|
88
180
|
|
|
89
|
-
|
|
90
181
|
### [**0x004D65726368**](https://0day.myspreadshop.com/) ###
|
|
91
182
|
|
|
92
183
|
[](https://0day.myspreadshop.com/stickers)
|
|
93
184
|
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
[](https://0day.myspreadshop.com/accessories)
|
|
97
|
-
|
|
98
|
-
[](https://shop.spreadshirt.com/0day/0dayinc-A5c3e498cf937643162a01b5f?productType=951&appearance=70)
|
|
185
|
+
... (stickers, mugs, and apparel links preserved)
|
|
99
186
|
|
|
100
|
-
[](https://shop.spreadshirt.com/0day/blackfingerprint-A5c3e49db1cbf3a0b9596b4d0?productType=111&appearance=2)
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# AI & LLM Integration
|
|
2
|
+
|
|
3
|
+
PWN integrates deeply with multiple LLMs for both interactive and autonomous operation.
|
|
4
|
+
|
|
5
|
+
## Supported Providers
|
|
6
|
+
|
|
7
|
+
- OpenAI
|
|
8
|
+
- Anthropic
|
|
9
|
+
- Google Gemini
|
|
10
|
+
- xAI Grok (full OAuth device flow support, public client)
|
|
11
|
+
- Ollama (local)
|
|
12
|
+
- Others via extensible client design
|
|
13
|
+
|
|
14
|
+
## Primary Entry Points
|
|
15
|
+
|
|
16
|
+
- `PWN::AI::*` (OpenAI, Anthropic, Grok, etc.)
|
|
17
|
+
- `PWN::AI::Agent` — the autonomous tool-calling harness
|
|
18
|
+
- `pwn-ai` command inside REPL launches the TUI
|
|
19
|
+
|
|
20
|
+
## Tool Calling
|
|
21
|
+
|
|
22
|
+
The agent can call:
|
|
23
|
+
- `pwn_eval` (full PWN namespace + Ruby)
|
|
24
|
+
- `shell`
|
|
25
|
+
- skills
|
|
26
|
+
- memory (recall/remember)
|
|
27
|
+
- learning & metrics
|
|
28
|
+
|
|
29
|
+
OAuth for Grok is configured via `PWN::Config` and follows modern device-code flows (no client secrets).
|
|
30
|
+
|
|
31
|
+
See:
|
|
32
|
+
- [pwn-ai Agent](pwn-ai-Agent.md)
|
|
33
|
+
- [Skills, Memory & Learning](Skills-Memory-Learning.md)
|
|
34
|
+
- `lib/pwn/ai/` in source
|
|
35
|
+
|
|
36
|
+
[[Diagrams]]
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Burp Suite Integration
|
|
2
|
+
|
|
3
|
+
**Preferred** web application proxy and scanner in PWN.
|
|
4
|
+
|
|
5
|
+
## Why Burp Over ZAP
|
|
6
|
+
|
|
7
|
+
Burp Suite Professional offers richer scanning, more comprehensive plugin ecosystem, and better active/passive scanning capabilities for modern web apps. Use `PWN::Plugins::BurpSuite` by default.
|
|
8
|
+
|
|
9
|
+
## Key Methods (incomplete list - inspect in REPL)
|
|
10
|
+
|
|
11
|
+
- `PWN::Plugins::BurpSuite.start(...)`
|
|
12
|
+
- `PWN::Plugins::BurpSuite.stop`
|
|
13
|
+
- `PWN::Plugins::BurpSuite.get_sitemap(...)`
|
|
14
|
+
- `PWN::Plugins::BurpSuite.send_request(...)`
|
|
15
|
+
- Live spidering and scanning orchestration
|
|
16
|
+
- Integration with TransparentBrowser for proxied browsing
|
|
17
|
+
|
|
18
|
+
## Typical Usage via Agent
|
|
19
|
+
|
|
20
|
+
> "Start BurpSuite, configure TransparentBrowser to proxy through it, spider target, run active scan, report findings."
|
|
21
|
+
|
|
22
|
+
See `lib/pwn/plugins/burp_suite.rb` for full API and source.
|
|
23
|
+
|
|
24
|
+
Also see [Plugins](Plugins.md) and [pwn-ai Agent](pwn-ai-Agent.md).
|
|
25
|
+
|
|
26
|
+
[[Diagrams]]
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# Contributing
|
|
2
|
+
|
|
3
|
+
Contributions that expand PWN's offensive capabilities are highly welcome.
|
|
4
|
+
|
|
5
|
+
## How to Help
|
|
6
|
+
|
|
7
|
+
- New plugins (especially zero-day research, exploitation primitives, novel AI integrations)
|
|
8
|
+
- Improvements to existing modules
|
|
9
|
+
- New SAST signatures
|
|
10
|
+
- AI skills (see [Skills-Memory-Learning](Skills-Memory-Learning.md))
|
|
11
|
+
- Better documentation / wiki pages
|
|
12
|
+
- Bridges to more commercial/open security tools
|
|
13
|
+
- Bug reports with clear reproduction steps
|
|
14
|
+
|
|
15
|
+
## Process
|
|
16
|
+
|
|
17
|
+
1. Review [CONTRIBUTING.md](../CONTRIBUTING.md) in the repo root.
|
|
18
|
+
2. Open an issue or PR on https://github.com/0dayInc/pwn
|
|
19
|
+
3. For large features, discuss first via email (support@0dayinc.com) or GitHub.
|
|
20
|
+
|
|
21
|
+
## Code Style
|
|
22
|
+
|
|
23
|
+
Follow RuboCop (project is clean). Write self-documenting methods with parameter descriptions matching existing plugin style.
|
|
24
|
+
|
|
25
|
+
## Access
|
|
26
|
+
|
|
27
|
+
If you have access to additional commercial LLMs, scanners, or bug bounty programs you are willing to integrate, please reach out.
|
|
28
|
+
|
|
29
|
+
Thank you for helping push the state of open offensive security tooling forward!
|
|
30
|
+
|
|
31
|
+
[[Diagrams]]
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# PWN Data Flow Diagrams (DFDs)
|
|
2
|
+
|
|
3
|
+
This page provides visual SVG Data Flow Diagrams illustrating how the PWN offensive cybersecurity framework operates across its key components and workflows.
|
|
4
|
+
|
|
5
|
+
## Core Architecture & Learning
|
|
6
|
+
|
|
7
|
+
- **PWN-AI Feedback Learning Loop**: The closed-loop self-improvement system using Memory, Skills, Metrics, and Learning to evolve capabilities.
|
|
8
|
+

|
|
9
|
+
|
|
10
|
+
- **PWN REPL Prototyping**: Interactive development and rapid prototyping inside the full PWN namespace.
|
|
11
|
+

|
|
12
|
+
|
|
13
|
+
- **History Command to Driver Generation**: How REPL exploration and `history` are turned into reusable Drivers and Skills.
|
|
14
|
+

|
|
15
|
+
|
|
16
|
+
## Primary Security Workflows
|
|
17
|
+
|
|
18
|
+
- **Penetration Testing Workflow**: End-to-end red teaming from recon to reporting, leveraging all PWN capabilities.
|
|
19
|
+

|
|
20
|
+
|
|
21
|
+
- **Network & Infrastructure Testing**: Discovery, enumeration, scanning, packet crafting, and infra-specific testing (AWS, Jenkins, etc.).
|
|
22
|
+

|
|
23
|
+
|
|
24
|
+
- **Web Application Testing**: Proxy-driven spidering, active scanning, manual assisted testing, and API security assessment. (BurpSuite preferred)
|
|
25
|
+

|
|
26
|
+
|
|
27
|
+
- **Code Scanning & SAST**: Static analysis, test case generation, and vulnerability reporting using `PWN::SAST`.
|
|
28
|
+

|
|
29
|
+
|
|
30
|
+
- **Fuzzing Workflows**: Protocol, file, network, and web fuzzing with monitoring and corpus refinement.
|
|
31
|
+

|
|
32
|
+
|
|
33
|
+
- **Reverse Engineering Flow**: Binary/firmware analysis, patching, targeted fuzzing, and exploit crafting.
|
|
34
|
+

|
|
35
|
+
|
|
36
|
+
## Additional Notes
|
|
37
|
+
|
|
38
|
+
- Diagrams are generated using Graphviz (dot) from source `.dot` files in `diagrams/dot/`.
|
|
39
|
+
- These visualize the integration of:
|
|
40
|
+
- `PWN::Plugins` (67+ modules)
|
|
41
|
+
- `PWN::AI::Agent` + tool calling + LLM providers
|
|
42
|
+
- `PWN::Memory`, `PWN::Skills`, and Learning loop
|
|
43
|
+
- `PWN::SAST`, `PWN::Reports`, `PWN::Driver`
|
|
44
|
+
- For the source definitions, see `diagrams/dot/*.dot`.
|
|
45
|
+
- Update these diagrams by editing the `.dot` files and re-rendering with `dot -Tsvg`.
|
|
46
|
+
|
|
47
|
+
## Related Wiki Pages
|
|
48
|
+
|
|
49
|
+
- [How PWN Works](How-PWN-Works.md)
|
|
50
|
+
- [pwn-ai Agent](pwn-ai-Agent.md)
|
|
51
|
+
- [pwn REPL](pwn-REPL.md)
|
|
52
|
+
- [Skills, Memory & Learning](Skills-Memory-Learning.md)
|
|
53
|
+
- [Plugins](Plugins.md)
|
|
54
|
+
- [SAST](SAST.md)
|
|
55
|
+
- [Drivers](Drivers.md)
|
|
56
|
+
|
|
57
|
+
[[Diagrams]]
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Drivers & Custom Automation
|
|
2
|
+
|
|
3
|
+
`PWN::Driver` and the `/opt/pwn/bin/` directory provide patterns for packaging reusable security automation.
|
|
4
|
+
|
|
5
|
+
## What is a Driver?
|
|
6
|
+
|
|
7
|
+
A self-contained Ruby script or gem that:
|
|
8
|
+
- Loads the `pwn` environment
|
|
9
|
+
- Orchestrates multiple plugins, AI calls, or custom logic
|
|
10
|
+
- Can be scheduled via cron or run standalone
|
|
11
|
+
|
|
12
|
+
## Examples
|
|
13
|
+
|
|
14
|
+
Look in `/opt/pwn/bin/` (shipped with the gem).
|
|
15
|
+
|
|
16
|
+
## Creating New Drivers
|
|
17
|
+
|
|
18
|
+
1. Study existing examples in `bin/`.
|
|
19
|
+
2. Use `PWN::Driver` helpers where appropriate.
|
|
20
|
+
3. Leverage the full plugin + AI surface.
|
|
21
|
+
4. Distill recurring successful patterns into **Skills**.
|
|
22
|
+
|
|
23
|
+
Drivers + Skills + Agent = extremely powerful autonomous red teaming / research platform.
|
|
24
|
+
|
|
25
|
+
[[Diagrams]]
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# General PWN Usage
|
|
2
|
+
|
|
3
|
+
## Launching PWN
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
$ pwn
|
|
7
|
+
pwn[v0.5.613]:001 >>>
|
|
8
|
+
```
|
|
9
|
+
|
|
10
|
+
## Essential Commands Inside REPL
|
|
11
|
+
|
|
12
|
+
- `PWN.help` — overview of top-level modules
|
|
13
|
+
- `PWN::Plugins.constants.sort` — list all plugins
|
|
14
|
+
- `pwn-ai` — start the autonomous AI agent TUI (recommended)
|
|
15
|
+
- `pwn-asm` — assembly/REPL for low-level work
|
|
16
|
+
- `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron` — management helpers
|
|
17
|
+
- `back` — exit `pwn-ai` mode
|
|
18
|
+
- Full Ruby expressions work at any time.
|
|
19
|
+
|
|
20
|
+
## Recommended Workflow
|
|
21
|
+
|
|
22
|
+
1. Launch `pwn`
|
|
23
|
+
2. Start `pwn-ai`
|
|
24
|
+
3. Give natural language tasks that leverage plugins, skills, memory.
|
|
25
|
+
4. Use `SHIFT+ENTER` for multi-line prompts.
|
|
26
|
+
|
|
27
|
+
## Updating PWN
|
|
28
|
+
|
|
29
|
+
See [Installation](Installation.md).
|
|
30
|
+
|
|
31
|
+
## Persistent State
|
|
32
|
+
|
|
33
|
+
Everything lives under `~/.pwn/`:
|
|
34
|
+
- `skills/`
|
|
35
|
+
- `memory.json`
|
|
36
|
+
- `learning.jsonl`
|
|
37
|
+
- `metrics.json`
|
|
38
|
+
- sessions, cron jobs, etc.
|
|
39
|
+
|
|
40
|
+
[[Diagrams]]
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# PWN Wiki
|
|
2
|
+
|
|
3
|
+
Welcome to the PWN (pronounced /pōn/) Security Automation Framework Wiki.
|
|
4
|
+
|
|
5
|
+
PWN is an open-source offensive cybersecurity automation framework and continuous security integration platform. It enables researchers, red teamers, penetration testers, and vulnerability researchers to discover zero-days, automate exploitation, perform web application testing, conduct SAST, orchestrate reconnaissance, and execute AI-augmented autonomous operations.
|
|
6
|
+
|
|
7
|
+
## Visual Overview (Data Flow Diagrams)
|
|
8
|
+
|
|
9
|
+
**Start here for visual understanding** — see [Diagrams.md](Diagrams.md) for 18+ SVG DFDs covering:
|
|
10
|
+
|
|
11
|
+
- AI feedback learning loop & self-improvement
|
|
12
|
+
- REPL prototyping + history → drivers
|
|
13
|
+
- End-to-end penetration testing
|
|
14
|
+
- Network / infrastructure testing
|
|
15
|
+
- Web application testing (Burp preferred)
|
|
16
|
+
- Code scanning / SAST
|
|
17
|
+
- Fuzzing
|
|
18
|
+
- Reverse engineering
|
|
19
|
+
- Zero-day research flow
|
|
20
|
+
- Overall architecture
|
|
21
|
+
- Tool calling, plugins, memory/skills, reporting, etc.
|
|
22
|
+
|
|
23
|
+
## Quick Navigation
|
|
24
|
+
|
|
25
|
+
- [What is PWN](What-is-PWN.md)
|
|
26
|
+
- [Why PWN](Why-PWN.md)
|
|
27
|
+
- [How PWN Works](How-PWN-Works.md)
|
|
28
|
+
- [Installation](Installation.md)
|
|
29
|
+
- [General Usage](General-PWN-Usage.md)
|
|
30
|
+
- [The pwn REPL](pwn-REPL.md)
|
|
31
|
+
- [pwn-ai Autonomous Agent](pwn-ai-Agent.md)
|
|
32
|
+
- [Plugins Overview](Plugins.md)
|
|
33
|
+
- [AI & LLM Integration](AI-Integration.md)
|
|
34
|
+
- [Skills, Memory & Learning](Skills-Memory-Learning.md)
|
|
35
|
+
- [SAST](SAST.md)
|
|
36
|
+
- [Reporting](Reporting.md)
|
|
37
|
+
- [Drivers & Custom Automation](Drivers.md)
|
|
38
|
+
- [Diagrams (All SVGs)](Diagrams.md)
|
|
39
|
+
- [Troubleshooting](Troubleshooting.md)
|
|
40
|
+
- [Contributing](Contributing.md)
|
|
41
|
+
|
|
42
|
+
## Core Commands
|
|
43
|
+
|
|
44
|
+
Inside the `pwn` REPL:
|
|
45
|
+
- `PWN.help`
|
|
46
|
+
- `pwn-ai` — launch AI agent TUI
|
|
47
|
+
- See full list via `pwn` command help.
|
|
48
|
+
|
|
49
|
+
**Local Wiki Root:** This wiki lives in `/opt/pwn/documentation/`.
|
|
50
|
+
|
|
51
|
+
For the latest upstream see the [GitHub Project](https://github.com/0dayInc/pwn) and [rubydoc.info](https://www.rubydoc.info/gems/pwn).
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
# How PWN Works
|
|
2
|
+
|
|
3
|
+
PWN is structured as a Ruby gem with a rich `PWN::` namespace.
|
|
4
|
+
|
|
5
|
+
## Visual Architecture Overview
|
|
6
|
+
|
|
7
|
+
See the full set of **[Data Flow Diagrams](Diagrams.md)** (18+ SVGs) for detailed visualization of data flows, including:
|
|
8
|
+
|
|
9
|
+

|
|
10
|
+
|
|
11
|
+
- [PWN-AI Feedback Learning Loop](diagrams/pwn-ai-feedback-learning-loop.svg) — the core self-improving closed loop
|
|
12
|
+
- [REPL Prototyping](diagrams/pwn-repl-prototyping.svg)
|
|
13
|
+
- [History → Drivers & Skills](diagrams/history-to-drivers.svg)
|
|
14
|
+
- [AI Tool Calling Integration](diagrams/ai-integration-tool-calling.svg)
|
|
15
|
+
- [Plugin Ecosystem](diagrams/plugin-ecosystem.svg)
|
|
16
|
+
- And many more specific workflows (Pen Testing, Web, Fuzzing, SAST, RE, etc.)
|
|
17
|
+
|
|
18
|
+
## Namespace Overview
|
|
19
|
+
|
|
20
|
+
| Namespace | Description |
|
|
21
|
+
|--------------------|-------------|
|
|
22
|
+
| `PWN::Plugins::*` | 67+ specialized modules (see [Plugins](Plugins.md)) |
|
|
23
|
+
| `PWN::AI::*` | Multi-provider LLM clients + autonomous `PWN::AI::Agent` |
|
|
24
|
+
| `PWN::SAST` | Static application security testing + test case generation |
|
|
25
|
+
| `PWN::Reports` | Automated reporting from scans, agents, findings |
|
|
26
|
+
| `PWN::Memory` | Persistent facts across sessions |
|
|
27
|
+
| `PWN::Sessions` | Record / replay conversations and workflows |
|
|
28
|
+
| `PWN::Cron` | Scheduled autonomous tasks |
|
|
29
|
+
| `PWN::Skills` | Reusable markdown procedures (distilled from successful runs) |
|
|
30
|
+
| `PWN::Config` | Environment + credential management |
|
|
31
|
+
| `PWN::Driver` | Framework for custom security automation packages |
|
|
32
|
+
|
|
33
|
+
## Primary Interfaces
|
|
34
|
+
|
|
35
|
+
1. **pwn REPL** — Pry-powered interactive shell (launched via `pwn` command). Full `PWN` namespace pre-loaded.
|
|
36
|
+
2. **pwn-ai** — Autonomous AI agent TUI inside the REPL (highly recommended). Uses tool calling for `pwn_eval`, shell, skills, memory, etc.
|
|
37
|
+
3. **Custom Drivers** — See `/opt/pwn/bin/` examples and [Drivers](Drivers.md).
|
|
38
|
+
|
|
39
|
+
## LLM Tool Calling
|
|
40
|
+
|
|
41
|
+
The agent can:
|
|
42
|
+
- Execute any PWN plugin method directly
|
|
43
|
+
- Run shell commands
|
|
44
|
+
- Recall/remember facts
|
|
45
|
+
- Distill new skills from successful workflows
|
|
46
|
+
- Use multiple LLM providers (OpenAI, Anthropic, Gemini, Grok OAuth, Ollama, ...)
|
|
47
|
+
|
|
48
|
+
Example:
|
|
49
|
+
```
|
|
50
|
+
pwn-ai
|
|
51
|
+
> Use NmapIt to scan target.example.com, spider with TransparentBrowser, proxy via BurpSuite, run SAST if source available, then generate report.
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
See the Diagrams and:
|
|
55
|
+
- [pwn REPL](pwn-REPL.md)
|
|
56
|
+
- [pwn-ai Agent](pwn-ai-Agent.md)
|
|
57
|
+
- [Plugins](Plugins.md)
|
|
58
|
+
- [AI Integration](AI-Integration.md)
|
|
59
|
+
- [Skills, Memory & Learning](Skills-Memory-Learning.md)
|
|
60
|
+
|