pwn 0.5.615 → 0.5.617

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +24 -10
  3. data/bin/pwn +47 -2
  4. data/bin/pwn_gqrx_scanner +75 -18
  5. data/documentation/Diagrams.md +123 -40
  6. data/documentation/General-PWN-Usage.md +50 -30
  7. data/documentation/Home.md +78 -51
  8. data/documentation/How-PWN-Works.md +59 -57
  9. data/documentation/Installation.md +53 -28
  10. data/documentation/What-is-PWN.md +51 -32
  11. data/documentation/Why-PWN.md +41 -11
  12. data/documentation/diagrams/ai-integration-tool-calling.svg +141 -103
  13. data/documentation/diagrams/build.sh +20 -0
  14. data/documentation/diagrams/burp-vs-zap-preference.svg +47 -62
  15. data/documentation/diagrams/code-scanning-sast.svg +139 -79
  16. data/documentation/diagrams/dot/_THEME.md +27 -0
  17. data/documentation/diagrams/dot/agent-tool-registry.dot +59 -0
  18. data/documentation/diagrams/dot/ai-integration-tool-calling.dot +47 -20
  19. data/documentation/diagrams/dot/aws-cloud-security.dot +48 -0
  20. data/documentation/diagrams/dot/burp-vs-zap-preference.dot +23 -12
  21. data/documentation/diagrams/dot/code-scanning-sast.dot +46 -18
  22. data/documentation/diagrams/dot/cron-scheduling.dot +40 -0
  23. data/documentation/diagrams/dot/driver-framework.dot +36 -14
  24. data/documentation/diagrams/dot/extrospection-world-awareness.dot +55 -0
  25. data/documentation/diagrams/dot/fuzzing-workflow.dot +44 -24
  26. data/documentation/diagrams/dot/history-to-drivers.dot +31 -17
  27. data/documentation/diagrams/dot/memory-skills-detailed.dot +57 -25
  28. data/documentation/diagrams/dot/network-infra-testing.dot +51 -19
  29. data/documentation/diagrams/dot/overall-pwn-architecture.dot +110 -44
  30. data/documentation/diagrams/dot/penetration-testing-workflow.dot +56 -25
  31. data/documentation/diagrams/dot/plugin-ecosystem.dot +41 -27
  32. data/documentation/diagrams/dot/pwn-ai-feedback-learning-loop.dot +87 -46
  33. data/documentation/diagrams/dot/pwn-repl-prototyping.dot +49 -30
  34. data/documentation/diagrams/dot/reporting-pipeline.dot +43 -14
  35. data/documentation/diagrams/dot/reverse-engineering-flow.dot +40 -18
  36. data/documentation/diagrams/dot/sdr-radio-flow.dot +45 -0
  37. data/documentation/diagrams/dot/sessions-cron-automation.dot +41 -14
  38. data/documentation/diagrams/dot/swarm-multi-agent.dot +70 -0
  39. data/documentation/diagrams/dot/web-application-testing.dot +45 -23
  40. data/documentation/diagrams/dot/zero-day-research-flow.dot +46 -24
  41. data/documentation/diagrams/driver-framework.svg +87 -66
  42. data/documentation/diagrams/fuzzing-workflow.svg +128 -115
  43. data/documentation/diagrams/history-to-drivers.svg +84 -82
  44. data/documentation/diagrams/memory-skills-detailed.svg +167 -119
  45. data/documentation/diagrams/network-infra-testing.svg +146 -84
  46. data/documentation/diagrams/overall-pwn-architecture.svg +356 -185
  47. data/documentation/diagrams/penetration-testing-workflow.svg +161 -108
  48. data/documentation/diagrams/plugin-ecosystem.svg +225 -121
  49. data/documentation/diagrams/pwn-ai-feedback-learning-loop.svg +257 -185
  50. data/documentation/diagrams/pwn-repl-prototyping.svg +126 -137
  51. data/documentation/diagrams/reporting-pipeline.svg +128 -68
  52. data/documentation/diagrams/reverse-engineering-flow.svg +100 -80
  53. data/documentation/diagrams/sessions-cron-automation.svg +112 -68
  54. data/documentation/diagrams/web-application-testing.svg +136 -100
  55. data/documentation/diagrams/zero-day-research-flow.svg +116 -112
  56. data/git_commit.sh +1 -1
  57. data/lib/pwn/ai/agent/assembly.rb +1 -1
  58. data/lib/pwn/ai/agent/btc.rb +1 -1
  59. data/lib/pwn/ai/agent/burp_suite.rb +1 -1
  60. data/lib/pwn/ai/agent/extrospection.rb +618 -0
  61. data/lib/pwn/ai/agent/gqrx.rb +2 -2
  62. data/lib/pwn/ai/agent/hacker_one.rb +1 -1
  63. data/lib/pwn/ai/agent/introspection.rb +91 -0
  64. data/lib/pwn/ai/agent/learning.rb +6 -4
  65. data/lib/pwn/ai/agent/loop.rb +15 -0
  66. data/lib/pwn/ai/agent/prompt_builder.rb +10 -1
  67. data/lib/pwn/ai/agent/sast.rb +1 -1
  68. data/lib/pwn/ai/agent/swarm.rb +437 -0
  69. data/lib/pwn/ai/agent/tools/cron.rb +163 -0
  70. data/lib/pwn/ai/agent/tools/extrospection.rb +280 -0
  71. data/lib/pwn/ai/agent/tools/learning.rb +108 -0
  72. data/lib/pwn/ai/agent/tools/memory.rb +27 -0
  73. data/lib/pwn/ai/agent/tools/metrics.rb +61 -0
  74. data/lib/pwn/ai/agent/tools/sessions.rb +139 -0
  75. data/lib/pwn/ai/agent/tools/skills.rb +30 -0
  76. data/lib/pwn/ai/agent/tools/swarm.rb +229 -0
  77. data/lib/pwn/ai/agent/transparent_browser.rb +1 -1
  78. data/lib/pwn/ai/agent/vuln_gen.rb +2 -2
  79. data/lib/pwn/ai/agent.rb +3 -0
  80. data/lib/pwn/ai/anthropic.rb +19 -4
  81. data/lib/pwn/ai.rb +0 -1
  82. data/lib/pwn/config.rb +10 -23
  83. data/lib/pwn/cron.rb +16 -7
  84. data/lib/pwn/plugins/repl.rb +90 -281
  85. data/lib/pwn/sdr/decoder/base.rb +251 -0
  86. data/lib/pwn/sdr/decoder/gsm.rb +84 -185
  87. data/lib/pwn/sdr/decoder/pocsag.rb +62 -217
  88. data/lib/pwn/sdr/decoder.rb +1 -0
  89. data/lib/pwn/sdr/gqrx.rb +446 -65
  90. data/lib/pwn/version.rb +1 -1
  91. data/spec/lib/pwn/ai/agent/extrospection_spec.rb +15 -0
  92. data/spec/lib/pwn/ai/agent/introspection_spec.rb +15 -0
  93. data/spec/lib/pwn/ai/agent/swarm_spec.rb +34 -0
  94. data/spec/lib/pwn/ai/agent/tools/cron_spec.rb +40 -0
  95. data/spec/lib/pwn/ai/agent/tools/extrospection_spec.rb +40 -0
  96. data/spec/lib/pwn/ai/agent/tools/metrics_spec.rb +20 -0
  97. data/spec/lib/pwn/ai/agent/tools/sessions_spec.rb +35 -0
  98. data/spec/lib/pwn/ai/agent/tools/swarm_spec.rb +17 -0
  99. data/spec/lib/pwn/{ai/introspection_spec.rb → sdr/decoder/base_spec.rb} +3 -3
  100. data/third_party/pwn_rdoc.jsonl +178 -33
  101. metadata +27 -3
  102. data/lib/pwn/ai/introspection.rb +0 -76
@@ -1,51 +1,78 @@
1
- # PWN Wiki
2
-
3
- Welcome to the PWN (pronounced /pōn/) Security Automation Framework Wiki.
4
-
5
- PWN is an open-source offensive cybersecurity automation framework and continuous security integration platform. It enables researchers, red teamers, penetration testers, and vulnerability researchers to discover zero-days, automate exploitation, perform web application testing, conduct SAST, orchestrate reconnaissance, and execute AI-augmented autonomous operations.
6
-
7
- ## Visual Overview (Data Flow Diagrams)
8
-
9
- **Start here for visual understanding** — see [Diagrams.md](Diagrams.md) for 18+ SVG DFDs covering:
10
-
11
- - AI feedback learning loop & self-improvement
12
- - REPL prototyping + history → drivers
13
- - End-to-end penetration testing
14
- - Network / infrastructure testing
15
- - Web application testing (Burp preferred)
16
- - Code scanning / SAST
17
- - Fuzzing
18
- - Reverse engineering
19
- - Zero-day research flow
20
- - Overall architecture
21
- - Tool calling, plugins, memory/skills, reporting, etc.
22
-
23
- ## Quick Navigation
24
-
25
- - [What is PWN](What-is-PWN.md)
26
- - [Why PWN](Why-PWN.md)
27
- - [How PWN Works](How-PWN-Works.md)
28
- - [Installation](Installation.md)
29
- - [General Usage](General-PWN-Usage.md)
30
- - [The pwn REPL](pwn-REPL.md)
31
- - [pwn-ai Autonomous Agent](pwn-ai-Agent.md)
32
- - [Plugins Overview](Plugins.md)
33
- - [AI & LLM Integration](AI-Integration.md)
34
- - [Skills, Memory & Learning](Skills-Memory-Learning.md)
35
- - [SAST](SAST.md)
36
- - [Reporting](Reporting.md)
37
- - [Drivers & Custom Automation](Drivers.md)
38
- - [Diagrams (All SVGs)](Diagrams.md)
39
- - [Troubleshooting](Troubleshooting.md)
40
- - [Contributing](Contributing.md)
41
-
42
- ## Core Commands
43
-
44
- Inside the `pwn` REPL:
45
- - `PWN.help`
46
- - `pwn-ai` — launch AI agent TUI
47
- - See full list via `pwn` command help.
48
-
49
- **Local Wiki Root:** This wiki lives in `/opt/pwn/documentation/`.
50
-
51
- For the latest upstream see the [GitHub Project](https://github.com/0dayInc/pwn) and [rubydoc.info](https://www.rubydoc.info/gems/pwn).
1
+ # PWN Documentation
2
+
3
+ > **PWN** (/pōn/) an open-source offensive-security automation framework and
4
+ > continuous-security-integration platform written in Ruby.
5
+ > 66 plugins · 48 SAST rules · 90 AWS wrappers · 21 WWW drivers · 52 CLI
6
+ > drivers · 5 LLM engines · a self-improving multi-agent AI · one REPL.
7
+
8
+ **Repo root:** `/opt/pwn` · **This wiki:** `/opt/pwn/documentation/` ·
9
+ **Rebuild diagrams:** `documentation/diagrams/build.sh`
10
+
11
+ ---
12
+
13
+ ## 🗺️ Start Here
14
+
15
+ | | |
16
+ |---|---|
17
+ | [What is PWN](What-is-PWN.md) | One-paragraph elevator pitch |
18
+ | [Why PWN](Why-PWN.md) | Design philosophy — why another framework |
19
+ | [How PWN Works](How-PWN-Works.md) | The five layers, with the architecture diagram |
20
+ | [Installation](Installation.md) | RVM, gem, `./install.sh`, first launch |
21
+ | [General Usage](General-PWN-Usage.md) | Day-one cheat sheet |
22
+ | [Configuration](Configuration.md) | `~/.pwn/config.yml` — engines, keys, agent options |
23
+ | **[All Data-Flow Diagrams](Diagrams.md)** | **26 SVGs** in one scrollable page |
24
+
25
+ ## 🚪 Entry Points
26
+
27
+ | | |
28
+ |---|---|
29
+ | [The `pwn` REPL](pwn-REPL.md) | Pry shell with the whole `PWN::` namespace pre-loaded |
30
+ | [`pwn-ai` Autonomous Agent](pwn-ai-Agent.md) | Natural-language TUI + `pwn --ai PROMPT` one-shot |
31
+ | [CLI Drivers `bin/pwn_*`](CLI-Drivers.md) | 52 headless executables for CI/CD |
32
+ | [Drivers (build your own)](Drivers.md) | Turn a REPL session into a shipped binary |
33
+
34
+ ## 🤖 AI Subsystem (`PWN::AI`)
35
+
36
+ | | |
37
+ |---|---|
38
+ | [AI / LLM Integration](AI-Integration.md) | OpenAI · Anthropic · Grok (OAuth) · Gemini · Ollama |
39
+ | [Agent Tool Registry](Agent-Tool-Registry.md) | 10 toolsets · 45+ LLM-callable tools |
40
+ | [Memory · Skills · Learning](Skills-Memory-Learning.md) | Introspection — the self-improvement loop |
41
+ | [Extrospection](Extrospection.md) | World-awareness — snapshot · drift · intel · correlate |
42
+ | [Swarm (Multi-Agent)](Swarm.md) | Personas · ask · debate · broadcast · shared bus |
43
+ | [Sessions](Sessions.md) | Transcript persistence + reflection |
44
+ | [Cron](Cron.md) | Scheduled autonomous jobs |
45
+
46
+ ## 🧩 Capability Namespaces (`lib/pwn/*`)
47
+
48
+ | | |
49
+ |---|---|
50
+ | [Plugins (66)](Plugins.md) | Every `PWN::Plugins::*` module by category |
51
+ |   ↳ [BurpSuite](BurpSuite.md) | Preferred web proxy / scanner |
52
+ |   ↳ [TransparentBrowser](Transparent-Browser.md) | Headless / visible browser automation |
53
+ |   ↳ [NmapIt](NmapIt.md) | Network discovery |
54
+ |   ↳ [Metasploit](Metasploit.md) | RPC exploitation |
55
+ |   ↳ [Fuzzing](Fuzzing.md) | `Fuzz` · `Sock` · `Packet` |
56
+ |   ↳ [Hardware](Hardware.md) | Serial · BusPirate · MSR206 · Android · BareSIP |
57
+ | [SAST (48 rules)](SAST.md) | Static analysis + test-case engine |
58
+ | [WWW (21 drivers)](WWW.md) | Browser automations for real sites |
59
+ | [AWS (90 services)](AWS.md) | Cloud-security enumeration |
60
+ | [SDR](SDR.md) | GQRX · FlipperZero · RFIDler · SonMicro |
61
+ | [Blockchain](Blockchain.md) | BTC · ETH helpers |
62
+ | [Bounty](Bounty.md) | Lifecycle / auth-replay tooling |
63
+ | [Reports](Reporting.md) | HTML/JSON output + DefectDojo/Jira |
64
+ | [FFI](FFI.md) | Native calls |
65
+ | [Banner](Banner.md) | 15 startup banners |
66
+
67
+ ## 🛠️ Meta
68
+
69
+ | | |
70
+ |---|---|
71
+ | [`~/.pwn/` Filesystem Map](Persistence.md) | Every file PWN writes and why |
72
+ | [Troubleshooting](Troubleshooting.md) | Common errors and fixes |
73
+ | [Contributing](Contributing.md) | Conventions, RuboCop, spec rules |
74
+
75
+ ---
76
+
77
+ <sub>Generated by pwn-ai. Edit any `.md` directly; edit any diagram in
78
+ `documentation/diagrams/dot/*.dot` then run `./build.sh`.</sub>
@@ -1,60 +1,62 @@
1
1
  # How PWN Works
2
2
 
3
- PWN is structured as a Ruby gem with a rich `PWN::` namespace.
4
-
5
- ## Visual Architecture Overview
6
-
7
- See the full set of **[Data Flow Diagrams](Diagrams.md)** (18+ SVGs) for detailed visualization of data flows, including:
8
-
9
- ![Overall PWN Architecture](diagrams/overall-pwn-architecture.svg)
10
-
11
- - [PWN-AI Feedback Learning Loop](diagrams/pwn-ai-feedback-learning-loop.svg) — the core self-improving closed loop
12
- - [REPL Prototyping](diagrams/pwn-repl-prototyping.svg)
13
- - [History → Drivers & Skills](diagrams/history-to-drivers.svg)
14
- - [AI Tool Calling Integration](diagrams/ai-integration-tool-calling.svg)
15
- - [Plugin Ecosystem](diagrams/plugin-ecosystem.svg)
16
- - And many more specific workflows (Pen Testing, Web, Fuzzing, SAST, RE, etc.)
17
-
18
- ## Namespace Overview
19
-
20
- | Namespace | Description |
21
- |--------------------|-------------|
22
- | `PWN::Plugins::*` | 67+ specialized modules (see [Plugins](Plugins.md)) |
23
- | `PWN::AI::*` | Multi-provider LLM clients + autonomous `PWN::AI::Agent` |
24
- | `PWN::SAST` | Static application security testing + test case generation |
25
- | `PWN::Reports` | Automated reporting from scans, agents, findings |
26
- | `PWN::Memory` | Persistent facts across sessions |
27
- | `PWN::Sessions` | Record / replay conversations and workflows |
28
- | `PWN::Cron` | Scheduled autonomous tasks |
29
- | `PWN::Skills` | Reusable markdown procedures (distilled from successful runs) |
30
- | `PWN::Config` | Environment + credential management |
31
- | `PWN::Driver` | Framework for custom security automation packages |
32
-
33
- ## Primary Interfaces
34
-
35
- 1. **pwn REPL** — Pry-powered interactive shell (launched via `pwn` command). Full `PWN` namespace pre-loaded.
36
- 2. **pwn-ai** — Autonomous AI agent TUI inside the REPL (highly recommended). Uses tool calling for `pwn_eval`, shell, skills, memory, etc.
37
- 3. **Custom Drivers** — See `/opt/pwn/bin/` examples and [Drivers](Drivers.md).
38
-
39
- ## LLM Tool Calling
40
-
41
- The agent can:
42
- - Execute any PWN plugin method directly
43
- - Run shell commands
44
- - Recall/remember facts
45
- - Distill new skills from successful workflows
46
- - Use multiple LLM providers (OpenAI, Anthropic, Gemini, Grok OAuth, Ollama, ...)
47
-
48
- Example:
49
- ```
50
- pwn-ai
51
- > Use NmapIt to scan target.example.com, spider with TransparentBrowser, proxy via BurpSuite, run SAST if source available, then generate report.
52
- ```
53
-
54
- See the Diagrams and:
55
- - [pwn REPL](pwn-REPL.md)
56
- - [pwn-ai Agent](pwn-ai-Agent.md)
57
- - [Plugins](Plugins.md)
58
- - [AI Integration](AI-Integration.md)
59
- - [Skills, Memory & Learning](Skills-Memory-Learning.md)
3
+ PWN is five layers, each visible in the source tree. Edges only ever go
4
+ **down** one layer (or sideways within a layer), which is why the diagrams
5
+ below have no criss-crossing lines.
60
6
 
7
+ ![Overall Architecture](diagrams/overall-pwn-architecture.svg)
8
+
9
+ ## L0 — Actors
10
+
11
+ Humans (`pwn` REPL, `pwn-ai` TUI), CI runners (`pwn --ai "…"`, `bin/pwn_*`),
12
+ LLM providers (over HTTPS), and targets (hosts, web apps, clouds, radios,
13
+ hardware).
14
+
15
+ ## L1 — Entry points (`bin/`)
16
+
17
+ | Entry | File | Purpose |
18
+ |---|---|---|
19
+ | `pwn` REPL | `lib/pwn/plugins/repl.rb` | Pry with `PWN::` pre-loaded + custom commands |
20
+ | `pwn-ai` | `lib/pwn/ai/agent/loop.rb` | Agent TUI inside the REPL |
21
+ | `pwn --ai PROMPT` | `bin/pwn` | Headless one-shot agent (CI-friendly) |
22
+ | `bin/pwn_*` | 52 files | Thin OptionParser wrappers over one plugin each |
23
+ | `PWN::Cron` | `lib/pwn/cron.rb` | Scheduled jobs → any of the above |
24
+
25
+ ## L2 — AI agent core (`lib/pwn/ai/agent/`)
26
+
27
+ | Module | Role |
28
+ |---|---|
29
+ | `Loop` | plan → dispatch tool_calls → observe → repeat until final answer |
30
+ | `Registry` | JSON-Schema function definitions grouped into 10 **toolsets** |
31
+ | `Dispatch` / `Result` | execute a tool, capture stdout/value/error/duration |
32
+ | `PromptBuilder` | inject MEMORY / SKILLS / LEARNING / EXTROSPECTION blocks |
33
+ | `Metrics` · `Learning` | **introspection** — how well am I doing? |
34
+ | `Extrospection` | **extrospection** — what does the world look like? |
35
+ | `Swarm` | multi-agent personas over a shared JSONL bus |
36
+
37
+ See [Agent Tool Registry](Agent-Tool-Registry.md) for every tool the LLM can call.
38
+
39
+ ## L3 — Capability namespaces (`lib/pwn/*`)
40
+
41
+ `Plugins` (66) · `SAST` (48) · `WWW` (21) · `AWS` (90) · `SDR` · `Blockchain` ·
42
+ `Bounty` · `Reports` · `FFI` · `Banner`. Each is a plain module of
43
+ `public_class_method def self.x(opts = {})` methods — callable identically from
44
+ the REPL, from `pwn_eval`, or from a driver.
45
+
46
+ ## L4 — Persistence (`~/.pwn/`)
47
+
48
+ Everything the framework remembers between processes lives in one directory:
49
+
50
+ ![~/.pwn map](diagrams/persistence-filesystem.svg)
51
+
52
+ See [Persistence](Persistence.md) for the byte-level layout of each file.
53
+
54
+ ## The feedback loop
55
+
56
+ The reason L2 exists is to close this loop on every turn:
57
+
58
+ ![Self-improvement loop](diagrams/pwn-ai-feedback-learning-loop.svg)
59
+
60
+ **Next:** [pwn REPL](pwn-REPL.md) · [pwn-ai Agent](pwn-ai-Agent.md)
61
+
62
+ [← Home](Home.md)
@@ -1,50 +1,75 @@
1
1
  # Installation
2
2
 
3
- Tested primarily on Debian-based Linux (including Kali) and macOS using RVM-managed Ruby.
3
+ PWN is tested on **Debian-based Linux** (Kali, Ubuntu) and **macOS**, using
4
+ Ruby via **RVM**.
4
5
 
5
- ## Quick Install (Recommended)
6
+ ## Quick install (recommended)
6
7
 
7
8
  ```bash
8
- $ cd /opt
9
- $ sudo git clone https://github.com/0dayInc/pwn
10
- $ cd /opt/pwn
11
- $ ./install.sh
12
- $ ./install.sh ruby-gem
13
- $ pwn
14
- pwn[v0.5.613]:001 >>> PWN.help
9
+ cd /opt
10
+ sudo git clone https://github.com/0dayinc/pwn
11
+ cd /opt/pwn
12
+ ./install.sh # system deps (nmap, chromium, graphviz, …)
13
+ ./install.sh ruby-gem # rvm gemset + bundle install + rake install
14
+ pwn # launch the REPL
15
15
  ```
16
16
 
17
- ## Video Guide
18
-
19
- [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
17
+ ```text
18
+ pwn[v0.5.616]:001 >>> PWN.help
19
+ ```
20
20
 
21
- ## Ruby Gem Updates
21
+ ## Gem-only install
22
22
 
23
23
  ```bash
24
- $ rvm use ruby-4.0.5@pwn
25
- $ gem uninstall --all --executables pwn
26
- $ gem install --verbose pwn
24
+ rvm install ruby-4.0.5
25
+ rvm use ruby-4.0.5@pwn --create
26
+ gem install --verbose pwn
27
+ pwn
27
28
  ```
28
29
 
29
- For multi-user RVM use `rvmsudo` instead of `sudo` on gem commands.
30
+ ## Upgrading
30
31
 
31
- ## Upgrade Path (Ruby + PWN)
32
+ ```bash
33
+ rvm use ruby-4.0.5@pwn
34
+ gem uninstall --all --executables pwn
35
+ gem install --verbose pwn
36
+ ```
32
37
 
33
- Use the vagrant provisioner or:
38
+ or from a checkout:
34
39
 
35
40
  ```bash
36
- $ /opt/pwn/vagrant/provisioners/pwn.sh
41
+ cd /opt/pwn && git pull && rvmsudo rake install
37
42
  ```
38
43
 
39
- This rebuilds the gemset when `.ruby-version` advances.
44
+ ## First-run configuration
45
+
46
+ `pwn` creates `~/.pwn/` on first launch. Add at least one LLM engine to
47
+ `~/.pwn/config.yml` to enable `pwn-ai` — see [Configuration](Configuration.md).
40
48
 
41
- ## Requirements
49
+ ## Optional external tools
42
50
 
43
- - Ruby (via RVM recommended)
44
- - Git
45
- - Build tools (for native extensions)
46
- - Optional: Burp Suite Pro, Metasploit, etc. for full plugin capability
51
+ PWN wraps these when present on `$PATH`; none are hard requirements:
52
+
53
+ | Tool | Used by |
54
+ |---|---|
55
+ | `nmap` | `PWN::Plugins::NmapIt` |
56
+ | Burp Suite Pro (+ REST API) | `PWN::Plugins::BurpSuite` |
57
+ | `msfconsole` / msfrpcd | `PWN::Plugins::Metasploit` |
58
+ | `chromium` / `google-chrome` | `PWN::Plugins::TransparentBrowser` |
59
+ | `zaproxy` | `PWN::Plugins::Zaproxy` (fallback) |
60
+ | `gqrx` | `PWN::SDR::GQRX` |
61
+ | `adb` | `PWN::Plugins::Android` |
62
+ | `graphviz` (`dot`) | rebuilding these diagrams |
63
+ | `tor` | `PWN::Plugins::Tor` |
64
+
65
+ ## Verify
66
+
67
+ ```ruby
68
+ pwn[v0.5.616]:001 >>> PWN::Plugins.constants.count # => 66
69
+ pwn[v0.5.616]:002 >>> PWN::SAST.constants.count # => 48
70
+ pwn[v0.5.616]:003 >>> pwn-ai # launches agent TUI
71
+ ```
47
72
 
48
- See the root [README.md](../README.md) and `install.sh` for latest details.
73
+ **Next:** [Configuration](Configuration.md) · [General Usage](General-PWN-Usage.md)
49
74
 
50
- [[Diagrams]]
75
+ [← Home](Home.md)
@@ -1,34 +1,53 @@
1
1
  # What is PWN
2
2
 
3
- PWN (pronounced /pōn/ or "pone") is a powerful open-source **offensive cybersecurity automation framework** and **continuous security integration platform**.
4
-
5
- ## Core Purpose
6
-
7
- - Rapidly discover zero-days
8
- - Automate exploitation and post-exploitation
9
- - Perform advanced web application penetration testing
10
- - Conduct source code analysis (SAST)
11
- - Orchestrate infrastructure reconnaissance at scale
12
- - Execute AI-augmented autonomous security operations
13
-
14
- ## Architecture Highlights
15
-
16
- PWN provides over 60 production-grade plugins, full LLM integration with tool-calling agents, persistent memory, reusable skills, session/cron management, and a highly interactive REPL (Pry-powered) for prototyping and driving complex security workflows.
17
-
18
- All core automation primitives are open to promote trust, peer review, and collaborative innovation in adversarial security.
19
-
20
- ## Key Components
21
-
22
- - `PWN::Plugins::*` 66+ specialized modules
23
- - `PWN::AI::*` Multi-LLM clients + autonomous agent
24
- - `PWN::SAST` Static analysis & test case generation
25
- - `PWN::Reports` — Automated reporting
26
- - `PWN::Memory`, `Sessions`, `Cron`, `Skills`, `Config`
27
- - `PWN::Driver` — Custom automation packages
28
-
29
- See:
30
- - [How PWN Works](How-PWN-Works.md)
31
- - [Plugins](Plugins.md)
32
- - [pwn-ai Agent](pwn-ai-Agent.md)
33
-
34
- [[Diagrams]]
3
+ **PWN** (pronounced /pōn/ "pone") is an open-source **offensive-security
4
+ automation framework** and **continuous-security-integration** platform,
5
+ distributed as a Ruby gem.
6
+
7
+ It gives security researchers, red teamers, bug-bounty hunters and DevSecOps
8
+ engineers a single, scriptable surface over the entire offensive toolchain —
9
+ from OSINT and network discovery, through web/cloud/hardware/radio
10
+ exploitation, to reporting and disclosure — and puts a **self-improving,
11
+ tool-calling AI agent** on top of it.
12
+
13
+ ## In numbers
14
+
15
+ | Namespace | Count | What it is |
16
+ |---|---|---|
17
+ | `PWN::Plugins::*` | **66** | Wrappers for external + native tooling (Burp, Nmap, Metasploit, Shodan, browsers, serial, …) |
18
+ | `PWN::SAST::*` | **48** | Static-analysis rules across C/Java/Go/Python/Ruby/Scala/PHP/TS |
19
+ | `PWN::AWS::*` | **90** | One module per AWS service for cloud enumeration |
20
+ | `PWN::WWW::*` | **21** | Site-specific browser automations (HackerOne, BugCrowd, Google, LinkedIn, …) |
21
+ | `PWN::SDR::*` | **6** | GQRX, FlipperZero, RFIDler, SonMicro, decoders, band tables |
22
+ | `PWN::AI::*` | **5** engines | OpenAI, Anthropic, Grok (OAuth device-flow), Gemini, Ollama |
23
+ | `bin/pwn_*` | **52** | Headless CLI drivers for CI/CD |
24
+ | Agent toolsets | **10** | terminal · pwn · memory · skills · sessions · learning · metrics · extrospection · cron · swarm |
25
+
26
+ ## The three ways to use it
27
+
28
+ 1. **`pwn` REPL** — a Pry shell with the whole `PWN::` namespace pre-loaded.
29
+ Prototype an attack chain interactively, one method call at a time.
30
+ 2. **`pwn-ai`** a natural-language TUI (or `pwn --ai "…"` one-shot) where an
31
+ LLM plans and executes those same method calls for you, records what
32
+ worked, and gets better at it.
33
+ 3. **`bin/pwn_*` drivers** — thin CLIs over the plugins, for cron and CI/CD.
34
+
35
+ ## What makes it different
36
+
37
+ - **Everything is Ruby, everything is a method.** No YAML DSLs, no plugins-in-a-
38
+ black-box. If you can call it in the REPL, the AI agent can call it, a driver
39
+ can call it, and a cron job can call it.
40
+ - **Closed self-improvement loop.** Metrics + Learning (introspection) and
41
+ Snapshot + Drift + Intel (extrospection) feed `extro_correlate`, which tells
42
+ the agent whether a failure was *its* fault or *the world* changed — and
43
+ writes the lesson back into the prompt for next time.
44
+ - **Native multi-agent.** `PWN::AI::Agent::Swarm` runs personas (each a full
45
+ tool-calling agent, optionally on a *different* LLM engine) that debate,
46
+ broadcast and share an append-only bus — no IRC daemon, no external service.
47
+
48
+ ![Overall Architecture](diagrams/overall-pwn-architecture.svg)
49
+
50
+ **Next:** [Why PWN](Why-PWN.md) · [How PWN Works](How-PWN-Works.md) ·
51
+ [Installation](Installation.md)
52
+
53
+ [← Home](Home.md)
@@ -1,18 +1,48 @@
1
1
  # Why PWN
2
2
 
3
- In cybersecurity, proprietary black-box tools dominate. Threats evolve daily. An **open framework** for core security primitives, vulnerability research, exploitation techniques, and intelligent automation is essential.
3
+ ## The problem
4
4
 
5
- ## Key Benefits
5
+ Offensive security is a **toolchain problem**. A single engagement touches
6
+ `nmap`, `burp`, `msfconsole`, a headless browser, `adb`, `gqrx`, three cloud
7
+ consoles, a fuzzer, `radare2`, a spreadsheet of findings, and a bug-bounty
8
+ submission form. Each tool has its own config, its own output format, and its
9
+ own idea of what a "target" is. Gluing them together is 80 % of the job — and
10
+ that glue is rewritten, badly, on every engagement.
6
11
 
7
- - **Transparency & Auditability**: Foundational modules remain open.
8
- - **Extensibility**: Seamless bridges to commercial tools (Burp Suite Professional [preferred], Metasploit, Nmap, Nessus, ZAP, etc.).
9
- - **Collaboration**: Accelerates zero-day discovery and reliable exploit development.
10
- - **Continuous Security**: Integrates into CI/CD pipelines.
11
- - **Reusable Intelligence**: AI skills, persistent memory, learning loops.
12
- - **Accessibility**: Advanced red team / vuln research capabilities available to all.
12
+ Meanwhile, LLM agents are extraordinary at *planning* attack chains but have no
13
+ reliable, auditable way to *execute* them against a real host.
13
14
 
14
- PWN stands on the shoulders of security giants while keeping the core open and auditable.
15
+ ## The design bet
15
16
 
16
- See [How PWN Works](How-PWN-Works.md) for architecture.
17
+ PWN bets that the right abstraction is **plain Ruby methods with a uniform
18
+ `opts = {}` signature**, exposed simultaneously to:
17
19
 
18
- [[Diagrams]]
20
+ - a human in a REPL,
21
+ - an LLM in a tool-calling loop,
22
+ - a shell script in CI,
23
+ - a cron job at 3 am.
24
+
25
+ Because every capability is a method, the same line of code works in all four
26
+ contexts. Because every method is open-source Ruby, it's auditable — critical
27
+ when the caller is an autonomous agent.
28
+
29
+ ## Why open primitives matter
30
+
31
+ | Closed / black-box | PWN |
32
+ |---|---|
33
+ | "Trust our scanner" | `cat lib/pwn/sast/sql.rb` — read the regex yourself |
34
+ | Per-seat licence for the glue | MIT-licensed glue; bring your own Burp Pro / Nessus key |
35
+ | Agent output is a PDF | Agent output is a `PWN::Reports` object *and* a distilled skill *and* a memory entry |
36
+ | One vendor's model | Five interchangeable engines; swarm can pit them against each other |
37
+
38
+ ## Why the self-improvement loop matters
39
+
40
+ A pentest framework that doesn't learn repeats the same dead-end scans forever.
41
+ PWN records **per-tool success rate**, **per-task outcome**, **host drift**,
42
+ and **external CVE intel**, then correlates them so tomorrow's run starts where
43
+ today's finished. See [Skills, Memory & Learning](Skills-Memory-Learning.md)
44
+ and [Extrospection](Extrospection.md).
45
+
46
+ **Next:** [How PWN Works](How-PWN-Works.md)
47
+
48
+ [← Home](Home.md)