pwn 0.5.615 → 0.5.617
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +24 -10
- data/bin/pwn +47 -2
- data/bin/pwn_gqrx_scanner +75 -18
- data/documentation/Diagrams.md +123 -40
- data/documentation/General-PWN-Usage.md +50 -30
- data/documentation/Home.md +78 -51
- data/documentation/How-PWN-Works.md +59 -57
- data/documentation/Installation.md +53 -28
- data/documentation/What-is-PWN.md +51 -32
- data/documentation/Why-PWN.md +41 -11
- data/documentation/diagrams/ai-integration-tool-calling.svg +141 -103
- data/documentation/diagrams/build.sh +20 -0
- data/documentation/diagrams/burp-vs-zap-preference.svg +47 -62
- data/documentation/diagrams/code-scanning-sast.svg +139 -79
- data/documentation/diagrams/dot/_THEME.md +27 -0
- data/documentation/diagrams/dot/agent-tool-registry.dot +59 -0
- data/documentation/diagrams/dot/ai-integration-tool-calling.dot +47 -20
- data/documentation/diagrams/dot/aws-cloud-security.dot +48 -0
- data/documentation/diagrams/dot/burp-vs-zap-preference.dot +23 -12
- data/documentation/diagrams/dot/code-scanning-sast.dot +46 -18
- data/documentation/diagrams/dot/cron-scheduling.dot +40 -0
- data/documentation/diagrams/dot/driver-framework.dot +36 -14
- data/documentation/diagrams/dot/extrospection-world-awareness.dot +55 -0
- data/documentation/diagrams/dot/fuzzing-workflow.dot +44 -24
- data/documentation/diagrams/dot/history-to-drivers.dot +31 -17
- data/documentation/diagrams/dot/memory-skills-detailed.dot +57 -25
- data/documentation/diagrams/dot/network-infra-testing.dot +51 -19
- data/documentation/diagrams/dot/overall-pwn-architecture.dot +110 -44
- data/documentation/diagrams/dot/penetration-testing-workflow.dot +56 -25
- data/documentation/diagrams/dot/plugin-ecosystem.dot +41 -27
- data/documentation/diagrams/dot/pwn-ai-feedback-learning-loop.dot +87 -46
- data/documentation/diagrams/dot/pwn-repl-prototyping.dot +49 -30
- data/documentation/diagrams/dot/reporting-pipeline.dot +43 -14
- data/documentation/diagrams/dot/reverse-engineering-flow.dot +40 -18
- data/documentation/diagrams/dot/sdr-radio-flow.dot +45 -0
- data/documentation/diagrams/dot/sessions-cron-automation.dot +41 -14
- data/documentation/diagrams/dot/swarm-multi-agent.dot +70 -0
- data/documentation/diagrams/dot/web-application-testing.dot +45 -23
- data/documentation/diagrams/dot/zero-day-research-flow.dot +46 -24
- data/documentation/diagrams/driver-framework.svg +87 -66
- data/documentation/diagrams/fuzzing-workflow.svg +128 -115
- data/documentation/diagrams/history-to-drivers.svg +84 -82
- data/documentation/diagrams/memory-skills-detailed.svg +167 -119
- data/documentation/diagrams/network-infra-testing.svg +146 -84
- data/documentation/diagrams/overall-pwn-architecture.svg +356 -185
- data/documentation/diagrams/penetration-testing-workflow.svg +161 -108
- data/documentation/diagrams/plugin-ecosystem.svg +225 -121
- data/documentation/diagrams/pwn-ai-feedback-learning-loop.svg +257 -185
- data/documentation/diagrams/pwn-repl-prototyping.svg +126 -137
- data/documentation/diagrams/reporting-pipeline.svg +128 -68
- data/documentation/diagrams/reverse-engineering-flow.svg +100 -80
- data/documentation/diagrams/sessions-cron-automation.svg +112 -68
- data/documentation/diagrams/web-application-testing.svg +136 -100
- data/documentation/diagrams/zero-day-research-flow.svg +116 -112
- data/git_commit.sh +1 -1
- data/lib/pwn/ai/agent/assembly.rb +1 -1
- data/lib/pwn/ai/agent/btc.rb +1 -1
- data/lib/pwn/ai/agent/burp_suite.rb +1 -1
- data/lib/pwn/ai/agent/extrospection.rb +618 -0
- data/lib/pwn/ai/agent/gqrx.rb +2 -2
- data/lib/pwn/ai/agent/hacker_one.rb +1 -1
- data/lib/pwn/ai/agent/introspection.rb +91 -0
- data/lib/pwn/ai/agent/learning.rb +6 -4
- data/lib/pwn/ai/agent/loop.rb +15 -0
- data/lib/pwn/ai/agent/prompt_builder.rb +10 -1
- data/lib/pwn/ai/agent/sast.rb +1 -1
- data/lib/pwn/ai/agent/swarm.rb +437 -0
- data/lib/pwn/ai/agent/tools/cron.rb +163 -0
- data/lib/pwn/ai/agent/tools/extrospection.rb +280 -0
- data/lib/pwn/ai/agent/tools/learning.rb +108 -0
- data/lib/pwn/ai/agent/tools/memory.rb +27 -0
- data/lib/pwn/ai/agent/tools/metrics.rb +61 -0
- data/lib/pwn/ai/agent/tools/sessions.rb +139 -0
- data/lib/pwn/ai/agent/tools/skills.rb +30 -0
- data/lib/pwn/ai/agent/tools/swarm.rb +229 -0
- data/lib/pwn/ai/agent/transparent_browser.rb +1 -1
- data/lib/pwn/ai/agent/vuln_gen.rb +2 -2
- data/lib/pwn/ai/agent.rb +3 -0
- data/lib/pwn/ai/anthropic.rb +19 -4
- data/lib/pwn/ai.rb +0 -1
- data/lib/pwn/config.rb +10 -23
- data/lib/pwn/cron.rb +16 -7
- data/lib/pwn/plugins/repl.rb +90 -281
- data/lib/pwn/sdr/decoder/base.rb +251 -0
- data/lib/pwn/sdr/decoder/gsm.rb +84 -185
- data/lib/pwn/sdr/decoder/pocsag.rb +62 -217
- data/lib/pwn/sdr/decoder.rb +1 -0
- data/lib/pwn/sdr/gqrx.rb +446 -65
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/ai/agent/extrospection_spec.rb +15 -0
- data/spec/lib/pwn/ai/agent/introspection_spec.rb +15 -0
- data/spec/lib/pwn/ai/agent/swarm_spec.rb +34 -0
- data/spec/lib/pwn/ai/agent/tools/cron_spec.rb +40 -0
- data/spec/lib/pwn/ai/agent/tools/extrospection_spec.rb +40 -0
- data/spec/lib/pwn/ai/agent/tools/metrics_spec.rb +20 -0
- data/spec/lib/pwn/ai/agent/tools/sessions_spec.rb +35 -0
- data/spec/lib/pwn/ai/agent/tools/swarm_spec.rb +17 -0
- data/spec/lib/pwn/{ai/introspection_spec.rb → sdr/decoder/base_spec.rb} +3 -3
- data/third_party/pwn_rdoc.jsonl +178 -33
- metadata +27 -3
- data/lib/pwn/ai/introspection.rb +0 -76
data/documentation/Home.md
CHANGED
|
@@ -1,51 +1,78 @@
|
|
|
1
|
-
# PWN
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
**
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
-
|
|
18
|
-
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
1
|
+
# PWN Documentation
|
|
2
|
+
|
|
3
|
+
> **PWN** (/pōn/) — an open-source offensive-security automation framework and
|
|
4
|
+
> continuous-security-integration platform written in Ruby.
|
|
5
|
+
> 66 plugins · 48 SAST rules · 90 AWS wrappers · 21 WWW drivers · 52 CLI
|
|
6
|
+
> drivers · 5 LLM engines · a self-improving multi-agent AI · one REPL.
|
|
7
|
+
|
|
8
|
+
**Repo root:** `/opt/pwn` · **This wiki:** `/opt/pwn/documentation/` ·
|
|
9
|
+
**Rebuild diagrams:** `documentation/diagrams/build.sh`
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## 🗺️ Start Here
|
|
14
|
+
|
|
15
|
+
| | |
|
|
16
|
+
|---|---|
|
|
17
|
+
| [What is PWN](What-is-PWN.md) | One-paragraph elevator pitch |
|
|
18
|
+
| [Why PWN](Why-PWN.md) | Design philosophy — why another framework |
|
|
19
|
+
| [How PWN Works](How-PWN-Works.md) | The five layers, with the architecture diagram |
|
|
20
|
+
| [Installation](Installation.md) | RVM, gem, `./install.sh`, first launch |
|
|
21
|
+
| [General Usage](General-PWN-Usage.md) | Day-one cheat sheet |
|
|
22
|
+
| [Configuration](Configuration.md) | `~/.pwn/config.yml` — engines, keys, agent options |
|
|
23
|
+
| **[All Data-Flow Diagrams](Diagrams.md)** | **26 SVGs** in one scrollable page |
|
|
24
|
+
|
|
25
|
+
## 🚪 Entry Points
|
|
26
|
+
|
|
27
|
+
| | |
|
|
28
|
+
|---|---|
|
|
29
|
+
| [The `pwn` REPL](pwn-REPL.md) | Pry shell with the whole `PWN::` namespace pre-loaded |
|
|
30
|
+
| [`pwn-ai` Autonomous Agent](pwn-ai-Agent.md) | Natural-language TUI + `pwn --ai PROMPT` one-shot |
|
|
31
|
+
| [CLI Drivers `bin/pwn_*`](CLI-Drivers.md) | 52 headless executables for CI/CD |
|
|
32
|
+
| [Drivers (build your own)](Drivers.md) | Turn a REPL session into a shipped binary |
|
|
33
|
+
|
|
34
|
+
## 🤖 AI Subsystem (`PWN::AI`)
|
|
35
|
+
|
|
36
|
+
| | |
|
|
37
|
+
|---|---|
|
|
38
|
+
| [AI / LLM Integration](AI-Integration.md) | OpenAI · Anthropic · Grok (OAuth) · Gemini · Ollama |
|
|
39
|
+
| [Agent Tool Registry](Agent-Tool-Registry.md) | 10 toolsets · 45+ LLM-callable tools |
|
|
40
|
+
| [Memory · Skills · Learning](Skills-Memory-Learning.md) | Introspection — the self-improvement loop |
|
|
41
|
+
| [Extrospection](Extrospection.md) | World-awareness — snapshot · drift · intel · correlate |
|
|
42
|
+
| [Swarm (Multi-Agent)](Swarm.md) | Personas · ask · debate · broadcast · shared bus |
|
|
43
|
+
| [Sessions](Sessions.md) | Transcript persistence + reflection |
|
|
44
|
+
| [Cron](Cron.md) | Scheduled autonomous jobs |
|
|
45
|
+
|
|
46
|
+
## 🧩 Capability Namespaces (`lib/pwn/*`)
|
|
47
|
+
|
|
48
|
+
| | |
|
|
49
|
+
|---|---|
|
|
50
|
+
| [Plugins (66)](Plugins.md) | Every `PWN::Plugins::*` module by category |
|
|
51
|
+
| ↳ [BurpSuite](BurpSuite.md) ⭐ | Preferred web proxy / scanner |
|
|
52
|
+
| ↳ [TransparentBrowser](Transparent-Browser.md) | Headless / visible browser automation |
|
|
53
|
+
| ↳ [NmapIt](NmapIt.md) | Network discovery |
|
|
54
|
+
| ↳ [Metasploit](Metasploit.md) | RPC exploitation |
|
|
55
|
+
| ↳ [Fuzzing](Fuzzing.md) | `Fuzz` · `Sock` · `Packet` |
|
|
56
|
+
| ↳ [Hardware](Hardware.md) | Serial · BusPirate · MSR206 · Android · BareSIP |
|
|
57
|
+
| [SAST (48 rules)](SAST.md) | Static analysis + test-case engine |
|
|
58
|
+
| [WWW (21 drivers)](WWW.md) | Browser automations for real sites |
|
|
59
|
+
| [AWS (90 services)](AWS.md) | Cloud-security enumeration |
|
|
60
|
+
| [SDR](SDR.md) | GQRX · FlipperZero · RFIDler · SonMicro |
|
|
61
|
+
| [Blockchain](Blockchain.md) | BTC · ETH helpers |
|
|
62
|
+
| [Bounty](Bounty.md) | Lifecycle / auth-replay tooling |
|
|
63
|
+
| [Reports](Reporting.md) | HTML/JSON output + DefectDojo/Jira |
|
|
64
|
+
| [FFI](FFI.md) | Native calls |
|
|
65
|
+
| [Banner](Banner.md) | 15 startup banners |
|
|
66
|
+
|
|
67
|
+
## 🛠️ Meta
|
|
68
|
+
|
|
69
|
+
| | |
|
|
70
|
+
|---|---|
|
|
71
|
+
| [`~/.pwn/` Filesystem Map](Persistence.md) | Every file PWN writes and why |
|
|
72
|
+
| [Troubleshooting](Troubleshooting.md) | Common errors and fixes |
|
|
73
|
+
| [Contributing](Contributing.md) | Conventions, RuboCop, spec rules |
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
<sub>Generated by pwn-ai. Edit any `.md` directly; edit any diagram in
|
|
78
|
+
`documentation/diagrams/dot/*.dot` then run `./build.sh`.</sub>
|
|
@@ -1,60 +1,62 @@
|
|
|
1
1
|
# How PWN Works
|
|
2
2
|
|
|
3
|
-
PWN is
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
See the full set of **[Data Flow Diagrams](Diagrams.md)** (18+ SVGs) for detailed visualization of data flows, including:
|
|
8
|
-
|
|
9
|
-

|
|
10
|
-
|
|
11
|
-
- [PWN-AI Feedback Learning Loop](diagrams/pwn-ai-feedback-learning-loop.svg) — the core self-improving closed loop
|
|
12
|
-
- [REPL Prototyping](diagrams/pwn-repl-prototyping.svg)
|
|
13
|
-
- [History → Drivers & Skills](diagrams/history-to-drivers.svg)
|
|
14
|
-
- [AI Tool Calling Integration](diagrams/ai-integration-tool-calling.svg)
|
|
15
|
-
- [Plugin Ecosystem](diagrams/plugin-ecosystem.svg)
|
|
16
|
-
- And many more specific workflows (Pen Testing, Web, Fuzzing, SAST, RE, etc.)
|
|
17
|
-
|
|
18
|
-
## Namespace Overview
|
|
19
|
-
|
|
20
|
-
| Namespace | Description |
|
|
21
|
-
|--------------------|-------------|
|
|
22
|
-
| `PWN::Plugins::*` | 67+ specialized modules (see [Plugins](Plugins.md)) |
|
|
23
|
-
| `PWN::AI::*` | Multi-provider LLM clients + autonomous `PWN::AI::Agent` |
|
|
24
|
-
| `PWN::SAST` | Static application security testing + test case generation |
|
|
25
|
-
| `PWN::Reports` | Automated reporting from scans, agents, findings |
|
|
26
|
-
| `PWN::Memory` | Persistent facts across sessions |
|
|
27
|
-
| `PWN::Sessions` | Record / replay conversations and workflows |
|
|
28
|
-
| `PWN::Cron` | Scheduled autonomous tasks |
|
|
29
|
-
| `PWN::Skills` | Reusable markdown procedures (distilled from successful runs) |
|
|
30
|
-
| `PWN::Config` | Environment + credential management |
|
|
31
|
-
| `PWN::Driver` | Framework for custom security automation packages |
|
|
32
|
-
|
|
33
|
-
## Primary Interfaces
|
|
34
|
-
|
|
35
|
-
1. **pwn REPL** — Pry-powered interactive shell (launched via `pwn` command). Full `PWN` namespace pre-loaded.
|
|
36
|
-
2. **pwn-ai** — Autonomous AI agent TUI inside the REPL (highly recommended). Uses tool calling for `pwn_eval`, shell, skills, memory, etc.
|
|
37
|
-
3. **Custom Drivers** — See `/opt/pwn/bin/` examples and [Drivers](Drivers.md).
|
|
38
|
-
|
|
39
|
-
## LLM Tool Calling
|
|
40
|
-
|
|
41
|
-
The agent can:
|
|
42
|
-
- Execute any PWN plugin method directly
|
|
43
|
-
- Run shell commands
|
|
44
|
-
- Recall/remember facts
|
|
45
|
-
- Distill new skills from successful workflows
|
|
46
|
-
- Use multiple LLM providers (OpenAI, Anthropic, Gemini, Grok OAuth, Ollama, ...)
|
|
47
|
-
|
|
48
|
-
Example:
|
|
49
|
-
```
|
|
50
|
-
pwn-ai
|
|
51
|
-
> Use NmapIt to scan target.example.com, spider with TransparentBrowser, proxy via BurpSuite, run SAST if source available, then generate report.
|
|
52
|
-
```
|
|
53
|
-
|
|
54
|
-
See the Diagrams and:
|
|
55
|
-
- [pwn REPL](pwn-REPL.md)
|
|
56
|
-
- [pwn-ai Agent](pwn-ai-Agent.md)
|
|
57
|
-
- [Plugins](Plugins.md)
|
|
58
|
-
- [AI Integration](AI-Integration.md)
|
|
59
|
-
- [Skills, Memory & Learning](Skills-Memory-Learning.md)
|
|
3
|
+
PWN is five layers, each visible in the source tree. Edges only ever go
|
|
4
|
+
**down** one layer (or sideways within a layer), which is why the diagrams
|
|
5
|
+
below have no criss-crossing lines.
|
|
60
6
|
|
|
7
|
+

|
|
8
|
+
|
|
9
|
+
## L0 — Actors
|
|
10
|
+
|
|
11
|
+
Humans (`pwn` REPL, `pwn-ai` TUI), CI runners (`pwn --ai "…"`, `bin/pwn_*`),
|
|
12
|
+
LLM providers (over HTTPS), and targets (hosts, web apps, clouds, radios,
|
|
13
|
+
hardware).
|
|
14
|
+
|
|
15
|
+
## L1 — Entry points (`bin/`)
|
|
16
|
+
|
|
17
|
+
| Entry | File | Purpose |
|
|
18
|
+
|---|---|---|
|
|
19
|
+
| `pwn` REPL | `lib/pwn/plugins/repl.rb` | Pry with `PWN::` pre-loaded + custom commands |
|
|
20
|
+
| `pwn-ai` | `lib/pwn/ai/agent/loop.rb` | Agent TUI inside the REPL |
|
|
21
|
+
| `pwn --ai PROMPT` | `bin/pwn` | Headless one-shot agent (CI-friendly) |
|
|
22
|
+
| `bin/pwn_*` | 52 files | Thin OptionParser wrappers over one plugin each |
|
|
23
|
+
| `PWN::Cron` | `lib/pwn/cron.rb` | Scheduled jobs → any of the above |
|
|
24
|
+
|
|
25
|
+
## L2 — AI agent core (`lib/pwn/ai/agent/`)
|
|
26
|
+
|
|
27
|
+
| Module | Role |
|
|
28
|
+
|---|---|
|
|
29
|
+
| `Loop` | plan → dispatch tool_calls → observe → repeat until final answer |
|
|
30
|
+
| `Registry` | JSON-Schema function definitions grouped into 10 **toolsets** |
|
|
31
|
+
| `Dispatch` / `Result` | execute a tool, capture stdout/value/error/duration |
|
|
32
|
+
| `PromptBuilder` | inject MEMORY / SKILLS / LEARNING / EXTROSPECTION blocks |
|
|
33
|
+
| `Metrics` · `Learning` | **introspection** — how well am I doing? |
|
|
34
|
+
| `Extrospection` | **extrospection** — what does the world look like? |
|
|
35
|
+
| `Swarm` | multi-agent personas over a shared JSONL bus |
|
|
36
|
+
|
|
37
|
+
See [Agent Tool Registry](Agent-Tool-Registry.md) for every tool the LLM can call.
|
|
38
|
+
|
|
39
|
+
## L3 — Capability namespaces (`lib/pwn/*`)
|
|
40
|
+
|
|
41
|
+
`Plugins` (66) · `SAST` (48) · `WWW` (21) · `AWS` (90) · `SDR` · `Blockchain` ·
|
|
42
|
+
`Bounty` · `Reports` · `FFI` · `Banner`. Each is a plain module of
|
|
43
|
+
`public_class_method def self.x(opts = {})` methods — callable identically from
|
|
44
|
+
the REPL, from `pwn_eval`, or from a driver.
|
|
45
|
+
|
|
46
|
+
## L4 — Persistence (`~/.pwn/`)
|
|
47
|
+
|
|
48
|
+
Everything the framework remembers between processes lives in one directory:
|
|
49
|
+
|
|
50
|
+

|
|
51
|
+
|
|
52
|
+
See [Persistence](Persistence.md) for the byte-level layout of each file.
|
|
53
|
+
|
|
54
|
+
## The feedback loop
|
|
55
|
+
|
|
56
|
+
The reason L2 exists is to close this loop on every turn:
|
|
57
|
+
|
|
58
|
+

|
|
59
|
+
|
|
60
|
+
**Next:** [pwn REPL](pwn-REPL.md) · [pwn-ai Agent](pwn-ai-Agent.md)
|
|
61
|
+
|
|
62
|
+
[← Home](Home.md)
|
|
@@ -1,50 +1,75 @@
|
|
|
1
1
|
# Installation
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
PWN is tested on **Debian-based Linux** (Kali, Ubuntu) and **macOS**, using
|
|
4
|
+
Ruby via **RVM**.
|
|
4
5
|
|
|
5
|
-
## Quick
|
|
6
|
+
## Quick install (recommended)
|
|
6
7
|
|
|
7
8
|
```bash
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
pwn[v0.5.613]:001 >>> PWN.help
|
|
9
|
+
cd /opt
|
|
10
|
+
sudo git clone https://github.com/0dayinc/pwn
|
|
11
|
+
cd /opt/pwn
|
|
12
|
+
./install.sh # system deps (nmap, chromium, graphviz, …)
|
|
13
|
+
./install.sh ruby-gem # rvm gemset + bundle install + rake install
|
|
14
|
+
pwn # launch the REPL
|
|
15
15
|
```
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
17
|
+
```text
|
|
18
|
+
pwn[v0.5.616]:001 >>> PWN.help
|
|
19
|
+
```
|
|
20
20
|
|
|
21
|
-
##
|
|
21
|
+
## Gem-only install
|
|
22
22
|
|
|
23
23
|
```bash
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
24
|
+
rvm install ruby-4.0.5
|
|
25
|
+
rvm use ruby-4.0.5@pwn --create
|
|
26
|
+
gem install --verbose pwn
|
|
27
|
+
pwn
|
|
27
28
|
```
|
|
28
29
|
|
|
29
|
-
|
|
30
|
+
## Upgrading
|
|
30
31
|
|
|
31
|
-
|
|
32
|
+
```bash
|
|
33
|
+
rvm use ruby-4.0.5@pwn
|
|
34
|
+
gem uninstall --all --executables pwn
|
|
35
|
+
gem install --verbose pwn
|
|
36
|
+
```
|
|
32
37
|
|
|
33
|
-
|
|
38
|
+
or from a checkout:
|
|
34
39
|
|
|
35
40
|
```bash
|
|
36
|
-
|
|
41
|
+
cd /opt/pwn && git pull && rvmsudo rake install
|
|
37
42
|
```
|
|
38
43
|
|
|
39
|
-
|
|
44
|
+
## First-run configuration
|
|
45
|
+
|
|
46
|
+
`pwn` creates `~/.pwn/` on first launch. Add at least one LLM engine to
|
|
47
|
+
`~/.pwn/config.yml` to enable `pwn-ai` — see [Configuration](Configuration.md).
|
|
40
48
|
|
|
41
|
-
##
|
|
49
|
+
## Optional external tools
|
|
42
50
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
51
|
+
PWN wraps these when present on `$PATH`; none are hard requirements:
|
|
52
|
+
|
|
53
|
+
| Tool | Used by |
|
|
54
|
+
|---|---|
|
|
55
|
+
| `nmap` | `PWN::Plugins::NmapIt` |
|
|
56
|
+
| Burp Suite Pro (+ REST API) | `PWN::Plugins::BurpSuite` |
|
|
57
|
+
| `msfconsole` / msfrpcd | `PWN::Plugins::Metasploit` |
|
|
58
|
+
| `chromium` / `google-chrome` | `PWN::Plugins::TransparentBrowser` |
|
|
59
|
+
| `zaproxy` | `PWN::Plugins::Zaproxy` (fallback) |
|
|
60
|
+
| `gqrx` | `PWN::SDR::GQRX` |
|
|
61
|
+
| `adb` | `PWN::Plugins::Android` |
|
|
62
|
+
| `graphviz` (`dot`) | rebuilding these diagrams |
|
|
63
|
+
| `tor` | `PWN::Plugins::Tor` |
|
|
64
|
+
|
|
65
|
+
## Verify
|
|
66
|
+
|
|
67
|
+
```ruby
|
|
68
|
+
pwn[v0.5.616]:001 >>> PWN::Plugins.constants.count # => 66
|
|
69
|
+
pwn[v0.5.616]:002 >>> PWN::SAST.constants.count # => 48
|
|
70
|
+
pwn[v0.5.616]:003 >>> pwn-ai # launches agent TUI
|
|
71
|
+
```
|
|
47
72
|
|
|
48
|
-
|
|
73
|
+
**Next:** [Configuration](Configuration.md) · [General Usage](General-PWN-Usage.md)
|
|
49
74
|
|
|
50
|
-
[
|
|
75
|
+
[← Home](Home.md)
|
|
@@ -1,34 +1,53 @@
|
|
|
1
1
|
# What is PWN
|
|
2
2
|
|
|
3
|
-
PWN (pronounced /pōn/
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
3
|
+
**PWN** (pronounced /pōn/ — "pone") is an open-source **offensive-security
|
|
4
|
+
automation framework** and **continuous-security-integration** platform,
|
|
5
|
+
distributed as a Ruby gem.
|
|
6
|
+
|
|
7
|
+
It gives security researchers, red teamers, bug-bounty hunters and DevSecOps
|
|
8
|
+
engineers a single, scriptable surface over the entire offensive toolchain —
|
|
9
|
+
from OSINT and network discovery, through web/cloud/hardware/radio
|
|
10
|
+
exploitation, to reporting and disclosure — and puts a **self-improving,
|
|
11
|
+
tool-calling AI agent** on top of it.
|
|
12
|
+
|
|
13
|
+
## In numbers
|
|
14
|
+
|
|
15
|
+
| Namespace | Count | What it is |
|
|
16
|
+
|---|---|---|
|
|
17
|
+
| `PWN::Plugins::*` | **66** | Wrappers for external + native tooling (Burp, Nmap, Metasploit, Shodan, browsers, serial, …) |
|
|
18
|
+
| `PWN::SAST::*` | **48** | Static-analysis rules across C/Java/Go/Python/Ruby/Scala/PHP/TS |
|
|
19
|
+
| `PWN::AWS::*` | **90** | One module per AWS service for cloud enumeration |
|
|
20
|
+
| `PWN::WWW::*` | **21** | Site-specific browser automations (HackerOne, BugCrowd, Google, LinkedIn, …) |
|
|
21
|
+
| `PWN::SDR::*` | **6** | GQRX, FlipperZero, RFIDler, SonMicro, decoders, band tables |
|
|
22
|
+
| `PWN::AI::*` | **5** engines | OpenAI, Anthropic, Grok (OAuth device-flow), Gemini, Ollama |
|
|
23
|
+
| `bin/pwn_*` | **52** | Headless CLI drivers for CI/CD |
|
|
24
|
+
| Agent toolsets | **10** | terminal · pwn · memory · skills · sessions · learning · metrics · extrospection · cron · swarm |
|
|
25
|
+
|
|
26
|
+
## The three ways to use it
|
|
27
|
+
|
|
28
|
+
1. **`pwn` REPL** — a Pry shell with the whole `PWN::` namespace pre-loaded.
|
|
29
|
+
Prototype an attack chain interactively, one method call at a time.
|
|
30
|
+
2. **`pwn-ai`** — a natural-language TUI (or `pwn --ai "…"` one-shot) where an
|
|
31
|
+
LLM plans and executes those same method calls for you, records what
|
|
32
|
+
worked, and gets better at it.
|
|
33
|
+
3. **`bin/pwn_*` drivers** — thin CLIs over the plugins, for cron and CI/CD.
|
|
34
|
+
|
|
35
|
+
## What makes it different
|
|
36
|
+
|
|
37
|
+
- **Everything is Ruby, everything is a method.** No YAML DSLs, no plugins-in-a-
|
|
38
|
+
black-box. If you can call it in the REPL, the AI agent can call it, a driver
|
|
39
|
+
can call it, and a cron job can call it.
|
|
40
|
+
- **Closed self-improvement loop.** Metrics + Learning (introspection) and
|
|
41
|
+
Snapshot + Drift + Intel (extrospection) feed `extro_correlate`, which tells
|
|
42
|
+
the agent whether a failure was *its* fault or *the world* changed — and
|
|
43
|
+
writes the lesson back into the prompt for next time.
|
|
44
|
+
- **Native multi-agent.** `PWN::AI::Agent::Swarm` runs personas (each a full
|
|
45
|
+
tool-calling agent, optionally on a *different* LLM engine) that debate,
|
|
46
|
+
broadcast and share an append-only bus — no IRC daemon, no external service.
|
|
47
|
+
|
|
48
|
+

|
|
49
|
+
|
|
50
|
+
**Next:** [Why PWN](Why-PWN.md) · [How PWN Works](How-PWN-Works.md) ·
|
|
51
|
+
[Installation](Installation.md)
|
|
52
|
+
|
|
53
|
+
[← Home](Home.md)
|
data/documentation/Why-PWN.md
CHANGED
|
@@ -1,18 +1,48 @@
|
|
|
1
1
|
# Why PWN
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
## The problem
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Offensive security is a **toolchain problem**. A single engagement touches
|
|
6
|
+
`nmap`, `burp`, `msfconsole`, a headless browser, `adb`, `gqrx`, three cloud
|
|
7
|
+
consoles, a fuzzer, `radare2`, a spreadsheet of findings, and a bug-bounty
|
|
8
|
+
submission form. Each tool has its own config, its own output format, and its
|
|
9
|
+
own idea of what a "target" is. Gluing them together is 80 % of the job — and
|
|
10
|
+
that glue is rewritten, badly, on every engagement.
|
|
6
11
|
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
- **Collaboration**: Accelerates zero-day discovery and reliable exploit development.
|
|
10
|
-
- **Continuous Security**: Integrates into CI/CD pipelines.
|
|
11
|
-
- **Reusable Intelligence**: AI skills, persistent memory, learning loops.
|
|
12
|
-
- **Accessibility**: Advanced red team / vuln research capabilities available to all.
|
|
12
|
+
Meanwhile, LLM agents are extraordinary at *planning* attack chains but have no
|
|
13
|
+
reliable, auditable way to *execute* them against a real host.
|
|
13
14
|
|
|
14
|
-
|
|
15
|
+
## The design bet
|
|
15
16
|
|
|
16
|
-
|
|
17
|
+
PWN bets that the right abstraction is **plain Ruby methods with a uniform
|
|
18
|
+
`opts = {}` signature**, exposed simultaneously to:
|
|
17
19
|
|
|
18
|
-
|
|
20
|
+
- a human in a REPL,
|
|
21
|
+
- an LLM in a tool-calling loop,
|
|
22
|
+
- a shell script in CI,
|
|
23
|
+
- a cron job at 3 am.
|
|
24
|
+
|
|
25
|
+
Because every capability is a method, the same line of code works in all four
|
|
26
|
+
contexts. Because every method is open-source Ruby, it's auditable — critical
|
|
27
|
+
when the caller is an autonomous agent.
|
|
28
|
+
|
|
29
|
+
## Why open primitives matter
|
|
30
|
+
|
|
31
|
+
| Closed / black-box | PWN |
|
|
32
|
+
|---|---|
|
|
33
|
+
| "Trust our scanner" | `cat lib/pwn/sast/sql.rb` — read the regex yourself |
|
|
34
|
+
| Per-seat licence for the glue | MIT-licensed glue; bring your own Burp Pro / Nessus key |
|
|
35
|
+
| Agent output is a PDF | Agent output is a `PWN::Reports` object *and* a distilled skill *and* a memory entry |
|
|
36
|
+
| One vendor's model | Five interchangeable engines; swarm can pit them against each other |
|
|
37
|
+
|
|
38
|
+
## Why the self-improvement loop matters
|
|
39
|
+
|
|
40
|
+
A pentest framework that doesn't learn repeats the same dead-end scans forever.
|
|
41
|
+
PWN records **per-tool success rate**, **per-task outcome**, **host drift**,
|
|
42
|
+
and **external CVE intel**, then correlates them so tomorrow's run starts where
|
|
43
|
+
today's finished. See [Skills, Memory & Learning](Skills-Memory-Learning.md)
|
|
44
|
+
and [Extrospection](Extrospection.md).
|
|
45
|
+
|
|
46
|
+
**Next:** [How PWN Works](How-PWN-Works.md)
|
|
47
|
+
|
|
48
|
+
[← Home](Home.md)
|