pwn 0.5.617 → 0.5.618
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +95 -85
- data/README.md.bak +200 -0
- data/documentation/AI-Integration.md +42 -26
- data/documentation/AWS.md +57 -0
- data/documentation/Agent-Tool-Registry.md +56 -0
- data/documentation/Banner.md +17 -0
- data/documentation/Blockchain.md +18 -0
- data/documentation/Bounty.md +21 -0
- data/documentation/BurpSuite.md +41 -16
- data/documentation/CLI-Drivers.md +58 -0
- data/documentation/Configuration.md +66 -0
- data/documentation/Contributing.md +33 -19
- data/documentation/Cron.md +47 -0
- data/documentation/Drivers.md +43 -16
- data/documentation/Extrospection.md +54 -0
- data/documentation/FFI.md +14 -0
- data/documentation/Fuzzing.md +36 -0
- data/documentation/Hardware.md +40 -0
- data/documentation/Metasploit.md +34 -0
- data/documentation/NmapIt.md +18 -12
- data/documentation/PWN.png +0 -0
- data/documentation/PWN_Contributors_and_Users.png +0 -0
- data/documentation/Persistence.md +38 -0
- data/documentation/Plugins.md +97 -47
- data/documentation/Reporting.md +25 -18
- data/documentation/SAST.md +39 -22
- data/documentation/SDR.md +40 -0
- data/documentation/Sessions.md +39 -0
- data/documentation/Skills-Memory-Learning.md +49 -29
- data/documentation/Swarm.md +71 -0
- data/documentation/Transparent-Browser.md +26 -22
- data/documentation/Troubleshooting.md +44 -25
- data/documentation/WWW.md +32 -0
- data/documentation/diagrams/agent-tool-registry.svg +284 -0
- data/documentation/diagrams/aws-cloud-security.svg +166 -0
- data/documentation/diagrams/cron-scheduling.svg +148 -0
- data/documentation/diagrams/dot/hardware-hacking.dot +48 -0
- data/documentation/diagrams/dot/persistence-filesystem.dot +29 -0
- data/documentation/diagrams/extrospection-world-awareness.svg +185 -0
- data/documentation/diagrams/hardware-hacking.svg +163 -0
- data/documentation/diagrams/persistence-filesystem.svg +174 -0
- data/documentation/diagrams/sdr-radio-flow.svg +146 -0
- data/documentation/diagrams/swarm-multi-agent.svg +225 -0
- data/documentation/fax-spectrogram.png +0 -0
- data/documentation/fax-waveform.png +0 -0
- data/documentation/pwn-REPL.md +40 -24
- data/documentation/pwn-ai-Agent.md +59 -30
- data/documentation/pwn_android_war_dialer_session.png +0 -0
- data/documentation/pwn_install.png +0 -0
- data/documentation/pwn_wallpaper.jpg +0 -0
- data/documentation/ringing-spectrogram.png +0 -0
- data/documentation/ringing-waveform.png +0 -0
- data/lib/pwn/version.rb +1 -1
- data/third_party/pwn_rdoc.jsonl +22 -5
- metadata +39 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6d2c26dca00a6c45a763df37f813f0d789098ed87f8b7c5296dca5a7a72d4281
|
|
4
|
+
data.tar.gz: fc40bc082f3d549efd2cef1fbb11807a53b416caf2a8190769818f681cc600dd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0269c36ff988d1817214345cf77c347a8c1f22104ba822b6982aa4fe6318086e69793f42a5d563bb061ec543cf7a5bb99877649f7f1554c8d6a182ab281356a
|
|
7
|
+
data.tar.gz: 269676fd1f2dbd6f5f78c3e645d0d4675df08d681b7db21d49c7937fc121bd1b74dfbd4f82b1a049c9e6f4579ed7e2d697403f28c45312dffbc29b6557cbb16a
|
data/README.md
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
* [What is PWN](#what-is-pwn)
|
|
7
7
|
* [Why PWN](#why-pwn)
|
|
8
8
|
* [How PWN Works](#how-pwn-works)
|
|
9
|
-
- [
|
|
9
|
+
- [Documentation](#documentation)
|
|
10
10
|
- [Installation](#installation)
|
|
11
11
|
- [General Usage](#general-usage)
|
|
12
12
|
- [Call to Arms](#call-to-arms)
|
|
@@ -14,79 +14,84 @@
|
|
|
14
14
|
- [Keep Us Caffeinated](#keep-us-caffeinated)
|
|
15
15
|
- [0x004D65726368](#0x004d65726368)
|
|
16
16
|
|
|
17
|
+
---
|
|
18
|
+
|
|
17
19
|
### **Intro** ###
|
|
18
20
|
|
|
19
21
|
#### **What is PWN** ####
|
|
20
22
|
|
|
21
|
-
PWN (
|
|
23
|
+
PWN (pronounced /pōn/ — *pone*) is an open-source **offensive-security
|
|
24
|
+
automation framework** and **continuous-security-integration** platform.
|
|
25
|
+
It gives security researchers, red teamers, penetration testers and
|
|
26
|
+
vulnerability researchers a single, scriptable Ruby surface over the entire
|
|
27
|
+
offensive toolchain — from OSINT and network discovery, through web / cloud /
|
|
28
|
+
hardware / radio exploitation, to reporting and disclosure — and puts a
|
|
29
|
+
**self-improving, tool-calling, multi-agent AI** on top of it.
|
|
22
30
|
|
|
23
|
-
|
|
31
|
+
**In numbers:** 66 `PWN::Plugins` · 48 `PWN::SAST` rules · 90 `PWN::AWS`
|
|
32
|
+
service wrappers · 21 `PWN::WWW` site drivers · 52 `bin/pwn_*` CLI drivers ·
|
|
33
|
+
5 LLM engines · 10 agent toolsets · 45+ LLM-callable tools.
|
|
24
34
|
|
|
25
|
-
|
|
35
|
+
Full page: [What is PWN](documentation/What-is-PWN.md)
|
|
26
36
|
|
|
27
37
|
#### **Why PWN** ####
|
|
28
38
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
39
|
+
Offensive security is a *toolchain problem*. PWN's bet is that the right
|
|
40
|
+
abstraction is **plain Ruby methods with a uniform `opts = {}` signature**,
|
|
41
|
+
exposed simultaneously to a human in a REPL, an LLM in a tool-calling loop, a
|
|
42
|
+
shell script in CI, and a cron job at 3 am — all open-source and auditable,
|
|
43
|
+
which matters when the caller is autonomous.
|
|
32
44
|
|
|
33
|
-
|
|
45
|
+
Full page: [Why PWN](documentation/Why-PWN.md)
|
|
34
46
|
|
|
35
47
|
#### **How PWN Works** ####
|
|
36
48
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
The core of pwn-ai is a closed feedback loop for autonomous improvement:
|
|
49
|
+
Five layers, edges only ever go down:
|
|
40
50
|
|
|
41
|
-

|
|
42
52
|
|
|
43
|
-
|
|
53
|
+
The AI layer closes a **self-improvement loop** on every turn — Metrics +
|
|
54
|
+
Learning (introspection) joined with Snapshot + Drift + Intel (extrospection)
|
|
55
|
+
via `extro_correlate`, so the agent knows whether a failure was *its* fault or
|
|
56
|
+
*the world* changed:
|
|
44
57
|
|
|
58
|
+

|
|
45
59
|
|
|
46
|
-
|
|
60
|
+
And **Swarm** runs multiple personas — each a full tool-calling agent,
|
|
61
|
+
optionally on a *different* LLM engine — over a shared append-only bus:
|
|
47
62
|
|
|
48
|
-
|
|
49
|
-
- `PWN::AI::*` — Multi-provider LLM clients (OpenAI, Anthropic, Gemini, [Grok OAuth device flow](documentation/AI-Integration.md), Ollama) and autonomous `PWN::AI::Agent` with tool-calling harness (`pwn_eval` for full PWN namespace, shell execution, skills, memory recall/remember, learning loops).
|
|
50
|
-
- `PWN::SAST` — Static application security testing and test case generation. See [SAST Wiki](documentation/SAST.md).
|
|
51
|
-
- `PWN::Reports` — Automated reporting from scans, agents, and findings. See [Reporting](documentation/Reporting.md).
|
|
52
|
-
- `PWN::Memory / Sessions / Cron / Skills / Config` — Persistent facts, conversation sessions, scheduled autonomous tasks, reusable markdown skills (distillable from successful workflows), and environment management. See [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md).
|
|
53
|
-
- `PWN::Driver` — Framework for building custom security automation packages ("drivers"). See [Drivers](documentation/Drivers.md).
|
|
63
|
+

|
|
54
64
|
|
|
55
|
-
|
|
65
|
+
Full pages: [How PWN Works](documentation/How-PWN-Works.md) ·
|
|
66
|
+
[All 26 Data-Flow Diagrams](documentation/Diagrams.md)
|
|
56
67
|
|
|
57
|
-
|
|
58
|
-
- Activates an autonomous AI agent TUI with multi-line input support (use SHIFT+ENTER to insert newlines; ENTER submits the full prompt).
|
|
59
|
-
- Full awareness of PWN plugins, skills (`~/.pwn/skills`), memory, sessions, and cron.
|
|
60
|
-
- Leverages LLM tool-calling to execute PWN methods (e.g., `PWN::Plugins::BurpSuite`, `PWN::Plugins::NmapIt`, `PWN::Plugins::TransparentBrowser`, `PWN::SAST`, `PWN::Reports`), shell commands, and orchestrate end-to-end tasks.
|
|
61
|
-
- Supports self-improvement via `PWN::AI::Agent::Learning` / Metrics (records per-tool success/duration, distills skills from outcomes).
|
|
62
|
-
- Example instruction: "Use NmapIt to scan target.example.com for open ports, then TransparentBrowser to spider the web app, run SAST analysis if source is available, proxy via BurpSuite, and generate a vulnerability report with PWN::Reports."
|
|
63
|
-
- Additional REPL commands: `pwn-asm` (assembly prototyping with multiline), `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`, `welcome-banner`, etc.
|
|
64
|
-
- Easily prototype and roll out custom "drivers" (see `/opt/pwn/bin/` examples).
|
|
68
|
+
---
|
|
65
69
|
|
|
66
|
-
|
|
70
|
+
### **Documentation** ###
|
|
67
71
|
|
|
68
|
-
|
|
72
|
+
The complete wiki lives in this repo at **[`documentation/Home.md`](documentation/Home.md)**.
|
|
69
73
|
|
|
70
|
-
|
|
74
|
+
| Start Here | Entry Points | AI Subsystem | Capabilities |
|
|
75
|
+
|---|---|---|---|
|
|
76
|
+
| [What is PWN](documentation/What-is-PWN.md) | [`pwn` REPL](documentation/pwn-REPL.md) | [AI / LLM Integration](documentation/AI-Integration.md) | [Plugins (66)](documentation/Plugins.md) |
|
|
77
|
+
| [Why PWN](documentation/Why-PWN.md) | [`pwn-ai` Agent](documentation/pwn-ai-Agent.md) | [Agent Tool Registry](documentation/Agent-Tool-Registry.md) | [SAST (48)](documentation/SAST.md) |
|
|
78
|
+
| [How PWN Works](documentation/How-PWN-Works.md) | [CLI Drivers (52)](documentation/CLI-Drivers.md) | [Memory · Skills · Learning](documentation/Skills-Memory-Learning.md) | [AWS (90)](documentation/AWS.md) |
|
|
79
|
+
| [Installation](documentation/Installation.md) | [Build a Driver](documentation/Drivers.md) | [Extrospection](documentation/Extrospection.md) | [WWW (21)](documentation/WWW.md) |
|
|
80
|
+
| [General Usage](documentation/General-PWN-Usage.md) | | [Swarm (multi-agent)](documentation/Swarm.md) | [SDR / Radio](documentation/SDR.md) |
|
|
81
|
+
| [Configuration](documentation/Configuration.md) | | [Sessions](documentation/Sessions.md) · [Cron](documentation/Cron.md) | [Reports](documentation/Reporting.md) |
|
|
82
|
+
| [`~/.pwn/` Persistence](documentation/Persistence.md) | | | [BurpSuite](documentation/BurpSuite.md) · [NmapIt](documentation/NmapIt.md) |
|
|
83
|
+
| **[All Diagrams](documentation/Diagrams.md)** | | | [Metasploit](documentation/Metasploit.md) · [Fuzzing](documentation/Fuzzing.md) |
|
|
84
|
+
| [Troubleshooting](documentation/Troubleshooting.md) | | | [Hardware](documentation/Hardware.md) · [Blockchain](documentation/Blockchain.md) |
|
|
85
|
+
| [Contributing](documentation/Contributing.md) | | | [Bounty](documentation/Bounty.md) · [FFI](documentation/FFI.md) · [Banner](documentation/Banner.md) |
|
|
71
86
|
|
|
72
|
-
|
|
87
|
+
Rebuild every SVG from its Graphviz source:
|
|
88
|
+
`cd documentation/diagrams && ./build.sh`
|
|
73
89
|
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
- [Home](documentation/Home.md)
|
|
77
|
-
- [What is PWN](documentation/What-is-PWN.md)
|
|
78
|
-
- [Installation](documentation/Installation.md)
|
|
79
|
-
- [pwn-ai Agent](documentation/pwn-ai-Agent.md)
|
|
80
|
-
- [Plugins](documentation/Plugins.md)
|
|
81
|
-
- [AI Integration](documentation/AI-Integration.md)
|
|
82
|
-
- [Troubleshooting](documentation/Troubleshooting.md)
|
|
83
|
-
- ...and many more
|
|
84
|
-
|
|
85
|
-
Run `cat /opt/pwn/documentation/Home.md` or open in your editor for the complete local documentation.
|
|
90
|
+
---
|
|
86
91
|
|
|
87
92
|
### **Installation** ###
|
|
88
93
|
|
|
89
|
-
Tested on Debian-
|
|
94
|
+
Tested on Debian-based Linux & macOS, Ruby via RVM.
|
|
90
95
|
|
|
91
96
|
```
|
|
92
97
|
$ cd /opt
|
|
@@ -95,20 +100,23 @@ $ cd /opt/pwn
|
|
|
95
100
|
$ ./install.sh
|
|
96
101
|
$ ./install.sh ruby-gem
|
|
97
102
|
$ pwn
|
|
98
|
-
pwn[v0.5.
|
|
103
|
+
pwn[v0.5.616]:001 >>> PWN.help
|
|
99
104
|
```
|
|
100
105
|
|
|
101
106
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
102
107
|
|
|
103
|
-
|
|
108
|
+
Full page: [Installation](documentation/Installation.md) ·
|
|
109
|
+
[Configuration](documentation/Configuration.md)
|
|
104
110
|
|
|
105
|
-
|
|
111
|
+
---
|
|
106
112
|
|
|
107
|
-
|
|
113
|
+
### **General Usage** ###
|
|
108
114
|
|
|
109
|
-
|
|
115
|
+
[General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage) ·
|
|
116
|
+
local: [General PWN Usage](documentation/General-PWN-Usage.md)
|
|
110
117
|
|
|
111
|
-
|
|
118
|
+
Update PWN frequently — new plugins, agent tools, skills and zero-day tooling
|
|
119
|
+
land regularly:
|
|
112
120
|
|
|
113
121
|
```
|
|
114
122
|
$ rvm list gemsets
|
|
@@ -116,70 +124,72 @@ $ rvm use ruby-4.0.5@pwn
|
|
|
116
124
|
$ gem uninstall --all --executables pwn
|
|
117
125
|
$ gem install --verbose pwn
|
|
118
126
|
$ pwn
|
|
119
|
-
pwn[v0.5.
|
|
127
|
+
pwn[v0.5.616]:001 >>> PWN.help
|
|
120
128
|
```
|
|
121
129
|
|
|
122
|
-
If using a multi-user install
|
|
130
|
+
If using a multi-user RVM install:
|
|
123
131
|
|
|
124
132
|
```
|
|
125
|
-
$ rvm list gemsets
|
|
126
133
|
$ rvm use ruby-4.0.5@pwn
|
|
127
134
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
128
135
|
$ rvmsudo gem install --verbose pwn
|
|
129
|
-
$ pwn
|
|
130
|
-
pwn[v0.5.617]:001 >>> PWN.help
|
|
131
136
|
```
|
|
132
137
|
|
|
133
|
-
**Inside the pwn REPL
|
|
134
|
-
- Full access to every PWN
|
|
135
|
-
- `
|
|
136
|
-
- `pwn-ai`
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
[*] pwn-ai agent TUI activated...
|
|
141
|
-
> Perform active scan of https://target.example.com using preferred tooling, then analyze findings with PWN modules and produce a report.
|
|
142
|
-
```
|
|
143
|
-
- Other REPL helpers: `pwn-asm`, memory/session/cron management commands, etc.
|
|
144
|
-
- Exit AI mode with `back`; use full Ruby/PWN expressions at any time.
|
|
145
|
-
|
|
146
|
-
**Headless / CI-CD one-shot (`pwn --ai`):**
|
|
147
|
-
Skip the TUI entirely and submit a single pwn-ai request from the shell — ideal for quick lookups, scripting, or CI/CD pipelines. The final answer is written to STDOUT (pipeable); live tool-call activity streams to STDERR.
|
|
138
|
+
**Inside the `pwn` REPL:**
|
|
139
|
+
- Full access to every `PWN::` module.
|
|
140
|
+
- `pwn-ai` — launch the autonomous agent TUI (SHIFT+ENTER newline, ENTER submit).
|
|
141
|
+
- `pwn-asm`, `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`.
|
|
142
|
+
|
|
143
|
+
**Headless / CI one-shot (`pwn --ai`):**
|
|
144
|
+
|
|
148
145
|
```
|
|
149
146
|
$ pwn --ai 'What ports are listening on this host?'
|
|
150
147
|
$ echo "$LONG_PROMPT" | pwn --ai -
|
|
151
148
|
$ pwn -Y ./ci/pwn.yaml --ai 'Run pwn_sast against ./src and summarise HIGH findings' > findings.txt
|
|
152
149
|
```
|
|
153
150
|
|
|
154
|
-
PWN periodically upgrades to the latest
|
|
151
|
+
PWN periodically upgrades to the latest Ruby (`/opt/pwn/.ruby-version`).
|
|
152
|
+
Easiest upgrade of Ruby + pwn from a previous install:
|
|
155
153
|
|
|
156
154
|
```
|
|
157
155
|
$ /opt/pwn/vagrant/provisioners/pwn.sh
|
|
158
156
|
```
|
|
159
157
|
|
|
160
|
-
|
|
158
|
+
---
|
|
161
159
|
|
|
162
160
|
### **Call to Arms** ###
|
|
163
161
|
|
|
164
|
-
Contributions that expand PWN's offensive capabilities are welcome. If you can
|
|
162
|
+
Contributions that expand PWN's offensive capabilities are welcome. If you can
|
|
163
|
+
provide access to additional commercial LLMs, security scanners, or bounty
|
|
164
|
+
platforms — or wish to contribute plugins, AI skills, or exploit modules —
|
|
165
|
+
please [email us](mailto:support@0dayinc.com). See
|
|
166
|
+
[CONTRIBUTING.md](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md)
|
|
167
|
+
and the local [Contributing](documentation/Contributing.md) page.
|
|
165
168
|
|
|
166
|
-
|
|
169
|
+
---
|
|
167
170
|
|
|
168
171
|
### **Module Documentation** ###
|
|
169
172
|
|
|
170
|
-
**Primary
|
|
173
|
+
**Primary:** [`documentation/Home.md`](documentation/Home.md) — the full local
|
|
174
|
+
wiki with 30+ pages and 26 SVG data-flow diagrams.
|
|
171
175
|
|
|
172
|
-
|
|
176
|
+
**API reference:** [rubydoc.info/gems/pwn](https://www.rubydoc.info/gems/pwn),
|
|
177
|
+
or in-REPL: `PWN::Plugins::BurpSuite.help`, `show-source`, `ls`.
|
|
173
178
|
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
-
|
|
179
|
-
|
|
179
|
+
Highlights:
|
|
180
|
+
[Plugins](documentation/Plugins.md) ·
|
|
181
|
+
[BurpSuite](documentation/BurpSuite.md) ·
|
|
182
|
+
[Transparent-Browser](documentation/Transparent-Browser.md) ·
|
|
183
|
+
[pwn-ai Agent](documentation/pwn-ai-Agent.md) ·
|
|
184
|
+
[Swarm](documentation/Swarm.md) ·
|
|
185
|
+
[Extrospection](documentation/Extrospection.md) ·
|
|
186
|
+
[SAST](documentation/SAST.md) ·
|
|
187
|
+
[AI Integration](documentation/AI-Integration.md)
|
|
180
188
|
|
|
181
|
-
I hope you enjoy PWN and remember
|
|
189
|
+
I hope you enjoy PWN — and remember: **always have permission** before any
|
|
190
|
+
security testing. Now go pwn all the things (responsibly)!
|
|
182
191
|
|
|
192
|
+
---
|
|
183
193
|
|
|
184
194
|
### **Keep Us Caffeinated** ###
|
|
185
195
|
If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
|
data/README.md.bak
ADDED
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+

|
|
2
|
+
|
|
3
|
+
### **Table of Contents** ###
|
|
4
|
+
|
|
5
|
+
- [Intro](#intro)
|
|
6
|
+
* [What is PWN](#what-is-pwn)
|
|
7
|
+
* [Why PWN](#why-pwn)
|
|
8
|
+
* [How PWN Works](#how-pwn-works)
|
|
9
|
+
- [[Local PWN Wiki](documentation/Home.md)
|
|
10
|
+
- [Installation](#installation)
|
|
11
|
+
- [General Usage](#general-usage)
|
|
12
|
+
- [Call to Arms](#call-to-arms)
|
|
13
|
+
- [Module Documentation](#module-documentation)
|
|
14
|
+
- [Keep Us Caffeinated](#keep-us-caffeinated)
|
|
15
|
+
- [0x004D65726368](#0x004d65726368)
|
|
16
|
+
|
|
17
|
+
### **Intro** ###
|
|
18
|
+
|
|
19
|
+
#### **What is PWN** ####
|
|
20
|
+
|
|
21
|
+
PWN (Pronounced /pōn/ or pone), is a powerful open-source offensive cybersecurity automation framework and continuous security integration platform. It enables security researchers, red teamers, penetration testers, and vulnerability researchers to rapidly discover zero-days, automate exploitation, perform advanced web application testing, conduct source code analysis (SAST), orchestrate infrastructure reconnaissance, and execute AI-augmented autonomous security operations.
|
|
22
|
+
|
|
23
|
+
PWN stands on the shoulders of security giants, providing over **66** production-grade plugins, full LLM integration with tool-calling agents, persistent memory, reusable skills, session/cron management, and a highly interactive REPL for prototyping and driving complex security workflows. All core automation primitives are open to promote trust, peer review, and collaborative innovation in adversarial security.
|
|
24
|
+
|
|
25
|
+
**See the full [PWN Wiki](documentation/Home.md) for detailed guides.**
|
|
26
|
+
|
|
27
|
+
#### **Why PWN** ####
|
|
28
|
+
|
|
29
|
+
In cybersecurity, where proprietary black-box tools dominate and threats evolve daily, an open framework for core security primitives, vulnerability research, exploitation techniques, and intelligent automation is essential. PWN ensures foundational modules remain transparent and auditable while providing seamless bridges to commercial and open security tools (e.g. Burp Suite Professional, Metasploit, Nmap, Nessus, and multiple LLMs).
|
|
30
|
+
|
|
31
|
+
Broad collaboration accelerates zero-day discovery, reliable exploit development, continuous vulnerability management in CI/CD pipelines, and the creation of reusable AI-driven security skills. PWN makes advanced red team and vuln research capabilities accessible and extensible to all.
|
|
32
|
+
|
|
33
|
+
See [Why PWN](documentation/Why-PWN.md) in the wiki.
|
|
34
|
+
|
|
35
|
+
#### **How PWN Works** ####
|
|
36
|
+
|
|
37
|
+
#### **PWN AI Feedback Learning Loop (Self-Improving Agent)**
|
|
38
|
+
|
|
39
|
+
The core of pwn-ai is a closed feedback loop for autonomous improvement:
|
|
40
|
+
|
|
41
|
+

|
|
42
|
+
|
|
43
|
+
See full details in [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md) and the [Diagrams](documentation/Diagrams.md) wiki page.
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
PWN is structured as a Ruby gem with a rich namespace:
|
|
47
|
+
|
|
48
|
+
- `PWN::Plugins::*` — **66+** specialized modules ([BurpSuite](documentation/BurpSuite.md) [preferred for web proxying/scanning], [Zaproxy](documentation/Plugins.md) [fallback], [Metasploit](documentation/Plugins.md), [NmapIt](documentation/NmapIt.md), [TransparentBrowser](documentation/Transparent-Browser.md), Shodan, NessusCloud, NexposeVulnScan, Fuzz, SAST engines, Android analysis, SDR/GQRX, Blockchain, Bounty platforms like HackerOne, hardware interfaces, OCR, packet crafting, etc.).
|
|
49
|
+
- `PWN::AI::*` — Multi-provider LLM clients (OpenAI, Anthropic, Gemini, [Grok OAuth device flow](documentation/AI-Integration.md), Ollama) and autonomous `PWN::AI::Agent` with tool-calling harness (`pwn_eval` for full PWN namespace, shell execution, skills, memory recall/remember, learning loops).
|
|
50
|
+
- `PWN::SAST` — Static application security testing and test case generation. See [SAST Wiki](documentation/SAST.md).
|
|
51
|
+
- `PWN::Reports` — Automated reporting from scans, agents, and findings. See [Reporting](documentation/Reporting.md).
|
|
52
|
+
- `PWN::Memory / Sessions / Cron / Skills / Config` — Persistent facts, conversation sessions, scheduled autonomous tasks, reusable markdown skills (distillable from successful workflows), and environment management. See [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md).
|
|
53
|
+
- `PWN::Driver` — Framework for building custom security automation packages ("drivers"). See [Drivers](documentation/Drivers.md).
|
|
54
|
+
|
|
55
|
+
The **pwn REPL** (launched via the `pwn` command) is the primary interface: a Pry-powered interactive shell with the entire `PWN` namespace pre-loaded. It supports rapid prototyping, direct execution of any plugin method, and custom commands.
|
|
56
|
+
|
|
57
|
+
**Particularly powerful is the `pwn-ai` command** inside the REPL:
|
|
58
|
+
- Activates an autonomous AI agent TUI with multi-line input support (use SHIFT+ENTER to insert newlines; ENTER submits the full prompt).
|
|
59
|
+
- Full awareness of PWN plugins, skills (`~/.pwn/skills`), memory, sessions, and cron.
|
|
60
|
+
- Leverages LLM tool-calling to execute PWN methods (e.g., `PWN::Plugins::BurpSuite`, `PWN::Plugins::NmapIt`, `PWN::Plugins::TransparentBrowser`, `PWN::SAST`, `PWN::Reports`), shell commands, and orchestrate end-to-end tasks.
|
|
61
|
+
- Supports self-improvement via `PWN::AI::Agent::Learning` / Metrics (records per-tool success/duration, distills skills from outcomes).
|
|
62
|
+
- Example instruction: "Use NmapIt to scan target.example.com for open ports, then TransparentBrowser to spider the web app, run SAST analysis if source is available, proxy via BurpSuite, and generate a vulnerability report with PWN::Reports."
|
|
63
|
+
- Additional REPL commands: `pwn-asm` (assembly prototyping with multiline), `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`, `welcome-banner`, etc.
|
|
64
|
+
- Easily prototype and roll out custom "drivers" (see `/opt/pwn/bin/` examples).
|
|
65
|
+
|
|
66
|
+
Mix and match plugins, invoke via the REPL or `pwn-ai` agent, record/replay sessions, schedule autonomous jobs, and generate reports. PWN is designed for both interactive red teaming and headless/CI automation.
|
|
67
|
+
|
|
68
|
+
Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
|
|
69
|
+
|
|
70
|
+
#### **Local PWN Wiki** ####
|
|
71
|
+
|
|
72
|
+
A full local wiki has been generated in this checkout:
|
|
73
|
+
|
|
74
|
+
**`/opt/pwn/documentation/Home.md`**
|
|
75
|
+
|
|
76
|
+
- [Home](documentation/Home.md)
|
|
77
|
+
- [What is PWN](documentation/What-is-PWN.md)
|
|
78
|
+
- [Installation](documentation/Installation.md)
|
|
79
|
+
- [pwn-ai Agent](documentation/pwn-ai-Agent.md)
|
|
80
|
+
- [Plugins](documentation/Plugins.md)
|
|
81
|
+
- [AI Integration](documentation/AI-Integration.md)
|
|
82
|
+
- [Troubleshooting](documentation/Troubleshooting.md)
|
|
83
|
+
- ...and many more
|
|
84
|
+
|
|
85
|
+
Run `cat /opt/pwn/documentation/Home.md` or open in your editor for the complete local documentation.
|
|
86
|
+
|
|
87
|
+
### **Installation** ###
|
|
88
|
+
|
|
89
|
+
Tested on Debian-Based Linux Distros & OSX leveraging Ruby via RVM.
|
|
90
|
+
|
|
91
|
+
```
|
|
92
|
+
$ cd /opt
|
|
93
|
+
$ sudo git clone https://github.com/0dayinc/pwn
|
|
94
|
+
$ cd /opt/pwn
|
|
95
|
+
$ ./install.sh
|
|
96
|
+
$ ./install.sh ruby-gem
|
|
97
|
+
$ pwn
|
|
98
|
+
pwn[v0.5.617]:001 >>> PWN.help
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
[](https://youtu.be/G7iLUY4FzsI)
|
|
102
|
+
|
|
103
|
+
See the dedicated [Installation Wiki](documentation/Installation.md) for more options.
|
|
104
|
+
|
|
105
|
+
### **General Usage** ###
|
|
106
|
+
|
|
107
|
+
[General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage)
|
|
108
|
+
|
|
109
|
+
Detailed local guide: [General PWN Usage](documentation/General-PWN-Usage.md)
|
|
110
|
+
|
|
111
|
+
It is strongly recommended to update PWN frequently as new capabilities (plugins, AI agents, skills, zero-day tooling) are released regularly:
|
|
112
|
+
|
|
113
|
+
```
|
|
114
|
+
$ rvm list gemsets
|
|
115
|
+
$ rvm use ruby-4.0.5@pwn
|
|
116
|
+
$ gem uninstall --all --executables pwn
|
|
117
|
+
$ gem install --verbose pwn
|
|
118
|
+
$ pwn
|
|
119
|
+
pwn[v0.5.617]:001 >>> PWN.help
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
If using a multi-user install of RVM:
|
|
123
|
+
|
|
124
|
+
```
|
|
125
|
+
$ rvm list gemsets
|
|
126
|
+
$ rvm use ruby-4.0.5@pwn
|
|
127
|
+
$ rvmsudo gem uninstall --all --executables pwn
|
|
128
|
+
$ rvmsudo gem install --verbose pwn
|
|
129
|
+
$ pwn
|
|
130
|
+
pwn[v0.5.617]:001 >>> PWN.help
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
**Inside the pwn REPL (the heart of PWN):**
|
|
134
|
+
- Full access to every PWN class and plugin.
|
|
135
|
+
- `PWN.help` — list all top-level modules.
|
|
136
|
+
- `pwn-ai` — launch the autonomous AI agent (highly recommended for complex tasks). Once active you can issue natural language instructions that leverage PWN's full power.
|
|
137
|
+
- Example flow:
|
|
138
|
+
```
|
|
139
|
+
pwn[v0.5.617]:001 >>> pwn-ai
|
|
140
|
+
[*] pwn-ai agent TUI activated...
|
|
141
|
+
> Perform active scan of https://target.example.com using preferred tooling, then analyze findings with PWN modules and produce a report.
|
|
142
|
+
```
|
|
143
|
+
- Other REPL helpers: `pwn-asm`, memory/session/cron management commands, etc.
|
|
144
|
+
- Exit AI mode with `back`; use full Ruby/PWN expressions at any time.
|
|
145
|
+
|
|
146
|
+
**Headless / CI-CD one-shot (`pwn --ai`):**
|
|
147
|
+
Skip the TUI entirely and submit a single pwn-ai request from the shell — ideal for quick lookups, scripting, or CI/CD pipelines. The final answer is written to STDOUT (pipeable); live tool-call activity streams to STDERR.
|
|
148
|
+
```
|
|
149
|
+
$ pwn --ai 'What ports are listening on this host?'
|
|
150
|
+
$ echo "$LONG_PROMPT" | pwn --ai -
|
|
151
|
+
$ pwn -Y ./ci/pwn.yaml --ai 'Run pwn_sast against ./src and summarise HIGH findings' > findings.txt
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
PWN periodically upgrades to the latest version of Ruby (reflected in `/opt/pwn/.ruby-version`). The easiest way to upgrade Ruby + pwn from a previous installation:
|
|
155
|
+
|
|
156
|
+
```
|
|
157
|
+
$ /opt/pwn/vagrant/provisioners/pwn.sh
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
This updates Ruby, recreates the pwn gemset, etc. Note that older Ruby versions can only use pwn gems compatible with that Ruby.
|
|
161
|
+
|
|
162
|
+
### **Call to Arms** ###
|
|
163
|
+
|
|
164
|
+
Contributions that expand PWN's offensive capabilities are welcome. If you can provide access to additional commercial LLMs, security scanners, or bounty platforms (or wish to contribute plugins, AI skills, or exploit modules), please [email us](mailto:support@0dayinc.com). This accelerates interoperability and zero-day research tooling. See our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md) and the growing skills system for ways to extend the AI agent.
|
|
165
|
+
|
|
166
|
+
See also the wiki page on [Contributing](documentation/Contributing.md).
|
|
167
|
+
|
|
168
|
+
### **Module Documentation** ###
|
|
169
|
+
|
|
170
|
+
**Primary Documentation:** Browse the embedded local wiki — start at [/opt/pwn/documentation/Home.md](documentation/Home.md).
|
|
171
|
+
|
|
172
|
+
Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn). Explore the source under `lib/pwn/plugins/`, `lib/pwn/ai/`, and `PWN::` constants directly in the REPL.
|
|
173
|
+
|
|
174
|
+
Key wiki pages:
|
|
175
|
+
- [Plugins](documentation/Plugins.md)
|
|
176
|
+
- [Burp Suite](documentation/BurpSuite.md)
|
|
177
|
+
- [pwn-ai Agent](documentation/pwn-ai-Agent.md)
|
|
178
|
+
- [SAST](documentation/SAST.md)
|
|
179
|
+
- [AI Integration](documentation/AI-Integration.md)
|
|
180
|
+
|
|
181
|
+
I hope you enjoy PWN and remember... ensure you always have permission prior to carrying out any sort of security testing or hacktivities. Now — go pwn all the things (responsibly)!
|
|
182
|
+
|
|
183
|
+
|
|
184
|
+
### **Keep Us Caffeinated** ###
|
|
185
|
+
If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
|
|
186
|
+
|
|
187
|
+
[](https://buymeacoff.ee/0dayinc)
|
|
188
|
+
|
|
189
|
+
|
|
190
|
+
### [**0x004D65726368**](https://0day.myspreadshop.com/) ###
|
|
191
|
+
|
|
192
|
+
[](https://0day.myspreadshop.com/stickers)
|
|
193
|
+
|
|
194
|
+
[](https://0day.myspreadshop.com/accessories+mugs+%26+drinkware)
|
|
195
|
+
|
|
196
|
+
[](https://0day.myspreadshop.com/accessories)
|
|
197
|
+
|
|
198
|
+
[](https://shop.spreadshirt.com/0day/0dayinc-A5c3e498cf937643162a01b5f?productType=951&appearance=70)
|
|
199
|
+
|
|
200
|
+
[](https://shop.spreadshirt.com/0day/blackfingerprint-A5c3e49db1cbf3a0b9596b4d0?productType=111&appearance=2)
|
|
@@ -1,36 +1,52 @@
|
|
|
1
|
-
# AI
|
|
1
|
+
# AI / LLM Integration — `PWN::AI`
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
One agent loop, five interchangeable engines. Swap providers by changing one
|
|
4
|
+
line in `~/.pwn/config.yml`; the tool-calling contract is normalised so the
|
|
5
|
+
agent code never cares which model is behind it.
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+

|
|
6
8
|
|
|
7
|
-
|
|
8
|
-
- Anthropic
|
|
9
|
-
- Google Gemini
|
|
10
|
-
- xAI Grok (full OAuth device flow support, public client)
|
|
11
|
-
- Ollama (local)
|
|
12
|
-
- Others via extensible client design
|
|
9
|
+
## Supported engines
|
|
13
10
|
|
|
14
|
-
|
|
11
|
+
| Engine | Client | Auth | Notes |
|
|
12
|
+
|---|---|---|---|
|
|
13
|
+
| `openai` | `PWN::AI::OpenAI` | `key:` | function-calling native |
|
|
14
|
+
| `anthropic` | `PWN::AI::Anthropic` | `key:` | tool-use native |
|
|
15
|
+
| `grok` | `PWN::AI::Grok` | `key:` **or** `oauth: true` | OAuth = RFC-8628 device-code flow using xAI's public Grok-CLI client id (no secret) — see skill `xai_grok_oauth_device_flow` |
|
|
16
|
+
| `gemini` | `PWN::AI::Gemini` | `key:` | function-calling native |
|
|
17
|
+
| `ollama` | `PWN::AI::Ollama` | none | local, `base_url:` + `model:` |
|
|
15
18
|
|
|
16
|
-
|
|
17
|
-
- `PWN::AI::Agent` — the autonomous tool-calling harness
|
|
18
|
-
- `pwn-ai` command inside REPL launches the TUI
|
|
19
|
+
## Selecting an engine
|
|
19
20
|
|
|
20
|
-
|
|
21
|
+
```yaml
|
|
22
|
+
# ~/.pwn/config.yml
|
|
23
|
+
ai:
|
|
24
|
+
engine: grok
|
|
25
|
+
grok:
|
|
26
|
+
oauth: true # first run opens https://accounts.x.ai/… device page
|
|
27
|
+
```
|
|
21
28
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
- memory (recall/remember)
|
|
27
|
-
- learning & metrics
|
|
29
|
+
```ruby
|
|
30
|
+
# at runtime
|
|
31
|
+
PWN::Env[:ai][:engine] = :ollama
|
|
32
|
+
```
|
|
28
33
|
|
|
29
|
-
|
|
34
|
+
## Direct client use (no agent)
|
|
30
35
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
36
|
+
```ruby
|
|
37
|
+
resp = PWN::AI::Anthropic.chat(
|
|
38
|
+
messages: [{ role: 'user', content: 'Explain CVE-2024-1234 in one line' }]
|
|
39
|
+
)
|
|
40
|
+
puts resp[:content]
|
|
41
|
+
```
|
|
35
42
|
|
|
36
|
-
|
|
43
|
+
## Model diversity in Swarm
|
|
44
|
+
|
|
45
|
+
Because each persona in [`agents.yml`](Swarm.md) can override `engine:`, an
|
|
46
|
+
`agent_debate` can literally pit Claude against Grok against a local Llama —
|
|
47
|
+
real antagonism, not one model role-playing three voices.
|
|
48
|
+
|
|
49
|
+
**See also:** [pwn-ai Agent](pwn-ai-Agent.md) ·
|
|
50
|
+
[Agent Tool Registry](Agent-Tool-Registry.md) · [Swarm](Swarm.md)
|
|
51
|
+
|
|
52
|
+
[← Home](Home.md)
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# `PWN::AWS` — Cloud Security (90 service wrappers)
|
|
2
|
+
|
|
3
|
+
One thin module per AWS service, each wrapping the official `aws-sdk-*` gem
|
|
4
|
+
with the PWN `opts = {}` convention so they compose in the REPL and in
|
|
5
|
+
`pwn_eval`.
|
|
6
|
+
|
|
7
|
+

|
|
8
|
+
|
|
9
|
+
## Credentials
|
|
10
|
+
|
|
11
|
+
Standard AWS SDK chain: `~/.aws/credentials` profile, env vars
|
|
12
|
+
(`AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` / `AWS_SESSION_TOKEN`), or
|
|
13
|
+
instance profile. Optionally pin in `~/.pwn/config.yml` under `aws:`.
|
|
14
|
+
|
|
15
|
+
## Quick enumeration
|
|
16
|
+
|
|
17
|
+
```ruby
|
|
18
|
+
PWN::AWS::STS.get_caller_identity
|
|
19
|
+
PWN::AWS::IAM.list_users
|
|
20
|
+
PWN::AWS::EC2.describe_instances(region: 'us-east-1')
|
|
21
|
+
PWN::AWS::S3.list_buckets
|
|
22
|
+
PWN::AWS::Lambda.list_functions
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
CLI: `pwn_aws_describe_resources -r us-east-1 -o out/`
|
|
26
|
+
|
|
27
|
+
## Service groups
|
|
28
|
+
|
|
29
|
+
| Group | Modules |
|
|
30
|
+
|---|---|
|
|
31
|
+
| Identity | `IAM` `STS` `CognitoIdentity` `CognitoIdentityProvider` `CognitoSync` `DirectoryService` |
|
|
32
|
+
| Compute | `EC2` `ECS` `ECR` `Lambda` `LambdaPreview` `Batch` `Lightsail` `ElasticBeanstalk` `AutoScaling` `ApplicationAutoScaling` `AppStream` |
|
|
33
|
+
| Storage | `S3` `Glacier` `EFS` `StorageGateway` `Snowball` |
|
|
34
|
+
| Data | `DynamoDB` `DynamoDBStreams` `RDS` `Redshift` `ElastiCache` `SimpleDB` `ElasticsearchService` |
|
|
35
|
+
| Network | `Route53` `Route53Domains` `ElasticLoadBalancing` `ElasticLoadBalancingV2` `APIGateway` `CloudFront` `DirectConnect` `WAF` `WAFRegional` `Shield` |
|
|
36
|
+
| Crypto | `KMS` `CloudHSM` `ACM` |
|
|
37
|
+
| Ops / Logs | `CloudTrail` `CloudWatch` `CloudWatchLogs` `CloudWatchEvents` `ConfigService` `SSM` `Health` `Inspector` `XRay` |
|
|
38
|
+
| Dev | `CodeBuild` `CodeCommit` `CodeDeploy` `CodePipeline` |
|
|
39
|
+
| Messaging | `SNS` `SQS` `SES` `Pinpoint` `Kinesis` `KinesisAnalytics` `Firehose` |
|
|
40
|
+
| ML / Media | `Rekognition` `Polly` `MachineLearning` `Lex` `ElasticTranscoder` |
|
|
41
|
+
| Infra | `CloudFormation` `CloudSearch` `CloudSearchDomain` `OpsWorks` `OpsWorksCM` `ServiceCatalog` `DataPipleline` `EMR` `SWF` `States` |
|
|
42
|
+
| IoT / Other | `IoT` `IoTDataPlane` `DeviceFarm` `GameLift` `Workspaces` `Support` `Budgets` `ImportExport` `SMS` `DatabaseMigrationService` `ApplicationDiscoveryService` `MarketplaceCommerceAnalytics` `MarketplaceMetering` |
|
|
43
|
+
|
|
44
|
+
## Offensive patterns
|
|
45
|
+
|
|
46
|
+
- **Enumerate** → `IAM` policies, `EC2` userdata, `Lambda` env vars, `S3`
|
|
47
|
+
bucket ACLs, `SSM` parameters.
|
|
48
|
+
- **Misconfig** → public `S3`, wildcard `IAM` actions, unencrypted `RDS`,
|
|
49
|
+
missing `CloudTrail`.
|
|
50
|
+
- **Escalate** → `iam:PassRole` + `lambda:Invoke`, `ssm:SendCommand`,
|
|
51
|
+
`ec2:RunInstances` with instance profile.
|
|
52
|
+
- **Persist** → new access key, Lambda backdoor, EC2 userdata.
|
|
53
|
+
|
|
54
|
+
Record everything with `extro_observe(source: 'aws', …)` so
|
|
55
|
+
[Extrospection](Extrospection.md) can correlate later.
|
|
56
|
+
|
|
57
|
+
[← Home](Home.md)
|