pwn 0.5.617 → 0.5.618

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +95 -85
  3. data/README.md.bak +200 -0
  4. data/documentation/AI-Integration.md +42 -26
  5. data/documentation/AWS.md +57 -0
  6. data/documentation/Agent-Tool-Registry.md +56 -0
  7. data/documentation/Banner.md +17 -0
  8. data/documentation/Blockchain.md +18 -0
  9. data/documentation/Bounty.md +21 -0
  10. data/documentation/BurpSuite.md +41 -16
  11. data/documentation/CLI-Drivers.md +58 -0
  12. data/documentation/Configuration.md +66 -0
  13. data/documentation/Contributing.md +33 -19
  14. data/documentation/Cron.md +47 -0
  15. data/documentation/Drivers.md +43 -16
  16. data/documentation/Extrospection.md +54 -0
  17. data/documentation/FFI.md +14 -0
  18. data/documentation/Fuzzing.md +36 -0
  19. data/documentation/Hardware.md +40 -0
  20. data/documentation/Metasploit.md +34 -0
  21. data/documentation/NmapIt.md +18 -12
  22. data/documentation/PWN.png +0 -0
  23. data/documentation/PWN_Contributors_and_Users.png +0 -0
  24. data/documentation/Persistence.md +38 -0
  25. data/documentation/Plugins.md +97 -47
  26. data/documentation/Reporting.md +25 -18
  27. data/documentation/SAST.md +39 -22
  28. data/documentation/SDR.md +40 -0
  29. data/documentation/Sessions.md +39 -0
  30. data/documentation/Skills-Memory-Learning.md +49 -29
  31. data/documentation/Swarm.md +71 -0
  32. data/documentation/Transparent-Browser.md +26 -22
  33. data/documentation/Troubleshooting.md +44 -25
  34. data/documentation/WWW.md +32 -0
  35. data/documentation/diagrams/agent-tool-registry.svg +284 -0
  36. data/documentation/diagrams/aws-cloud-security.svg +166 -0
  37. data/documentation/diagrams/cron-scheduling.svg +148 -0
  38. data/documentation/diagrams/dot/hardware-hacking.dot +48 -0
  39. data/documentation/diagrams/dot/persistence-filesystem.dot +29 -0
  40. data/documentation/diagrams/extrospection-world-awareness.svg +185 -0
  41. data/documentation/diagrams/hardware-hacking.svg +163 -0
  42. data/documentation/diagrams/persistence-filesystem.svg +174 -0
  43. data/documentation/diagrams/sdr-radio-flow.svg +146 -0
  44. data/documentation/diagrams/swarm-multi-agent.svg +225 -0
  45. data/documentation/fax-spectrogram.png +0 -0
  46. data/documentation/fax-waveform.png +0 -0
  47. data/documentation/pwn-REPL.md +40 -24
  48. data/documentation/pwn-ai-Agent.md +59 -30
  49. data/documentation/pwn_android_war_dialer_session.png +0 -0
  50. data/documentation/pwn_install.png +0 -0
  51. data/documentation/pwn_wallpaper.jpg +0 -0
  52. data/documentation/ringing-spectrogram.png +0 -0
  53. data/documentation/ringing-waveform.png +0 -0
  54. data/lib/pwn/version.rb +1 -1
  55. data/third_party/pwn_rdoc.jsonl +22 -5
  56. metadata +39 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bb16e051629252943b2df67c661ca49455cd5dfd4acfbde1620e75135f858c42
4
- data.tar.gz: 036cb463b3cd848926f88c60be3f885e5e9b4f738534ac036918d118d18ec893
3
+ metadata.gz: 6d2c26dca00a6c45a763df37f813f0d789098ed87f8b7c5296dca5a7a72d4281
4
+ data.tar.gz: fc40bc082f3d549efd2cef1fbb11807a53b416caf2a8190769818f681cc600dd
5
5
  SHA512:
6
- metadata.gz: d76d992d344b3a2016819f772e7e304fc437d42df677b85b67f33418c988f6436385eefbb6509cbe1d1436c9df585a30f2f44189b00134792160f420af77e81c
7
- data.tar.gz: 34cdfc754bd3801071a8967b672924764c5d8b894fb13a6bd74dc43f10d930aee94cb781e5c9812b6b00b14b83fbfa34cbcbbcf45d4c6c2332c800b8fe322fe5
6
+ metadata.gz: f0269c36ff988d1817214345cf77c347a8c1f22104ba822b6982aa4fe6318086e69793f42a5d563bb061ec543cf7a5bb99877649f7f1554c8d6a182ab281356a
7
+ data.tar.gz: 269676fd1f2dbd6f5f78c3e645d0d4675df08d681b7db21d49c7937fc121bd1b74dfbd4f82b1a049c9e6f4579ed7e2d697403f28c45312dffbc29b6557cbb16a
data/README.md CHANGED
@@ -6,7 +6,7 @@
6
6
  * [What is PWN](#what-is-pwn)
7
7
  * [Why PWN](#why-pwn)
8
8
  * [How PWN Works](#how-pwn-works)
9
- - [[Local PWN Wiki](documentation/Home.md)
9
+ - [Documentation](#documentation)
10
10
  - [Installation](#installation)
11
11
  - [General Usage](#general-usage)
12
12
  - [Call to Arms](#call-to-arms)
@@ -14,79 +14,84 @@
14
14
  - [Keep Us Caffeinated](#keep-us-caffeinated)
15
15
  - [0x004D65726368](#0x004d65726368)
16
16
 
17
+ ---
18
+
17
19
  ### **Intro** ###
18
20
 
19
21
  #### **What is PWN** ####
20
22
 
21
- PWN (Pronounced /pōn/ or pone), is a powerful open-source offensive cybersecurity automation framework and continuous security integration platform. It enables security researchers, red teamers, penetration testers, and vulnerability researchers to rapidly discover zero-days, automate exploitation, perform advanced web application testing, conduct source code analysis (SAST), orchestrate infrastructure reconnaissance, and execute AI-augmented autonomous security operations.
23
+ PWN (pronounced /pōn/ *pone*) is an open-source **offensive-security
24
+ automation framework** and **continuous-security-integration** platform.
25
+ It gives security researchers, red teamers, penetration testers and
26
+ vulnerability researchers a single, scriptable Ruby surface over the entire
27
+ offensive toolchain — from OSINT and network discovery, through web / cloud /
28
+ hardware / radio exploitation, to reporting and disclosure — and puts a
29
+ **self-improving, tool-calling, multi-agent AI** on top of it.
22
30
 
23
- PWN stands on the shoulders of security giants, providing over **66** production-grade plugins, full LLM integration with tool-calling agents, persistent memory, reusable skills, session/cron management, and a highly interactive REPL for prototyping and driving complex security workflows. All core automation primitives are open to promote trust, peer review, and collaborative innovation in adversarial security.
31
+ **In numbers:** 66 `PWN::Plugins` · 48 `PWN::SAST` rules · 90 `PWN::AWS`
32
+ service wrappers · 21 `PWN::WWW` site drivers · 52 `bin/pwn_*` CLI drivers ·
33
+ 5 LLM engines · 10 agent toolsets · 45+ LLM-callable tools.
24
34
 
25
- **See the full [PWN Wiki](documentation/Home.md) for detailed guides.**
35
+ Full page: [What is PWN](documentation/What-is-PWN.md)
26
36
 
27
37
  #### **Why PWN** ####
28
38
 
29
- In cybersecurity, where proprietary black-box tools dominate and threats evolve daily, an open framework for core security primitives, vulnerability research, exploitation techniques, and intelligent automation is essential. PWN ensures foundational modules remain transparent and auditable while providing seamless bridges to commercial and open security tools (e.g. Burp Suite Professional, Metasploit, Nmap, Nessus, and multiple LLMs).
30
-
31
- Broad collaboration accelerates zero-day discovery, reliable exploit development, continuous vulnerability management in CI/CD pipelines, and the creation of reusable AI-driven security skills. PWN makes advanced red team and vuln research capabilities accessible and extensible to all.
39
+ Offensive security is a *toolchain problem*. PWN's bet is that the right
40
+ abstraction is **plain Ruby methods with a uniform `opts = {}` signature**,
41
+ exposed simultaneously to a human in a REPL, an LLM in a tool-calling loop, a
42
+ shell script in CI, and a cron job at 3 am — all open-source and auditable,
43
+ which matters when the caller is autonomous.
32
44
 
33
- See [Why PWN](documentation/Why-PWN.md) in the wiki.
45
+ Full page: [Why PWN](documentation/Why-PWN.md)
34
46
 
35
47
  #### **How PWN Works** ####
36
48
 
37
- #### **PWN AI Feedback Learning Loop (Self-Improving Agent)**
38
-
39
- The core of pwn-ai is a closed feedback loop for autonomous improvement:
49
+ Five layers, edges only ever go down:
40
50
 
41
- ![PWN AI Feedback Learning Loop](documentation/diagrams/pwn-ai-feedback-learning-loop.svg)
51
+ ![PWN Overall Architecture](documentation/diagrams/overall-pwn-architecture.svg)
42
52
 
43
- See full details in [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md) and the [Diagrams](documentation/Diagrams.md) wiki page.
53
+ The AI layer closes a **self-improvement loop** on every turn Metrics +
54
+ Learning (introspection) joined with Snapshot + Drift + Intel (extrospection)
55
+ via `extro_correlate`, so the agent knows whether a failure was *its* fault or
56
+ *the world* changed:
44
57
 
58
+ ![pwn-ai Feedback Learning Loop](documentation/diagrams/pwn-ai-feedback-learning-loop.svg)
45
59
 
46
- PWN is structured as a Ruby gem with a rich namespace:
60
+ And **Swarm** runs multiple personas each a full tool-calling agent,
61
+ optionally on a *different* LLM engine — over a shared append-only bus:
47
62
 
48
- - `PWN::Plugins::*` — **66+** specialized modules ([BurpSuite](documentation/BurpSuite.md) [preferred for web proxying/scanning], [Zaproxy](documentation/Plugins.md) [fallback], [Metasploit](documentation/Plugins.md), [NmapIt](documentation/NmapIt.md), [TransparentBrowser](documentation/Transparent-Browser.md), Shodan, NessusCloud, NexposeVulnScan, Fuzz, SAST engines, Android analysis, SDR/GQRX, Blockchain, Bounty platforms like HackerOne, hardware interfaces, OCR, packet crafting, etc.).
49
- - `PWN::AI::*` — Multi-provider LLM clients (OpenAI, Anthropic, Gemini, [Grok OAuth device flow](documentation/AI-Integration.md), Ollama) and autonomous `PWN::AI::Agent` with tool-calling harness (`pwn_eval` for full PWN namespace, shell execution, skills, memory recall/remember, learning loops).
50
- - `PWN::SAST` — Static application security testing and test case generation. See [SAST Wiki](documentation/SAST.md).
51
- - `PWN::Reports` — Automated reporting from scans, agents, and findings. See [Reporting](documentation/Reporting.md).
52
- - `PWN::Memory / Sessions / Cron / Skills / Config` — Persistent facts, conversation sessions, scheduled autonomous tasks, reusable markdown skills (distillable from successful workflows), and environment management. See [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md).
53
- - `PWN::Driver` — Framework for building custom security automation packages ("drivers"). See [Drivers](documentation/Drivers.md).
63
+ ![Swarm Multi-Agent](documentation/diagrams/swarm-multi-agent.svg)
54
64
 
55
- The **pwn REPL** (launched via the `pwn` command) is the primary interface: a Pry-powered interactive shell with the entire `PWN` namespace pre-loaded. It supports rapid prototyping, direct execution of any plugin method, and custom commands.
65
+ Full pages: [How PWN Works](documentation/How-PWN-Works.md) ·
66
+ [All 26 Data-Flow Diagrams](documentation/Diagrams.md)
56
67
 
57
- **Particularly powerful is the `pwn-ai` command** inside the REPL:
58
- - Activates an autonomous AI agent TUI with multi-line input support (use SHIFT+ENTER to insert newlines; ENTER submits the full prompt).
59
- - Full awareness of PWN plugins, skills (`~/.pwn/skills`), memory, sessions, and cron.
60
- - Leverages LLM tool-calling to execute PWN methods (e.g., `PWN::Plugins::BurpSuite`, `PWN::Plugins::NmapIt`, `PWN::Plugins::TransparentBrowser`, `PWN::SAST`, `PWN::Reports`), shell commands, and orchestrate end-to-end tasks.
61
- - Supports self-improvement via `PWN::AI::Agent::Learning` / Metrics (records per-tool success/duration, distills skills from outcomes).
62
- - Example instruction: "Use NmapIt to scan target.example.com for open ports, then TransparentBrowser to spider the web app, run SAST analysis if source is available, proxy via BurpSuite, and generate a vulnerability report with PWN::Reports."
63
- - Additional REPL commands: `pwn-asm` (assembly prototyping with multiline), `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`, `welcome-banner`, etc.
64
- - Easily prototype and roll out custom "drivers" (see `/opt/pwn/bin/` examples).
68
+ ---
65
69
 
66
- Mix and match plugins, invoke via the REPL or `pwn-ai` agent, record/replay sessions, schedule autonomous jobs, and generate reports. PWN is designed for both interactive red teaming and headless/CI automation.
70
+ ### **Documentation** ###
67
71
 
68
- Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
72
+ The complete wiki lives in this repo at **[`documentation/Home.md`](documentation/Home.md)**.
69
73
 
70
- #### **Local PWN Wiki** ####
74
+ | Start Here | Entry Points | AI Subsystem | Capabilities |
75
+ |---|---|---|---|
76
+ | [What is PWN](documentation/What-is-PWN.md) | [`pwn` REPL](documentation/pwn-REPL.md) | [AI / LLM Integration](documentation/AI-Integration.md) | [Plugins (66)](documentation/Plugins.md) |
77
+ | [Why PWN](documentation/Why-PWN.md) | [`pwn-ai` Agent](documentation/pwn-ai-Agent.md) | [Agent Tool Registry](documentation/Agent-Tool-Registry.md) | [SAST (48)](documentation/SAST.md) |
78
+ | [How PWN Works](documentation/How-PWN-Works.md) | [CLI Drivers (52)](documentation/CLI-Drivers.md) | [Memory · Skills · Learning](documentation/Skills-Memory-Learning.md) | [AWS (90)](documentation/AWS.md) |
79
+ | [Installation](documentation/Installation.md) | [Build a Driver](documentation/Drivers.md) | [Extrospection](documentation/Extrospection.md) | [WWW (21)](documentation/WWW.md) |
80
+ | [General Usage](documentation/General-PWN-Usage.md) | | [Swarm (multi-agent)](documentation/Swarm.md) | [SDR / Radio](documentation/SDR.md) |
81
+ | [Configuration](documentation/Configuration.md) | | [Sessions](documentation/Sessions.md) · [Cron](documentation/Cron.md) | [Reports](documentation/Reporting.md) |
82
+ | [`~/.pwn/` Persistence](documentation/Persistence.md) | | | [BurpSuite](documentation/BurpSuite.md) · [NmapIt](documentation/NmapIt.md) |
83
+ | **[All Diagrams](documentation/Diagrams.md)** | | | [Metasploit](documentation/Metasploit.md) · [Fuzzing](documentation/Fuzzing.md) |
84
+ | [Troubleshooting](documentation/Troubleshooting.md) | | | [Hardware](documentation/Hardware.md) · [Blockchain](documentation/Blockchain.md) |
85
+ | [Contributing](documentation/Contributing.md) | | | [Bounty](documentation/Bounty.md) · [FFI](documentation/FFI.md) · [Banner](documentation/Banner.md) |
71
86
 
72
- A full local wiki has been generated in this checkout:
87
+ Rebuild every SVG from its Graphviz source:
88
+ `cd documentation/diagrams && ./build.sh`
73
89
 
74
- **`/opt/pwn/documentation/Home.md`**
75
-
76
- - [Home](documentation/Home.md)
77
- - [What is PWN](documentation/What-is-PWN.md)
78
- - [Installation](documentation/Installation.md)
79
- - [pwn-ai Agent](documentation/pwn-ai-Agent.md)
80
- - [Plugins](documentation/Plugins.md)
81
- - [AI Integration](documentation/AI-Integration.md)
82
- - [Troubleshooting](documentation/Troubleshooting.md)
83
- - ...and many more
84
-
85
- Run `cat /opt/pwn/documentation/Home.md` or open in your editor for the complete local documentation.
90
+ ---
86
91
 
87
92
  ### **Installation** ###
88
93
 
89
- Tested on Debian-Based Linux Distros & OSX leveraging Ruby via RVM.
94
+ Tested on Debian-based Linux & macOS, Ruby via RVM.
90
95
 
91
96
  ```
92
97
  $ cd /opt
@@ -95,20 +100,23 @@ $ cd /opt/pwn
95
100
  $ ./install.sh
96
101
  $ ./install.sh ruby-gem
97
102
  $ pwn
98
- pwn[v0.5.617]:001 >>> PWN.help
103
+ pwn[v0.5.616]:001 >>> PWN.help
99
104
  ```
100
105
 
101
106
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
102
107
 
103
- See the dedicated [Installation Wiki](documentation/Installation.md) for more options.
108
+ Full page: [Installation](documentation/Installation.md) ·
109
+ [Configuration](documentation/Configuration.md)
104
110
 
105
- ### **General Usage** ###
111
+ ---
106
112
 
107
- [General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage)
113
+ ### **General Usage** ###
108
114
 
109
- Detailed local guide: [General PWN Usage](documentation/General-PWN-Usage.md)
115
+ [General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage) ·
116
+ local: [General PWN Usage](documentation/General-PWN-Usage.md)
110
117
 
111
- It is strongly recommended to update PWN frequently as new capabilities (plugins, AI agents, skills, zero-day tooling) are released regularly:
118
+ Update PWN frequently new plugins, agent tools, skills and zero-day tooling
119
+ land regularly:
112
120
 
113
121
  ```
114
122
  $ rvm list gemsets
@@ -116,70 +124,72 @@ $ rvm use ruby-4.0.5@pwn
116
124
  $ gem uninstall --all --executables pwn
117
125
  $ gem install --verbose pwn
118
126
  $ pwn
119
- pwn[v0.5.617]:001 >>> PWN.help
127
+ pwn[v0.5.616]:001 >>> PWN.help
120
128
  ```
121
129
 
122
- If using a multi-user install of RVM:
130
+ If using a multi-user RVM install:
123
131
 
124
132
  ```
125
- $ rvm list gemsets
126
133
  $ rvm use ruby-4.0.5@pwn
127
134
  $ rvmsudo gem uninstall --all --executables pwn
128
135
  $ rvmsudo gem install --verbose pwn
129
- $ pwn
130
- pwn[v0.5.617]:001 >>> PWN.help
131
136
  ```
132
137
 
133
- **Inside the pwn REPL (the heart of PWN):**
134
- - Full access to every PWN class and plugin.
135
- - `PWN.help` — list all top-level modules.
136
- - `pwn-ai` launch the autonomous AI agent (highly recommended for complex tasks). Once active you can issue natural language instructions that leverage PWN's full power.
137
- - Example flow:
138
- ```
139
- pwn[v0.5.617]:001 >>> pwn-ai
140
- [*] pwn-ai agent TUI activated...
141
- > Perform active scan of https://target.example.com using preferred tooling, then analyze findings with PWN modules and produce a report.
142
- ```
143
- - Other REPL helpers: `pwn-asm`, memory/session/cron management commands, etc.
144
- - Exit AI mode with `back`; use full Ruby/PWN expressions at any time.
145
-
146
- **Headless / CI-CD one-shot (`pwn --ai`):**
147
- Skip the TUI entirely and submit a single pwn-ai request from the shell — ideal for quick lookups, scripting, or CI/CD pipelines. The final answer is written to STDOUT (pipeable); live tool-call activity streams to STDERR.
138
+ **Inside the `pwn` REPL:**
139
+ - Full access to every `PWN::` module.
140
+ - `pwn-ai` — launch the autonomous agent TUI (SHIFT+ENTER newline, ENTER submit).
141
+ - `pwn-asm`, `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`.
142
+
143
+ **Headless / CI one-shot (`pwn --ai`):**
144
+
148
145
  ```
149
146
  $ pwn --ai 'What ports are listening on this host?'
150
147
  $ echo "$LONG_PROMPT" | pwn --ai -
151
148
  $ pwn -Y ./ci/pwn.yaml --ai 'Run pwn_sast against ./src and summarise HIGH findings' > findings.txt
152
149
  ```
153
150
 
154
- PWN periodically upgrades to the latest version of Ruby (reflected in `/opt/pwn/.ruby-version`). The easiest way to upgrade Ruby + pwn from a previous installation:
151
+ PWN periodically upgrades to the latest Ruby (`/opt/pwn/.ruby-version`).
152
+ Easiest upgrade of Ruby + pwn from a previous install:
155
153
 
156
154
  ```
157
155
  $ /opt/pwn/vagrant/provisioners/pwn.sh
158
156
  ```
159
157
 
160
- This updates Ruby, recreates the pwn gemset, etc. Note that older Ruby versions can only use pwn gems compatible with that Ruby.
158
+ ---
161
159
 
162
160
  ### **Call to Arms** ###
163
161
 
164
- Contributions that expand PWN's offensive capabilities are welcome. If you can provide access to additional commercial LLMs, security scanners, or bounty platforms (or wish to contribute plugins, AI skills, or exploit modules), please [email us](mailto:support@0dayinc.com). This accelerates interoperability and zero-day research tooling. See our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md) and the growing skills system for ways to extend the AI agent.
162
+ Contributions that expand PWN's offensive capabilities are welcome. If you can
163
+ provide access to additional commercial LLMs, security scanners, or bounty
164
+ platforms — or wish to contribute plugins, AI skills, or exploit modules —
165
+ please [email us](mailto:support@0dayinc.com). See
166
+ [CONTRIBUTING.md](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md)
167
+ and the local [Contributing](documentation/Contributing.md) page.
165
168
 
166
- See also the wiki page on [Contributing](documentation/Contributing.md).
169
+ ---
167
170
 
168
171
  ### **Module Documentation** ###
169
172
 
170
- **Primary Documentation:** Browse the embedded local wiki — start at [/opt/pwn/documentation/Home.md](documentation/Home.md).
173
+ **Primary:** [`documentation/Home.md`](documentation/Home.md) — the full local
174
+ wiki with 30+ pages and 26 SVG data-flow diagrams.
171
175
 
172
- Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn). Explore the source under `lib/pwn/plugins/`, `lib/pwn/ai/`, and `PWN::` constants directly in the REPL.
176
+ **API reference:** [rubydoc.info/gems/pwn](https://www.rubydoc.info/gems/pwn),
177
+ or in-REPL: `PWN::Plugins::BurpSuite.help`, `show-source`, `ls`.
173
178
 
174
- Key wiki pages:
175
- - [Plugins](documentation/Plugins.md)
176
- - [Burp Suite](documentation/BurpSuite.md)
177
- - [pwn-ai Agent](documentation/pwn-ai-Agent.md)
178
- - [SAST](documentation/SAST.md)
179
- - [AI Integration](documentation/AI-Integration.md)
179
+ Highlights:
180
+ [Plugins](documentation/Plugins.md) ·
181
+ [BurpSuite](documentation/BurpSuite.md) ·
182
+ [Transparent-Browser](documentation/Transparent-Browser.md) ·
183
+ [pwn-ai Agent](documentation/pwn-ai-Agent.md) ·
184
+ [Swarm](documentation/Swarm.md) ·
185
+ [Extrospection](documentation/Extrospection.md) ·
186
+ [SAST](documentation/SAST.md) ·
187
+ [AI Integration](documentation/AI-Integration.md)
180
188
 
181
- I hope you enjoy PWN and remember... ensure you always have permission prior to carrying out any sort of security testing or hacktivities. Now — go pwn all the things (responsibly)!
189
+ I hope you enjoy PWN and remember: **always have permission** before any
190
+ security testing. Now go pwn all the things (responsibly)!
182
191
 
192
+ ---
183
193
 
184
194
  ### **Keep Us Caffeinated** ###
185
195
  If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
data/README.md.bak ADDED
@@ -0,0 +1,200 @@
1
+ ![PWN](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/PWN.png)
2
+
3
+ ### **Table of Contents** ###
4
+
5
+ - [Intro](#intro)
6
+ * [What is PWN](#what-is-pwn)
7
+ * [Why PWN](#why-pwn)
8
+ * [How PWN Works](#how-pwn-works)
9
+ - [[Local PWN Wiki](documentation/Home.md)
10
+ - [Installation](#installation)
11
+ - [General Usage](#general-usage)
12
+ - [Call to Arms](#call-to-arms)
13
+ - [Module Documentation](#module-documentation)
14
+ - [Keep Us Caffeinated](#keep-us-caffeinated)
15
+ - [0x004D65726368](#0x004d65726368)
16
+
17
+ ### **Intro** ###
18
+
19
+ #### **What is PWN** ####
20
+
21
+ PWN (Pronounced /pōn/ or pone), is a powerful open-source offensive cybersecurity automation framework and continuous security integration platform. It enables security researchers, red teamers, penetration testers, and vulnerability researchers to rapidly discover zero-days, automate exploitation, perform advanced web application testing, conduct source code analysis (SAST), orchestrate infrastructure reconnaissance, and execute AI-augmented autonomous security operations.
22
+
23
+ PWN stands on the shoulders of security giants, providing over **66** production-grade plugins, full LLM integration with tool-calling agents, persistent memory, reusable skills, session/cron management, and a highly interactive REPL for prototyping and driving complex security workflows. All core automation primitives are open to promote trust, peer review, and collaborative innovation in adversarial security.
24
+
25
+ **See the full [PWN Wiki](documentation/Home.md) for detailed guides.**
26
+
27
+ #### **Why PWN** ####
28
+
29
+ In cybersecurity, where proprietary black-box tools dominate and threats evolve daily, an open framework for core security primitives, vulnerability research, exploitation techniques, and intelligent automation is essential. PWN ensures foundational modules remain transparent and auditable while providing seamless bridges to commercial and open security tools (e.g. Burp Suite Professional, Metasploit, Nmap, Nessus, and multiple LLMs).
30
+
31
+ Broad collaboration accelerates zero-day discovery, reliable exploit development, continuous vulnerability management in CI/CD pipelines, and the creation of reusable AI-driven security skills. PWN makes advanced red team and vuln research capabilities accessible and extensible to all.
32
+
33
+ See [Why PWN](documentation/Why-PWN.md) in the wiki.
34
+
35
+ #### **How PWN Works** ####
36
+
37
+ #### **PWN AI Feedback Learning Loop (Self-Improving Agent)**
38
+
39
+ The core of pwn-ai is a closed feedback loop for autonomous improvement:
40
+
41
+ ![PWN AI Feedback Learning Loop](documentation/diagrams/pwn-ai-feedback-learning-loop.svg)
42
+
43
+ See full details in [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md) and the [Diagrams](documentation/Diagrams.md) wiki page.
44
+
45
+
46
+ PWN is structured as a Ruby gem with a rich namespace:
47
+
48
+ - `PWN::Plugins::*` — **66+** specialized modules ([BurpSuite](documentation/BurpSuite.md) [preferred for web proxying/scanning], [Zaproxy](documentation/Plugins.md) [fallback], [Metasploit](documentation/Plugins.md), [NmapIt](documentation/NmapIt.md), [TransparentBrowser](documentation/Transparent-Browser.md), Shodan, NessusCloud, NexposeVulnScan, Fuzz, SAST engines, Android analysis, SDR/GQRX, Blockchain, Bounty platforms like HackerOne, hardware interfaces, OCR, packet crafting, etc.).
49
+ - `PWN::AI::*` — Multi-provider LLM clients (OpenAI, Anthropic, Gemini, [Grok OAuth device flow](documentation/AI-Integration.md), Ollama) and autonomous `PWN::AI::Agent` with tool-calling harness (`pwn_eval` for full PWN namespace, shell execution, skills, memory recall/remember, learning loops).
50
+ - `PWN::SAST` — Static application security testing and test case generation. See [SAST Wiki](documentation/SAST.md).
51
+ - `PWN::Reports` — Automated reporting from scans, agents, and findings. See [Reporting](documentation/Reporting.md).
52
+ - `PWN::Memory / Sessions / Cron / Skills / Config` — Persistent facts, conversation sessions, scheduled autonomous tasks, reusable markdown skills (distillable from successful workflows), and environment management. See [Skills, Memory & Learning](documentation/Skills-Memory-Learning.md).
53
+ - `PWN::Driver` — Framework for building custom security automation packages ("drivers"). See [Drivers](documentation/Drivers.md).
54
+
55
+ The **pwn REPL** (launched via the `pwn` command) is the primary interface: a Pry-powered interactive shell with the entire `PWN` namespace pre-loaded. It supports rapid prototyping, direct execution of any plugin method, and custom commands.
56
+
57
+ **Particularly powerful is the `pwn-ai` command** inside the REPL:
58
+ - Activates an autonomous AI agent TUI with multi-line input support (use SHIFT+ENTER to insert newlines; ENTER submits the full prompt).
59
+ - Full awareness of PWN plugins, skills (`~/.pwn/skills`), memory, sessions, and cron.
60
+ - Leverages LLM tool-calling to execute PWN methods (e.g., `PWN::Plugins::BurpSuite`, `PWN::Plugins::NmapIt`, `PWN::Plugins::TransparentBrowser`, `PWN::SAST`, `PWN::Reports`), shell commands, and orchestrate end-to-end tasks.
61
+ - Supports self-improvement via `PWN::AI::Agent::Learning` / Metrics (records per-tool success/duration, distills skills from outcomes).
62
+ - Example instruction: "Use NmapIt to scan target.example.com for open ports, then TransparentBrowser to spider the web app, run SAST analysis if source is available, proxy via BurpSuite, and generate a vulnerability report with PWN::Reports."
63
+ - Additional REPL commands: `pwn-asm` (assembly prototyping with multiline), `pwn-ai-memory`, `pwn-ai-sessions`, `pwn-ai-cron`, `pwn-ai-delegate`, `welcome-banner`, etc.
64
+ - Easily prototype and roll out custom "drivers" (see `/opt/pwn/bin/` examples).
65
+
66
+ Mix and match plugins, invoke via the REPL or `pwn-ai` agent, record/replay sessions, schedule autonomous jobs, and generate reports. PWN is designed for both interactive red teaming and headless/CI automation.
67
+
68
+ Here are some [example drivers](https://github.com/0dayInc/pwn/tree/master/bin) distributed with PWN.
69
+
70
+ #### **Local PWN Wiki** ####
71
+
72
+ A full local wiki has been generated in this checkout:
73
+
74
+ **`/opt/pwn/documentation/Home.md`**
75
+
76
+ - [Home](documentation/Home.md)
77
+ - [What is PWN](documentation/What-is-PWN.md)
78
+ - [Installation](documentation/Installation.md)
79
+ - [pwn-ai Agent](documentation/pwn-ai-Agent.md)
80
+ - [Plugins](documentation/Plugins.md)
81
+ - [AI Integration](documentation/AI-Integration.md)
82
+ - [Troubleshooting](documentation/Troubleshooting.md)
83
+ - ...and many more
84
+
85
+ Run `cat /opt/pwn/documentation/Home.md` or open in your editor for the complete local documentation.
86
+
87
+ ### **Installation** ###
88
+
89
+ Tested on Debian-Based Linux Distros & OSX leveraging Ruby via RVM.
90
+
91
+ ```
92
+ $ cd /opt
93
+ $ sudo git clone https://github.com/0dayinc/pwn
94
+ $ cd /opt/pwn
95
+ $ ./install.sh
96
+ $ ./install.sh ruby-gem
97
+ $ pwn
98
+ pwn[v0.5.617]:001 >>> PWN.help
99
+ ```
100
+
101
+ [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
102
+
103
+ See the dedicated [Installation Wiki](documentation/Installation.md) for more options.
104
+
105
+ ### **General Usage** ###
106
+
107
+ [General Usage Quick-Start](https://github.com/0dayinc/pwn/wiki/General-PWN-Usage)
108
+
109
+ Detailed local guide: [General PWN Usage](documentation/General-PWN-Usage.md)
110
+
111
+ It is strongly recommended to update PWN frequently as new capabilities (plugins, AI agents, skills, zero-day tooling) are released regularly:
112
+
113
+ ```
114
+ $ rvm list gemsets
115
+ $ rvm use ruby-4.0.5@pwn
116
+ $ gem uninstall --all --executables pwn
117
+ $ gem install --verbose pwn
118
+ $ pwn
119
+ pwn[v0.5.617]:001 >>> PWN.help
120
+ ```
121
+
122
+ If using a multi-user install of RVM:
123
+
124
+ ```
125
+ $ rvm list gemsets
126
+ $ rvm use ruby-4.0.5@pwn
127
+ $ rvmsudo gem uninstall --all --executables pwn
128
+ $ rvmsudo gem install --verbose pwn
129
+ $ pwn
130
+ pwn[v0.5.617]:001 >>> PWN.help
131
+ ```
132
+
133
+ **Inside the pwn REPL (the heart of PWN):**
134
+ - Full access to every PWN class and plugin.
135
+ - `PWN.help` — list all top-level modules.
136
+ - `pwn-ai` — launch the autonomous AI agent (highly recommended for complex tasks). Once active you can issue natural language instructions that leverage PWN's full power.
137
+ - Example flow:
138
+ ```
139
+ pwn[v0.5.617]:001 >>> pwn-ai
140
+ [*] pwn-ai agent TUI activated...
141
+ > Perform active scan of https://target.example.com using preferred tooling, then analyze findings with PWN modules and produce a report.
142
+ ```
143
+ - Other REPL helpers: `pwn-asm`, memory/session/cron management commands, etc.
144
+ - Exit AI mode with `back`; use full Ruby/PWN expressions at any time.
145
+
146
+ **Headless / CI-CD one-shot (`pwn --ai`):**
147
+ Skip the TUI entirely and submit a single pwn-ai request from the shell — ideal for quick lookups, scripting, or CI/CD pipelines. The final answer is written to STDOUT (pipeable); live tool-call activity streams to STDERR.
148
+ ```
149
+ $ pwn --ai 'What ports are listening on this host?'
150
+ $ echo "$LONG_PROMPT" | pwn --ai -
151
+ $ pwn -Y ./ci/pwn.yaml --ai 'Run pwn_sast against ./src and summarise HIGH findings' > findings.txt
152
+ ```
153
+
154
+ PWN periodically upgrades to the latest version of Ruby (reflected in `/opt/pwn/.ruby-version`). The easiest way to upgrade Ruby + pwn from a previous installation:
155
+
156
+ ```
157
+ $ /opt/pwn/vagrant/provisioners/pwn.sh
158
+ ```
159
+
160
+ This updates Ruby, recreates the pwn gemset, etc. Note that older Ruby versions can only use pwn gems compatible with that Ruby.
161
+
162
+ ### **Call to Arms** ###
163
+
164
+ Contributions that expand PWN's offensive capabilities are welcome. If you can provide access to additional commercial LLMs, security scanners, or bounty platforms (or wish to contribute plugins, AI skills, or exploit modules), please [email us](mailto:support@0dayinc.com). This accelerates interoperability and zero-day research tooling. See our [How to Contribute](https://github.com/0dayInc/pwn/blob/master/CONTRIBUTING.md) and the growing skills system for ways to extend the AI agent.
165
+
166
+ See also the wiki page on [Contributing](documentation/Contributing.md).
167
+
168
+ ### **Module Documentation** ###
169
+
170
+ **Primary Documentation:** Browse the embedded local wiki — start at [/opt/pwn/documentation/Home.md](documentation/Home.md).
171
+
172
+ Additional documentation on using PWN can be found on [RubyGems.org](https://www.rubydoc.info/gems/pwn). Explore the source under `lib/pwn/plugins/`, `lib/pwn/ai/`, and `PWN::` constants directly in the REPL.
173
+
174
+ Key wiki pages:
175
+ - [Plugins](documentation/Plugins.md)
176
+ - [Burp Suite](documentation/BurpSuite.md)
177
+ - [pwn-ai Agent](documentation/pwn-ai-Agent.md)
178
+ - [SAST](documentation/SAST.md)
179
+ - [AI Integration](documentation/AI-Integration.md)
180
+
181
+ I hope you enjoy PWN and remember... ensure you always have permission prior to carrying out any sort of security testing or hacktivities. Now — go pwn all the things (responsibly)!
182
+
183
+
184
+ ### **Keep Us Caffeinated** ###
185
+ If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
186
+
187
+ [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/0dayinc)
188
+
189
+
190
+ ### [**0x004D65726368**](https://0day.myspreadshop.com/) ###
191
+
192
+ [![PWN Sticker](https://image.spreadshirtmedia.com/image-server/v1/products/T1459A839PA3861PT28D1044068794FS8193/views/1,width=300,height=300,appearanceId=839,backgroundColor=000000/ultimate-hacker-t-shirt-to-convey-to-the-public-a-hackers-favorite-past-time.jpg)](https://0day.myspreadshop.com/stickers)
193
+
194
+ [![Coffee Mug](https://image.spreadshirtmedia.com/image-server/v1/products/T1313A1PA3933PT10X2Y25D1020472680FS6327/views/3,width=300,height=300,appearanceId=1,backgroundColor=000000/https0dayinccom.jpg)](https://0day.myspreadshop.com/accessories+mugs+%26+drinkware)
195
+
196
+ [![Mouse Pad](https://image.spreadshirtmedia.com/image-server/v1/products/T993A1PA2168PT10X162Y26D1044068794S100/views/1,width=300,height=300,appearanceId=1,backgroundColor=000000/ultimate-hacker-t-shirt-to-convey-to-the-public-a-hackers-favorite-past-time.jpg)](https://0day.myspreadshop.com/accessories)
197
+
198
+ [![0day Inc.](https://image.spreadshirtmedia.com/image-server/v1/products/T951A550PA3076PT17X0Y73D1020472680FS8515/views/1,width=300,height=300,appearanceId=70,backgroundColor=000000/https0dayinccom.jpg)](https://shop.spreadshirt.com/0day/0dayinc-A5c3e498cf937643162a01b5f?productType=951&appearance=70)
199
+
200
+ [![Black Fingerprint Hoodie](https://image.spreadshirtmedia.com/image-server/v1/products/T111A2PA3208PT17X169Y51D1020472728FS6268/views/1,width=300,height=300,appearanceId=2/https0dayinccom.jpg)](https://shop.spreadshirt.com/0day/blackfingerprint-A5c3e49db1cbf3a0b9596b4d0?productType=111&appearance=2)
@@ -1,36 +1,52 @@
1
- # AI & LLM Integration
1
+ # AI / LLM Integration — `PWN::AI`
2
2
 
3
- PWN integrates deeply with multiple LLMs for both interactive and autonomous operation.
3
+ One agent loop, five interchangeable engines. Swap providers by changing one
4
+ line in `~/.pwn/config.yml`; the tool-calling contract is normalised so the
5
+ agent code never cares which model is behind it.
4
6
 
5
- ## Supported Providers
7
+ ![Multi-provider integration](diagrams/ai-integration-tool-calling.svg)
6
8
 
7
- - OpenAI
8
- - Anthropic
9
- - Google Gemini
10
- - xAI Grok (full OAuth device flow support, public client)
11
- - Ollama (local)
12
- - Others via extensible client design
9
+ ## Supported engines
13
10
 
14
- ## Primary Entry Points
11
+ | Engine | Client | Auth | Notes |
12
+ |---|---|---|---|
13
+ | `openai` | `PWN::AI::OpenAI` | `key:` | function-calling native |
14
+ | `anthropic` | `PWN::AI::Anthropic` | `key:` | tool-use native |
15
+ | `grok` | `PWN::AI::Grok` | `key:` **or** `oauth: true` | OAuth = RFC-8628 device-code flow using xAI's public Grok-CLI client id (no secret) — see skill `xai_grok_oauth_device_flow` |
16
+ | `gemini` | `PWN::AI::Gemini` | `key:` | function-calling native |
17
+ | `ollama` | `PWN::AI::Ollama` | none | local, `base_url:` + `model:` |
15
18
 
16
- - `PWN::AI::*` (OpenAI, Anthropic, Grok, etc.)
17
- - `PWN::AI::Agent` — the autonomous tool-calling harness
18
- - `pwn-ai` command inside REPL launches the TUI
19
+ ## Selecting an engine
19
20
 
20
- ## Tool Calling
21
+ ```yaml
22
+ # ~/.pwn/config.yml
23
+ ai:
24
+ engine: grok
25
+ grok:
26
+ oauth: true # first run opens https://accounts.x.ai/… device page
27
+ ```
21
28
 
22
- The agent can call:
23
- - `pwn_eval` (full PWN namespace + Ruby)
24
- - `shell`
25
- - skills
26
- - memory (recall/remember)
27
- - learning & metrics
29
+ ```ruby
30
+ # at runtime
31
+ PWN::Env[:ai][:engine] = :ollama
32
+ ```
28
33
 
29
- OAuth for Grok is configured via `PWN::Config` and follows modern device-code flows (no client secrets).
34
+ ## Direct client use (no agent)
30
35
 
31
- See:
32
- - [pwn-ai Agent](pwn-ai-Agent.md)
33
- - [Skills, Memory & Learning](Skills-Memory-Learning.md)
34
- - `lib/pwn/ai/` in source
36
+ ```ruby
37
+ resp = PWN::AI::Anthropic.chat(
38
+ messages: [{ role: 'user', content: 'Explain CVE-2024-1234 in one line' }]
39
+ )
40
+ puts resp[:content]
41
+ ```
35
42
 
36
- [[Diagrams]]
43
+ ## Model diversity in Swarm
44
+
45
+ Because each persona in [`agents.yml`](Swarm.md) can override `engine:`, an
46
+ `agent_debate` can literally pit Claude against Grok against a local Llama —
47
+ real antagonism, not one model role-playing three voices.
48
+
49
+ **See also:** [pwn-ai Agent](pwn-ai-Agent.md) ·
50
+ [Agent Tool Registry](Agent-Tool-Registry.md) · [Swarm](Swarm.md)
51
+
52
+ [← Home](Home.md)
@@ -0,0 +1,57 @@
1
+ # `PWN::AWS` — Cloud Security (90 service wrappers)
2
+
3
+ One thin module per AWS service, each wrapping the official `aws-sdk-*` gem
4
+ with the PWN `opts = {}` convention so they compose in the REPL and in
5
+ `pwn_eval`.
6
+
7
+ ![AWS cloud security](diagrams/aws-cloud-security.svg)
8
+
9
+ ## Credentials
10
+
11
+ Standard AWS SDK chain: `~/.aws/credentials` profile, env vars
12
+ (`AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` / `AWS_SESSION_TOKEN`), or
13
+ instance profile. Optionally pin in `~/.pwn/config.yml` under `aws:`.
14
+
15
+ ## Quick enumeration
16
+
17
+ ```ruby
18
+ PWN::AWS::STS.get_caller_identity
19
+ PWN::AWS::IAM.list_users
20
+ PWN::AWS::EC2.describe_instances(region: 'us-east-1')
21
+ PWN::AWS::S3.list_buckets
22
+ PWN::AWS::Lambda.list_functions
23
+ ```
24
+
25
+ CLI: `pwn_aws_describe_resources -r us-east-1 -o out/`
26
+
27
+ ## Service groups
28
+
29
+ | Group | Modules |
30
+ |---|---|
31
+ | Identity | `IAM` `STS` `CognitoIdentity` `CognitoIdentityProvider` `CognitoSync` `DirectoryService` |
32
+ | Compute | `EC2` `ECS` `ECR` `Lambda` `LambdaPreview` `Batch` `Lightsail` `ElasticBeanstalk` `AutoScaling` `ApplicationAutoScaling` `AppStream` |
33
+ | Storage | `S3` `Glacier` `EFS` `StorageGateway` `Snowball` |
34
+ | Data | `DynamoDB` `DynamoDBStreams` `RDS` `Redshift` `ElastiCache` `SimpleDB` `ElasticsearchService` |
35
+ | Network | `Route53` `Route53Domains` `ElasticLoadBalancing` `ElasticLoadBalancingV2` `APIGateway` `CloudFront` `DirectConnect` `WAF` `WAFRegional` `Shield` |
36
+ | Crypto | `KMS` `CloudHSM` `ACM` |
37
+ | Ops / Logs | `CloudTrail` `CloudWatch` `CloudWatchLogs` `CloudWatchEvents` `ConfigService` `SSM` `Health` `Inspector` `XRay` |
38
+ | Dev | `CodeBuild` `CodeCommit` `CodeDeploy` `CodePipeline` |
39
+ | Messaging | `SNS` `SQS` `SES` `Pinpoint` `Kinesis` `KinesisAnalytics` `Firehose` |
40
+ | ML / Media | `Rekognition` `Polly` `MachineLearning` `Lex` `ElasticTranscoder` |
41
+ | Infra | `CloudFormation` `CloudSearch` `CloudSearchDomain` `OpsWorks` `OpsWorksCM` `ServiceCatalog` `DataPipleline` `EMR` `SWF` `States` |
42
+ | IoT / Other | `IoT` `IoTDataPlane` `DeviceFarm` `GameLift` `Workspaces` `Support` `Budgets` `ImportExport` `SMS` `DatabaseMigrationService` `ApplicationDiscoveryService` `MarketplaceCommerceAnalytics` `MarketplaceMetering` |
43
+
44
+ ## Offensive patterns
45
+
46
+ - **Enumerate** → `IAM` policies, `EC2` userdata, `Lambda` env vars, `S3`
47
+ bucket ACLs, `SSM` parameters.
48
+ - **Misconfig** → public `S3`, wildcard `IAM` actions, unencrypted `RDS`,
49
+ missing `CloudTrail`.
50
+ - **Escalate** → `iam:PassRole` + `lambda:Invoke`, `ssm:SendCommand`,
51
+ `ec2:RunInstances` with instance profile.
52
+ - **Persist** → new access key, Lambda backdoor, EC2 userdata.
53
+
54
+ Record everything with `extro_observe(source: 'aws', …)` so
55
+ [Extrospection](Extrospection.md) can correlate later.
56
+
57
+ [← Home](Home.md)