Table of Contents
Intro
What is PWN
PWN (Pronounced /pōn/ or pone), is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation. Build your own custom automation drivers freely and easily using pre-built modules.
Why PWN
It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.
How PWN Works
Leveraging various pre-built modules and the pwn prototyper, you can mix-and-match modules to test, record, replay, and rollout your own custom security automation packages known as, "drivers." Here are some example drivers distributed with PWN.
Installation
Tested on Debian-Based Linux Distros, & OSX leveraging Ruby via RVM.
$ cd /opt
$ sudo git clone https://github.com/0dayinc/pwn
$ cd /opt/pwn
$ ./install.sh
$ ./install.sh ruby-gem
$ pwn
pwn[v0.5.214]:001 >>> PWN.help
General Usage
General Usage Quick-Start
It's wise to update pwn often as numerous versions are released/week:
$ rvm list gemsets
$ rvm use ruby-3.3.5@pwn
$ gem uninstall --all --executables pwn
$ gem install --verbose pwn
$ pwn
pwn[v0.5.214]:001 >>> PWN.help
If you're using a multi-user install of RVM do:
$ rvm list gemsets
$ rvm use ruby-3.3.5@pwn
$ rvmsudo gem uninstall --all --executables pwn
$ rvmsudo gem install --verbose pwn
$ pwn
pwn[v0.5.214]:001 >>> PWN.help
PWN periodically upgrades to the latest version of Ruby which is reflected in /opt/pwn/.ruby-version
. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
$ /opt/pwn/vagrant/provisioners/pwn.sh
This should update Ruby, create the necessary pwn gemset within the latest Ruby version, etc. It's important to note that if you're running an older version of ruby, you can only upgrade the pwn
gem to the latest version supported by the earlier version of Ruby.
Call to Arms
If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please email us. This will continue to promote PWNs interoperability w/ industry-recognized security tools moving forward. Additionally if you want to contribute to this framework's success, check out our How to Contribute.
Module Documentation
Additional documentation on using PWN can be found on RubyGems.org
I hope you enjoy PWN and remember...ensure you always have permission prior to carrying out any sort of hacktivities. Now - go pwn all the things!
Keep Us Caffeinated
If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated: