PWN (Pronounced /pōn/ or pone), is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation. Build your own custom automation drivers freely and easily using pre-built modules.
It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.
Leveraging various pre-built modules and the pwn prototyper, you can mix-and-match modules to test, record, replay, and rollout your own custom security automation packages known as, "drivers." Here are some example drivers distributed with PWN.
Tested on Debian-Based Linux Distros, & OSX leveraging Ruby via RVM.
$ cd /opt
$ sudo git clone https://github.com/0dayinc/pwn
$ cd /opt/pwn
$ ./install.sh
$ ./install.sh ruby-gem
$ pwn
pwn[v0.5.228]:001 >>> PWN.help
It's wise to update pwn often as numerous versions are released/week:
$ rvm list gemsets
$ rvm use ruby-3.3.5@pwn
$ gem uninstall --all --executables pwn
$ gem install --verbose pwn
$ pwn
pwn[v0.5.228]:001 >>> PWN.help
If you're using a multi-user install of RVM do:
$ rvm list gemsets
$ rvm use ruby-3.3.5@pwn
$ rvmsudo gem uninstall --all --executables pwn
$ rvmsudo gem install --verbose pwn
$ pwn
pwn[v0.5.228]:001 >>> PWN.help
PWN periodically upgrades to the latest version of Ruby which is reflected in /opt/pwn/.ruby-version. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
$ /opt/pwn/vagrant/provisioners/pwn.sh
This should update Ruby, create the necessary pwn gemset within the latest Ruby version, etc. It's important to note that if you're running an older version of ruby, you can only upgrade the pwn gem to the latest version supported by the earlier version of Ruby.
If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please email us. This will continue to promote PWNs interoperability w/ industry-recognized security tools moving forward. Additionally if you want to contribute to this framework's success, check out our How to Contribute.
Additional documentation on using PWN can be found on RubyGems.org
I hope you enjoy PWN and remember...ensure you always have permission prior to carrying out any sort of hacktivities. Now - go pwn all the things!
If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
FAQs
Unknown package
We found that pwn demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.