PWN

Table of Contents


Intro

What is PWN

PWN (pronounced /pōn/ — pone) is an open-source offensive-security automation framework and continuous-security-integration platform. It gives security researchers, red teamers, penetration testers and vulnerability researchers a single, scriptable Ruby surface over the entire offensive toolchain — from OSINT and network discovery, through web / cloud / hardware / radio exploitation, to reporting and disclosure — and puts a self-improving, tool-calling, multi-agent AI on top of it.

In numbers: 66 PWN::Plugins · 48 PWN::SAST rules · 90 PWN::AWS service wrappers · 21 PWN::WWW site drivers · 52 bin/pwn_* CLI drivers · 5 LLM engines · 10 agent toolsets · 45+ LLM-callable tools.

Full page: What is PWN

Why PWN

Offensive security is a toolchain problem. PWN's bet is that the right abstraction is plain Ruby methods with a uniform opts = {} signature, exposed simultaneously to a human in a REPL, an LLM in a tool-calling loop, a shell script in CI, and a cron job at 3 am — all open-source and auditable, which matters when the caller is autonomous.

Full page: Why PWN

How PWN Works

Five layers, edges only ever go down:

PWN Overall Architecture

The AI layer closes a self-improvement loop on every turn — Metrics + Learning (introspection) joined with Snapshot + Drift + Intel (extrospection) via extro_correlate, so the agent knows whether a failure was its fault or the world changed:

pwn-ai Feedback Learning Loop

And Swarm runs multiple personas — each a full tool-calling agent, optionally on a different LLM engine — over a shared append-only bus:

Swarm Multi-Agent

Full pages: How PWN Works · All 26 Data-Flow Diagrams


Documentation

The complete wiki lives in this repo at documentation/Home.md.

Start Here Entry Points AI Subsystem Capabilities
What is PWN pwn REPL AI / LLM Integration Plugins (66)
Why PWN pwn-ai Agent Agent Tool Registry SAST (48)
How PWN Works CLI Drivers (52) Memory · Skills · Learning AWS (90)
Installation Build a Driver Extrospection WWW (21)
General Usage Swarm (multi-agent) SDR / Radio
Configuration Sessions · Cron Reports
~/.pwn/ Persistence BurpSuite · NmapIt
All Diagrams Metasploit · Fuzzing
Troubleshooting Hardware · Blockchain
Contributing Bounty · FFI · Banner

Rebuild every SVG from its Graphviz source: cd documentation/diagrams && ./build.sh


Installation

Tested on Debian-based Linux & macOS, Ruby via RVM.

$ cd /opt
$ sudo git clone https://github.com/0dayinc/pwn
$ cd /opt/pwn
$ ./install.sh
$ ./install.sh ruby-gem
$ pwn
pwn[v0.5.616]:001 >>> PWN.help

Installing the pwn Security Automation Framework

Full page: Installation · Configuration


General Usage

General Usage Quick-Start · local: General PWN Usage

Update PWN frequently — new plugins, agent tools, skills and zero-day tooling land regularly:

$ rvm list gemsets
$ rvm use ruby-4.0.5@pwn
$ gem uninstall --all --executables pwn
$ gem install --verbose pwn
$ pwn
pwn[v0.5.616]:001 >>> PWN.help

If using a multi-user RVM install:

$ rvm use ruby-4.0.5@pwn
$ rvmsudo gem uninstall --all --executables pwn
$ rvmsudo gem install --verbose pwn

Inside the pwn REPL:

  • Full access to every PWN:: module.
  • pwn-ai — launch the autonomous agent TUI (SHIFT+ENTER newline, ENTER submit).
  • pwn-asm, pwn-ai-memory, pwn-ai-sessions, pwn-ai-cron, pwn-ai-delegate.

Headless / CI one-shot (pwn --ai):

$ pwn --ai 'What ports are listening on this host?'
$ echo "$LONG_PROMPT" | pwn --ai -
$ pwn -Y ./ci/pwn.yaml --ai 'Run pwn_sast against ./src and summarise HIGH findings' > findings.txt

PWN periodically upgrades to the latest Ruby (/opt/pwn/.ruby-version). Easiest upgrade of Ruby + pwn from a previous install:

$ /opt/pwn/vagrant/provisioners/pwn.sh

Call to Arms

Contributions that expand PWN's offensive capabilities are welcome. If you can provide access to additional commercial LLMs, security scanners, or bounty platforms — or wish to contribute plugins, AI skills, or exploit modules — please email us. See CONTRIBUTING.md and the local Contributing page.


Module Documentation

Primary: documentation/Home.md — the full local wiki with 30+ pages and 26 SVG data-flow diagrams.

API reference: rubydoc.info/gems/pwn, or in-REPL: PWN::Plugins::BurpSuite.help, show-source, ls.

Highlights: Plugins · BurpSuite · Transparent-Browser · pwn-ai Agent · Swarm · Extrospection · SAST · AI Integration

I hope you enjoy PWN — and remember: always have permission before any security testing. Now go pwn all the things (responsibly)!


Keep Us Caffeinated

If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:

Coffee

0x004D65726368

PWN Sticker

Coffee Mug

Mouse Pad

0day Inc.

Black Fingerprint Hoodie