Summary: An explanation of the core ideas behind pwnity: Targets, Tools, Wordlists, and Sessions.
Core Concepts
pwnity is built around a few core ideas. Understanding them is key to using the tool effectively.
Targets: The "What"
A Target represents the entity you are testing (e.g., an IP address, a domain, a web application). It acts as a container for all related information:
- Network details (IP, hostname, port)
- Automatically gathered data (DNS, WHOIS, HTTP Headers)
Tools: The "How"
A Tool is a template for an external command-line program you want to run (e.g., nmap, gobuster). You define how the tool is called, including its subcommands and parameters. The real power comes from using placeholders in the parameters.
Reports: The "Findings"
A Report is the central container for all your analytical findings for an engagement. It stores:
- Your personal notes.
- Discovered credentials or flags (Loot).
- Structured findings extracted by Parsers.
Wordlists: The "With What"
A Wordlist is a simple reference to a file on your system containing a list of words, typically used for fuzzing, directory busting, or password cracking.
Sessions: The "Workspace"
A Session is your current working context. It "remembers" which Target, Tool, and Wordlist you have loaded. This allows you to switch between different projects without re-configuring everything. The prompt always shows you what's loaded in the active session.
Presets: The "Shortcut"
A Preset is a saved session. If you often use the same combination of a tool and wordlist for a certain type of target, you can save it as a preset and load it with a single command.
The "No Database" Philosophy
Pwnity does not use a database. No SQL dumps, no migrations, and no service dependencies.
- All objects (Targets, Tools, Wordlists) are stored as simple JSON files.
- Reports are portable Markdown or JSON files.
- Portability is built-in: copy your project folder, and you have the entire engagement history.