From chaos to control
|
Pwnity is a high-performance, session-based framework that turns your scattered tools into a unified arsenal. With dynamic payload generation, automatic asset parsing, and a local-first philosophy, it's the environment built by pentesters, for pentesters.
Live Operations
Experience the speed and efficiency of the Pwnity CLI.
The Pwnity Command Center
A multi-layered ecosystem designed for every stage of the engagement.
The Heart: CLI (Core)
FREEA powerful, session-based shell that wraps your favorite tools. Build once, execute everywhere.
Smart Context
Use $target.ip or $wordlist.path in any tool template.
Update a URL and Pwnity resolves IP, domain, and TLD instantly.
Save entire session states (Target + Tool + Wordlist) as reusable templates.
Magic Gathering
target gather all runs DNS, WHOIS, HTTP, and Geo-IP at once.
Automatic SSL/HTTP header extraction.
Integrated domain decomposition.
Interactive Dashboard
Live context dashboard via overview.
Monitor scans with bg and jobs list.
Real-time uptime tracking.
No-DB Architecture
JSON files for easy version control and syncing.
Generate Markdown summaries instantly.
Native wrapping of binary tools without scripts.
Pure Portability
CORENo Database. No Pain.
Pwnity stores everything as local JSON files. No SQL dumps to manage, no database services to maintain. Simply copy your project folder, and your entire engagement context goes with you.
Audit-Ready Logbook
Every command execution is immutably recorded with timestamps and full output. Generate human-readable reports in seconds for instant stakeholder delivery.
The Kill Chain
Pwnity streamlines your entire process into a logical, repeatable flow. No more chaos, just pure efficiency.
Define Your Target
Initialize your target with a URL. Pwnity automatically resolves the IP, identifies the domain/TLD, and parses query parameters into placeholders.
target add web-server
target update web-server url http://192.168.1.10/loginTemplate Your Arsenal
Create reusable tool definitions. Use $target.ip, $target.base_url, and other placeholders to make your tools adapt to any session.
tool add gobuster
tool update gobuster command dir
tool update gobuster dir param "-u $target.base_url -w $wordlist.path"Assemble the Session
Load your target, tool, and wordlist. Everything is now linked. Type 'overview' to see your interactive dashboard.
target load web-server
tool load gobuster
wordlist load common-dirs
overviewForeground or Background
Execute your commands with precision. Use 'now' for immediate output or 'bg' to run long scans while you continue working.
pwn dir now # Real-time output
pwn dir bg # Background scanAutomated Extraction
Apply regex-based parsers to finished jobs. Pwnity extracts structured findings and offers an interactive checklist to save them.
parser apply common 3a8f[*] Applying parser 'common'...
[+] Found 2 unique matches for rule 'ipv4'.
[+] Save findings? (Y/n)Immutable Findings
Your report holds the ground truth. Notes, loot (credentials/keys), and parser findings are stored in one portable report file.
note add "Login vuln at /admin"
loot add credential admin:password123
report showInitialization
Get Pwnity up and running in under a minute.
Zero Dependencies
No database required. Pwnity uses local JSON files for maximum portability.
Modular Setup
Targets, tools, and wordlists are stored as reusable objects.
Fast Onboarding
Ships with example configurations to get you started immediately.
Future Trajectory
We believe in transparency. Here's a live look at our journey.
Pre-Beta (Stable)
- Core CLI Framework
- Session-Based Context Management
- Tool, Target & Wordlist Library
- Placeholder & Job System
- Predefined Tool Presets
In Development
- Initial Documentation & Guides
- Advanced Reporting Formats
- Official Kali Linux Package
Planned
- Web UI (Pro)
- Visual Node Editor
- Community Hub for Sharing
- AI Command Suggestions