Summary: Learn about special fields like 'target.url' that trigger automatic actions and data parsing.

Special Fields & Magic Actions

Certain fields, when used with the update command, trigger special actions or have unique behaviors beyond simply storing a value.

Target: The url Field

This is the most powerful special field. When you update a target's url, pwnity doesn't just store the string; it performs a comprehensive analysis:

  • Resolution: It resolves the hostname to an IP address.
  • Parsing: It breaks the URL into its components: protocol, hostname, port, uri, query_params, etc.
  • Domain Analysis: It uses tldextract to identify the subdomains, domain, and tld.
  • Base URL: It constructs a base_url (e.g., https://example.com:8443) for convenience.

Example:

target update my-server url "https://api.example.com/v1?user=test"

This single command populates over a dozen fields, making a vast number of placeholders instantly available.

Tool: The sudo Field

Setting the sudo field to true marks a tool as requiring root privileges.

tool update nmap sudo true

When you run this tool, pwnity will automatically prepend sudo to the command and handle the password prompt if necessary.

Proxy: The wrapper_needs_sudo Field

This is similar to the tool's sudo field but applies specifically to the proxy wrapper command (like proxychains-ng).

proxy set wrapper_needs_sudo true

If the proxy is enabled and this flag is set, the entire command (including the wrapper) will be executed with sudo.

Tool: The execute_per_param Field

This boolean field, set on a tool's command, changes how the final command is built and run. By default (false), all parameters are joined into a single command line.

Value: true

If you set execute_per_param to true, pwnity will execute the tool's command once for each parameter in the list. This is perfect for creating dynamic checklists with echo.

Example:

tool update checklist web-recon execute_per_param true

Now, when pwn web-recon now is run, it will execute echo for each line of the checklist, producing a clean, multi-line output.