Summary: A common step-by-step workflow for using pwnity, from target creation to documenting findings.

Usage Sequence

Here is a common step-by-step workflow for using pwnity.

1. Create and Configure a Target

First, create a target and give it a URL. pwnity will automatically parse it.

target add web-server
target update web-server url http://192.168.1.10/login

2. Create and Configure a Tool

Next, set up the tool you want to use. Define its subcommands and parameters using placeholders.

tool add gobuster
tool update gobuster command dir
tool update gobuster dir param "-u $target.base_url"
tool update gobuster dir param "-w $wordlist.path"

3. Add a Wordlist

If your tool needs a wordlist, add a reference to it.

wordlist add common-dirs
wordlist update common-dirs path /usr/share/wordlists/dirb/common.txt

4. Create and Load a Report

Before you can save notes or loot, you need a report to store them in.

report add web-server-report
report load web-server-report

5. Load Everything into the Session

Load your created objects into the current session. The prompt will update to show the context.

target load web-server
tool load gobuster
wordlist load common-dirs
wordlist load web-server-report

6. Run the Scan

Preview the command, then execute it in the foreground (now) or background (bg).

pwn dir          # Preview the command
pwn dir now      # Run it now
pwn dir bg      # Run it in background

7. Document Findings

As you find things, add them to the loaded report or use a predefined parser

note add "Found admin panel at /admin-portal"
loot add credential admin:password123

# and/or

parser apply gobuster <job-id>