• Rabids payload builder is now Go-based for Windows payloads: generates, encrypts, and compiles a silent EXE with persistence and AV evasion. New command: daemon -rb -spider -lh <ip> -lp <port> -k <key> (or d -rb -spider ...).

• Added icepick quickhack command: EXE binder for red team/offsec use. Now supports arguments: -target <target exe path> -p <payload exe path>.

PWN0S consolidates multiple cybersecurity capabilities into a single, streamlined interface, empowering security professionals with a robust platform for penetration testing and offensive security operations. Its key features include:

• Quickhacks: A suite of network reconnaissance and attack tools for rapid deployment during engagements, enabling swift intelligence gathering and exploitation.

• Daemons: Background services that automate payload generation, file serving, and persistent operations, reducing manual overhead in complex workflows.

• Interface Plugs: Hardware management utilities for interfacing with microcontrollers and other devices, enabling seamless integration with physical attack vectors.

1. Clone the repository (if you haven't already):

   git clone https://github.com/sarwaaaar/PWN0S.git
   cd PWN0S

2. Install Python 3.8+

   • Make sure you have Python 3.8 or newer installed. You can check your version with:

     python3 --version

   • If you need to install Python:
     • macOS:

       brew install python3

     • Linux (Debian/Ubuntu):

       sudo apt update && sudo apt install python3 python3-pip

     • Windows: Download from python.org

3. Install dependencies

   • Install all required Python packages:

     python3 -m pip install --upgrade pip
     python3 -m pip install -r requirements.txt

4. (Optional) Install system dependencies

   • Some features require additional tools:
     • php, go, cargo, msfvenom, wget, httrack, monolith
   • On macOS (using Homebrew):

     brew install php go msfvenom wget httrack
     cargo install monolith

   • On Linux (Debian/Ubuntu):

     sudo apt install php go cargo metasploit-framework wget httrack
     cargo install monolith

   • For msfvenom, see Metasploit installation guide

5. Run PWN0S

   python3 main.py

You're ready to use PWN0S! For command usage, see the Command Reference below.

PWN0S provides a comprehensive command-line interface with extensive options and shortcuts, designed for efficiency and ease of use. Commands are organized into three main categories: Quickhacks, Daemons, and Interface Plugs, with additional support for standard system commands. Below are detailed tables for each category, followed by in-depth explanations of their functionality.

The main commands serve as the entry points to PWN0S's core functionalities. quickhack (or qh) provides access to network-focused tools for reconnaissance and attacks, ideal for rapid deployment in penetration testing scenarios. daemon (or d) manages background services that automate tasks like payload generation and file serving, reducing manual effort. interfaceplug (or ifp) handles hardware interactions, enabling seamless integration with devices like the ESP32-S3 for WiFi hacking and IoT attacks. The exit or quit commands (q) allow users to safely terminate the PWN0S session. Help for any command can be accessed using quickhack help, daemon help, or interfaceplug help.

Daemons are background services that automate critical tasks such as payload delivery, file serving, and website cloning. They operate silently, ensuring operational efficiency during complex engagements.

The File Daemon is a lightweight HTTP server designed for payload delivery and file sharing during engagements. Running on port 8000, it serves files from the DAEMONS/filedaemon/dir/ directory, making it ideal for distributing exploits, scripts, or other resources to target systems. The -start (-s) option launches the server, while the -clean (-c) option removes all contents from the directory to maintain operational security by eliminating traces post-operation. This tool is particularly useful for delivering payloads generated by other PWN0S components, such as the Rabids daemon, ensuring seamless integration within the toolkit.

The Rabids daemon now supports a Go-based Windows payload builder (-spider), which automates the creation of XOR-encrypted payloads using Metasploit's msfvenom, embeds them into Go source code, and compiles a silent Windows executable with AV evasion and persistence. The generated EXE is saved to the DAEMONS/rabids/bin/ directory. Use the new command:

daemon -rb -spider -lh <ip> -lp <port> -k <key>

or the shortcut:

d -rb -spider -lh <ip> -lp <port> -k <key>

This replaces the previous Rust-based workflow for Windows payloads. The EXE runs silently, hides itself, adds persistence, and evades Defender exclusions automatically.

Brainwipe is a powerful phishing toolkit integrated with SEToolkit, designed for credential harvesting through website cloning. It uses Selenium to accurately replicate target websites, modifying them to include phishing forms for capturing credentials. The cloned site is hosted on localhost:8000, with captured data logged to credentials.txt. Options like -phonecode and -emailcode add verification fields to enhance phishing realism, while -buttoncolor and -redirecturl allow customization of the phishing page's appearance and behavior. Automatic cleanup ensures traces are removed post-operation, maintaining operational security. This tool is ideal for social engineering assessments in controlled environments.

Interface Plugs manage hardware interactions, enabling seamless integration with microcontrollers and other devices for physical and wireless attack vectors.

Configuration:

{
  "username": "admin",
  "ip": "192.168.1.100",
  "password": "mypass123"
}

The Deck plug is an SSH connection manager that simplifies remote access to target systems or C2 servers. It uses a config.json file for persistent credential storage, supporting both interactive and automated SSH sessions. Options like -username, -ip, and -password allow users to specify connection details, while the default command (interfaceplug -deck) uses stored credentials for quick access. Connection status monitoring and error handling ensure reliable operation, making Deck ideal for managing remote systems during engagements.

The Blackout plug interfaces with ESP32-S3 microcontrollers running Ghost ESP, enabling advanced WiFi hacking and hardware-based attacks. Ghost ESP supports WiFi attacks such as deauthentication (-t deauth), packet sniffing (-t sniff), and rogue access point creation (-t rogue-ap), targeting specified SSIDs (-s). Beyond WiFi, Blackout manages serial port connections (-scan), connects to ESP32 servers (-connect), and sends commands (-send) for real-time interaction. This plug is critical for IoT exploitation and wireless network attacks, leveraging the ESP32-S3's capabilities for field operations.

Quickhacks provide fast, network-focused tools for reconnaissance and attacks, enabling rapid execution during engagements.

Attack Methods:

• SMS/EMAIL: SMS and email flooding for targeted disruption.
• NTP/UDP/SYN: Network-level flooding attacks.
• ICMP/POD: Ping of Death and ICMP-based attacks.
• MEMCACHED: Amplification attacks leveraging vulnerable servers.
• HTTP/SLOWLORIS: Application-layer attacks targeting web servers.

Shortcirc is a denial-of-service (DoS) toolkit supporting multiple attack vectors, including network flooding (UDP, SYN, ICMP), application-layer attacks (HTTP, Slowloris), and social engineering attacks (SMS/Email bombing). Configurable options like -time and -threads allow users to control attack duration and intensity, while real-time monitoring provides visibility into attack progress. Advanced techniques like Memcached amplification and Slowloris enhance its effectiveness against modern targets, making it a versatile tool for stress-testing network resilience in authorized scenarios.

The Ping tool is a comprehensive OSINT and reconnaissance toolkit for gathering intelligence on IPs, phone numbers, and usernames. It performs geolocation and tracking of IP addresses (-ip), identifies phone number carriers and locations (-pn), and enumerates social media accounts associated with usernames (-ut). The -sip option displays the user's own IP address for situational awareness. Integrated with the Seeker phishing toolkit, Ping supports advanced social engineering with location tracking and credential harvesting, offering features like KML file generation and webhook notifications (Telegram, Discord). This tool is essential for reconnaissance phases in penetration testing.

Icepick is an EXE dropper/runner for red team/offsec use. It allows you to specify the target executable path and the payload executable path using the -t and -p options. The tool will drop and run the specified EXE payloads on Windows targets

PWN0S supports standard system commands for convenience during operations.

These system commands allow users to interact with the underlying operating system directly from the PWN0S interface, streamlining tasks like file management, process monitoring, and system information gathering. For example, ls -la lists directory contents, ps aux | grep python monitors running Python processes, and cat /etc/passwd inspects system files. This integration reduces the need to switch between PWN0S and a separate terminal, enhancing workflow efficiency.

PWN0S supports shorthand aliases for efficiency:

• quickhack = qh
• daemon = d
• interfaceplug = ifp
• shortcirc = sc
• ping = pg
• rabids = rb
• filedaemon = fd
• brainwipe = bw
• blackout = b
• deck = dk
• icepick = ic

PWN0S is actively under development, with several exciting features planned:

• Advanced Malware Modules: Support for researching and simulating cryptominers, ransomware, time bombs, and other malware types in controlled environments.
• Expanded Hardware Capabilities:
  • Radio Hacking: Integration with SDR for intercepting and manipulating wireless signals.
  • RFID Card Reader/Writer: Tools for cloning and modifying RFID tags.
  • Infrared Communication: Support for IR-based attacks on IoT and legacy devices.
  • Keystroke Injection: Enhanced BadUSB and Rubber Ducky integration.
• Remote Cyber Deck Framework: A lightweight framework running on Raspberry Pi Zero W, coordinating with Pico W and ESP32-S3 for a fully portable, remote-capable cyber deck, enabling synchronized attacks across devices.

PWN0S is intended for educational purposes and authorized security testing only. Users must obtain explicit permission before using this toolkit against any systems or networks. The authors and contributors are not liable for any misuse, damage, or legal consequences resulting from the use of this tool. Always adhere to applicable laws and ethical guidelines.

Contributions are welcome to enhance PWN0S's capabilities. To contribute:

1. Fork the repository.
2. Create a feature branch (git checkout -b feature/your-feature).
3. Implement and test your changes thoroughly.
4. Commit your changes (git commit -m "Add your feature").
5. Push to your fork (git push origin feature/your-feature).
6. Submit a pull request with a detailed description of your changes.

This project is licensed under the MIT License. See the LICENSE file for details.

• Seeker (Integrated Phishing Toolkit): https://github.com/thewhiteh4t/seeker
• GhostTrack (OSINT Tracking Tool): https://github.com/HunxByts/GhostTrack
• Impulse (DDoS Toolkit): https://github.com/LimerBoy/Impulse
• Metasploit Framework: https://github.com/rapid7/metasploit-framework
• Kali Linux: https://www.kali.org/
• Rust Programming Language: https://www.rust-lang.org/