Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM

(30 views)

Pown.js is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in Pown is in fact a standalone NPM module allowing greater degree of reuse and flexibility. Creating new modules is a matter of publishing to NPM and tagging it with the correct tags. The rest is handled automatically.

Quickstart

Install Pown.js globally with npm or yarn.

$ npm install -g [email protected]

Usage

pown [options]  [command options]

Commands:
  pown modules                Module manager  [aliases: module, m]
  pown update [options]                Update global installation of pown  [aliases: upgrade, up]
  pown buster                 Multi-service bruteforce discovery tool  [aliases: bust]
  pown credits [options]               list contributors and credits
  pown dicts [options]         Assorted Dictionaries
  pown duct                   Side-channel attack enabler  [aliases: ducting, d]
  pown figlet                    Generate figlet
  pown preferences            Preferences  [aliases: prefs]
  pown proxy [options] [command]       HTTP proxy
  pown recon                  Target recon
  pown script [file|script] [args...]  Simple scripting engine for automating pown commands.
  pown shell [options]                 Simple shell
  pown whoarethey         find social networking accounts and more

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown modules

pown modules 

Module manager

Commands:
  pown modules install     Install modules
  pown modules uninstall   Uninstall modules
  pown modules update [modules...]     Update modules
  pown modules list                    List install modules
  pown modules search        Search modules

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown update

pown update [options]

Update global installation of pown

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown buster

pown buster 

Multi-service bruteforce discovery tool

Commands:
  pown buster web [options]        Web file and directory bruteforcer (a.k.a dirbuster)
  pown buster email [options]   Email bruteforce discovery tool (via smtp)  [aliases: emails]

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown credits

pown credits [options]

list contributors and credits

Options:
  --version   Show version number  [boolean]
  --help      Show help  [boolean]
  --only, -o  Only Pown.js contributors  [boolean]

pown dicts

pown dicts [options] 

Assorted Dictionaries

Options:
  --version       Show version number  [boolean]
  --help          Show help  [boolean]
  --download, -d  Download found dictionaries  [boolean] [default: false]
  --regex, -r     Search with regex  [boolean] [default: false]

pown duct

pown duct 

Side-channel attack enabler

Commands:
  pown duct dns  DNS ducting

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown figlet

pown figlet 

Generate figlet

Options:
  --version   Show version number  [boolean]
  --help      Show help  [boolean]
  --font, -f  FIGlet font to use  [string] [default: "Standard"]
  --fg        Foreground color  [choices: "default", "black", "red", "green", "yellow", "blue", "magenta", "cyan", "white", "gray", "grey"] [default: "default"]
  --bg        Background color  [choices: "default", "black", "red", "green", "yellow", "blue", "magenta", "cyan", "white"] [default: "default"]
  --bold      Make it bold  [boolean] [default: false]

pown preferences

pown preferences 

Preferences

Commands:
  pown preferences get  [name]          get preferences
  pown preferences set     set preferences

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown proxy

pown proxy [options] [command]

HTTP proxy

Options:
  --version                 Show version number  [boolean]
  --help                    Show help  [boolean]
  --log, -l                 Log requests and responses  [boolean] [default: false]
  --host, -h                Host to listen to  [string] [default: "0.0.0.0"]
  --port, -p                Port to listen to  [number] [default: 8080]
  --text, -t                Start with text ui  [boolean] [default: false]
  --ws-client, -c           Connect to web socket  [string] [default: ""]
  --ws-server, -s           Forward on web socket  [boolean] [default: false]
  --ws-host                 Web socket server host  [string] [default: "0.0.0.0"]
  --ws-port                 Web socket server port  [number] [default: 9090]
  --ws-app                  Open app  [string] [choices: "", "httpview"] [default: ""]
  --certs-dir               Directory for the certificates  [string] [default: "/home/ec2-user/.pown/proxy/certs"]
  --server-key-length       Default key length for certificates  [number] [default: 1024]
  --default-ca-common-name  The CA common name  [string] [default: "Pown.js Proxy"]

pown recon

pown recon 

Target recon

Commands:
  pown recon transform         Perform inline transformation  [aliases: t]
  pown recon select         Select nodes  [aliases: s]
  pown recon add                Add nodes  [aliases: a]
  pown recon remove         Remove nodes  [aliases: r]
  pown recon merge              Perform a merge between at least two recon files  [aliases: m]
  pown recon diff           Perform a diff between two recon files  [aliases: d]
  pown recon group    Group nodes  [aliases: g]
  pown recon ungroup        Ungroup nodes  [aliases: u]
  pown recon import                 Import file  [aliases: i]
  pown recon export                 Export to file  [aliases: e]

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown script

pown script [file|script] [args...]

Simple scripting engine for automating pown commands.

Options:
  --version      Show version number  [boolean]
  --help         Show help  [boolean]
  --command, -c  Evaluate inline commands  [boolean] [default: false]
  --exit, -e     Exit immediately  [boolean] [default: false]
  --expand, -x   Expand command  [boolean] [default: false]
  --skip, -s     Skip number of lines  [number] [default: 0]

pown shell

pown shell [options]

Simple shell

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown whoarethey

pown whoarethey 

find social networking accounts and more

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

Modules

Pown.js comes with several builtin modules for convenience. However, additional modules can be installed directly from the NPM registry using pown modules command. Optional modules are installed in the current users's home folder under .pown/modules.


More: https://github.com/pownjs/pown

December 31, 2019

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023