Skip to content
Pwnboard - Not forked from ztgrace/pwnboard as we are taking the project in different directions
Python HTML Shell Dockerfile CSS
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


PWNboard for RIT redteam engagements and competitions

Modified version of ztgrace/pwnboard

Running the PWNboard



Install all the needed packages and the pwnboard code

apt-get install -y redis-server python3-redis python3-flask python3-yaml
git clone /var/www/pwnboard
chown -R www-data:www-data /var/www/pwnboard

nginx and uwsgi

If you plan on running pwnboard behind nginx, run the following commands in addition to the previous.

Install Packages

apt-get install nginx uwsgi uwsgi-plugins-python3

Set up the systemd service file and the nginx config

ln -s /var/www/pwnboard/serv/pwnboard.service /lib/systemd/system/
systemctl daemon-reload
ln -s /var/www/pwnboard/serv/nginx.conf /etc/nginx/sites-enabled/pwnboard.conf
# Delete the default nginx page
rm /etc/nginx/sites-enabled/default

Generate Self-Signed SSL certificates

mkdir /etc/nginx/ssl
openssl req -x509 -nodes -new -batch -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt

If you would like to use LetsEncrypt's Certbot, follow this guide.


Mandatory Configurations: Make sure to update the url with the domain name if you are using the framework integrations

  host: https://pwnboard.local


Configure the topology json file by running ./scripts/ or by hand modifying the sample config topology.json.


All non-topology settings can be updated in config.yml.

You may configure how long (in minutes) a host has before it times out

host_timeout: 5


Setup slack information in the config.yml file. Pwnboard can push slack updates everytime a host times out. Enable the settings in the configuration file to allow this functionality.

  token: "xoxb-123456789123-xxXXxXXXxXXXXxxxxXxXXXXxxXX"
  channel: "#pwnboard"
  send_updates: true

Alternate Theme

Some of my fellow red teamers wanted a theme where Red means it is controlled by redteam and Blue is controlled by blueteam. You may enable this in the configuration file.

alternate_theme: true

Anytime the configuration file is changed, navigate to /reload so the app will reload the changes

Setup Frameworks

If you are adding hooks to frameworks such as cobaltstrike or empire, run the install scripts for each framework and client. The install scripts will be rendered based off of the current configuration file. Generic installation scripts can be used to push updates via bash and Python for other integrations as well.

Currently supported frameworks:

CobaltStrike http://localhost/install/cobaltstrike

Metasploit http://localhost/install/metaspoit

Empire http://localhost/install/empire

Python http://localhost/install/python

Bash http://localhost/install/bash

Make sure host: is updated in the configuration so the install scripts render correctly

Set Alert Message

Too push an alert message to the page you can navigate to /setmessage or push and update with a post request

curl -X POST -d 'message=PWNboard'

The time (in minutes) that the message will be displayed can be set in the config file.

alerttime: 2



To directly run the Flask app, run python3 /var/www/ from the commandline


Make sure you follow the installation instructions for nginx/uwsgi and then run systemctl start pwnboard

Future Features

  • Init script to help configure and use the program
  • Reset the db before starting an engagement
  • Click on a host to track the beacons


You can’t perform that action at this time.