+---------------------------------------------+ | | | | | 88888b. 8888b. 888 888 88888888b. | | 888 "88b "88b888 888 888888 "88b | | 888 888.d888888888 888 888888 888 | | 888 d88P888 888Y88b 888 d88P888 888 | | 88888P" "Y888888 "Y8888888P" 888 888 | | 888 d8b | | 888 Y8P | | 888 | | 8888 .d8888b | | "888 88K | | 888 "Y8888b. | | 888 X88 | | 888 88888P' | | 888 | | d88P | | 888P" | | | | | +---------------------------------------------+
Pown.js is the security testing an exploitation framework built on top of Node.js and NPM.
Install Pown.js globally like this:
$ npm install -g pown
Use the pown modules to get access to internal features.
Unlike existing frameworks, such as Metasploit, the development of Pown.js is 100% decentralised and community driven. Pown.js is unopinionated and programmatic in nature. All Pown.js features come in the form of standard NPM modules which are orchestrated through Node's event-driven paradigms and some form of module auto-discovery. If you are familiar with other Node projects such as Grunt, Babel or Browserify you are already familiar with Pown.js.
Pown.js is made of self-published NPM modules, which come together to form the toolkit features. Pown.js modules are encouraged to be as much framework-agnostic as possible so that they can be re-used in other non-Pown.js modules and projects. Existing NPM modules can be converted with minimal effort to integrate into the Pown.js framework.
Pown.js modules are organised into distributions. The official Pown.js distribution is served by the pown-dist module but non-official distributions are encouraged and can be built and used by the community as well.
The Pown.js capabilities are accessed by the user via framework modules called tools, which are orchestrated by the command-line interface pown-cli. The current list of official tools include:
- pown-shell - interactive command shell
- pown-credits - credit all contributors
- pown-proxy - interactive web proxy
- pown-network - interactive network attacker
Other tools are provided and advertised via the NPM module system. Pown.js tools can run on their own without relying on the pown-cli module, which ensures that the original authors are in full control of their project.
The Pown.js framework provides a minimal set of underlaying features in order to be as lightweight as possible. Most features which are not related to module discovery and communication will be provided as separate modules, which Pown.js module authors can directly depend on without embedding the whole framework which is definitely going to be a much bigger package.
Pown.js also provides a set of compiler and transpiler utilities served by the pown-toolchain module. For example, modules may depend directly on upcoming language features which are not available in the latest version of node. The toolchain provides the necessary tools to support these language features without much effort. Module authors do not need to use the toolchain if they don't specifically need to. It is provided only for convenience.
Node and NPM have vibrant development community. NPM provides access to countless of modules which support a wide-range of technologies - unprecedented characteristic previously unseen in other development communities.
Given that Pown.js is nothing more than a simple orchestration layer and a community and the fact that modules are encouraged to be as framework-agnostic as possible, it is safe to say that any contributions to this framework will be relevant for the time to come.
Needless to say, Pown.js is missing important features:
- a rich collection of payloads
- a rich collection of exploits
- radio hacking tools and frameworks
- zigbee hacking and discovery
- tools for discovering targets on the internet
- nmap alternative in node
- cross-compiler toolchain
- tv hacking modules
- usb hacking modules
- network hacking modules
How To Contribute
Many of the details are still ironed out but since this is the beginning it is an excellent opportunity not only to expand your knowledge in the field of information security by contributing directly to Pown.js but also to become a leading member and a frontrunner of the Pown.js eco-system and the security field wold-wide.
Get Help & Information
Pown.js is relatively new so there is not a single source of reference. You can however follow our work at the following places:
- pownjs.com - official site
- github.com/pownjs - official code repo
- twitter.com/pownjs - official twitter feed
- websecurify.com - main sponsor
- gnucitizen.org - main sponsor
- twitter.com/pdp - pdp's twitter feed
- twitter.com/websecurify - websecurify's twitter feed
- twitter.com/gnucitizen - gnucitizen's twitter feed