No description, website, or topics provided.
Switch branches/tags
Clone or download
Petko D. Petkov
Petko D. Petkov 1.6.0
Latest commit f3f05d2 Jan 28, 2018
Failed to load latest commit information.
.gitignore Initial commit Mar 15, 2017
LICENSE Initial commit Mar 15, 2017 Updated docs Mar 23, 2017
index.js Ensure index can be used as script Mar 16, 2017
package.json 1.6.0 Jan 28, 2018

|                                             |
|                                             |
|    88888b.  8888b. 888  888  88888888b.     |
|    888 "88b    "88b888  888  888888 "88b    |
|    888  888.d888888888  888  888888  888    |
|    888 d88P888  888Y88b 888 d88P888  888    |
|    88888P" "Y888888 "Y8888888P" 888  888    |
|    888    d8b                               |
|    888    Y8P                               |
|    888                                      |
|          8888 .d8888b                       |
|          "888 88K                           |
|           888 "Y8888b.                      |
|           888      X88                      |
|           888  88888P'                      |
|           888                               |
|          d88P                               |
|        888P"                                |
|                                             |
|                                             |


Pown.js is the security testing an exploitation framework built on top of Node.js and NPM.


Install Pown.js globally like this:

$ npm install -g pown

Use the pown modules to get access to internal features.

Why Pown.js

Unlike existing frameworks, such as Metasploit, the development of Pown.js is 100% decentralised and community driven. Pown.js is unopinionated and programmatic in nature. All Pown.js features come in the form of standard NPM modules which are orchestrated through Node's event-driven paradigms and some form of module auto-discovery. If you are familiar with other Node projects such as Grunt, Babel or Browserify you are already familiar with Pown.js.

Toolkit Design

Pown.js is made of self-published NPM modules, which come together to form the toolkit features. Pown.js modules are encouraged to be as much framework-agnostic as possible so that they can be re-used in other non-Pown.js modules and projects. Existing NPM modules can be converted with minimal effort to integrate into the Pown.js framework.

Pown.js modules are organised into distributions. The official Pown.js distribution is served by the pown-dist module but non-official distributions are encouraged and can be built and used by the community as well.

The Pown.js capabilities are accessed by the user via framework modules called tools, which are orchestrated by the command-line interface pown-cli. The current list of official tools include:

Other tools are provided and advertised via the NPM module system. Pown.js tools can run on their own without relying on the pown-cli module, which ensures that the original authors are in full control of their project.

The Pown.js framework provides a minimal set of underlaying features in order to be as lightweight as possible. Most features which are not related to module discovery and communication will be provided as separate modules, which Pown.js module authors can directly depend on without embedding the whole framework which is definitely going to be a much bigger package.

Pown.js also provides a set of compiler and transpiler utilities served by the pown-toolchain module. For example, modules may depend directly on upcoming language features which are not available in the latest version of node. The toolchain provides the necessary tools to support these language features without much effort. Module authors do not need to use the toolchain if they don't specifically need to. It is provided only for convenience.

Why JavaScript, Node.js and NPM

Pown.js is all about fast prototying, experimentation and getting results. JavaScript gets out of your way to achieve that in the fastest possible way.

Node and NPM have vibrant development community. NPM provides access to countless of modules which support a wide-range of technologies - unprecedented characteristic previously unseen in other development communities.

JavaScript is not going away anytime soon given it underpins the World Wide Web we know today. Even if you don't like using JavaScript, you can alway build your modules using your language of choice that can transpile to JavaScript and in the future you can also build in C/C++, go and whatever you like by utilising WebAssembly.

Given that Pown.js is nothing more than a simple orchestration layer and a community and the fact that modules are encouraged to be as framework-agnostic as possible, it is safe to say that any contributions to this framework will be relevant for the time to come.

Wish List

Needless to say, Pown.js is missing important features:

  • a rich collection of payloads
  • a rich collection of exploits
  • radio hacking tools and frameworks
  • zigbee hacking and discovery
  • tools for discovering targets on the internet
  • nmap alternative in node
  • cross-compiler toolchain
  • tv hacking modules
  • usb hacking modules
  • network hacking modules

How To Contribute

Follow us on twitter. Star us on GitHub. Join the conversation on Gitter.

Many of the details are still ironed out but since this is the beginning it is an excellent opportunity not only to expand your knowledge in the field of information security by contributing directly to Pown.js but also to become a leading member and a frontrunner of the Pown.js eco-system and the security field wold-wide.

Get Help & Information

Pown.js is relatively new so there is not a single source of reference. You can however follow our work at the following places: