PwnMachineV2: a new version of the self hosted pwning environment for Bug Bounty

June 9, 2021

Every bug hunter knows how it can be hard to have a ready-to-go environment for Bug Bounty in one click with the perfect setup to have all the right tools. Last year, we have released a first version of a tool called PwnMachine. This version was functional but not as easily to install and to use as we expected initially. These last months, our tech ambassador @Bitk has worked hard to develop a totally new version of this self-hosted pwning machine with a nice web interface.

Explore the new web interface of PwnMachinev2

The initial project was only based on CLI command and that could therefore be a barrier to use for some users. With this new version, you will have a full web interface, which will be better to use the different features.

🧰 A ready-to-use Bug Bounty environment

As mentioned before, the goal of the PwnMachine is to provide a cool environment for pentesters and bug hunters. To be the simplest as possible, the tool is a full docker embedded and you just need to build it with the “docker-compose.yml” file provided. Once started, you will be normally able to access to the web interface at http://your_server_ip.

By default, some services are available directly and ready to be used :

  • Docker environment
  • HTTP router
  • DNS Server

But keep in mind that you can install anything which work with docker:

  • Nuclei
  • Web server
  • Amass
  • FFuF

Docker environment

HTTP router

We have embarked Traefik to handles all incoming HTTP(S) traffic and forwards it to the right container, while automatically taking care of your SSL certificates. We use let’s encrypt this and everything works fine.

DNS server

Many attacks (especially SSRF) can use DNS rebinding server to extract data for example. It can be also useful to have a specific subdomain to distinguish your different web applications. For doing that we have integrate POWERDNS. With the help of the web interface, you will have a global view of your entries and also be able to manage your rules or your DNS zones.

Logs, logs everywhere

Logs can help to debug but can also be used in case you use your server for pingback DNS in SSRF exploitation for example. The PwnMachine use logs on every tools and you can easily check them in real time and use the filters available to focus on a specific element.

Web Shell

Need to modify a docker container in real time? You can do it directly from the PwnMachine! You can use a full functional shell that is connected to all your docker containers.

🤝 You can contribute!

This project is a community one, which means that you can fork this project, add more features, send your pull requests and all your contributions on the GitHub project are welcomed!

⚙ Let me try the PwnMachinev2